After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 768889 - call-window: properly remove the farstream element notifiers
call-window: properly remove the farstream element notifiers
Status: RESOLVED FIXED
Product: empathy
Classification: Core
Component: VoIP
3.12.x
Other Linux
: Normal normal
: ---
Assigned To: empathy-maint
empathy-maint
Depends on:
Blocks:
 
 
Reported: 2016-07-16 17:14 UTC by Fabrice Bellet
Modified: 2017-03-13 16:41 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
call-window: properly remove the fs element notifiers (1.74 KB, patch)
2016-07-16 17:14 UTC, Fabrice Bellet 		committed Details | Review

Description Fabrice Bellet 2016-07-16 17:14:41 UTC 
Created attachment 331632 [details] [review]
call-window: properly remove the fs element notifiers

I triggered this crash while using empathy-call:


Program received signal SIGSEGV, Segmentation fault.
[Swit hing to Thread 0x7feaaf7fe700 (LWP 12589)]
object_remove_closure (data=0x7fead84994b0, closure=0x7feaa4017370) at gobject.c:3909
3909      for (i = 0; i < carray->n_closures; i++)
Missing separate debuginfos, use: dnf debuginfo-install dconf-0.24.0-2.fc23.x86_64 ffmpeg-libs-2.8.7-1.fc23.x86_64 GConf2-3.2.6-15.fc23.x86_64 gstreamer1-libav-1.6.4-1.1.fc23.x86_64 gstreamer1-plugins-bad-free-1.6.4-1.fc23.x86_64 gstreamer1-plugins-bad-free-extras-1.6.4-1.fc23.x86_64 gstreamer1-plugins-bad-freeworld-1.6.3-1.fc23.x86_64 gstreamer1-plugins-ugly-1.6.3-1.fc23.x86_64 gstreamer1-vaapi-0.7.0-0.2.fc23.x86_64 lame-libs-3.99.5-5.fc23.x86_64 libcroco-0.6.8-7.fc23.x86_64 libmad-0.15.1b-17.fc23.x86_64 libmpeg2-0.5.1-11.fc22.x86_64 libmpg123-1.22.4-1.fc23.x86_64 librsvg2-2.40.16-1.fc23.x86_64 libsrtp-1.5.4-3.fc23.x86_64 libva-1.6.2-2.fc23.x86_64 libva-intel-driver-1.6.2-1.fc23.x86_64 mjpegtools-libs-2.1.0-5.fc22.x86_64 opencore-amr-0.1.3-4.fc22.x86_64 openjpeg-libs-1.5.1-15.fc23.x86_64 opus-1.1.2-1.fc23.x86_64 schroedinger-1.0.11-9.fc23.x86_64 soxr-0.1.2-1.fc23.x86_64 twolame-libs-0.3.13-4.fc22.x86_64 x264-libs-0.148-5.20160118git5c65704.fc23.x86_64 x265-libs-1.8-1.fc23.x86_64 xvidcore-1.3.4-2.fc23.x86_64
(gdb) inf thr
  Id   Target Id         Frame
* 8001 Thread 0x7feaaf7fe700 (LWP 12589) "special-source-" object_remove_closure (data=0x7fead84994b0, closure=0x7feaa4017370) at gobject.c:3909
  7999 Thread 0x7fea8dff8700 (LWP 12587) "videotestsrc0:s" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7994 Thread 0x7fea937fc700 (LWP 12582) "rtpjitterbuffer" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7992 Thread 0x7feaae7fc700 (LWP 12580) "queue:src" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7990 Thread 0x7feaaffff700 (LWP 12578) "rtpjitterbuffer" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7988 Thread 0x7feacd194700 (LWP 12576) "rtpdtmfsrc400:s" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7987 Thread 0x7feacd995700 (LWP 12575) "dtmfsrc400:src" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7986 Thread 0x7feace196700 (LWP 12574) "nicesrc1281:src" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7985 Thread 0x7feacf198700 (LWP 12573) "nicesrc1280:src" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7984 Thread 0x7feacfba0700 (LWP 12572) "nicesrc1279:src" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7983 Thread 0x7feae4e01700 (LWP 12571) "nicesrc1278:src" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  7979 Thread 0x7feaadffb700 (LWP 12567) "pulsesrc0:src" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
  21   Thread 0x7feaaeffd700 (LWP 5149) "threaded-ml" 0x00007feb251b2b1d in poll () at ../sysdeps/unix/syscall-template.S:84
  4    Thread 0x7feb07fff700 (LWP 4837) "dconf worker" 0x00007feb251b2b1d in poll () at ../sysdeps/unix/syscall-template.S:84
  3    Thread 0x7feb0db1e700 (LWP 4825) "gmain" 0x00007feb251b2b1d in poll () at ../sysdeps/unix/syscall-template.S:84
  2    Thread 0x7feb0d31d700 (LWP 4826) "gdbus" 0x00007feb251b2b1d in poll () at ../sysdeps/unix/syscall-template.S:84
  1    Thread 0x7feb32ffaa80 (LWP 4823) "lt-empathy-call" handler_lookup (instance=instance@entry=0x2a1e0b0, handler_id=handler_id@entry=0, closure=closure@entry=0x8696c50, signal_id_p=signal_id_p@entry=0x7fff90f3943c) at gsignal.c:489
(gdb) bt

+ Trace 236465

  • #0 object_remove_closure
    at gobject.c line 3909
  • #1 closure_invoke_notifiers
    at gclosure.c line 274
  • #2 g_closure_invalidate
    at gclosure.c line 580
  • #3 g_closure_unref
    at gclosure.c line 602
  • #4 handler_unref_R
    at gsignal.c line 700
  • #5 handler_match_free1_R
    at gsignal.c line 524
  • #6 signal_handlers_foreach_matched_R
  • #7 g_signal_handlers_disconnect_matched
  • #8 _element_removed_callback
    at fs-element-added-notifier.c line 165
  • #9 g_cclosure_marshal_VOID__OBJECTv
    at gmarshal.c line 2102
  • #10 _g_closure_invoke_va
    at gclosure.c line 864
  • #11 g_signal_emit_valist
    at gsignal.c line 3292
  • #12 g_signal_emit
    at gsignal.c line 3439
  • #13 gst_bin_remove_func
    at gstbin.c line 1561
  • #14 stop_source_thread
    at fs-rtp-special-source.c line 172
  • #15 g_thread_proxy
    at gthread.c line 778
  • #16 start_thread
    at pthread_create.c line 334
  • #17 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 109
  • #0 handler_lookup
    at gsignal.c line 489
  • #0 handler_lookup
    at gsignal.c line 489
  • #1 handler_lookup
    at gsignal.c line 3796
  • #2 invalid_closure_notify
    at gsignal.c line 3798
  • #3 closure_invoke_notifiers
    at gclosure.c line 274
  • #4 g_closure_invalidate
    at gclosure.c line 580
  • #5 destroy_closure_array
    at gobject.c line 3937
  • #6 g_object_real_dispose
    at gobject.c line 1026
  • #7 g_object_unref
    at gobject.c line 3142
  • #8 g_list_foreach
    at glist.c line 1005
  • #9 g_list_free_full
    at glist.c line 220
  • #10 empathy_call_window_conference_removed_cb
    at empathy-call-window.c line 2522
  • #11 g_cclosure_marshal_VOID__OBJECTv
    at gmarshal.c line 2102
  • #12 _g_closure_invoke_va
    at gclosure.c line 864
  • #13 g_signal_emit_valist
    at gsignal.c line 3292
  • #14 g_signal_emit
    at gsignal.c line 3439
  • #15 g_cclosure_marshal_VOID__OBJECTv
    at gmarshal.c line 2102
  • #16 _g_closure_invoke_va
    at gclosure.c line 864
  • #17 g_signal_emit_valist
    at gsignal.c line 3292
  • #18 g_signal_emit
    at gsignal.c line 3439
  • #19 channel_fs_conference_removed
    at channel.c line 675
  • #20 g_cclosure_marshal_VOID__OBJECTv
    at gmarshal.c line 2102
  • #21 _g_closure_invoke_va
    at gclosure.c line 864
  • #22 g_signal_emit_valist
    at gsignal.c line 3292
  • #23 g_signal_emit
    at gsignal.c line 3439
  • #24 _tf_call_channel_put_conference
    at call-channel.c line 601
  • #25 _tf_call_content_destroy
    at call-content.c line 371
  • #26 free_content
    at call-channel.c line 403
  • #27 g_ptr_array_foreach
    at garray.c line 1502
  • #28 ptr_array_free
    at garray.c line 1088
  • #29 tf_call_channel_dispose
    at call-channel.c line 249
  • #30 g_object_unref
    at gobject.c line 3142
  • #31 tf_channel_dispose
    at channel.c line 436
  • #32 g_object_unref
    at gobject.c line 3142
  • #33 on_call_state_changed_cb
    at empathy-call-handler.c line 184
  • #34 ffi_call_unix64
    at ../src/x86/unix64.S line 76
  • #35 ffi_call
    at ../src/x86/ffi64.c line 525
  • #36 g_cclosure_marshal_generic_va
    at gclosure.c line 1600
  • #37 _g_closure_invoke_va
    at gclosure.c line 864
  • #38 g_signal_emit_valist
    at gsignal.c line 3292
  • #39 g_signal_emit
    at gsignal.c line 3439
  • #40 _tp_cli_channel_type_call_invoke_callback_for_call_state_changed
    at _gen/tp-cli-channel-body.h line 10483
  • #41 tp_proxy_signal_invocation_run
    at proxy-signals.c line 269
  • #42 g_main_dispatch
    at gmain.c line 3154
  • #43 g_main_context_dispatch
    at gmain.c line 3769
  • #44 g_main_context_iterate
    at gmain.c line 3840
  • #45 g_main_context_iteration
    at gmain.c line 3901
  • #46 g_application_run
    at gapplication.c line 2311
  • #47 main
    at empathy-call.c line 285 


From this gdb session, it appears that FsElementAddedNotifier notifier that is removed in empathy_call_window_conference_removed_cb() is still in use in the rtp-special-source stop thread. I think it happens because empathy forget to do an fs_element_added_notifier_remove() on the notifiers before unreferencing them. See the pointer on the notifier 0x7fead84994b0, being both unfreeed in thread 1, and still used in thread 8001.
Comment 1 Michael Catanzaro 2016-07-22 02:06:21 UTC 
Review of attachment 331632 [details] [review]:

No clue if this is right, but I'll trust you!

::: src/empathy-call-window.c
@@ +2515,2 @@
 static void
+empathy_call_window_add_notifier_remove(gpointer data, gpointer user_data)

There should be a space before the opening parentheses here. Will push with this fixup.
Comment 2 Michael Catanzaro 2016-07-22 02:07:44 UTC 
Attachment 331632 [details] pushed as 395d59b - call-window: properly remove the fs element notifiers