Bug 301208

Summary:	amarok crashes when ejecting an iPod after stopping a collection transfer
Product:	[Applications] amarok	Reporter:	Piotr Keplicz <keplicz>
Component:	Collections/iPod iPhone	Assignee:	Amarok Developers <amarok-bugs-dist>
Status:	RESOLVED FIXED
Severity:	normal	CC:	matej
Priority:	NOR
Version:	2.5-git
Target Milestone:	2.6
Platform:	unspecified
OS:	Linux
Latest Commit:	http://commits.kde.org/amarok/49827e90451d1e803c5b3c1a1b862b05b6afd50d	Version Fixed In:	2.6
Sentry Crash Report:

Description Piotr Keplicz 2012-06-05 11:17:24 UTC

Amarok crashed when ejecting an iPod (from withing Amarok), after stopping a track transfer.



Reproducible: Always

Steps to Reproduce:
1. Attempt to transfer a large collection to an iPod.
2. Stop it.
3. Eject the device using Amarok's menu.
Actual Results:  
Amarok crashes.

Expected Results:  
Amarok doesn't crash.

Backtrace: 

Thread 5 (Thread 0xa5efeb40 (LWP 21765)):
[KCrash Handler]
#7  0x00601416 in __kernel_vsyscall ()
#8  0x0128d1ef in raise () from /lib/i386-linux-gnu/libc.so.6
#9  0x01290835 in abort () from /lib/i386-linux-gnu/libc.so.6
#10 0x012c82fa in ?? () from /lib/i386-linux-gnu/libc.so.6
#11 0x012d2e42 in ?? () from /lib/i386-linux-gnu/libc.so.6
#12 0x01defccb in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#13 0x01deff50 in g_free () from /lib/i386-linux-gnu/libglib-2.0.so.0
#14 0x0644885f in itdb_thumb_free () from /usr/lib/libgpod.so.4
#15 0x0644de13 in ?? () from /usr/lib/libgpod.so.4
#16 0x06429ee1 in ?? () from /usr/lib/libgpod.so.4
#17 0x06439e9c in ?? () from /usr/lib/libgpod.so.4
#18 0x0643b237 in itdb_write () from /usr/lib/libgpod.so.4
#19 0x08426c7c in IpodCollection::writeDatabase (this=0x90c9aa8) at /home/keplicz/download/amarok/src/core-impl/collections/ipodcollection/IpodCollection.cpp:625
#20 0x0844870d in IpodWriteDatabaseJob::run (this=0xa01b970) at /home/keplicz/download/amarok/src/core-impl/collections/ipodcollection/jobs/IpodWriteDatabaseJob.cpp:30
#21 0x007c0f03 in ThreadWeaver::JobRunHelper::runTheJob (this=0xa5efe21c, th=0x95904a0, job=0xa01b970) at ../../../threadweaver/Weaver/Job.cpp:106
#22 0x007c10a3 in ThreadWeaver::Job::execute (this=0xa01b970, th=0x95904a0) at ../../../threadweaver/Weaver/Job.cpp:135
#23 0x007c04b2 in ThreadWeaver::ThreadRunHelper::run (this=0xa5efe2a4, parent=0x9212b28, th=0x95904a0) at ../../../threadweaver/Weaver/Thread.cpp:95
#24 0x007c059a in ThreadWeaver::Thread::run (this=0x95904a0) at ../../../threadweaver/Weaver/Thread.cpp:142
#25 0x02d24de0 in QThreadPrivate::start (arg=0x95904a0) at thread/qthread_unix.cpp:298
#26 0x007d3d4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#27 0x01349ace in clone () from /lib/i386-linux-gnu/libc.so.6

Diagnostic output:
*** glibc detected *** amarok: free(): invalid pointer: 0xa07f57a8 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x73e42)[0x12d2e42]
/lib/i386-linux-gnu/libglib-2.0.so.0(+0x4cccb)[0x1defccb]
/lib/i386-linux-gnu/libglib-2.0.so.0(g_free+0x20)[0x1deff50]
/usr/lib/libgpod.so.4(itdb_thumb_free+0x2f)[0x644885f]
/usr/lib/libgpod.so.4(+0x32e13)[0x644de13]
/usr/lib/libgpod.so.4(+0xeee1)[0x6429ee1]
/usr/lib/libgpod.so.4(+0x1ee9c)[0x6439e9c]
/usr/lib/libgpod.so.4(itdb_write+0x97)[0x643b237]
/usr/lib/kde4/amarok_collection-ipodcollection.so(+0x11c7c)[0x8426c7c]
/usr/lib/kde4/amarok_collection-ipodcollection.so(+0x3370d)[0x844870d]
/usr/lib/libthreadweaver.so.4(+0x9f03)[0x7c0f03]
/usr/lib/libthreadweaver.so.4(_ZN12ThreadWeaver3Job7executeEPNS_6ThreadE+0xe3)[0x7c10a3]
/usr/lib/libthreadweaver.so.4(+0x94b2)[0x7c04b2]
/usr/lib/libthreadweaver.so.4(_ZN12ThreadWeaver6Thread3runEv+0xaa)[0x7c059a]
/usr/lib/i386-linux-gnu/libQtCore.so.4(+0x67de0)[0x2d24de0]
/lib/i386-linux-gnu/libpthread.so.0(+0x6d4c)[0x7d3d4c]
/lib/i386-linux-gnu/libc.so.6(clone+0x5e)[0x1349ace]

Amarok's debug output:
amarok:   cancelling operation:  "Copying 6 750 tracks to kiemlopod: Classic (Silver)" 
amarok: END__: void ProgressBar::cancel() [Took: 0.002s] 
amarok: BEGIN: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) 
amarok:   [CollectionTreeItemModelBase] Received special data:  7 
amarok: END__: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) [Took: 0.003s] 
amarok: BEGIN: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) 
amarok:   [CollectionTreeItemModelBase] Received special data:  3 
amarok: END__: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) [Took: 0.002s] 
amarok: BEGIN: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) 
amarok:   [CollectionTreeItemModelBase] Received special data:  0 
amarok: END__: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) [Took: 0s] 
amarok: BEGIN: void Collections::CollectionLocation::slotFinishCopy() 
amarok: END__: void Collections::CollectionLocation::slotFinishCopy() [Took: 0.005s] 
amarok: BEGIN: LongMessageWidget::LongMessageWidget(QWidget*, const QString&, Amarok::Logger::MessageType) 
amarok: END__: LongMessageWidget::LongMessageWidget(QWidget*, const QString&, Amarok::Logger::MessageType) [Took: 0.009s] 
amarok: BEGIN: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) 
amarok:   [CollectionTreeItemModelBase] Received special data:  7 
amarok: END__: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) [Took: 0s] 
amarok: BEGIN: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) 
amarok:   [CollectionTreeItemModelBase] Received special data:  3 
amarok: END__: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) [Took: 0.001s] 
amarok: BEGIN: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) 
amarok:   [CollectionTreeItemModelBase] Received special data:  0 
amarok: END__: void CollectionTreeItemModelBase::handleSpecialQueryResult(CollectionTreeItem::Type, Collections::QueryMaker*, const DataList&) [Took: 0s] 
amarok: [SqlRegistry]   albums: 7 (-796) of 803 cached 
amarok: [SqlRegistry]  artists: 322 (-77) of 408 cached 
amarok: [SqlRegistry]   genres: 0 (-58) of 58 cached    
amarok: [SqlRegistry]   tracks: 0 (-6750) of 6750 cached 
amarok: BEGIN: void ProgressWidget::redrawBookmarks(const QString*) 
amarok:   BEGIN: void Amarok::TimeSlider::clearTriangles() 
amarok:   END__: void Amarok::TimeSlider::clearTriangles() [Took: 0s] 
amarok: END__: void ProgressWidget::redrawBookmarks(const QString*) [Took: 0s] 
amarok: QSize(94, 36) 
amarok: setting layout to QRectF(0,0 92x34) 
amarok: BEGIN: virtual PopupWidget::~PopupWidget() 
amarok: END__: virtual PopupWidget::~PopupWidget() [Took: 0s] 
amarok: BEGIN: virtual void CollectionTreeItemModel::collectionRemoved(const QString&) 
amarok:   [CollectionTreeItemModel] Removed collection id: "amarok-ipodtrackuid://3141-5926" 
amarok: END__: virtual void CollectionTreeItemModel::collectionRemoved(const QString&) [Took: 0s] 
amarok: BEGIN: virtual void CollectionTreeItemModel::collectionRemoved(const QString&) 
amarok:   [CollectionTreeItemModel] Removed collection id: "amarok-ipodtrackuid://3141-5926" 
amarok: END__: virtual void CollectionTreeItemModel::collectionRemoved(const QString&) [Took: 0s] 
amarok: BEGIN: virtual IpodCollection::~IpodCollection() 
amarok:   BEGIN: void PlaylistManager::removeProvider(Playlists::PlaylistProvider*) 
amarok:     BEGIN: void PlaylistsByProviderProxy::slotProviderRemoved(Playlists::PlaylistProvider*, int) 
amarok:     END__: void PlaylistsByProviderProxy::slotProviderRemoved(Playlists::PlaylistProvider*, int) [Took: 0s] 
amarok:     BEGIN: void PlaylistsByProviderProxy::slotProviderRemoved(Playlists::PlaylistProvider*, int) 
amarok:     END__: void PlaylistsByProviderProxy::slotProviderRemoved(Playlists::PlaylistProvider*, int) [Took: 0s] 
amarok:     [PlaylistBrowserModel] 1  playlists for category  1 
amarok:   END__: void PlaylistManager::removeProvider(Playlists::PlaylistProvider*) [Took: 0.006s] 
amarok: END__: virtual IpodCollection::~IpodCollection() [Took: 0.008s] 

** (amarok:21754): CRITICAL **: pack_RGB_565: assertion `img_info->height < G_MAXUINT/(2*dest_width)' failed
KCrash: Application 'amarok' crashing...
KCrash: Attempting to start /usr/lib/kde4/libexec/drkonqi from kdeinit

Comment 1 Matěj Laitl 2012-06-05 11:24:10 UTC

What exact git revision are you using? (`git describe`) There was a potential fix to this in:
5301ebef4fd IpodCollection: prevent crash on early disconnect and double-freeing (2012-06-03 12:51:52)

If you still can reproduce this with current git, please install debugging symbols for glib, glibc, libgpod and repost your backtrace.

Comment 2 Piotr Keplicz 2012-06-05 12:52:07 UTC

I'll try to get back with more details. 

The crash happened when I clicked the "eject" button the second time, while Amarok was already busy ejecting the device.

Comment 3 Matěj Laitl 2012-06-05 13:26:09 UTC

(In reply to comment #2)
> The crash happened when I clicked the "eject" button the second time, while
> Amarok was already busy ejecting the device.

Please don't spit information in small parts, that makes programmers unproductive. :-)

When you submit information I want in 301208#c1, please pull and rebuild to have at least v2.5.90-12-gaa913a5 (`git describe`). When submitting bactrace, submit it for all threads, as DrKonqi does (thread apply all bt 30) and also post last 2 (or so) screens of Amarok --debug output.

Comment 4 Matěj Laitl 2012-06-05 14:50:53 UTC

Git commit 49827e90451d1e803c5b3c1a1b862b05b6afd50d by Matěj Laitl.
Committed on 05/06/2012 at 16:47.
Pushed by laitl into branch 'master'.

IpodCollection: don't crash when ejecting while the db is being written

Piotr, I think this solves your crash, can you please pull, rebuild &
re-test? Let me know whether the crash is fixed or not.
FIXED-IN: 2.6

M  +1    -0    ChangeLog
M  +33   -4    src/core-impl/collections/ipodcollection/IpodCollection.cpp
M  +2    -0    src/core-impl/collections/ipodcollection/IpodCollection.h
M  +3    -3    src/core-impl/collections/ipodcollection/jobs/IpodWriteDatabaseJob.cpp
M  +9    -4    src/core-impl/collections/ipodcollection/jobs/IpodWriteDatabaseJob.h

http://commits.kde.org/amarok/49827e90451d1e803c5b3c1a1b862b05b6afd50d

Comment 5 Piotr Keplicz 2012-06-05 15:16:57 UTC

Thanks, I've just tested it and it works fine :-)