Subject: 'realloc(): invalid next size: 0x000055a779ef2170' crash when opening iPod w/ ~12000 tracks
Date: Wed, 13 Mar 2019 12:34:29 -0400
Package: rhythmbox
Version: 3.4.3-2
Severity: important
Dear Maintainer,
* What led up to the situation?
Plugged in a "classic" iPod with ~12000 tracks
Selected it in Rhythmbox's interface
It began reading the tracks ("syncing" appearing on the iPod's display)
Sometime after ~7000 tracks, rhythmbox aborted.
* What exactly did you do (or not do) that was effective (or
ineffective)?
After 2 attempts when started in the GUI, started it from commandline to be able to capture stdout & stderr.
* What was the outcome of this action?
Fault message, backtrace, and memory map, excerpt below:
$ type rhythmbox
rhythmbox is /usr/bin/rhythmbox
$ rhythmbox
(rhythmbox:27828): Rhythmbox-WARNING **: 11:43:48.028: Unable to grab media player keys: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SettingsDaemon.MediaKeys was not provided by any .service files
*** Error in `rhythmbox': realloc(): invalid next size: 0x000055a779ef2170 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7fe1b5391bcb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7fe1b5397f96]
/lib/x86_64-linux-gnu/libc.so.6(+0x7a10c)[0x7fe1b539b10c]
/lib/x86_64-linux-gnu/libc.so.6(realloc+0x159)[0x7fe1b539c6e9]
/usr/lib/x86_64-linux-gnu/libtdb.so.1(+0x6caa)[0x7fe1b2e1ecaa]
/usr/lib/x86_64-linux-gnu/libtdb.so.1(+0x6fab)[0x7fe1b2e1efab]
/usr/lib/x86_64-linux-gnu/libtdb.so.1(tdb_store+0x4e)[0x7fe1b2e1d36e]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(+0xcfc3a)[0x7fe1b6b93c3a]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(rhythmdb_metadata_cache_store+0x129)[0x7fe1b6b946f9]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(+0xc15fb)[0x7fe1b6b855fb]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(+0xec2da)[0x7fe1b6bb02da]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x155)[0x7fe1b5929395]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x4c760)[0x7fe1b5929760]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7fe1b59297ec]
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0(g_application_run+0x1fd)[0x7fe1b28f4cad]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(rb_application_run+0x349)[0x7fe1b6b079b9]
rhythmbox(main+0xb7)[0x55a773a06d97]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fe1b53412b1]
rhythmbox(_start+0x2a)[0x55a773a06dfa]
======= Memory map: ========
55a773a06000-55a773a08000 r-xp 00000000 fe:01 16646749 /usr/bin/rhythmbox
55a773c07000-55a773c08000 r--p 00001000 fe:01 16646749 /usr/bin/rhythmbox
55a773c08000-55a773c09000 rw-p 00002000 fe:01 16646749 /usr/bin/rhythmbox
55a775807000-55a779ff6000 rw-p 00000000 00:00 0 [heap]
7fe1796de000-7fe17a02a000 rw-s 00000000 fe:01 25821306 /usr/local/google/home/korz/.cache/rhythmbox/metadata/generic-player.tdb
7fe17a02a000-7fe17a02b000 ---p 00000000 00:00 0
7fe17a02b000-7fe17a82b000 rw-p 00000000 00:00 0
7fe17ae1e000-7fe17c000000 r--p 00000000 fe:01 20451083 /usr/share/fonts/opentype/noto/NotoSansCJK-Regular.ttc
7fe17c000000-7fe17c022000 rw-p 00000000 00:00 0
7fe17c022000-7fe180000000 ---p 00000000 00:00 0
7fe180000000-7fe180022000 rw-p 00000000 00:00 0
7fe180022000-7fe184000000 ---p 00000000 00:00 0
7fe18447f000-7fe184480000 ---p 00000000 00:00 0
7fe184480000-7fe184c80000 rw-p 00000000 00:00 0
* What outcome did you expect instead?
Previous versions of rhythmbox had been able to sync with and play content from this iPod. Since last used rhythmbox with this iPod sometime in 2018 I've not changed the contents of the iPod.
-- System Information:
Debian Release: rodete
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.20-1rodete1-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages rhythmbox depends on:
ii dbus 1.12.2-1
ii gstreamer1.0-plugins-base 1.14.0-1
ii gstreamer1.0-plugins-good 1.14.0-4
ii gstreamer1.0-x 1.14.0-1
ii libc6 2.24-12
ii libglib2.0-0 2.56.0-4
ii libgstreamer-plugins-base1.0-0 1.14.0-1
ii libgstreamer1.0-0 1.14.0-1
ii libgtk-3-0 3.24.2-3
ii libpeas-1.0-0 1.22.0-1
ii librhythmbox-core10 3.4.3-2
ii libx11-6 2:1.6.7-1
ii media-player-info 23-1
ii rhythmbox-data 3.4.3-2
Versions of packages rhythmbox recommends:
ii avahi-daemon 0.6.32-2
ii cinnamon [notification-daemon] 3.6.7-8
ii gstreamer1.0-plugins-ugly 1.14.0-1
ii gstreamer1.0-pulseaudio 1.14.0-4
ii gvfs-backends 1.30.4-1
ii rhythmbox-plugins 3.4.3-2
ii yelp 3.22.0-1
Versions of packages rhythmbox suggests:
pn gnome-codec-install <none>
ii gnome-control-center 1:3.22.2-3
ii gstreamer1.0-plugins-bad 1.14.0-1
pn rhythmbox-plugin-cdrecorder <none>
-- no debconf information
Acknowledgement sent
to Bernhard Übelacker <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <[email protected]>.
(Tue, 19 Mar 2019 14:30:08 GMT) (full text, mbox, link).
Subject: Re: 'realloc(): invalid next size: 0x000055a779ef2170' crash when
opening iPod w/ ~12000 tracks
Date: Tue, 19 Mar 2019 15:27:17 +0100
Hello Fred Korz,
I just tried to get some more information out of backtrace,
without having an iPod or being involved on packaging rhythmbox...
But am I right this "Debian Release: rodete" is a version
of gLinux - Googles internal rebuild of Debian testing?
Can this be downloaded somewhere?
And are there debug symbols available for installation?
In Debian these packages are available in a separate
repository [1] and are named like this:
rhythmbox-dbgsym librhythmbox-core10-dbgsym libglib2.0-0-dbgsym libtdb1-dbgsym
If yes, you could try to install them and run rhythmbox
like this and provide the output:
gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'run' -ex 'bt' -ex 'detach' -ex 'quit' --args /usr/bin/rhythmbox
As this fault seems to be inside the memory allocator, maybe
setting "export MALLOC_CHECK_=2" might reveal some more details?
Can this fault be reproduced on a plain Debian testing, too?
Kind regards,
Bernhard
[1] https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols
[1] https://stackoverflow.com/questions/6750815/how-to-turn-off-glibc-run-time-protections
Acknowledgement sent
to Fred Korz <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <[email protected]>.
(Tue, 19 Mar 2019 21:03:05 GMT) (full text, mbox, link).
Hello Bernhard,
Now it (a) loads completely without crash from the same iPod (and no
changes there), and (b) does so in <50% as long.
Arrgh! I hate Heisenbugs!!!! It was entirely repeatable last week, 3 for 3.
I've not rebooted since before my report, nor has the rhythmbox package
changed version (3.4.3-2) ,
but any of the dependencies may have been updated by automation.
I installed the debugging symbol packages, then started under gdb, plugged
in the iPod and no load-up crash, plays fine.
I then ejected and ran rhythmbox without gdb, plugged in the iPod, and
again no load-up crash, plays fine.
Some more answers embedded below.
On Tue, Mar 19, 2019 at 10:27 AM Bernhard Übelacker <[email protected]>
wrote:
> Hello Fred Korz,
> I just tried to get some more information out of backtrace,
> without having an iPod or being involved on packaging rhythmbox...
>
> But am I right this "Debian Release: rodete" is a version
> of gLinux - Googles internal rebuild of Debian testing?
> Can this be downloaded somewhere?
>
The name, "rodete", is "ROlling DEbian TEsting" and apparently a pun in
spanish as well.
It is Debian testing but, as I understand it, run through an internal
"sieve" of tests before rolling out a consistent snapshot to users.
It's sort of what would happen if one lagged testing by about 1-2 weeks,
though some packages can be closer to testing's head if urgent.
> And are there debug symbols available for installation?
>
Yes they are. I've installed these debug symbol packages at work and will
install at home tonight.
> In Debian these packages are available in a separate
> repository [1] and are named like this:
>
> rhythmbox-dbgsym librhythmbox-core10-dbgsym libglib2.0-0-dbgsym
> libtdb1-dbgsym
>
> If yes, you could try to install them and run rhythmbox
> like this and provide the output:
>
> gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'run' -ex 'bt'
> -ex 'detach' -ex 'quit' --args /usr/bin/rhythmbox
>
Damn Heisenbug. Blew out 3 times last week, once with a coworker there to
see it. None this time, either with gdb or without.
>
> As this fault seems to be inside the memory allocator, maybe
> setting "export MALLOC_CHECK_=2" might reveal some more details?
>
> Can this fault be reproduced on a plain Debian testing, too?
>
I'll try tonight/tomorrow (20190319/20190320) on a system at home where
I've been running Debian testing for 14+ years now,
usually update nightly, and rarely get burned by something slipping through
from experimental into testing that wasn't quite ready.
It's likely that I'll have to install rhythmbox + symbol packages. I've had
no need for rhythmbox there. That system is where the backup
copy of my music library lives and I use vlc directly from the files, or
serve my library via forked-daapd (successor to firefly / mt-daapd).
> Kind regards,
> Bernhard
>
Thanks for the guidance. I wIll both (a) get back to you with results -
reproduction or Heisenbug - and (b) keep the instructions in case
of some future return of the Heisenbug, hoping to get a better capture.
> [1]
> https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols
> [1]
> https://stackoverflow.com/questions/6750815/how-to-turn-off-glibc-run-time-protections
>
Acknowledgement sent
to Fred Korz <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <[email protected]>.
(Wed, 20 Mar 2019 21:24:07 GMT) (full text, mbox, link).
I loathe Heisenbugs! Sorry for the time waste.
I tried the same IPod on my home system which runs vanilla debian testing
and has the same version (3.4.3-2) of rhythmbox. I could not reproduce the
crash. Neither the rhythm box slowness nor the apparent memory failure
happen.
Thanks for the time and effort chasing this. If it should recur I will be
able to file a better report, hopefully including symbolized backtrace, now
that I've got the debug symbol repository added to sources.list (home box
needed this) and the particular packages you listed installed on both boxes.
On Tue, Mar 19, 2019 at 5:00 PM Fred Korz <[email protected]> wrote:
> Hello Bernhard,
>
> Now it (a) loads completely without crash from the same iPod (and no
> changes there), and (b) does so in <50% as long.
>
> Arrgh! I hate Heisenbugs!!!! It was entirely repeatable last week, 3 for
> 3.
>
> I've not rebooted since before my report, nor has the rhythmbox package
> changed version (3.4.3-2) ,
> but any of the dependencies may have been updated by automation.
>
> I installed the debugging symbol packages, then started under gdb, plugged
> in the iPod and no load-up crash, plays fine.
> I then ejected and ran rhythmbox without gdb, plugged in the iPod, and
> again no load-up crash, plays fine.
>
> Some more answers embedded below.
>
> On Tue, Mar 19, 2019 at 10:27 AM Bernhard Übelacker <[email protected]>
> wrote:
>
>> Hello Fred Korz,
>> I just tried to get some more information out of backtrace,
>> without having an iPod or being involved on packaging rhythmbox...
>>
>> But am I right this "Debian Release: rodete" is a version
>> of gLinux - Googles internal rebuild of Debian testing?
>> Can this be downloaded somewhere?
>>
>
> The name, "rodete", is "ROlling DEbian TEsting" and apparently a pun in
> spanish as well.
> It is Debian testing but, as I understand it, run through an internal
> "sieve" of tests before rolling out a consistent snapshot to users.
> It's sort of what would happen if one lagged testing by about 1-2 weeks,
> though some packages can be closer to testing's head if urgent.
>
>
>> And are there debug symbols available for installation?
>>
>
> Yes they are. I've installed these debug symbol packages at work and will
> install at home tonight.
>
>
>> In Debian these packages are available in a separate
>> repository [1] and are named like this:
>>
>> rhythmbox-dbgsym librhythmbox-core10-dbgsym libglib2.0-0-dbgsym
>> libtdb1-dbgsym
>>
>> If yes, you could try to install them and run rhythmbox
>> like this and provide the output:
>>
>> gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'run' -ex 'bt'
>> -ex 'detach' -ex 'quit' --args /usr/bin/rhythmbox
>>
>
> Damn Heisenbug. Blew out 3 times last week, once with a coworker there to
> see it. None this time, either with gdb or without.
>
>
>>
>> As this fault seems to be inside the memory allocator, maybe
>> setting "export MALLOC_CHECK_=2" might reveal some more details?
>>
>> Can this fault be reproduced on a plain Debian testing, too?
>>
>
> I'll try tonight/tomorrow (20190319/20190320) on a system at home where
> I've been running Debian testing for 14+ years now,
> usually update nightly, and rarely get burned by something slipping
> through from experimental into testing that wasn't quite ready.
>
> It's likely that I'll have to install rhythmbox + symbol packages. I've
> had no need for rhythmbox there. That system is where the backup
> copy of my music library lives and I use vlc directly from the files, or
> serve my library via forked-daapd (successor to firefly / mt-daapd).
>
>
>> Kind regards,
>> Bernhard
>>
>
> Thanks for the guidance. I wIll both (a) get back to you with results -
> reproduction or Heisenbug - and (b) keep the instructions in case
> of some future return of the Heisenbug, hoping to get a better capture.
>
>
>> [1]
>> https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols
>> [1]
>> https://stackoverflow.com/questions/6750815/how-to-turn-off-glibc-run-time-protections
>>
>
Acknowledgement sent
to Bernhard Übelacker <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <[email protected]>.
(Sun, 24 Mar 2019 13:51:05 GMT) (full text, mbox, link).
Subject: Re: Bug#924496: 'realloc(): invalid next size: 0x000055a779ef2170'
crash when opening iPod w/ ~12000 tracks
Date: Sun, 24 Mar 2019 14:49:38 +0100
Control: tags + 924496 unreproducible
Hello Fred,
Am 20.03.19 um 22:22 schrieb Fred Korz:
> I loathe Heisenbugs! Sorry for the time waste.
>
> I tried the same IPod on my home system which runs vanilla debian
> testing and has the same version (3.4.3-2) of rhythmbox. I could not
> reproduce the crash. Neither the rhythm box slowness nor the apparent
> memory failure happen.
Yes, such bugs are not that much fun. ;-)
> Can this be downloaded somewhere?
>
> The name, "rodete", is "ROlling DEbian TEsting"
...
>
> And are there debug symbols available for installation?
>
> Yes they are. I've installed these debug symbol packages at work
> and will install at home tonight.
I just wanted to ask if it can be downloaded publicly,
because with access to rodete's binary and debug symbol packages,
one may be able still get some more information from the backtrace
in your first message. Because in rodete the packages seem to be rebuilt,
it's not possible to use the Debian packages.
But in this case the information retrieved that way may not be that
important, because "invalid next size" might translate to "the bug
happened already some realloc/free calls before".
Kind regards,
Bernhard
Acknowledgement sent
to crvi c <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <[email protected]>.
(Tue, 16 Mar 2021 08:30:03 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.