double-unref in libgssdp?
A user of Gajim has the problem that it constantly randomly segfaults in libgobject-2.0.so.0. (upstream issue)
And as the backtrace the user provided blamed libgobject an issue was created there as well.
There they assumed the issue is with libgssdp.
Mar 12 20:29:47 systemd-coredump[18786]: Process 27820 (gajim) of user 1000 dumped core.
Stack trace of thread 27820:
#0 0x00007f752cf3ed95 g_type_check_instance_is_fundamentally_a (libgobject-2.0.so.0 + 0x35d95)
#1 0x00007f752cf23265 g_object_unref (libgobject-2.0.so.0 + 0x1a265)
#2 0x00007f7517e020ad socket_source_cb (libgssdp-1.2.so.0 + 0xd0ad)
#3 0x00007f7517e02923 multicast_socket_source_cb (libgssdp-1.2.so.0 + 0xd923)
#4 0x00007f752cd17ab7 socket_source_dispatch (libgio-2.0.so.0 + 0xa5ab7)
#5 0x00007f752cfb7f57 g_main_dispatch (libglib-2.0.so.0 + 0x54f57)
#6 0x00007f752cfb82d8 g_main_context_iterate (libglib-2.0.so.0 + 0x552d8)
#7 0x00007f752cfb838f g_main_context_iteration (libglib-2.0.so.0 + 0x5538f)
#8 0x00007f752cd566a5 g_application_run (libgio-2.0.so.0 + 0xe46a5)
#9 0x00007f752d4c542d ffi_call_unix64 (libffi.so.8 + 0x742d)
#10 0x00007f752d4c14f9 ffi_call_int (libffi.so.8 + 0x34f9)
#11 0x00007f752d0e09c2 pygi_invoke_c_callable (_gi.cpython-38-x86_64-linux-gnu.so + 0x259c2)
#12 0x00007f752d0e4372 _wrap_g_callable_info_invoke (_gi.cpython-38-x86_64-linux-gnu.so + 0x29372)
#13 0x00007f752e14caf6 PyObject_Call (libpython3.8.so.1.0 + 0x136af6)
#14 0x00007f752e135a42 _PyEval_EvalFrameDefault (libpython3.8.so.1.0 + 0x11fa42)
#15 0x00007f752e1328b4 _PyEval_EvalCodeWithName (libpython3.8.so.1.0 + 0x11c8b4)
#16 0x00007f752e140cb3 _PyFunction_Vectorcall (libpython3.8.so.1.0 + 0x12acb3)
#17 0x00007f752e1340ea _PyEval_EvalFrameDefault (libpython3.8.so.1.0 + 0x11e0ea)
#18 0x00007f752e140faa function_code_fastcall (libpython3.8.so.1.0 + 0x12afaa)
#19 0x00007f752e133d78 _PyEval_EvalFrameDefault (libpython3.8.so.1.0 + 0x11dd78)
#20 0x00007f752e140faa function_code_fastcall (libpython3.8.so.1.0 + 0x12afaa)
#21 0x00007f752e133d78 _PyEval_EvalFrameDefault (libpython3.8.so.1.0 + 0x11dd78)
#22 0x00007f752e1328b4 _PyEval_EvalCodeWithName (libpython3.8.so.1.0 + 0x11c8b4)
#23 0x00007f752e132599 PyEval_EvalCodeEx (libpython3.8.so.1.0 + 0x11c599)
#24 0x00007f752e1b2aeb PyEval_EvalCode (libpython3.8.so.1.0 + 0x19caeb)
#25 0x00007f752e1bd668 run_eval_code_obj (libpython3.8.so.1.0 + 0x1a7668)
#26 0x00007f752e1b8003 run_mod (libpython3.8.so.1.0 + 0x1a2003)
#27 0x00007f752e0b24a3 pyrun_file (libpython3.8.so.1.0 + 0x9c4a3)
#28 0x00007f752e0b1c47 PyRun_SimpleFileExFlags (libpython3.8.so.1.0 + 0x9bc47)
#29 0x00007f752e1ca3aa Py_RunMain (libpython3.8.so.1.0 + 0x1b43aa)
#30 0x00007f752e1a60e9 Py_BytesMain (libpython3.8.so.1.0 + 0x1900e9)
#31 0x00007f752de73b25 __libc_start_main (libc.so.6 + 0x27b25)
#32 0x000056302827407e _start (python3.8 + 0x107e)
Stack trace of thread 27825:
#0 0x00007f752df41eaf __poll (libc.so.6 + 0xf5eaf)
#1 0x00007f752cfb826e g_main_context_poll (libglib-2.0.so.0 + 0x5526e)
#2 0x00007f752cfb838f g_main_context_iteration (libglib-2.0.so.0 + 0x5538f)
#3 0x00007f752cfb83e1 glib_worker_main (libglib-2.0.so.0 + 0x553e1)
#4 0x00007f752cfe13ce g_thread_proxy (libglib-2.0.so.0 + 0x7e3ce)
#5 0x00007f752de34299 start_thread (libpthread.so.0 + 0x9299)
#6 0x00007f752df4ccc3 __clone (libc.so.6 + 0x100cc3)
Stack trace of thread 27827:
#0 0x00007f752df41eaf __poll (libc.so.6 + 0xf5eaf)
#1 0x00007f752cfb826e g_main_context_poll (libglib-2.0.so.0 + 0x5526e)
#2 0x00007f752cfb85cb g_main_loop_run (libglib-2.0.so.0 + 0x555cb)
#3 0x00007f752cd92b76 gdbus_shared_thread_func (libgio-2.0.so.0 + 0x120b76)
#4 0x00007f752cfe13ce g_thread_proxy (libglib-2.0.so.0 + 0x7e3ce)
#5 0x00007f752de34299 start_thread (libpthread.so.0 + 0x9299)
#6 0x00007f752df4ccc3 __clone (libc.so.6 + 0x100cc3)
Stack trace of thread 27838:
#0 0x00007f752df41eaf __poll (libc.so.6 + 0xf5eaf)
#1 0x00007f752cfb826e g_main_context_poll (libglib-2.0.so.0 + 0x5526e)
#2 0x00007f752cfb838f g_main_context_iteration (libglib-2.0.so.0 + 0x5538f)
#3 0x00007f75142b559d n/a (libdconfsettings.so + 0x659d)
#4 0x00007f752cfe13ce g_thread_proxy (libglib-2.0.so.0 + 0x7e3ce)
#5 0x00007f752de34299 start_thread (libpthread.so.0 + 0x9299)
#6 0x00007f752df4ccc3 __clone (libc.so.6 + 0x100cc3)
Here's trace from gdb:
(org.gajim.Gajim:28920): gssdp-client-WARNING **: 00:21:46.066: Failed to receive from socket: Error receiving message: Неправильный адрес
/usr/lib64/python3.8/site-packages/gi/overrides/Gio.py:43: Warning: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
return Gio.Application.run(self, *args, **kwargs)
double free or corruption (!prev)
--Type <RET> for more, q to quit, c to continue without paging--
Thread 1 "gajim" received signal SIGABRT, Aborted.
0x00007ffff7ac5495 in raise () from /lib64/libc.so.6
(gdb) bt
(gdb) bt
#0 0x00007ffff7ac5495 in raise () at /lib64/libc.so.6
#1 0x00007ffff7aae864 in abort () at /lib64/libc.so.6
#2 0x00007ffff7b07d77 in __libc_message () at /lib64/libc.so.6
#3 0x00007ffff7b0fa5c in () at /lib64/libc.so.6
#4 0x00007ffff7b112ec in _int_free () at /lib64/libc.so.6
#5 0x00007ffff7b14b18 in free () at /lib64/libc.so.6
#6 0x00007ffff6bfa0c9 in g_free (mem=0x555555efa520) at ../glib/gmem.c:199
#7 0x00007fffe1a400bd in socket_source_cb (socket_source=<optimized out>, client=client@entry=0x5555560069e0 [GUPnPContext]) at ../libgssdp/gssdp-client.c:1677
#8 0x00007fffe1a40923 in multicast_socket_source_cb (source=<optimized out>, condition=<optimized out>, user_data=0x5555560069e0) at ../libgssdp/gssdp-client.c:1730
#9 0x00007ffff6953ab7 in socket_source_dispatch (source=source@entry=0x55555689b4d0, callback=0x7fffe1a408d0 <multicast_socket_source_cb>, user_data=0x5555560069e0) at ../gio/gsocket.c:4008
#10 0x00007ffff6bf3f57 in g_main_dispatch (context=0x555555a1b8a0) at ../glib/gmain.c:3325
#11 g_main_context_dispatch (context=0x555555a1b8a0) at ../glib/gmain.c:4043
#12 0x00007ffff6bf42d8 in g_main_context_iterate (context=context@entry=0x555555a1b8a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4119
#13 0x00007ffff6bf438f in g_main_context_iteration (context=context@entry=0x555555a1b8a0, may_block=may_block@entry=1) at ../glib/gmain.c:4184
#14 0x00007ffff69926a5 in g_application_run (application=0x5555560030f0 [gajim+application+GajimApplication], argc=-17100, argv=<optimized out>) at ../gio/gapplication.c:2559
#15 0x00007ffff710142d in ffi_call_unix64 () at ../src/x86/unix64.S:106
#16 0x00007ffff70fd4f9 in ffi_call_int (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:669
#17 0x00007ffff6d1c9c2 in pygi_invoke_c_callable (function_cache=0x555555f402c0, state=<optimized out>, py_args=<optimized out>, py_kwargs=<optimized out>) at gi/pygi-invoke.c:684
#18 0x00007ffff6d20372 in pygi_function_cache_invoke (py_kwargs=0x7ffff3250c40, py_args=0x7ffff3254040, function_cache=<optimized out>) at gi/pygi-cache.c:862
#19 pygi_callable_info_invoke (user_data=0x0, cache=<optimized out>, kwargs=0x7ffff3250c40, py_args=0x7ffff3254040, info=<optimized out>) at gi/pygi-invoke.c:727
#20 _wrap_g_callable_info_invoke (self=<optimized out>, py_args=0x7ffff3254040, kwargs=0x7ffff3250c40) at gi/pygi-invoke.c:764
#21 0x00007ffff7d88af6 in PyObject_Call (callable=0x7ffff5a6f730, args=<optimized out>, kwargs=<optimized out>) at Objects/call.c:246
#22 0x00007ffff7d71a42 in do_call_core (kwdict=0x7ffff3250c40, callargs=0x7ffff3254040, func=0x7ffff5a6f730, tstate=<optimized out>) at Python/ceval.c:5010
#23 _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:3559
#24 0x00007ffff7d6e8b4 in PyEval_EvalFrameEx (throwflag=0, f=0x7ffff37d5c40) at Python/ceval.c:741
#25 _PyEval_EvalCodeWithName
(_co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=0x0, kwargs=0x555555963a50, kwcount=<optimized out>, kwstep=1, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0, name=0x7ffff783e670, qualname=0x7ffff5a4d3f0) at Python/ceval.c:4298
#26 0x00007ffff7d7ccb3 in _PyFunction_Vectorcall (func=<optimized out>, stack=0x555555963a40, nargsf=<optimized out>, kwnames=<optimized out>) at Objects/call.c:436
#27 0x00007ffff7d700ea in _PyObject_Vectorcall (kwnames=0x0, nargsf=<optimized out>, args=0x555555963a40, callable=0x7ffff5a69310) at ./Include/cpython/abstract.h:127
#28 call_function (kwnames=0x0, oparg=<optimized out>, pp_stack=<synthetic pointer>, tstate=0x55555555c580) at Python/ceval.c:4963
#29 _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:3486
#30 0x00007ffff7d7cfaa in function_code_fastcall (co=<optimized out>, args=<optimized out>, nargs=0, globals=<optimized out>) at Objects/call.c:284
#31 0x00007ffff7d6fd78 in _PyObject_Vectorcall (kwnames=0x0, nargsf=<optimized out>, args=0x7ffff6fd2780, callable=0x7ffff5ed0ee0) at ./Include/cpython/abstract.h:127
#32 call_function (kwnames=0x0, oparg=<optimized out>, pp_stack=<synthetic pointer>, tstate=0x55555555c580) at Python/ceval.c:4963
#33 _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:3500
#34 0x00007ffff7d7cfaa in function_code_fastcall (co=<optimized out>, args=<optimized out>, nargs=0, globals=<optimized out>) at Objects/call.c:284
#35 0x00007ffff7d6fd78 in _PyObject_Vectorcall (kwnames=0x0, nargsf=<optimized out>, args=0x7ffff77ca5c0, callable=0x7ffff5eda0d0) at ./Include/cpython/abstract.h:127
#36 call_function (kwnames=0x0, oparg=<optimized out>, pp_stack=<synthetic pointer>, tstate=0x55555555c580) at Python/ceval.c:4963
#37 _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:3500
#38 0x00007ffff7d6e8b4 in PyEval_EvalFrameEx (throwflag=0, f=0x7ffff77ca440) at Python/ceval.c:741
#39 _PyEval_EvalCodeWithName
(_co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=0x0, kwargs=0x0, kwcount=<optimized out>, kwstep=2, defs=0x0, defcount=0, kwdefs=--Type <RET> for more, q to quit, c to continue without paging--
0x0, closure=0x0, name=0x0, qualname=0x0) at Python/ceval.c:4298
#40 0x00007ffff7d6e599 in PyEval_EvalCodeEx
(_co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kws=<optimized out>, kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0)
at Python/ceval.c:4327
#41 0x00007ffff7deeaeb in PyEval_EvalCode (co=co@entry=0x7ffff77f9710, globals=globals@entry=0x7ffff782e280, locals=locals@entry=0x7ffff782e280) at Python/ceval.c:718
#42 0x00007ffff7df9668 in run_eval_code_obj (co=0x7ffff77f9710, globals=0x7ffff782e280, locals=0x7ffff782e280) at Python/pythonrun.c:1165
#43 0x00007ffff7df4003 in run_mod (mod=<optimized out>, filename=<optimized out>, globals=0x7ffff782e280, locals=0x7ffff782e280, flags=<optimized out>, arena=<optimized out>) at Python/pythonrun.c:1187
#44 0x00007ffff7cee4a3 in pyrun_file
(fp=fp@entry=0x555555559340, filename=filename@entry=0x7ffff77387f0, start=start@entry=257, globals=globals@entry=0x7ffff782e280, locals=locals@entry=0x7ffff782e280, closeit=closeit@entry=1, flags=0x7fffffffc918) at Python/pythonrun.c:1084
#45 0x00007ffff7cedc47 in pyrun_simple_file (flags=0x7fffffffc918, closeit=1, filename=0x7ffff77387f0, fp=0x555555559340) at Python/pythonrun.c:439
#46 PyRun_SimpleFileExFlags (fp=0x555555559340, filename=<optimized out>, closeit=1, flags=0x7fffffffc918) at Python/pythonrun.c:472
#47 0x00007ffff7e063aa in pymain_run_file (cf=0x7fffffffc918, config=0x55555555b970) at Modules/main.c:385
#48 pymain_run_python (exitcode=0x7fffffffc910) at Modules/main.c:610
#49 Py_RunMain () at Modules/main.c:689
#50 0x00007ffff7de20e9 in Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at Modules/main.c:743
#51 0x00007ffff7aafb25 in __libc_start_main () at /lib64/libc.so.6
#52 0x000055555555507e in _start ()
(gdb) bt full
(gdb) bt full
#0 0x00007ffff7ac5495 in raise () at /lib64/libc.so.6
#1 0x00007ffff7aae864 in abort () at /lib64/libc.so.6
#2 0x00007ffff7b07d77 in __libc_message () at /lib64/libc.so.6
#3 0x00007ffff7b0fa5c in () at /lib64/libc.so.6
#4 0x00007ffff7b112ec in _int_free () at /lib64/libc.so.6
#5 0x00007ffff7b14b18 in free () at /lib64/libc.so.6
#6 0x00007ffff6bfa0c9 in g_free (mem=0x555555efa520) at ../glib/gmem.c:199
#7 0x00007fffe1a400bd in socket_source_cb (socket_source=<optimized out>, client=client@entry=0x5555560069e0 [GUPnPContext]) at ../libgssdp/gssdp-client.c:1677
i = <optimized out>
type = <optimized out>
len = <optimized out>
buf = "NOTIFY * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\nCACHE-CONTROL: max-age=1800\r\nLOCATION: http://192.168.1.1:49652/49652gatedesc.xml\r\nOPT: \"http://schemas.upnp.org/upnp/1/0/\"; ns=01\r\n01-NLS: 258430dc-1dd2"...
end = <optimized out>
headers = 0x0
socket = <optimized out>
address = 0x0
bytes = -1
inetaddr = <optimized out>
ip_string = <optimized out>
port = <optimized out>
error = 0x0
vector = {buffer = 0x7ffffffebb30, size = 65536}
messages = 0x555555efa520
num_messages = 1
priv = 0x555556006950
ret = <optimized out>
#8 0x00007fffe1a40923 in multicast_socket_source_cb (source=<optimized out>, condition=<optimized out>, user_data=0x5555560069e0) at ../libgssdp/gssdp-client.c:1730
client = 0x5555560069e0 [GUPnPContext]
multicast_socket = 0x0
error = 0x0
priv = 0x555556006950
#9 0x00007ffff6953ab7 in socket_source_dispatch (source=source@entry=0x55555689b4d0, callback=0x7fffe1a408d0 <multicast_socket_source_cb>, user_data=0x5555560069e0) at ../gio/gsocket.c:4008
func = 0x7fffe1a408d0 <multicast_socket_source_cb>
socket_source = 0x55555689b4d0
socket = 0x55555600b670 [GSocket]
timeout = -1
events = <optimized out>
ret = <optimized out>
#10 0x00007ffff6bf3f57 in g_main_dispatch (context=0x555555a1b8a0) at ../glib/gmain.c:3325
dispatch = <optimized out>
prev_source = 0x0
begin_time_nsec = 0
--Type <RET> for more, q to quit, c to continue without paging--
was_in_call = <optimized out>
user_data = 0x5555560069e0
callback = 0x7fffe1a408d0 <multicast_socket_source_cb>
cb_funcs = 0x7ffff6ccf940 <g_source_callback_funcs>
cb_data = 0x7fffe4007ed0
need_destroy = <optimized out>
source = 0x55555689b4d0
current = 0x555555bc56c0
i = 0
__func__ = "g_main_dispatch"
#11 g_main_context_dispatch (context=0x555555a1b8a0) at ../glib/gmain.c:4043
#12 0x00007ffff6bf42d8 in g_main_context_iterate (context=context@entry=0x555555a1b8a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4119
max_priority = 2147483647
timeout = 757
some_ready = 1
nfds = <optimized out>
allocated_nfds = <optimized out>
fds = 0x5555592e12e0
#13 0x00007ffff6bf438f in g_main_context_iteration (context=context@entry=0x555555a1b8a0, may_block=may_block@entry=1) at ../glib/gmain.c:4184
retval = <optimized out>
#14 0x00007ffff69926a5 in g_application_run (application=0x5555560030f0 [gajim+application+GajimApplication], argc=-17100, argv=<optimized out>) at ../gio/gapplication.c:2559
arguments = 0x555555b2f990
status = 0
context = 0x555555a1b8a0
acquired_context = <optimized out>
__func__ = "g_application_run"
#15 0x00007ffff710142d in ffi_call_unix64 () at ../src/x86/unix64.S:106
#16 0x00007ffff70fd4f9 in ffi_call_int (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:669
classes = {X86_64_INTEGER_CLASS, 21845, 1442871536, 21845}
stack = <optimized out>
argp = 0x7fffffffbd90 "\006"
arg_types = <optimized out>
gprcount = 3
ssecount = <optimized out>
ngpr = 1
nsse = 0
i = <optimized out>
avn = <optimized out>
flags = <optimized out>
reg_args = <optimized out>
…