GNOME Bugzilla – Bug 726248
empathy crashes after 3.10 upgrade
Last modified: 2018-05-22 16:25:27 UTC
I recetly upgraded to gnome 3.10 (gentoo) and empathy instantly crashes as soon as I run the program. This is the output: $ empathy (empathy:6860): folks-WARNING **: backend-store.vala:409: Error preparing Backend 'ofono': No oFono object manager running, so the oFono backend will be inactive. Either oFono isn’t installed or the service can’t be started. (empathy:6860): GLib-CRITICAL **: g_variant_ref: assertion 'value->ref_count > 0' failed (empathy:6860): GLib-CRITICAL **: g_variant_unref: assertion 'value->ref_count > 0' failed (empathy:6860): folks-WARNING **: Error preparing persona store 'bluez:64:77:91:3C:5D:C2': An OBEX address book transfer from device ‘Gandalf’ could not be started: The connection is closed (empathy:6860): telepathy-CRITICAL **: _logger_logger_vanished: assertion 'conn != NULL' failed g_dbus_connection_real_closed: Remote peer vanished with error: Underlying GIOStream returned 0 bytes on an async read (g-io-error-quark, 0). Exiting. Terminated
Thanks for taking the time to report this bug. This bug report isn't very useful because it doesn't describe the bug well. If you have time and can still reproduce the bug, please read http://bugzilla.gnome.org/bug-HOWTO.html and add a description of how to reproduce this bug. You'll also need to add a stack trace; please see http://live.gnome.org/GettingTraces for more information about how to do so. Thanks in advance!
This is a use-after-free in folks, avoidable by compiling folks without zeitgeist support. Sorry, no patch from me at this time, but here is a valgrind log with some manual annotations. And see you at GUADEC :) $ LANG=en_US.UTF-8 LIBGL_ALWAYS_SOFTWARE=1 valgrind --trace-children=yes --track-origins=yes empathy ==13965== Memcheck, a memory error detector ==13965== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==13965== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info ==13965== Command: empathy ==13965== ==13965== Invalid read of size 1 ==13965== at 0x4C2C814: strcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13965== by 0x1A605D2F: stub_find_dynamic (in /usr/lib64/libglapi.so.0.0.0) ==13965== by 0x1A605B9D: _glapi_get_proc_address (in /usr/lib64/libglapi.so.0.0.0) ==13965== by 0x146F0D08: glXGetProcAddress (in /usr/lib64/opengl/xorg-x11/lib/libGL.so.1.2.0) ==13965== by 0xDFC2D27: _cogl_feature_check (cogl-feature-private.c:160) ==13965== by 0xDFC2DFD: _cogl_feature_check_ext_functions (cogl-feature-private.c:229) ==13965== by 0xDFB598B: _cogl_driver_update_features (cogl-driver-gl.c:436) ==13965== by 0xDFF603B: _cogl_winsys_context_init (cogl-winsys-glx.c:808) ==13965== by 0xDFB7412: cogl_context_new (cogl-context.c:237) ==13965== by 0xDCA48F6: ??? (in /usr/lib64/libclutter-1.0.so.0.1800.2) ==13965== by 0xDCBC342: ??? (in /usr/lib64/libclutter-1.0.so.0.1800.2) ==13965== by 0xDCCDFEA: ??? (in /usr/lib64/libclutter-1.0.so.0.1800.2) ==13965== Address 0x2a0fcff2 is 2 bytes inside a block of size 17 free'd ==13965== at 0x4C2997C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13965== by 0xDFC2D32: _cogl_feature_check (cogl-feature-private.c:163) ==13965== by 0xDFC2DFD: _cogl_feature_check_ext_functions (cogl-feature-private.c:229) ==13965== by 0xDFB598B: _cogl_driver_update_features (cogl-driver-gl.c:436) ==13965== by 0xDFF603B: _cogl_winsys_context_init (cogl-winsys-glx.c:808) ==13965== by 0xDFB7412: cogl_context_new (cogl-context.c:237) ==13965== by 0xDCA48F6: ??? (in /usr/lib64/libclutter-1.0.so.0.1800.2) ==13965== by 0xDCBC342: ??? (in /usr/lib64/libclutter-1.0.so.0.1800.2) ==13965== by 0xDCCDFEA: ??? (in /usr/lib64/libclutter-1.0.so.0.1800.2) ==13965== by 0xDCCE20A: ??? (in /usr/lib64/libclutter-1.0.so.0.1800.2) ==13965== by 0x7350C96: g_option_context_parse (goption.c:2095) ==13965== by 0xDCCEE5F: clutter_init (in /usr/lib64/libclutter-1.0.so.0.1800.2) ^^^ well, that's a bug, but not this bug. please read on. ==13965== ==13965== Invalid read of size 4 ==13965== at 0x737EA59: g_variant_ref (gvariant-core.c:661) ==13965== by 0x737EE7C: g_variant_get_child_value (gvariant-core.c:985) ==13965== by 0x6911711: append_value_to_blob (gdbusmessage.c:2421) ==13965== by 0x6913CCA: g_dbus_message_to_blob (gdbusmessage.c:2540) ==13965== by 0x6908DAE: g_dbus_connection_send_message_unlocked (gdbusconnection.c:1659) ==13965== by 0x690A725: g_dbus_connection_send_message_with_reply (gdbusconnection.c:1993) ==13965== by 0x112FD071: zeitgeist_remote_log_proxy_install_monitor_async (remote.c:948) ==13965== by 0x112F57F9: zeitgeist_log_reinstall_monitor (log.c:4232) ==13965== by 0x8267173: folks_tp_zeitgeist_controller_populate_counters_co (tp-zeitgeist.vala:150) ==13965== by 0x68B4D06: g_simple_async_result_complete (gsimpleasyncresult.c:763) ==13965== by 0x112F69D4: zeitgeist_log_find_events_co (log.c:2214) ==13965== by 0x7345B44: g_main_context_dispatch (gmain.c:3064) ==13965== Address 0x2b387f84 is 36 bytes inside a block of size 40 free'd ==13965== at 0x4C2997C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13965== by 0x11306FE7: zeitgeist_events_to_variant (event.c:2086) ==13965== by 0x112F57C0: zeitgeist_log_reinstall_monitor (log.c:4229) ==13965== by 0x8267173: folks_tp_zeitgeist_controller_populate_counters_co (tp-zeitgeist.vala:150) ==13965== by 0x68B4D06: g_simple_async_result_complete (gsimpleasyncresult.c:763) ==13965== by 0x112F69D4: zeitgeist_log_find_events_co (log.c:2214) ==13965== by 0x7345B44: g_main_context_dispatch (gmain.c:3064) ==13965== by 0x7345EA7: g_main_context_iterate.isra.24 (gmain.c:3734) ==13965== by 0x7345F4B: g_main_context_iteration (gmain.c:3795) ==13965== by 0x68E647B: g_application_run (gapplication.c:2114) ==13965== by 0x417355: main (in /usr/bin/empathy) ==13965== (empathy:13965): GLib-CRITICAL **: g_variant_ref: assertion 'value->ref_count > 0' failed ==13965== Thread 2 gdbus: ==13965== Invalid read of size 4 ==13965== at 0x737E80D: g_variant_unref (gvariant-core.c:625) ==13965== by 0x737E920: g_variant_release_children (gvariant-core.c:257) ==13965== by 0x737E867: g_variant_unref (gvariant-core.c:640) ==13965== by 0x737E920: g_variant_release_children (gvariant-core.c:257) ==13965== by 0x737E867: g_variant_unref (gvariant-core.c:640) ==13965== by 0x691013F: g_dbus_message_finalize (gdbusmessage.c:534) ==13965== by 0x70BFD99: g_object_unref (gobject.c:3112) ==13965== by 0x691ACC9: message_to_write_data_free (gdbusprivate.c:898) ==13965== by 0x691C656: write_message_cb (gdbusprivate.c:1353) ==13965== by 0x68B4D06: g_simple_async_result_complete (gsimpleasyncresult.c:763) ==13965== by 0x691BB1D: write_message_continue_writing (gdbusprivate.c:1095) ==13965== by 0x691C0B9: continue_writing (gdbusprivate.c:1531) ==13965== Address 0x2b387f84 is 36 bytes inside a block of size 40 free'd ==13965== at 0x4C2997C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13965== by 0x11306FE7: zeitgeist_events_to_variant (event.c:2086) ==13965== by 0x112F57C0: zeitgeist_log_reinstall_monitor (log.c:4229) ==13965== by 0x8267173: folks_tp_zeitgeist_controller_populate_counters_co (tp-zeitgeist.vala:150) ==13965== by 0x68B4D06: g_simple_async_result_complete (gsimpleasyncresult.c:763) ==13965== by 0x112F69D4: zeitgeist_log_find_events_co (log.c:2214) ==13965== by 0x7345B44: g_main_context_dispatch (gmain.c:3064) ==13965== by 0x7345EA7: g_main_context_iterate.isra.24 (gmain.c:3734) ==13965== by 0x7345F4B: g_main_context_iteration (gmain.c:3795) ==13965== by 0x68E647B: g_application_run (gapplication.c:2114) ==13965== by 0x417355: main (in /usr/bin/empathy) ==13965== (empathy:13965): GLib-CRITICAL **: g_variant_unref: assertion 'value->ref_count > 0' failed (empathy:13965): folks-WARNING **: Error preparing persona store 'eds:system-address-book': Couldn't open address book ‘system-address-book’: Unable to connect to 'Personal': The connection is closed g_dbus_connection_real_closed: Remote peer vanished with error: Error sending message: Broken pipe (g-io-error-quark, 44). Exiting. ==13965== ==13965== HEAP SUMMARY: ==13965== in use at exit: 10,398,670 bytes in 102,885 blocks ==13965== total heap usage: 556,592 allocs, 453,707 frees, 48,916,806 bytes allocated ==13965== ==13965== LEAK SUMMARY: ==13965== definitely lost: 22,992 bytes in 16 blocks ==13965== indirectly lost: 19,343 bytes in 808 blocks ==13965== possibly lost: 912,514 bytes in 10,209 blocks ==13965== still reachable: 8,460,485 bytes in 86,298 blocks ==13965== suppressed: 0 bytes in 0 blocks ==13965== Rerun with --leak-check=full to see details of leaked memory ==13965== ==13965== For counts of detected and suppressed errors, rerun with: -v ==13965== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 1 from 1) Line numers come from the following gentoo packages: dev-libs/glib-2.40.0-r1 gnome-extra/zeitgeist-0.9.14-r1 + backported patch 201bd67de450320520a12e2b0c465c8eb6818bd2 dev-libs/folks-9999 (i.e. latest git)
Looks like it's related with folks and maybe reassigning this to folks maintainers could help :/ (I don't have permissions to do it)
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/empathy/issues/766.