GNOME Bugzilla – Bug 764924
Segfault in tracker-extract
Last modified: 2016-05-05 21:54:46 UTC
Happens on boot on the latest version of Arch Linux: enca 1.8.0 tracker 1.8.0-2 (gnome) Note: This might be a bug in libenca If you need more info please ask. If you want the full coredump please provide a non-public way (email maybe) to do so as there is sensitive info in it. Applications that have broken that I have found: Rhythmbox cant play music. dmesg: [ 45.283917] tracker-extract[1115]: segfault at 7fc276755000 ip 00007fc2c700d8c0 sp 00007fff3c8b2788 error 4 in libenca.so.0.5.1[7fc2c6fff000+2d000] gdb bt: [kurt@kc-x64architecture ~]$ sudo coredumpctl gdb 1115 PID: 1115 (tracker-extract) UID: 1000 (kurt) GID: 1000 (kurt) Signal: 11 (SEGV) Timestamp: Mon 2016-04-11 20:04:16 EDT (20s ago) Command Line: /usr/lib/tracker/tracker-extract Executable: /usr/lib/tracker/tracker-extract Control Group: /user.slice/user-1000.slice/session-c4.scope Unit: session-c4.scope Slice: user-1000.slice Session: c4 Owner UID: 1000 (kurt) Boot ID: 6838a9e3b5b8470d98437da96502a83c Machine ID: bf66ee7e00694ec481e9564ee82c651e Hostname: kc-x64architecture Coredump: /var/lib/systemd/coredump/core.tracker-extract.1000.6838a9e3b5b8470d98437da96502a83c.1115.1460419456000000000000.lz4 Message: Process 1115 (tracker-extract) of user 1000 dumped core. Stack trace of thread 1115: #0 0x00007fc2c700d8c0 count_characters (libenca.so.0) #1 0x00007fc2c700dca1 make_guess (libenca.so.0) #2 0x00007fc2c700ea58 enca_analyse_const (libenca.so.0) #3 0x00007fc2c9abc1cd tracker_encoding_guess_enca (libtracker-extract.so.0) #4 0x00007fc2c9ab52e8 tracker_encoding_guess (libtracker-extract.so.0) #5 0x00007fc27674f9d8 get_encoding (libextract-mp3.so) #6 0x00007fc27674fafd convert_to_encoding (libextract-mp3.so) #7 0x00007fc27674f213 get_id3v24_tags (libextract-mp3.so) #8 0x00007fc276752a78 parse_id3v24 (libextract-mp3.so) #9 0x000000000040b10e get_file_metadata (tracker-extract) #10 0x000000000040b243 get_metadata (tracker-extract) #11 0x000000000040b480 dispatch_task_cb (tracker-extract) #12 0x00007fc2c8716dba g_main_context_dispatch (libglib-2.0.so.0) #13 0x00007fc2c8717160 n/a (libglib-2.0.so.0) #14 0x00007fc2c8717482 g_main_loop_run (libglib-2.0.so.0) #15 0x0000000000409b14 main (tracker-extract) #16 0x00007fc2c812f710 __libc_start_main (libc.so.6) #17 0x0000000000409ba9 _start (tracker-extract) Stack trace of thread 1291: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1292: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1118: #0 0x00007fc2c81edc3d poll (libc.so.6) #1 0x00007fc2c87170fc n/a (libglib-2.0.so.0) #2 0x00007fc2c871720c g_main_context_iteration (libglib-2.0.so.0) #3 0x00007fc2c01d943d n/a (libdconfsettings.so) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1309: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875bafa g_cond_wait_until (libglib-2.0.so.0) #2 0x00007fc2c86eb929 n/a (libglib-2.0.so.0) #3 0x00007fc2c873e2e6 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1300: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875bafa g_cond_wait_until (libglib-2.0.so.0) #2 0x00007fc2c86eb929 n/a (libglib-2.0.so.0) #3 0x00007fc2c873e2e6 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1311: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875bafa g_cond_wait_until (libglib-2.0.so.0) #2 0x00007fc2c86eb929 n/a (libglib-2.0.so.0) #3 0x00007fc2c873e2e6 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1288: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1294: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1296: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1119: #0 0x00007fc2c81edc3d poll (libc.so.6) #1 0x00007fc2c87170fc n/a (libglib-2.0.so.0) #2 0x00007fc2c871720c g_main_context_iteration (libglib-2.0.so.0) #3 0x00007fc2c8717249 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1297: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1290: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1295: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1307: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875bafa g_cond_wait_until (libglib-2.0.so.0) #2 0x00007fc2c86eb929 n/a (libglib-2.0.so.0) #3 0x00007fc2c873e2e6 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1289: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1293: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875b9df g_cond_wait (libglib-2.0.so.0) #2 0x00007fc2c86eb96b n/a (libglib-2.0.so.0) #3 0x00007fc2c873e365 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1310: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875bafa g_cond_wait_until (libglib-2.0.so.0) #2 0x00007fc2c86eb929 n/a (libglib-2.0.so.0) #3 0x00007fc2c873e2e6 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1308: #0 0x00007fc2c81f27f9 syscall (libc.so.6) #1 0x00007fc2c875bafa g_cond_wait_until (libglib-2.0.so.0) #2 0x00007fc2c86eb929 n/a (libglib-2.0.so.0) #3 0x00007fc2c873e2e6 n/a (libglib-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) Stack trace of thread 1120: #0 0x00007fc2c81edc3d poll (libc.so.6) #1 0x00007fc2c87170fc n/a (libglib-2.0.so.0) #2 0x00007fc2c8717482 g_main_loop_run (libglib-2.0.so.0) #3 0x00007fc2c936c6d6 n/a (libgio-2.0.so.0) #4 0x00007fc2c873d975 n/a (libglib-2.0.so.0) #5 0x00007fc2c84b7424 start_thread (libpthread.so.0) #6 0x00007fc2c81f6cbd __clone (libc.so.6) GNU gdb (GDB) 7.11 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/lib/tracker/tracker-extract...done. [New LWP 1115] [New LWP 1291] [New LWP 1292] [New LWP 1118] [New LWP 1309] [New LWP 1300] [New LWP 1311] [New LWP 1288] [New LWP 1294] [New LWP 1296] [New LWP 1119] [New LWP 1297] [New LWP 1290] [New LWP 1295] [New LWP 1307] [New LWP 1289] [New LWP 1293] [New LWP 1310] [New LWP 1308] [New LWP 1120] warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". Core was generated by `/usr/lib/tracker/tracker-extract'. Program terminated with signal SIGSEGV, Segmentation fault.
+ Trace 236175
Bug report link to libenca: https://github.com/nijel/enca/issues/18
Downgrading libenca to 1.16 solves the problem, but it still could be related to tracker-extract.
Update Downgrading libenca to 1.16 (The previous Arch Linux version) solves the segfault but rhythmbox still doesn't work.
This is only affects mp3s as far as I know.
Please disregard comments 2-4 that was another issue that I fixed. The problem goes away when downgrading libenca to 1.16.
Downgrading libenca doesn't work that was just a coincidence. Disregard comments 2-5.
Thanks for the bug report. The rhythmbox issue indeed seems unrelated, it doesn't use Tracker whatsoever (gnome-music does though). Reading the libenca bug report you pasted, I'll trust the enca developers in that it's not be caused by 1.16->1.18. Although It's quite strange, this specific code has been also unchanged for a long time in the Tracker side. If you still have the coredump around or if you can still reproduce, feel free to send it to the email in my account. I'm most interested in what string is being passed in: #4 0x00007fc2c9ab52e8 tracker_encoding_guess (libtracker-extract.so.0) If you identified an specific file that triggers this failure, it would be great if you could send also one such sample to me, you can run tracker-extract on individual files through: /usr/lib/tracker/tracker-extract -f ~/Music/.../file.mp3
I received a testing file privately and was able to reproduce the bug. I'm attaching here the patch that will go to master/tracker-1.8
Created attachment 327360 [details] [review] tracker-extract-mp3: Prevent possible crashes on 0-len comments Files may contain a COMM frame that turns out to have a 0-len string, in our calculations the length comes out as -1, which turns out very wrong.
The patch is now in git. If you could try it and double check you get no more crashes, that'd be great. If you see further crashes, feel free to reopen or file new bugs as appropriate. Attachment 327360 [details] pushed as 30c4c84 - tracker-extract-mp3: Prevent possible crashes on 0-len comments
I can verify that the issue is fixed by the attached patch. Thanks for the quick fix!