Bug#924496: 'realloc(): invalid next size: 0x000055a779ef2170' crash when opening iPod w/ ~12000 tracks
Control: tags + 924496 unreproducible Hello Fred, Am 20.03.19 um 22:22 schrieb Fred Korz: > I loathe Heisenbugs! Sorry for the time waste. > > I tried the same IPod on my home system which runs vanilla debian > testing and has the same version (3.4.3-2) of rhythmbox. I could not > reproduce the crash. Neither the rhythm box slowness nor the apparent > memory failure happen. Yes, such bugs are not that much fun. ;-) > Can this be downloaded somewhere? > > The name, "rodete", is "ROlling DEbian TEsting" ... > > And are there debug symbols available for installation? > > Yes they are. I've installed these debug symbol packages at work > and will install at home tonight. I just wanted to ask if it can be downloaded publicly, because with access to rodete's binary and debug symbol packages, one may be able still get some more information from the backtrace in your first message. Because in rodete the packages seem to be rebuilt, it's not possible to use the Debian packages. But in this case the information retrieved that way may not be that important, because "invalid next size" might translate to "the bug happened already some realloc/free calls before". Kind regards, Bernhard
Bug#924496: 'realloc(): invalid next size: 0x000055a779ef2170' crash when opening iPod w/ ~12000 tracks
I loathe Heisenbugs! Sorry for the time waste. I tried the same IPod on my home system which runs vanilla debian testing and has the same version (3.4.3-2) of rhythmbox. I could not reproduce the crash. Neither the rhythm box slowness nor the apparent memory failure happen. Thanks for the time and effort chasing this. If it should recur I will be able to file a better report, hopefully including symbolized backtrace, now that I've got the debug symbol repository added to sources.list (home box needed this) and the particular packages you listed installed on both boxes. On Tue, Mar 19, 2019 at 5:00 PM Fred Korz wrote: > Hello Bernhard, > > Now it (a) loads completely without crash from the same iPod (and no > changes there), and (b) does so in <50% as long. > > Arrgh! I hate Heisenbugs It was entirely repeatable last week, 3 for > 3. > > I've not rebooted since before my report, nor has the rhythmbox package > changed version (3.4.3-2) , > but any of the dependencies may have been updated by automation. > > I installed the debugging symbol packages, then started under gdb, plugged > in the iPod and no load-up crash, plays fine. > I then ejected and ran rhythmbox without gdb, plugged in the iPod, and > again no load-up crash, plays fine. > > Some more answers embedded below. > > On Tue, Mar 19, 2019 at 10:27 AM Bernhard Übelacker > wrote: > >> Hello Fred Korz, >> I just tried to get some more information out of backtrace, >> without having an iPod or being involved on packaging rhythmbox... >> >> But am I right this "Debian Release: rodete" is a version >> of gLinux - Googles internal rebuild of Debian testing? >> Can this be downloaded somewhere? >> > > The name, "rodete", is "ROlling DEbian TEsting" and apparently a pun in > spanish as well. > It is Debian testing but, as I understand it, run through an internal > "sieve" of tests before rolling out a consistent snapshot to users. > It's sort of what would happen if one lagged testing by about 1-2 weeks, > though some packages can be closer to testing's head if urgent. > > >> And are there debug symbols available for installation? >> > > Yes they are. I've installed these debug symbol packages at work and will > install at home tonight. > > >> In Debian these packages are available in a separate >> repository [1] and are named like this: >> >> rhythmbox-dbgsym librhythmbox-core10-dbgsym libglib2.0-0-dbgsym >> libtdb1-dbgsym >> >> If yes, you could try to install them and run rhythmbox >> like this and provide the output: >> >> gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'run' -ex 'bt' >> -ex 'detach' -ex 'quit' --args /usr/bin/rhythmbox >> > > Damn Heisenbug. Blew out 3 times last week, once with a coworker there to > see it. None this time, either with gdb or without. > > >> >> As this fault seems to be inside the memory allocator, maybe >> setting "export MALLOC_CHECK_=2" might reveal some more details? >> >> Can this fault be reproduced on a plain Debian testing, too? >> > > I'll try tonight/tomorrow (20190319/20190320) on a system at home where > I've been running Debian testing for 14+ years now, > usually update nightly, and rarely get burned by something slipping > through from experimental into testing that wasn't quite ready. > > It's likely that I'll have to install rhythmbox + symbol packages. I've > had no need for rhythmbox there. That system is where the backup > copy of my music library lives and I use vlc directly from the files, or > serve my library via forked-daapd (successor to firefly / mt-daapd). > > >> Kind regards, >> Bernhard >> > > Thanks for the guidance. I wIll both (a) get back to you with results - > reproduction or Heisenbug - and (b) keep the instructions in case > of some future return of the Heisenbug, hoping to get a better capture. > > >> [1] >> https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols >> [1] >> https://stackoverflow.com/questions/6750815/how-to-turn-off-glibc-run-time-protections >> >
Bug#924496: 'realloc(): invalid next size: 0x000055a779ef2170' crash when opening iPod w/ ~12000 tracks
Hello Bernhard, Now it (a) loads completely without crash from the same iPod (and no changes there), and (b) does so in <50% as long. Arrgh! I hate Heisenbugs It was entirely repeatable last week, 3 for 3. I've not rebooted since before my report, nor has the rhythmbox package changed version (3.4.3-2) , but any of the dependencies may have been updated by automation. I installed the debugging symbol packages, then started under gdb, plugged in the iPod and no load-up crash, plays fine. I then ejected and ran rhythmbox without gdb, plugged in the iPod, and again no load-up crash, plays fine. Some more answers embedded below. On Tue, Mar 19, 2019 at 10:27 AM Bernhard Übelacker wrote: > Hello Fred Korz, > I just tried to get some more information out of backtrace, > without having an iPod or being involved on packaging rhythmbox... > > But am I right this "Debian Release: rodete" is a version > of gLinux - Googles internal rebuild of Debian testing? > Can this be downloaded somewhere? > The name, "rodete", is "ROlling DEbian TEsting" and apparently a pun in spanish as well. It is Debian testing but, as I understand it, run through an internal "sieve" of tests before rolling out a consistent snapshot to users. It's sort of what would happen if one lagged testing by about 1-2 weeks, though some packages can be closer to testing's head if urgent. > And are there debug symbols available for installation? > Yes they are. I've installed these debug symbol packages at work and will install at home tonight. > In Debian these packages are available in a separate > repository [1] and are named like this: > > rhythmbox-dbgsym librhythmbox-core10-dbgsym libglib2.0-0-dbgsym > libtdb1-dbgsym > > If yes, you could try to install them and run rhythmbox > like this and provide the output: > > gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'run' -ex 'bt' > -ex 'detach' -ex 'quit' --args /usr/bin/rhythmbox > Damn Heisenbug. Blew out 3 times last week, once with a coworker there to see it. None this time, either with gdb or without. > > As this fault seems to be inside the memory allocator, maybe > setting "export MALLOC_CHECK_=2" might reveal some more details? > > Can this fault be reproduced on a plain Debian testing, too? > I'll try tonight/tomorrow (20190319/20190320) on a system at home where I've been running Debian testing for 14+ years now, usually update nightly, and rarely get burned by something slipping through from experimental into testing that wasn't quite ready. It's likely that I'll have to install rhythmbox + symbol packages. I've had no need for rhythmbox there. That system is where the backup copy of my music library lives and I use vlc directly from the files, or serve my library via forked-daapd (successor to firefly / mt-daapd). > Kind regards, > Bernhard > Thanks for the guidance. I wIll both (a) get back to you with results - reproduction or Heisenbug - and (b) keep the instructions in case of some future return of the Heisenbug, hoping to get a better capture. > [1] > https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols > [1] > https://stackoverflow.com/questions/6750815/how-to-turn-off-glibc-run-time-protections >
Bug#924496: 'realloc(): invalid next size: 0x000055a779ef2170' crash when opening iPod w/ ~12000 tracks
Hello Fred Korz, I just tried to get some more information out of backtrace, without having an iPod or being involved on packaging rhythmbox... But am I right this "Debian Release: rodete" is a version of gLinux - Googles internal rebuild of Debian testing? Can this be downloaded somewhere? And are there debug symbols available for installation? In Debian these packages are available in a separate repository [1] and are named like this: rhythmbox-dbgsym librhythmbox-core10-dbgsym libglib2.0-0-dbgsym libtdb1-dbgsym If yes, you could try to install them and run rhythmbox like this and provide the output: gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'run' -ex 'bt' -ex 'detach' -ex 'quit' --args /usr/bin/rhythmbox As this fault seems to be inside the memory allocator, maybe setting "export MALLOC_CHECK_=2" might reveal some more details? Can this fault be reproduced on a plain Debian testing, too? Kind regards, Bernhard [1] https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols [1] https://stackoverflow.com/questions/6750815/how-to-turn-off-glibc-run-time-protections
Bug#924496: 'realloc(): invalid next size: 0x000055a779ef2170' crash when opening iPod w/ ~12000 tracks
Package: rhythmbox
Version: 3.4.3-2
Severity: important
Dear Maintainer,
* What led up to the situation?
Plugged in a "classic" iPod with ~12000 tracks
Selected it in Rhythmbox's interface
It began reading the tracks ("syncing" appearing on the iPod's display)
Sometime after ~7000 tracks, rhythmbox aborted.
* What exactly did you do (or not do) that was effective (or
ineffective)?
After 2 attempts when started in the GUI, started it from commandline to be
able to capture stdout & stderr.
* What was the outcome of this action?
Fault message, backtrace, and memory map, excerpt below:
$ type rhythmbox
rhythmbox is /usr/bin/rhythmbox
$ rhythmbox
(rhythmbox:27828): Rhythmbox-WARNING **: 11:43:48.028: Unable to grab media
player keys: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name
org.gnome.SettingsDaemon.MediaKeys was not provided by any .service files
*** Error in `rhythmbox': realloc(): invalid next size: 0x55a779ef2170 ***
=== Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7fe1b5391bcb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7fe1b5397f96]
/lib/x86_64-linux-gnu/libc.so.6(+0x7a10c)[0x7fe1b539b10c]
/lib/x86_64-linux-gnu/libc.so.6(realloc+0x159)[0x7fe1b539c6e9]
/usr/lib/x86_64-linux-gnu/libtdb.so.1(+0x6caa)[0x7fe1b2e1ecaa]
/usr/lib/x86_64-linux-gnu/libtdb.so.1(+0x6fab)[0x7fe1b2e1efab]
/usr/lib/x86_64-linux-gnu/libtdb.so.1(tdb_store+0x4e)[0x7fe1b2e1d36e]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(+0xcfc3a)[0x7fe1b6b93c3a]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(rhythmdb_metadata_cache_store+0x129)[0x7fe1b6b946f9]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(+0xc15fb)[0x7fe1b6b855fb]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(+0xec2da)[0x7fe1b6bb02da]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x155)[0x7fe1b5929395]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x4c760)[0x7fe1b5929760]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7fe1b59297ec]
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0(g_application_run+0x1fd)[0x7fe1b28f4cad]
/usr/lib/x86_64-linux-gnu/librhythmbox-core.so.10(rb_application_run+0x349)[0x7fe1b6b079b9]
rhythmbox(main+0xb7)[0x55a773a06d97]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fe1b53412b1]
rhythmbox(_start+0x2a)[0x55a773a06dfa]
=== Memory map:
55a773a06000-55a773a08000 r-xp fe:01 16646749
/usr/bin/rhythmbox
55a773c07000-55a773c08000 r--p 1000 fe:01 16646749
/usr/bin/rhythmbox
55a773c08000-55a773c09000 rw-p 2000 fe:01 16646749
/usr/bin/rhythmbox
55a775807000-55a779ff6000 rw-p 00:00 0 [heap]
7fe1796de000-7fe17a02a000 rw-s fe:01 25821306
/usr/local/google/home/korz/.cache/rhythmbox/metadata/generic-player.tdb
7fe17a02a000-7fe17a02b000 ---p 00:00 0
7fe17a02b000-7fe17a82b000 rw-p 00:00 0
7fe17ae1e000-7fe17c00 r--p fe:01 20451083
/usr/share/fonts/opentype/noto/NotoSansCJK-Regular.ttc
7fe17c00-7fe17c022000 rw-p 00:00 0
7fe17c022000-7fe18000 ---p 00:00 0
7fe18000-7fe180022000 rw-p 00:00 0
7fe180022000-7fe18400 ---p 00:00 0
7fe18447f000-7fe18448 ---p 00:00 0
7fe18448-7fe184c8 rw-p 00:00 0
* What outcome did you expect instead?
Previous versions of rhythmbox had been able to sync with and play content from
this iPod. Since last used rhythmbox with this iPod sometime in 2018 I've not
changed the contents of the iPod.
-- System Information:
Debian Release: rodete
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.20-1rodete1-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages rhythmbox depends on:
ii dbus1.12.2-1
ii gstreamer1.0-plugins-base 1.14.0-1
ii gstreamer1.0-plugins-good 1.14.0-4
ii gstreamer1.0-x 1.14.0-1
ii libc6 2.24-12
ii libglib2.0-02.56.0-4
ii libgstreamer-plugins-base1.0-0 1.14.0-1
ii libgstreamer1.0-0 1.14.0-1
ii libgtk-3-0 3.24.2-3
ii libpeas-1.0-0 1.22.0-1
ii librhythmbox-core10 3.4.3-2
ii libx11-62:1.6.7-1
ii media-player-info 23-1
ii rhythmbox-data 3.4.3-2
Versions of packages rhythmbox recommends:
ii avahi-daemon0.6.32-2
ii cinnamon [notification-daemon] 3.6.7-8
ii gstreamer1.0-plugins-ugly 1.14.0-1
ii gstreamer1.0-pulseaudio 1.14.0-4
ii gvfs-backends 1.30.4-1
ii rhythmbox-plugins 3.4.3-2
ii yelp
