GNOME Bugzilla – Bug 754244
Grilo YouTube plugin crash
Last modified: 2015-09-04 14:27:01 UTC
1. In grilo/tools/grilo-test-ui/main.c update the YouTube API key (use totem's updated one for example) 2. In your ~/.gdbinit add: set breakpoint pending on break gtask.c:635 break gtask.c:701 commands bt p task->callback continue end line 635 is after the task assignment in g_task_finalize() line 701 is just before return task in g_task_new() 3. Run grilo-test-ui-0.2 under gdb 4. Do a search in the YouTube plugin (Note that I also removed every plugin except the YouTube plugin in the $(libdir)/grilo-0.2 directory, and added: gtk_entry_set_text (GTK_ENTRY (view->search_text), "something good 08"); in grilo-test-ui's main.c to avoid having to do that by hand)
After matching the tasks creation and deletion, it seems that the task is created in gdata_service_query_single_entry_async() Breakpoint 2, g_task_new (source_object=0x945ad0, cancellable=0xb64680, callback=callback@entry=0x0, callback_data=callback_data@entry=0x0) at gtask.c:703 703 }
+ Trace 235397
For completeness, here’s the crash itself: $ libtool exec gdb --args ./grilo-test-ui-0.2GNU gdb (GDB) Fedora 7.9.1-17.fc22 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /opt/gnome3/source/grilo/tools/grilo-test-ui/.libs/lt-grilo-test-ui-0.2...done. (gdb) ruin Undefined command: "ruin". Try "help". (gdb) riun Undefined command: "riun". Try "help". (gdb) run Starting program: /opt/gnome3/source/grilo/tools/grilo-test-ui/.libs/lt-grilo-test-ui-0.2 Missing separate debuginfos, use: dnf debuginfo-install glibc-2.21-7.fc22.x86_64 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". warning: the debug information found in "/usr/lib/debug//lib64/libffi.so.6.0.2.debug" does not match "/lib64/libffi.so.6" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64/libffi.so.6.0.2.debug" does not match "/lib64/libffi.so.6" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//usr/lib64/libffi.so.6.0.2.debug" does not match "/lib64/libffi.so.6" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64//libffi.so.6.0.2.debug" does not match "/lib64/libffi.so.6" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//lib64/libselinux.so.1.debug" does not match "/lib64/libselinux.so.1" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64/libselinux.so.1.debug" does not match "/lib64/libselinux.so.1" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//lib64/libssl.so.1.0.1k.debug" does not match "/lib64/libssl.so.10" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64/libssl.so.1.0.1k.debug" does not match "/lib64/libssl.so.10" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//usr/lib64/libssl.so.1.0.1k.debug" does not match "/lib64/libssl.so.10" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64//libssl.so.1.0.1k.debug" does not match "/lib64/libssl.so.10" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//lib64/libcrypto.so.1.0.1k.debug" does not match "/lib64/libcrypto.so.10" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64/libcrypto.so.1.0.1k.debug" does not match "/lib64/libcrypto.so.10" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//usr/lib64/libcrypto.so.1.0.1k.debug" does not match "/lib64/libcrypto.so.10" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64//libcrypto.so.1.0.1k.debug" does not match "/lib64/libcrypto.so.10" (CRC mismatch). warning: the debug information found in "/usr/lib/debug//lib64/libfreebl3.so.debug" does not match "/lib64/libfreebl3.so" (CRC mismatch). warning: the debug information found in "/usr/lib/debug/usr/lib64/libfreebl3.so.debug" does not match "/lib64/libfreebl3.so" (CRC mismatch). Gtk-Message: Failed to load module "pk-gtk-module" Gtk-Message: Failed to load module "canberra-gtk-module" Gtk-Message: Failed to load module "pk-gtk-module" Gtk-Message: Failed to load module "canberra-gtk-module" (lt-grilo-test-ui-0.2:9658): Grilo-WARNING **: [registry] grl-registry.c:1236: Failed to open module: /opt/gnome3/build/lib/grilo-0.2/libgrlluafactory.so: undefined symbol: goa_object_peek_music [New Thread 0x7fffde17b700 (LWP 9674)] [New Thread 0x7fffde97c700 (LWP 9673)] [New Thread 0x7fffdf17d700 (LWP 9664)] [New Thread 0x7fffed254700 (LWP 9663)] [New Thread 0x7fffeda55700 (LWP 9662)] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5f5aec3 in g_type_check_instance_is_fundamentally_a (type_instance=0x7fffe0030220, fundamental_type=80) at gtype.c:4028 warning: Source file is more recent than executable. 4028 node = lookup_type_node_I (type_instance->g_class->g_type); Missing separate debuginfos, use: dnf debuginfo-install avahi-glib-0.6.31-32.fc22.x86_64 avahi-gobject-0.6.31-32.fc22.x86_64 avahi-libs-0.6.31-32.fc22.x86_64 bzip2-libs-1.0.6-14.fc22.x86_64 cairo-1.14.2-1.fc22.x86_64 cairo-gobject-1.14.2-1.fc22.x86_64 cyrus-sasl-lib-2.1.26-23.fc22.x86_64 dbus-libs-1.8.20-1.fc22.x86_64 expat-2.1.0-10.fc22.x86_64 fontconfig-2.11.94-1.fc22.x86_64 freetype-2.5.5-1.fc22.x86_64 gmime-2.6.20-4.fc22.x86_64 gmp-6.0.0-9.fc22.x86_64 gnutls-3.3.17-1.fc22.x86_64 grilo-0.2.12-1.fc22.x86_64 keyutils-libs-1.5.9-4.fc22.x86_64 krb5-libs-1.13.2-5.fc22.x86_64 libacl-2.2.52-7.fc22.x86_64 libarchive-3.1.2-12.fc22.x86_64 libattr-2.4.47-9.fc22.x86_64 libcom_err-1.42.12-4.fc22.x86_64 libcurl-7.40.0-5.fc22.x86_64 libdrm-2.4.61-3.fc22.x86_64 libepoxy-1.2-1.fc22.x86_64 libffi-3.1-7.fc22.x86_64 libgcc-5.1.1-4.fc22.x86_64 libgcrypt-1.6.3-4.fc22.x86_64 libgpg-error-1.17-2.fc22.x86_64 libICE-1.0.9-2.fc22.x86_64 libicu-54.1-1.fc22.x86_64 libidn-1.32-1.fc22.x86_64 libmodman-2.0.1-9.fc22.x86_64 liboauth-1.0.3-3.fc22.x86_64 libpng-1.6.16-3.fc22.x86_64 libproxy-0.4.11-10.fc22.x86_64 libselinux-2.3-10.fc22.x86_64 libSM-1.2.2-2.fc22.x86_64 libssh2-1.5.0-1.fc22.x86_64 libstdc++-5.1.1-4.fc22.x86_64 libtasn1-4.5-1.fc22.x86_64 libuuid-2.26.2-3.fc22.x86_64 libX11-1.6.3-1.fc22.x86_64 libXau-1.0.8-4.fc22.x86_64 libxcb-1.11-8.fc22.x86_64 libXcomposite-0.4.4-6.fc22.x86_64 libXcursor-1.1.14-4.fc22.x86_64 libXdamage-1.1.4-6.fc22.x86_64 libXext-1.3.3-2.fc22.x86_64 libXfixes-5.0.1-4.fc22.x86_64 libXi-1.7.4-2.fc22.x86_64 libXinerama-1.1.3-4.fc22.x86_64 libxml2-2.9.2-3.fc22.x86_64 libXrandr-1.4.2-2.fc22.x86_64 libXrender-0.9.9-1.fc22.x86_64 libxshmfence-1.2-1.fc22.x86_64 libXxf86vm-1.1.4-1.fc22.x86_64 lzo-2.08-3.fc22.x86_64 mesa-libEGL-10.6.3-1.20150729.fc22.x86_64 mesa-libgbm-10.6.3-1.20150729.fc22.x86_64 mesa-libGL-10.6.3-1.20150729.fc22.x86_64 mesa-libglapi-10.6.3-1.20150729.fc22.x86_64 mesa-libwayland-egl-10.6.3-1.20150729.fc22.x86_64 nettle-2.7.1-5.fc22.x86_64 nspr-4.10.8-1.fc22.x86_64 nss-3.19.3-1.0.fc22.x86_64 nss-mdns-0.10-15.fc22.x86_64 nss-softokn-freebl-3.19.2-1.0.fc22.x86_64 nss-util-3.19.2-1.0.fc22.x86_64 openldap-2.4.40-12.fc22.x86_64 openssl-libs-1.0.1k-12.fc22.x86_64 p11-kit-0.23.1-2.fc22.x86_64 pcre-8.37-3.fc22.x86_64 pixman-0.32.6-4.fc22.x86_64 sqlite-3.8.10.2-1.fc22.x86_64 trousers-0.3.13-3.fc22.x86_64 xz-libs-5.2.0-2.fc22.x86_64 (gdb) t a a bt
+ Trace 235417
Thread 4 (Thread 0x7fffdf17d700 (LWP 9664))
Thread 2 (Thread 0x7fffde17b700 (LWP 9674))
Thread 1 (Thread 0x7ffff47f1a00 (LWP 9658))
So it’s actually a GCancellable:
+ Trace 235418
Testing with gobject-list shows that only one GCancellable is created at that address, ever, and it’s created sometime during a load of libgdata work: $ LD_PRELOAD=/opt/gnome3/source/gobject-list/libgobject-list.so GOBJECT_LIST_DISPLAY=create libtool exec gdb --args ./grilo-test-ui-0.2 Examining GCancellables in more detail: $ LD_PRELOAD=/opt/gnome3/source/gobject-list/libgobject-list.so GOBJECT_LIST_DISPLAY=create,backtrace GOBJECT_LIST_FILTER=GCancellable libtool exec gdb --args ./grilo-test-ui-0.2 … ++ Created object 0xe6ae50, GCancellable #0 g_object_new + [0x00000163] #1 g_cancellable_new + [0x0000001b] #2 grl_youtube_source_search + [0x00000084] #3 search_idle + [0x000000b7] #4 g_idle_dispatch + [0x0000004c] #5 g_main_dispatch + [0x000001a9] #6 g_main_context_dispatch + [0x00000033] #7 g_main_context_iterate + [0x000001d5] #8 g_main_loop_run + [0x000001d3] #9 gtk_main + [0x0000006d] #10 main + [0x00000070] #11 __libc_start_main + [0x000000f0] #12 _start + [0x00000029] … -- Finalized object 0xe6ae50, GCancellable #0 _object_finalized + [0x0000006c] #1 weak_refs_notify + [0x00000058] #2 g_data_set_internal + [0x0000019a] #3 g_datalist_id_set_data_full + [0x000000b0] #4 g_object_real_dispose + [0x00000056] #5 g_object_unref + [0x000001c4] #6 g_object_unref + [0x000000bf] #7 g_task_finalize + [0x000000a9] #8 g_object_unref + [0x000002eb] #9 g_object_unref + [0x000000bf] #10 g_source_callback_unref + [0x00000052] #11 g_source_destroy_internal + [0x000000a9] #12 g_main_dispatch + [0x000002a1] #13 g_main_context_dispatch + [0x00000033] #14 g_main_context_iterate + [0x000001d5] #15 g_main_loop_run + [0x000001d3] #16 gtk_main + [0x0000006d] #17 main + [0x00000070] #18 __libc_start_main + [0x000000f0] #19 _start + [0x00000029] … *crash* Looking at the output with ref/unref information too: $ LD_PRELOAD=/opt/gnome3/source/gobject-list/libgobject-list.so GOBJECT_LIST_DISPLAY=all GOBJECT_LIST_FILTER=GCancellable libtool exec gdb --args ./grilo-test-ui-0.2 … ++ Created object 0x7fffe0031e20, GCancellable #0 g_object_new + [0x00000163] #1 g_cancellable_new + [0x0000001b] #2 grl_youtube_source_search + [0x00000084] #3 search_idle + [0x000000b7] #4 g_idle_dispatch + [0x0000004c] #5 g_main_dispatch + [0x000001a9] #6 g_main_context_dispatch + [0x00000033] #7 g_main_context_iterate + [0x000001d5] #8 g_main_loop_run + [0x000001d3] #9 gtk_main + [0x0000006d] #10 main + [0x00000070] #11 __libc_start_main + [0x000000f0] #12 _start + [0x00000029] Error getting frame: unspecified (general) error (1) + Reffed object 0x7fffe0031e20, GCancellable; ref_count: 1 -> 2 #0 g_object_ref + [0x000000ba] #1 g_simple_async_result_run_in_thread + [0x00000110] #2 gdata_service_query_async + [0x0000060d] #3 gdata_youtube_service_query_videos_async + [0x0000045c] #4 grl_youtube_source_search + [0x000001e6] #5 search_idle + [0x000000b7] #6 g_idle_dispatch + [0x0000004c] #7 g_main_dispatch + [0x000001a9] #8 g_main_context_dispatch + [0x00000033] #9 g_main_context_iterate + [0x000001d5] #10 g_main_loop_run + [0x000001d3] #11 gtk_main + [0x0000006d] #12 main + [0x00000070] #13 __libc_start_main + [0x000000f0] #14 _start + [0x00000029] Error getting frame: unspecified (general) error (1) + Reffed object 0x7fffe0031e20, GCancellable; ref_count: 2 -> 3 #0 g_object_ref + [0x000000ba] #1 g_io_scheduler_push_job + [0x00000086] #2 g_simple_async_result_run_in_thread + [0x00000134] #3 gdata_service_query_async + [0x0000060d] #4 gdata_youtube_service_query_videos_async + [0x0000045c] #5 grl_youtube_source_search + [0x000001e6] #6 search_idle + [0x000000b7] #7 g_idle_dispatch + [0x0000004c] #8 g_main_dispatch + [0x000001a9] #9 g_main_context_dispatch + [0x00000033] #10 g_main_context_iterate + [0x000001d5] #11 g_main_loop_run + [0x000001d3] #12 gtk_main + [0x0000006d] #13 main + [0x00000070] #14 __libc_start_main + [0x000000f0] #15 _start + [0x00000029] Error getting frame: unspecified (general) error (1) + Reffed object 0x7fffe0031e20, GCancellable; ref_count: 3 -> 4 #0 g_object_ref + [0x000000ba] #1 g_task_new + [0x0000006b] #2 g_io_scheduler_push_job + [0x000000ff] #3 g_simple_async_result_run_in_thread + [0x00000134] #4 gdata_service_query_async + [0x0000060d] #5 gdata_youtube_service_query_videos_async + [0x0000045c] #6 grl_youtube_source_search + [0x000001e6] #7 search_idle + [0x000000b7] #8 g_idle_dispatch + [0x0000004c] #9 g_main_dispatch + [0x000001a9] #10 g_main_context_dispatch + [0x00000033] #11 g_main_context_iterate + [0x000001d5] #12 g_main_loop_run + [0x000001d3] #13 gtk_main + [0x0000006d] #14 main + [0x00000070] #15 __libc_start_main + [0x000000f0] #16 _start + [0x00000029] Error getting frame: unspecified (general) error (1) - Unreffed object 0x7fffe0031e20, GCancellable; ref_count: 4 -> 3 #0 g_object_unref + [0x000000a6] #1 release_operation_data + [0x00000056] #2 build_media_from_entry_search_cb + [0x000000a0] #3 build_media_from_entry + [0x0000045c] #4 search_progress_cb + [0x000000f1] #5 progress_callback_idle + [0x00000044] #6 g_idle_dispatch + [0x0000004c] #7 g_main_dispatch + [0x000001a9] #8 g_main_context_dispatch + [0x00000033] #9 g_main_context_iterate + [0x000001d5] #10 g_main_loop_run + [0x000001d3] #11 gtk_main + [0x0000006d] #12 main + [0x00000070] #13 __libc_start_main + [0x000000f0] #14 _start + [0x00000029] Error getting frame: unspecified (general) error (1) - Unreffed object 0x7fffe0031e20, GCancellable; ref_count: 3 -> 2 #0 g_object_unref + [0x000000a6] #1 operation_spec_unref + [0x0000006d] #2 search_cb + [0x00000307] #3 g_simple_async_result_complete + [0x00000146] #4 complete_in_idle_cb_for_thread + [0x00000081] #5 g_idle_dispatch + [0x0000004c] #6 g_main_dispatch + [0x000001a9] #7 g_main_context_dispatch + [0x00000033] #8 g_main_context_iterate + [0x000001d5] #9 g_main_loop_run + [0x000001d3] #10 gtk_main + [0x0000006d] #11 main + [0x00000070] #12 __libc_start_main + [0x000000f0] #13 _start + [0x00000029] Error getting frame: unspecified (general) error (1) - Unreffed object 0x7fffe0031e20, GCancellable; ref_count: 2 -> 1 #0 g_object_unref + [0x000000a6] #1 complete_in_idle_cb_for_thread + [0x0000009e] #2 g_idle_dispatch + [0x0000004c] #3 g_main_dispatch + [0x000001a9] #4 g_main_context_dispatch + [0x00000033] #5 g_main_context_iterate + [0x000001d5] #6 g_main_loop_run + [0x000001d3] #7 gtk_main + [0x0000006d] #8 main + [0x00000070] #9 __libc_start_main + [0x000000f0] #10 _start + [0x00000029] Error getting frame: unspecified (general) error (1) - Unreffed object 0x7fffe0031e20, GCancellable; ref_count: 1 -> 0 #0 g_object_unref + [0x000000a6] #1 g_task_finalize + [0x000000a9] #2 g_object_unref + [0x000002eb] #3 g_object_unref + [0x000000bf] #4 g_source_callback_unref + [0x00000052] #5 g_source_destroy_internal + [0x000000a9] #6 g_main_dispatch + [0x000002a1] #7 g_main_context_dispatch + [0x00000033] #8 g_main_context_iterate + [0x000001d5] #9 g_main_loop_run + [0x000001d3] #10 gtk_main + [0x0000006d] #11 main + [0x00000070] #12 __libc_start_main + [0x000000f0] #13 _start + [0x00000029] Error getting frame: unspecified (general) error (1) -- Finalized object 0x7fffe0031e20, GCancellable #0 _object_finalized + [0x0000006c] #1 weak_refs_notify + [0x00000058] #2 g_data_set_internal + [0x0000019a] #3 g_datalist_id_set_data_full + [0x000000b0] #4 g_object_real_dispose + [0x00000056] #5 g_object_unref + [0x000001c4] #6 g_object_unref + [0x000000bf] #7 g_task_finalize + [0x000000a9] #8 g_object_unref + [0x000002eb] #9 g_object_unref + [0x000000bf] #10 g_source_callback_unref + [0x00000052] #11 g_source_destroy_internal + [0x000000a9] #12 g_main_dispatch + [0x000002a1] #13 g_main_context_dispatch + [0x00000033] #14 g_main_context_iterate + [0x000001d5] #15 g_main_loop_run + [0x000001d3] #16 gtk_main + [0x0000006d] #17 main + [0x00000070] #18 __libc_start_main + [0x000000f0] #19 _start + [0x00000029] Error getting frame: unspecified (general) error (1) This shows that there’s an unpaired unref in release_operation_data() in grl-youtube.c. Grilo’s cowboy refcounting strikes again. Patch coming.
Created attachment 310670 [details] [review] youtube: Fix an unpaired unref of a GCancellable when searching The GCancellable stored in grl_operation_set_data() is unconditionally unreffed by release_operation_data(); but is also unconditionally unreffed elsewhere if it’s set as os->cancellable, so needs a second ref in the grl_operation_set_data() call to avoid a double-unref and crash.
Review of attachment 310670 [details] [review]: Looks good.
Attachment 310670 [details] pushed as be522d1 - youtube: Fix an unpaired unref of a GCancellable when searching