Ticket #225 (closed defect: duplicate)

Opened 4 years ago

Last modified 4 years ago

Deadlock/crash in flashsupport closing stream

Reported by: ed@… Owned by: lennart
Milestone: Component: libflashsupport
Keywords: Cc:

Description

Occasionally, when closing a window or tab containing a Flash animation (output to pa via libflashsupport from git.0pointer.de), the browser (Epiphany) will crash, with a fairly useless stacktrace. Very occasionally it will deadlock, with the following trace: 

Thread 8 (Thread 0xb4b00b90 (LWP 16863)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb747a7b7 in *__GI___poll (fds=0xb4b000b8, nfds=1, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:87
	resultvar = <value optimized out>
	oldtype = 0
	result = <value optimized out>
#2  0xb7ef9c8b in PR_Poll (pds=0x84517d0, npds=1, timeout=4294967295)
    at mozilla/nsprpub/pr/src/pthreads/ptio.c:3877
No locals.
#3  0xb599b0ed in nsSocketTransportService::Poll (this=0x84512e8, 
    interval=0xb4b00338) at nsSocketTransportService2.cpp:361
	pollList = (PRPollDesc *) 0x84517d0
	pollCount = 1
	pollTimeout = 4294967295
	ts = 2750063544
	rv = <value optimized out>
	passedInterval = <value optimized out>
#4  0xb599b8ba in nsSocketTransportService::Run (this=0x84512e8)
    at nsSocketTransportService2.cpp:578
	pollInterval = 0
	n = 1
	i = -1
	active = 1
#5  0xb738bd37 in nsThread::Main (arg=0x8451a90) at nsThread.cpp:118
No locals.
#6  0xb7efea97 in _pt_root (arg=0x8451b10)
    at mozilla/nsprpub/pr/src/pthreads/ptthread.c:220
	detached = 0
#7  0xb763017b in start_thread (arg=0xb4b00b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb4b00b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1218183180, 0, 4001536, 
        -1263532920, 742323512, -1975843521}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#8  0xb7483b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb74bed90

Thread 7 (Thread 0xb2cabb90 (LWP 18020)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7634805 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7ef7242 in PR_WaitCondVar (cvar=0x8305f00, timeout=4294967295)
    at mozilla/nsprpub/pr/src/pthreads/ptsynch.c:405
	rv = <value optimized out>
	thred = (PRThread *) 0x9001750
#3  0xb738dede in TimerThread::Run (this=0x83173d0) at TimerThread.cpp:318
	waitFor = <value optimized out>
#4  0xb738bd37 in nsThread::Main (arg=0x8fffc98) at nsThread.cpp:118
No locals.
#5  0xb7efea97 in _pt_root (arg=0x9001750)
    at mozilla/nsprpub/pr/src/pthreads/ptthread.c:220
	detached = 0
#6  0xb763017b in start_thread (arg=0xb2cabb90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb2cabb90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1218183180, 0, 4001536, 
        -1295338360, -648088268, -1975843521}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#7  0xb7483b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb74bed90

Thread 6 (Thread 0xb1b9ab90 (LWP 18689)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7634805 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7ef7242 in PR_WaitCondVar (cvar=0x92ef600, timeout=4294967295)
    at mozilla/nsprpub/pr/src/pthreads/ptsynch.c:405
	rv = <value optimized out>
	thred = (PRThread *) 0x92ef640
#3  0xb4d045df in nsSSLThread::Run (this=0x92ef578) at nsSSLThread.cpp:904
	pending_work = <value optimized out>
	busy_socket_ssl_state = 2981733208
	socketToDestroy = (class nsNSSSocketInfo *) 0x0
#4  0xb4d03cc0 in nsPSMBackgroundThread::nsThreadRunner (arg=0x92ef578)
    at nsPSMBackgroundThread.cpp:44
No locals.
#5  0xb7efea97 in _pt_root (arg=0x92ef640)
    at mozilla/nsprpub/pr/src/pthreads/ptthread.c:220
	detached = 0
#6  0xb763017b in start_thread (arg=0xb1b9ab90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb1b9ab90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1218183180, 0, 4001536, 
        -1313233784, 1065284914, -1975843521}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#7  0xb7483b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb74bed90

Thread 5 (Thread 0xaedafb90 (LWP 18690)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7634805 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7ef7242 in PR_WaitCondVar (cvar=0x92ef7a0, timeout=4294967295)
    at mozilla/nsprpub/pr/src/pthreads/ptsynch.c:405
	rv = <value optimized out>
	thred = (PRThread *) 0x92ef7e0
#3  0xb4d05b3f in nsCertVerificationThread::Run (this=0x92ef6f0)
    at nsCertVerificationThread.cpp:138
No locals.
#4  0xb4d03cc0 in nsPSMBackgroundThread::nsThreadRunner (arg=0x92ef6f0)
    at nsPSMBackgroundThread.cpp:44
No locals.
#5  0xb7efea97 in _pt_root (arg=0x92ef7e0)
    at mozilla/nsprpub/pr/src/pthreads/ptthread.c:220
	detached = 0
#6  0xb763017b in start_thread (arg=0xaedafb90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xaedafb90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1218183180, 0, 4001536, 
        -1361382264, -102828788, -1975843521}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#7  0xb7483b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb74bed90

Thread 4 (Thread 0xb0b8ab90 (LWP 20315)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7634805 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xac425728 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#3  0xac51edd8 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#4  0xac425a7d in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#5  0xb763017b in start_thread (arg=0xb0b8ab90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb0b8ab90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1218183180, 0, 4001536, 
        -1330076536, 1031730480, -1975843521}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#6  0xb7483b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb74bed90

Thread 3 (Thread 0xae515b90 (LWP 20316)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7636965 in sem_wait@@GLIBC_2.1 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xac42f8d8 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#3  0xb763017b in start_thread (arg=0xae515b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xae515b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1218183180, 0, 4001536, 
        -1370401656, -291572467, -1975843521}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#4  0xb7483b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb74bed90

Thread 2 (Thread 0xadd14b90 (LWP 20318)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7637199 in __lll_lock_wait () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7632a14 in _L_lock_236 () from /lib/libpthread.so.0
No symbol table info available.
#3  0xb763246b in __pthread_mutex_lock (mutex=0xacab3cd0)
    at pthread_mutex_lock.c:69
	ignore3 = <value optimized out>
	ignore1 = 130
	ignore2 = <value optimized out>
	oldval = <value optimized out>
	retval = <value optimized out>
	__PRETTY_FUNCTION__ = "__pthread_mutex_lock"
#4  0xac43201c in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#5  0xb127ca80 in write_data (p=0xb3542f8) at flashsupport.c:872
	l = 4096
	length = 7192
	__PRETTY_FUNCTION__ = "write_data"
#6  0xb1253c21 in pa_command_request (pd=0xb8edd48, command=61, 
    tag=4294967295, t=0xaf20e6c0, userdata=0x8d9fe58) at pulse/stream.c:395
	bytes = 7192
	channel = 0
	__PRETTY_FUNCTION__ = "pa_command_request"
#7  0xb1266ed0 in pa_pdispatch_run (pd=0xb8edd48, packet=0xaf2041e0, 
    creds=0xb7ef058, userdata=0x8d9fe58) at pulsecore/pdispatch.c:241
	tag = 4294967295
	command = 61
	ts = (pa_tagstruct *) 0xaf20e6c0
	ret = <value optimized out>
	__PRETTY_FUNCTION__ = "pa_pdispatch_run"
	__func__ = "pa_pdispatch_run"
#8  0xb12469c9 in pstream_packet_callback (p=0xb7eef90, packet=0xaf2041e0, 
    creds=0xb7ef058, userdata=0x8d9fe58) at pulse/context.c:306
	__PRETTY_FUNCTION__ = "pstream_packet_callback"
#9  0xb1267d76 in do_something (p=0xb7eef90) at pulsecore/pstream.c:818
	__PRETTY_FUNCTION__ = "do_something"
#10 0xb125fa31 in callback (m=0xcded95c, e=0xa1c13b8, fd=37, 
    f=PA_IO_EVENT_INPUT, userdata=0xa1c11e8) at pulsecore/iochannel.c:121
	io = <value optimized out>
	changed = <value optimized out>
	__PRETTY_FUNCTION__ = "callback"
#11 0xb124ddaa in pa_mainloop_dispatch (m=0xcded918) at pulse/mainloop.c:679
	dispatched = 0
	__PRETTY_FUNCTION__ = "pa_mainloop_dispatch"
#12 0xb124df41 in pa_mainloop_iterate (m=0xcded918, block=1, retval=0x0)
    at pulse/mainloop.c:922
	r = 1
	__PRETTY_FUNCTION__ = "pa_mainloop_iterate"
#13 0xb124dfe4 in pa_mainloop_run (m=0xcded918, retval=0x0)
    at pulse/mainloop.c:937
	r = <value optimized out>
#14 0xb1257683 in thread (userdata=0xa230b88) at pulse/thread-mainloop.c:91
	mask = {__val = {2147483647, 4294967294, 
    4294967295 <repeats 30 times>}}
#15 0xb1270139 in internal_thread_func (userdata=0xa1c1248)
    at pulsecore/thread-posix.c:73
	__PRETTY_FUNCTION__ = "internal_thread_func"
#16 0xb763017b in start_thread (arg=0xadd14b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xadd14b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1218183180, 0, 4001536, 
        -1378794360, -289475318, -1975843521}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#17 0xb7483b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb74bed90

Thread 1 (Thread 0xb600c6f0 (LWP 16472)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb76325fb in __pthread_mutex_lock (mutex=0xb763fff4)
    at pthread_mutex_lock.c:273
	resultvar = <value optimized out>
	kind = 1
	robust = 0
	oldval = <value optimized out>
	retval = <value optimized out>
	__PRETTY_FUNCTION__ = "__pthread_mutex_lock"
#2  0xb126f991 in pa_mutex_lock (m=0xfffffdff) at pulsecore/mutex-posix.c:92
	__PRETTY_FUNCTION__ = "pa_mutex_lock"
#3  0xb1257b15 in pa_threaded_mainloop_stop (m=0xa230b88)
    at pulse/thread-mainloop.c:158
	__PRETTY_FUNCTION__ = "pa_threaded_mainloop_stop"
#4  0xb127c778 in FPX_SoundOutput_Close (ptr=0xb3542f8) at flashsupport.c:1006
	__PRETTY_FUNCTION__ = "FPX_SoundOutput_Close"
#5  0xac42f046 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#6  0xac6cec8e in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#7  0xac5737f0 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#8  0xac7965fb in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#9  0xac4063bb in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#10 0xac3300b2 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#11 0xac325338 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#12 0xac31e181 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#13 0xac322937 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#14 0x0a9d7eac in ?? ()
No symbol table info available.
#15 0xbfcadb70 in ?? ()
No symbol table info available.
#16 0x0bbec580 in ?? ()
No symbol table info available.
#17 0xb51fcff4 in ?? () from /usr/lib/mozilla-firefox/components/libgkplugin.so
No symbol table info available.
#18 0x00000000 in ?? ()
No symbol table info available.
#0  0xffffe410 in __kernel_vsyscall ()

Change History

  Changed 4 years ago by ed@…

Some objects from thread 2 frame 5: (gdb) p *p $6 = {mainloop = 0xa230b88, context = 0x8d9fe58, stream = 0xdb9e200,

buf = '\0' <repeats 4095 times>, thread_id = 2916174736, first = 0}

(gdb) p *p->stream $7 = {_ref = {value = 2}, context = 0x8d9fe58, mainloop = 0xcded95c,

next = 0x0, prev = 0x0, name = 0xa314780 "Flash Animation", manual_buffer_attr = false, buffer_attr = {maxlength = 132300,

tlength = 88200, prebuf = 86436, minreq = 1764, fragsize = 1764},

sample_spec = {format = PA_SAMPLE_S16LE, rate = 44100, channels = 2 '\002'}, channel_map = {channels = 2 '\002', map = {PA_CHANNEL_POSITION_LEFT,

PA_CHANNEL_POSITION_RIGHT, -1220374306, 224746336, PA_CHANNEL_POSITION_LEFT, 148504152, -1322945312, -1322782732, 148504152, -1378795464, -1322791485, 170068872, PA_CHANNEL_POSITION_MONO, -1322981429, PA_CHANNEL_POSITION_AUX12, -1378795436, 216280352, -1378795416, -1322803212, -1220376124, -1322803212, -1322846997, -1322803212, -1322802172, -1322883488, -1378795400, -1322846688, -1322802172, -1219660068, -1323018629, 1462214644, -1219555340}}, flags = 10, channel = 0, syncid = 0,

channel_valid = 1, stream_index = 2186, direction = PA_STREAM_PLAYBACK, state = PA_STREAM_READY, buffer_attr_not_ready = false, timing_info_not_ready = false, requested_bytes = 7192, device_index = 1, device_name = 0xc439a78 "alsa_output.pci_1039_7012_alsa_playback_0", suspended = false, peek_memchunk = {memblock = 0x0, index = 0, length = 0}, peek_data = 0x0, record_memblockq = 0x0, corked = 0, timing_info = {

timestamp = {tv_sec = 1201045939, tv_usec = 162025}, synchronized_clocks = 1, sink_usec = 91266, source_usec = 0, transport_usec = 252, playing = 1, write_index_corrupt = 0, write_index = 6694292, read_index_corrupt = 0, read_index = 6606092},

timing_info_valid = 1, previous_time = 37354402, write_index_not_before = 0, read_index_not_before = 0, write_index_corrections = {{tag = 372, valid = 0,

value = 0, absolute = 0, corrupt = 0}, {tag = 373, valid = 0, value = 0, absolute = 0, corrupt = 0}, {tag = 374, valid = 0, value = 0, absolute = 0, corrupt = 0}, {tag = 375, valid = 0, value = 0, absolute = 0, corrupt = 0}, {tag = 376, valid = 0, value = 0, absolute = 0, corrupt = 0}, {tag = 377, valid = 0, value = 0, absolute = 0, corrupt = 0}, {tag = 368, valid = 0, value = 0, absolute = 0, corrupt = 0}, {tag = 369, valid = 0, value = 0, absolute = 0, corrupt = 0}, {tag = 370, valid = 0, value = 0, absolute = 0, corrupt = 0}, {tag = 371, valid = 0, value = 0, absolute = 0, corrupt = 0}}, current_write_index_correction = 5,

auto_timing_update_event = 0xaec0fd0, auto_timing_update_requested = 0, cached_time = 37260628, cached_time_valid = 0, state_callback = 0xb127cc90 <stream_state_cb>, state_userdata = 0xb3542f8, read_callback = 0, read_userdata = 0x0, write_callback = 0xb127cbc0 <stream_request_cb>, write_userdata = 0xb3542f8, overflow_callback = 0, overflow_userdata = 0x0, underflow_callback = 0, underflow_userdata = 0x0, latency_update_callback = 0xb127cb20 <stream_latency_update_cb>, latency_update_userdata = 0xb3542f8, moved_callback = 0, moved_userdata = 0x0, suspended_callback = 0, suspended_userdata = 0x0}

(gdb) p p->stream->requested_bytes $8 = 7192

  Changed 4 years ago by ed@…

Forgot: flash 9 r115, pa 0.9.8 (-gentoo-r6).

  Changed 4 years ago by ed@…

flashsupport is the latest from git.0pointer.de, not the revolutionlinux version.

  Changed 4 years ago by ed@…

It would appear that in thread 1, Flash has asked to flashsupport to shut down the pa output device; pa is blocked on the threaded-mainloop mutex.

The threaded-mainloop mutex is blocked because in thread 2, the mainloop is running and trying to get audio data from Flash (FPI_SoundOutput_FillBuffer). However Flash in thread 2 is blocked on its own mutex, presumably because in thread 1 Flash has locked that mutex preparatory to trying to shut down pa.

Deadlock.

  Changed 4 years ago by ed@…

Here's the FPI_SoundOutput_FillBuffer, where Flash is blocking:

(gdb) disass FPI_SoundOutput_FillBuffer 0xac43205a Dump of assembler code from 0xac431fc0 to 0xac43205a: 0xac431fc0: push %ebp 0xac431fc1: mov %esp,%ebp 0xac431fc3: sub $0x28,%esp 0xac431fc6: mov %ebx,-0x8(%ebp) 0xac431fc9: call 0xac31a0f5 <strcpy@plt+233> 0xac431fce: add $0x640e52,%ebx 0xac431fd4: mov %esi,-0x4(%ebp) 0xac431fd7: mov 0x43c5c(%ebx),%edx 0xac431fdd: test %edx,%edx 0xac431fdf: je 0xac432050 0xac431fe1: lea -0xc(%ebp),%eax 0xac431fe4: mov %eax,0x8(%esp) 0xac431fe8: mov 0x8(%ebp),%eax 0xac431feb: movl $0x0,-0xc(%ebp) 0xac431ff2: mov %edx,(%esp) 0xac431ff5: mov %eax,0x4(%esp) 0xac431ff9: call 0xac5ee110 0xac431ffe: test %eax,%eax 0xac432000: je 0xac432050 0xac432002: mov -0xc(%ebp),%esi 0xac432005: test %esi,%esi 0xac432007: je 0xac432050 0xac432009: mov 0x1d38(%esi),%eax 0xac43200f: add $0x8f0,%eax 0xac432014: mov %eax,(%esp) 0xac432017: call 0xac31940c <pthread_mutex_lock@plt> 0xac43201c: mov 0x10(%ebp),%eax 0xac43201f: mov %esi,(%esp) 0xac432022: mov %eax,0x8(%esp) 0xac432026: mov 0xc(%ebp),%eax 0xac432029: mov %eax,0x4(%esp) 0xac43202d: call 0xac42f1e0 0xac432032: mov 0x1d38(%esi),%eax 0xac432038: add $0x8f0,%eax 0xac43203d: mov %eax,(%esp) 0xac432040: call 0xac319d9c <pthread_mutex_unlock@plt> 0xac432045: lea 0x0(%esi),%esi 0xac432049: lea 0x0(%edi),%edi 0xac432050: mov -0x8(%ebp),%ebx 0xac432053: mov -0x4(%ebp),%esi 0xac432056: mov %ebp,%esp 0xac432058: pop %ebp 0xac432059: ret

  Changed 4 years ago by ed@…

  • component changed from daemon to core

sorry. 

(gdb) disass FPI_SoundOutput_FillBuffer 0xac43205a
Dump of assembler code from 0xac431fc0 to 0xac43205a:
0xac431fc0:	push   %ebp
0xac431fc1:	mov    %esp,%ebp
0xac431fc3:	sub    $0x28,%esp
0xac431fc6:	mov    %ebx,-0x8(%ebp)
0xac431fc9:	call   0xac31a0f5 <strcpy@plt+233>
0xac431fce:	add    $0x640e52,%ebx
0xac431fd4:	mov    %esi,-0x4(%ebp)
0xac431fd7:	mov    0x43c5c(%ebx),%edx
0xac431fdd:	test   %edx,%edx
0xac431fdf:	je     0xac432050
0xac431fe1:	lea    -0xc(%ebp),%eax
0xac431fe4:	mov    %eax,0x8(%esp)
0xac431fe8:	mov    0x8(%ebp),%eax
0xac431feb:	movl   $0x0,-0xc(%ebp)
0xac431ff2:	mov    %edx,(%esp)
0xac431ff5:	mov    %eax,0x4(%esp)
0xac431ff9:	call   0xac5ee110
0xac431ffe:	test   %eax,%eax
0xac432000:	je     0xac432050
0xac432002:	mov    -0xc(%ebp),%esi
0xac432005:	test   %esi,%esi
0xac432007:	je     0xac432050
0xac432009:	mov    0x1d38(%esi),%eax
0xac43200f:	add    $0x8f0,%eax
0xac432014:	mov    %eax,(%esp)
0xac432017:	call   0xac31940c <pthread_mutex_lock@plt>
0xac43201c:	mov    0x10(%ebp),%eax
0xac43201f:	mov    %esi,(%esp)
0xac432022:	mov    %eax,0x8(%esp)
0xac432026:	mov    0xc(%ebp),%eax
0xac432029:	mov    %eax,0x4(%esp)
0xac43202d:	call   0xac42f1e0
0xac432032:	mov    0x1d38(%esi),%eax
0xac432038:	add    $0x8f0,%eax
0xac43203d:	mov    %eax,(%esp)
0xac432040:	call   0xac319d9c <pthread_mutex_unlock@plt>
0xac432045:	lea    0x0(%esi),%esi
0xac432049:	lea    0x0(%edi),%edi
0xac432050:	mov    -0x8(%ebp),%ebx
0xac432053:	mov    -0x4(%ebp),%esi
0xac432056:	mov    %ebp,%esp
0xac432058:	pop    %ebp
0xac432059:	ret

in reply to: ↑ description   Changed 4 years ago by ed@…

How do I attach a patch? 

--- flashsupport.c	2008/01/23 23:36:09	1.1
+++ flashsupport.c	2008/01/23 23:44:14
@@ -800,6 +800,7 @@ struct output_data {
     uint8_t buf[BUFSIZE];
     pthread_t thread_id;
     int first;
+    int signal;
 };
 
 static void context_state_cb(pa_context *c, void *userdata) {
@@ -869,6 +870,9 @@ static void write_data(struct output_dat
 
         l &= ~ ((size_t) 3);
 
+        if (p->signal)
+            return;
+
         FPI_SoundOutput_FillBuffer(p, (char*) p->buf, l);
 
         if (pa_stream_write(p->stream, p->buf, l, NULL, 0, PA_SEEK_RELATIVE) < 0)
@@ -1002,6 +1006,8 @@ static int FPX_SoundOutput_Close(void *p
 
     assert(p);
 
+    p->signal = 1;
+
     if (p->mainloop)
         pa_threaded_mainloop_stop(p->mainloop);

  Changed 4 years ago by coling

You just click "Attach file" underneath the main bug report but before the comments :)

I presume this is a fix for the issue?

  Changed 4 years ago by ed@…

It was supposed to be, but I'm still getting crashes: 

Thread 8 (Thread 0xb59f6b90 (LWP 11322)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb74c07b7 in *__GI___poll (fds=0xb59f60b8, nfds=1, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:87
	resultvar = <value optimized out>
	oldtype = 0
	result = <value optimized out>
#2  0xb7f3fc8b in PR_Poll (pds=0x83a91f0, npds=1, timeout=4294967295)
    at mozilla/nsprpub/pr/src/pthreads/ptio.c:3877
No locals.
#3  0xb5a9d0ed in nsSocketTransportService::Poll (this=0x83a8d08, 
    interval=0xb59f6338) at nsSocketTransportService2.cpp:361
	pollList = (PRPollDesc *) 0x83a91f0
	pollCount = 1
	pollTimeout = 4294967295
	ts = 3076235203
	rv = <value optimized out>
	passedInterval = <value optimized out>
#4  0xb5a9d8ba in nsSocketTransportService::Run (this=0x83a8d08)
    at nsSocketTransportService2.cpp:578
	pollInterval = 15
	n = 1
	i = -1
	active = 1
#5  0xb73d1d37 in nsThread::Main (arg=0x83a9490) at nsThread.cpp:118
No locals.
#6  0xb7f44a97 in _pt_root (arg=0x83a9510)
    at mozilla/nsprpub/pr/src/pthreads/ptthread.c:220
	detached = 0
#7  0xb767617b in start_thread (arg=0xb59f6b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb59f6b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1217896460, 0, 4001536, 
        -1247845240, -1413874731, 1539050448}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#8  0xb74c9b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb7504d90

Thread 7 (Thread 0xb3249b90 (LWP 11323)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb767a805 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7f3d242 in PR_WaitCondVar (cvar=0x8305f00, timeout=4294967295)
    at mozilla/nsprpub/pr/src/pthreads/ptsynch.c:405
	rv = <value optimized out>
	thred = (PRThread *) 0x8dd7d78
#3  0xb73d3ede in TimerThread::Run (this=0x83173d0) at TimerThread.cpp:318
	waitFor = <value optimized out>
#4  0xb73d1d37 in nsThread::Main (arg=0x8dcf128) at nsThread.cpp:118
No locals.
#5  0xb7f44a97 in _pt_root (arg=0x8dd7d78)
    at mozilla/nsprpub/pr/src/pthreads/ptthread.c:220
	detached = 0
#6  0xb767617b in start_thread (arg=0xb3249b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb3249b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1217896460, 0, 4001536, 
        -1289448312, -598082600, 1539050448}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#7  0xb74c9b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb7504d90

Thread 6 (Thread 0xb0f78b90 (LWP 11343)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb767a805 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7f3d242 in PR_WaitCondVar (cvar=0x9bd9728, timeout=4294967295)
    at mozilla/nsprpub/pr/src/pthreads/ptsynch.c:405
	rv = <value optimized out>
	thred = (PRThread *) 0x99c3078
#3  0xaf5e45df in nsSSLThread::Run (this=0x8d83468) at nsSSLThread.cpp:904
	pending_work = <value optimized out>
	busy_socket_ssl_state = nsSSLSocketThreadData::ssl_reading_done
	socketToDestroy = (class nsNSSSocketInfo *) 0x0
#4  0xaf5e3cc0 in nsPSMBackgroundThread::nsThreadRunner (arg=0x8d83468)
    at nsPSMBackgroundThread.cpp:44
No locals.
#5  0xb7f44a97 in _pt_root (arg=0x99c3078)
    at mozilla/nsprpub/pr/src/pthreads/ptthread.c:220
	detached = 0
#6  0xb767617b in start_thread (arg=0xb0f78b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb0f78b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1217896460, 0, 4001536, 
        -1325955960, 2054814687, 1539050448}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#7  0xb74c9b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb7504d90

Thread 5 (Thread 0xaff76b90 (LWP 11344)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb767a805 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7f3d242 in PR_WaitCondVar (cvar=0xa0a98b0, timeout=4294967295)
    at mozilla/nsprpub/pr/src/pthreads/ptsynch.c:405
	rv = <value optimized out>
	thred = (PRThread *) 0x9537198
#3  0xaf5e5b3f in nsCertVerificationThread::Run (this=0x8dcb920)
    at nsCertVerificationThread.cpp:138
No locals.
#4  0xaf5e3cc0 in nsPSMBackgroundThread::nsThreadRunner (arg=0x8dcb920)
    at nsPSMBackgroundThread.cpp:44
No locals.
#5  0xb7f44a97 in _pt_root (arg=0x9537198)
    at mozilla/nsprpub/pr/src/pthreads/ptthread.c:220
	detached = 0
#6  0xb767617b in start_thread (arg=0xaff76b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xaff76b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1217896460, 0, 4001536, 
        -1342741368, 2075786209, 1539050448}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#7  0xb74c9b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb7504d90

Thread 4 (Thread 0xb0777b90 (LWP 11120)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb767a805 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xace24728 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#3  0xacf1ddd8 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#4  0xace24a7d in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#5  0xb767617b in start_thread (arg=0xb0777b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb0777b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1217896460, 0, 4001536, 
        -1334348664, 2073689054, 1539050448}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#6  0xb74c9b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb7504d90

Thread 3 (Thread 0xaa1e2b90 (LWP 11121)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb767c965 in sem_wait@@GLIBC_2.1 () from /lib/libpthread.so.0
No symbol table info available.
#2  0xace2e8d8 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#3  0xb767617b in start_thread (arg=0xaa1e2b90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xaa1e2b90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1217896460, 0, 4001536, 
        -1440865144, -1455817750, 1539050448}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#4  0xb74c9b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb7504d90

Thread 2 (Thread 0xb212fb90 (LWP 11123)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb767d199 in __lll_lock_wait () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7678a14 in _L_lock_236 () from /lib/libpthread.so.0
No symbol table info available.
#3  0xb767846b in __pthread_mutex_lock (mutex=0xad4b2cd0)
    at pthread_mutex_lock.c:69
	ignore3 = <value optimized out>
	ignore1 = 130
	ignore2 = <value optimized out>
	oldval = <value optimized out>
	retval = <value optimized out>
	__PRETTY_FUNCTION__ = "__pthread_mutex_lock"
#4  0xace3101c in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#5  0xb36b7ac4 in write_data (p=0xf314828) at flashsupport.c:876
	l = 4096
	length = 6216
	__PRETTY_FUNCTION__ = "write_data"
#6  0xb34cfc21 in pa_command_request (pd=0x10c40340, command=61, 
    tag=4294967295, t=0xdbd8650, userdata=0xf5b83e0) at pulse/stream.c:395
	bytes = 6216
	channel = 0
	__PRETTY_FUNCTION__ = "pa_command_request"
#7  0xb34e2ed0 in pa_pdispatch_run (pd=0x10c40340, packet=0xdf9de70, 
    creds=0xf287368, userdata=0xf5b83e0) at pulsecore/pdispatch.c:241
	tag = 4294967295
	command = 61
	ts = (pa_tagstruct *) 0xdbd8650
	ret = <value optimized out>
	__PRETTY_FUNCTION__ = "pa_pdispatch_run"
	__func__ = "pa_pdispatch_run"
#8  0xb34c29c9 in pstream_packet_callback (p=0xf2872a0, packet=0xdf9de70, 
    creds=0xf287368, userdata=0xf5b83e0) at pulse/context.c:306
	__PRETTY_FUNCTION__ = "pstream_packet_callback"
#9  0xb34e3d76 in do_something (p=0xf2872a0) at pulsecore/pstream.c:818
	__PRETTY_FUNCTION__ = "do_something"
#10 0xb34dba31 in callback (m=0xf4bb54c, e=0x11171f08, fd=32, 
    f=PA_IO_EVENT_INPUT, userdata=0xfbd0db8) at pulsecore/iochannel.c:121
	io = <value optimized out>
	changed = <value optimized out>
	__PRETTY_FUNCTION__ = "callback"
#11 0xb34c9daa in pa_mainloop_dispatch (m=0xf4bb508) at pulse/mainloop.c:679
	dispatched = 0
	__PRETTY_FUNCTION__ = "pa_mainloop_dispatch"
#12 0xb34c9f41 in pa_mainloop_iterate (m=0xf4bb508, block=1, retval=0x0)
    at pulse/mainloop.c:922
	r = 1
	__PRETTY_FUNCTION__ = "pa_mainloop_iterate"
#13 0xb34c9fe4 in pa_mainloop_run (m=0xf4bb508, retval=0x0)
    at pulse/mainloop.c:937
	r = <value optimized out>
#14 0xb34d3683 in thread (userdata=0xadea5b0) at pulse/thread-mainloop.c:91
	mask = {__val = {2147483647, 4294967294, 
    4294967295 <repeats 30 times>}}
#15 0xb34ec139 in internal_thread_func (userdata=0x1030fab8)
    at pulsecore/thread-posix.c:73
	__PRETTY_FUNCTION__ = "internal_thread_func"
#16 0xb767617b in start_thread (arg=0xb212fb90) at pthread_create.c:297
	__res = <value optimized out>
	__ignore1 = <value optimized out>
	__ignore2 = <value optimized out>
	pd = (struct pthread *) 0xb212fb90
	now = <value optimized out>
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1217896460, 0, 4001536, 
        -1307380600, -1332085798, 1539050448}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
#17 0xb74c9b8e in clone () from /lib/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0xb7504d90

Thread 1 (Thread 0xb60526f0 (LWP 11319)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb767e55b in waitpid () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb75c743f in IA__g_spawn_sync (working_directory=0x0, argv=0xe6f5bd8, 
    envp=0x0, flags=<value optimized out>, child_setup=0, user_data=0x0, 
    standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x82b15b8)
    at gspawn.c:374
	outpipe = -1
	errpipe = -1
	pid = 11124
	fds = {__fds_bits = {-1218281484, 0, 180359240, 137041208, 
    -1218801965, 180359240, -1218909296, 0, 136958648, -1243159075, 
    1959892117, 0, 0, 5, 0, 0, 962245700, 136858224, -1, 34, -1218281484, 
    242179032, 3, 0, 230510288, -1243158784, 1708282130, 0, 0, -1219269888, 
    -1220080864, 180359240}}
	ret = <value optimized out>
	outstr = (GString *) 0x0
	errstr = (GString *) 0x0
	failed = 0
	status = <value optimized out>
	__PRETTY_FUNCTION__ = "IA__g_spawn_sync"
#3  0xb75c77ac in IA__g_spawn_command_line_sync (
    command_line=0xe8a4f80 "bug-buddy --appname=\"epiphany\" --pid=11319", 
    standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x82b15b8)
    at gspawn.c:682
	retval = 0
	argv = (gchar **) 0xe6f5bd8
	__PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync"
#4  0xb5e71200 in run_bug_buddy (appname=0x828d0c8 "epiphany", 
    pid=<value optimized out>, minidump_path=<value optimized out>)
    at gnome-breakpad.cc:213
	exec_str = (
    gchar *) 0xe8a4f80 "bug-buddy --appname=\"epiphany\" --pid=11319"
	res = <value optimized out>
	error = (GError *) 0x0
#5  0xb5e7170f in check_if_gdb (callback_context=0x0) at gnome-breakpad.cc:283
	mypath = "/usr/bin/epiphany", '\0' <repeats 237 times>
	gdb = (gchar *) 0xd076298 "/usr/bin/gdb"
	appname = (gchar *) 0x828d0c8 "epiphany"
	pid = 11319
#6  0xb5e719ee in google_breakpad::ExceptionHandler::InternalWriteMinidump (
    this=0xb5e7c2e0, signo=11, sighandler_ebp=137046552, sig_ctx=0x82b2a04)
    at ../google-breakpad/src/client/linux/handler/exception_handler.cc:225
	guid = {data1 = 3051864800, data2 = 10776, data3 = 2091, 
  data4 = "\020���\000\000\000"}
	success = <value optimized out>
	guid_str = "\000\005\000\000\000\000\000\000\000U���\000�����\000\000\005\000\000\000��������\v\000\000"
#7  0xb5e7210b in google_breakpad::ExceptionHandler::HandleException (signo=11)
    at ../google-breakpad/src/client/linux/handler/exception_handler.cc:196
	current_ebp = 137046552
	current_handler = (google_breakpad::ExceptionHandler *) 0xb5e7c2e0
	sig_ctx = (sigcontext *) 0x0
#8  <signal handler called>
No symbol table info available.
#9  0xace2da80 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#10 0xab285050 in ?? ()
No symbol table info available.
#11 0x0b7f8668 in ?? ()
No symbol table info available.
#12 0xab285050 in ?? ()
No symbol table info available.
#13 0xad471e20 in ?? () from /opt/netscape/plugins/libflashplayer.so
No symbol table info available.
#14 0xab800000 in ?? ()
No symbol table info available.
#15 0x00000000 in ?? ()
No symbol table info available.
#0  0xffffe410 in __kernel_vsyscall ()

This has: 

(gdb) p *p
$3 = {mainloop = 0xadea5b0, context = 0xf5b83e0, stream = 0xfca09a8, 
  buf = '\0' <repeats 4095 times>, thread_id = 2987588496, first = 0, 
  signal = 0}

At the seg location: 

(gdb) frame 9
#9  0xace2da80 in ?? () from /opt/netscape/plugins/libflashplayer.so
(gdb) disass 0xace2da00 0xace2daff
Dump of assembler code from 0xace2da00 to 0xace2daff:
0xace2da00:	in     (%dx),%al
0xace2da01:	add    $0x8b,%al
0xace2da03:	inc    %ebp
0xace2da04:	or     %cl,-0x7c74dbfc(%ecx)
0xace2da0a:	add    %dh,%cl
0xace2da0c:	(bad)  
0xace2da0d:	(bad)  
0xace2da0e:	call   *(%eax)
0xace2da10:	add    $0x1d70,%eax
0xace2da15:	mov    %eax,(%esp)
0xace2da18:	call   0xacd181fc <sem_post@plt>
0xace2da1d:	pop    %eax
0xace2da1e:	pop    %ebx
0xace2da1f:	pop    %ebp
0xace2da20:	ret    
0xace2da21:	nop    
0xace2da22:	lea    0x0(%esi),%esi
0xace2da29:	lea    0x0(%edi),%edi
0xace2da30:	push   %ebp
0xace2da31:	mov    %esp,%ebp
0xace2da33:	push   %edi
0xace2da34:	push   %esi
0xace2da35:	push   %ebx
0xace2da36:	sub    $0xc,%esp
0xace2da39:	mov    0x8(%ebp),%esi
0xace2da3c:	call   0xacd190f5 <strcpy@plt+233>
0xace2da41:	add    $0x6443df,%ebx
0xace2da47:	mov    0xc(%ebp),%edi
0xace2da4a:	mov    0x1d64(%esi),%eax
0xace2da50:	mov    %eax,-0x10(%ebp)
0xace2da53:	mov    %eax,(%esp)
0xace2da56:	call   0xacd1840c <pthread_mutex_lock@plt>
0xace2da5b:	movl   $0x0,0x18(%edi)
0xace2da62:	movl   $0x0,0x10(%edi)
0xace2da69:	mov    0x1d80(%esi),%edx
0xace2da6f:	test   %edx,%edx
0xace2da71:	je     0xace2da95
0xace2da73:	lea    0x0(%esi),%esi
0xace2da79:	lea    0x0(%edi),%edi
0xace2da80:	mov    0x18(%edx),%eax
0xace2da83:	test   %eax,%eax
0xace2da85:	je     0xace2da90
0xace2da87:	mov    %eax,%edx
0xace2da89:	jmp    0xace2da80
0xace2da8b:	nop    
0xace2da8c:	lea    0x0(%esi),%esi
0xace2da90:	mov    %edi,0x18(%edx)
0xace2da93:	jmp    0xace2daa0
0xace2da95:	mov    %edi,0x1d80(%esi)
0xace2da9b:	nop    
0xace2da9c:	lea    0x0(%esi),%esi
0xace2daa0:	mov    -0x10(%ebp),%eax
0xace2daa3:	mov    %eax,(%esp)
0xace2daa6:	call   0xacd18d9c <pthread_mutex_unlock@plt>
0xace2daab:	add    $0xc,%esp
0xace2daae:	pop    %ebx
0xace2daaf:	pop    %esi
0xace2dab0:	pop    %edi
0xace2dab1:	pop    %ebp
0xace2dab2:	ret    
0xace2dab3:	nop    
0xace2dab4:	lea    0x0(%esi),%esi
0xace2daba:	lea    0x0(%edi),%edi
0xace2dac0:	push   %ebp
0xace2dac1:	mov    %esp,%ebp
0xace2dac3:	sub    $0x58,%esp
0xace2dac6:	mov    %edi,-0x4(%ebp)
0xace2dac9:	mov    0x8(%ebp),%edi
0xace2dacc:	mov    %ebx,-0xc(%ebp)
0xace2dacf:	mov    %esi,-0x8(%ebp)
0xace2dad2:	movl   $0x7a120,-0x18(%ebp)
0xace2dad9:	movl   $0x4e20,-0x1c(%ebp)
0xace2dae0:	mov    0x1d40(%edi),%eax
0xace2dae6:	call   0xacd190f5 <strcpy@plt+233>
0xace2daeb:	add    $0x644335,%ebx
0xace2daf1:	test   %eax,%eax
0xace2daf3:	jne    0xace2df15
0xace2daf9:	mov    -0x9cc(%ebx),%esi
End of assembler dump.
(gdb) info reg
eax            0x31f0327	52364071
ecx            0x2c37	11319
edx            0x31f0327	52364071
ebx            0xad471e20	-1387848160
esp            0xbfcebec0	0xbfcebec0
ebp            0xbfcebed8	0xbfcebed8
esi            0xab800000	-1417674752
edi            0xab8019b8	-1417668168
eip            0xace2da80	0xace2da80
eflags         0x293	[ CF AF SF IF ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51
(gdb) p *(void **)0x31f0327
Cannot access memory at address 0x31f0327

  Changed 4 years ago by lennart

  • component changed from core to libflashsupport

  Changed 4 years ago by lennart

  • status changed from new to closed
  • resolution set to duplicate

This is actually not a bug in our Plugin, but a major fuckup in Flash. See #267.

Note: See TracTickets for help on using tickets.