GNOME Bugzilla – Bug 683406
gnome-panel crashed with SIGSEGV in g_type_check_instance() from e-cal-view.c
Last modified: 2015-07-09 13:44:49 UTC
Created attachment 223517 [details] crash report attaching crash report since it's greater than 65k
Interesting bit seems to imply it's an issue in eds:
+ Trace 230803
I guess this is issue in gnome-panel. The e-cal-view.c:complete_cb emits two signals, one is "view_done", the other is "view_complete". The gnome-panel's code listens for "view_done", thus I guess that's the signal which is emitted here (the line number also matches the "view_done" signal. The gnome-panel adds listener on it, but does not remove it when it's done with the view, thus the emit can be received on already freed memory (the signal is connected with g_signal_connect_swapped). Using valgrind may prove or falsify my theory, supposing you know how to reproduce this. I usually run valgrind like this: $ G_SLICE=always-malloc valgrind --num-callers=50 executable_name &>log.txt Could you try to reproduce this under valgrind, please?
How do I arrange for gnome-panel to be launched under valgrind? Sadly I can't reproduce this at will.
(In reply to comment #3) > How do I arrange for gnome-panel to be launched under valgrind? I do not know how that works. Maybe exchange its binary with a script, which will do it, like: a) rename gnome-panel to gnome-panel.orig b) create a text script which will be named gnome-panel in the same folder as the original one and which will contain: #!/bin/bash G_SLICE=always-malloc valgrind --num-callers=50 /path/to/gnome-panel.orig &>/tmp/gp.log c) then run: chmod a+x gnome-panel d) then restart or re-login, to take the change into effect. You may see significantly slower operations of gnome-panel. P.S.: At b) the second script line is one long line, which wrapped here
Created attachment 225133 [details] valgrind output
Thanks for the update. I see multiple use-after-free in gnome-panel from your valgrind log, which I filled as bug #686445 and bug #686446, but none of these caused this crash, it is done here: Invalid read of size 8 at 0x1CA179BB: reschedule_authenticate_cb (in /usr/lib/libecal-1.2.so.11.2.2) by 0x7B70204: g_main_context_dispatch (gmain.c:2539) by 0x7B70537: g_main_context_iterate.isra.23 (gmain.c:3146) by 0x7B70931: g_main_loop_run (gmain.c:3340) by 0x5A072D4: gtk_main (gtkmain.c:1161) by 0x424E9E: main (main.c:117) Address 0x1a63fa00 is 0 bytes inside a block of size 240 free'd at 0x4C27D4E: free (vg_replace_malloc.c:427) by 0x79079B4: g_type_free_instance (gtype.c:1937) by 0x1C79E803: calendar_sources_finalize_source_data.part.3 (calendar-sources.c:218) by 0x1C79E9D6: calendar_sources_finalize (calendar-sources.c:253) by 0x78EC697: g_object_unref (gobject.c:3018) by 0x1C79D3FE: calendar_client_finalize (calendar-client.c:450) by 0x78EC697: g_object_unref (gobject.c:3018) by 0x1C78E85D: calendar_window_dispose (calendar-window.c:1797) by 0x78ED79F: g_object_run_dispose (gobject.c:1061) by 0x1C793685: update_calendar_popup (clock.c:1215) by 0x78E7723: g_closure_invoke (gclosure.c:777) by 0x78F87AF: signal_emit_unlocked_R (gsignal.c:3547) by 0x790072B: g_signal_emit_valist (gsignal.c:3296) by 0x79008C1: g_signal_emit (gsignal.c:3352) by 0x5AD9AEE: gtk_toggle_button_clicked (gtktogglebutton.c:644) by 0x78E7A02: _g_closure_invoke_va (gclosure.c:840) by 0x7900075: g_signal_emit_valist (gsignal.c:3207) by 0x79008C1: g_signal_emit (gsignal.c:3352) by 0x5AD949C: gtk_toggle_button_released (gtktogglebutton.c:629) by 0x78E7723: g_closure_invoke (gclosure.c:777) by 0x78F80D2: signal_emit_unlocked_R (gsignal.c:3477) by 0x790072B: g_signal_emit_valist (gsignal.c:3296) by 0x79008C1: g_signal_emit (gsignal.c:3352) by 0x5947732: gtk_button_button_release (gtkbutton.c:1842) by 0x5A0839E: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:130) by 0x78E7A02: _g_closure_invoke_va (gclosure.c:840) by 0x7900075: g_signal_emit_valist (gsignal.c:3207) by 0x79008C1: g_signal_emit (gsignal.c:3352) by 0x5B3041D: gtk_widget_event_internal (gtkwidget.c:6380) by 0x5A06304: propagate_event (gtkmain.c:2400) by 0x5A07F72: gtk_main_do_event (gtkmain.c:1713) by 0x5F5C001: gdk_event_source_dispatch (gdkeventsource.c:358) by 0x7B70204: g_main_context_dispatch (gmain.c:2539) by 0x7B70537: g_main_context_iterate.isra.23 (gmain.c:3146) by 0x7B70931: g_main_loop_run (gmain.c:3340) by 0x5A072D4: gtk_main (gtkmain.c:1161) by 0x424E9E: main (main.c:117) From which I see that the calendar was authenticating, while the gnome-panel freed it, but the authentication process didn't notice that and caused the crash. This should be fixed in 3.6.0, because the whole authentication process is rewritten there.
No duplicates for a long time, let's close this.