avahi_client_free on NULL
For some reason, the code tries to free NULL:
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
set = {__val = {0, 139843256375424, 4222451712, 139842793016784, 139842793016784, 139842793016784, 139842793016784, 139842793016855, 139842793016884, 139842793016784, 139842793016884, 0, 0, 0, 0, 0}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x00007f2fcb975899 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x7f2fb0008dd0, sa_sigaction = 0x7f2fb0008dd0}, sa_mask = {__val = {71, 4, 47244640256, 0, 0, 139843257525358, 0, 21474836480, 139843171027072, 139839840190478, 139843257555792, 0, 18030688760500065792, 139843257525358, 139843264557056, 139843257540536}}, sa_flags = -877318144, sa_restorer = 0x272}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007f2fcb975769 in __assert_fail_base (fmt=0x7f2fcbb09fb8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7f2fcbb53009 "client", file=0x7f2fcbb53000 "client.c", line=626, function=<optimized out>) at assert.c:92
str = 0x7f2fb0008dd0 "\200\215"
total = 4096
#3 0x00007f2fcb987006 in __GI___assert_fail (assertion=assertion@entry=0x7f2fcbb53009 "client", file=file@entry=0x7f2fcbb53000 "client.c", line=line@entry=626, function=function@entry=0x7f2fcbb53700 <__PRETTY_FUNCTION__.5699> "avahi_client_free") at assert.c:101
No locals.
#4 0x00007f2fcbb4ae3b in avahi_client_free (client=<optimized out>) at client.c:669
__PRETTY_FUNCTION__ = "avahi_client_free"
#5 0x000055c88a0ea895 in free_global_avahi_client () at ../common/gvfsdnssdresolver.c:175
No locals.
#6 0x000055c88a0eb2fd in g_vfs_dns_sd_resolver_finalize (object=0x55c88bb266e0) at ../common/gvfsdnssdresolver.c:379
resolver = 0x55c88bb266e0
#7 0x00007f2fcbeedc0e in g_object_unref () from /srv/daisy.ubuntu.com/production/cache/Ubuntu 19.10/cache-AEUjvT/sandbox/Ubuntu 19.10/amd64/report-sandbox/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.6200.2
No symbol table info available.
#8 0x000055c88a0ea655 in g_vfs_backend_dav_finalize (object=0x55c88bb231a0) at ../daemon/gvfsbackenddav.c:133
dav_backend = 0x55c88bb231a0
#9 0x00007f2fcbeedc0e in g_object_unref () from /srv/daisy.ubuntu.com/production/cache/Ubuntu 19.10/cache-AEUjvT/sandbox/Ubuntu 19.10/amd64/report-sandbox/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.6200.2
No symbol table info available.
#10 0x00007f2fcc17734b in g_vfs_job_mount_finalize (object=0x55c88bb1fb30) at ../daemon/gvfsjobmount.c:49
job = 0x55c88bb1fb30
#11 0x00007f2fcbeedc0e in g_object_unref () from /srv/daisy.ubuntu.com/production/cache/Ubuntu 19.10/cache-AEUjvT/sandbox/Ubuntu 19.10/amd64/report-sandbox/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.6200.2
No symbol table info available.
This is gvfs-1.42.1-1ubuntu1, as far as I can tell.
The problem seems common enough, s.t. the documentation has a paragraph on it:
A callback that is called whenever the state of the client changes. This may be NULL. Please note that this function is called for the first time from within the avahi_client_new() context! Thus, in the callback you should not make use of global variables that are initialized only after your call to avahi_client_new(). A common mistake is to store the AvahiClient pointer returned by avahi_client_new() in a global variable and assume that this global variable already contains the valid pointer when the callback is called for the first time. A work-around for this is to always use the AvahiClient pointer passed to the callback function instead of the global pointer.
Now the code seems to be doing that, i.e. store the AvahiClient pointer returned by avahi_client_new() in a global variable and assume that this global variable already contains the valid pointer when the callback is called for the first time.
Here is stores the global pointer: https://gitlab.gnome.org/GNOME/gvfs/blob/b53a0d9a8dd224ecc0d1185826a57d104ce0ee46/common/gvfsdnssdresolver.c#L201
and here it uses that pointer https://gitlab.gnome.org/GNOME/gvfs/blob/b53a0d9a8dd224ecc0d1185826a57d104ce0ee46/common/gvfsdnssdresolver.c#L159. Although the pointer has been set to something non-null. Hm. But maybe someone ignore the error that was set. Or https://gitlab.gnome.org/GNOME/gvfs/blob/b53a0d9a8dd224ecc0d1185826a57d104ce0ee46/common/gvfsdnssdresolver.c#L362 finalize is called while the global_client
is still NULL
.
FTR: I tried to use a DAV share.
I could easily patch a if (client != NULL) { avahi_client_free (client) }
but I'm afraid that it further obscures the real bug.
When searching for "avahi_client_free", the Internet reports many other apps having that problem. So it seems the Avahi API is a bit quirky there. https://github.com/apple/cups/issues/4550, https://bugzilla.redhat.com/show_bug.cgi?id=1281449, or https://bugs.launchpad.net/ubuntu/+source/rhythmbox/+bug/623816 are bug reports that look similar. https://retrace.fedoraproject.org/faf/reports/323391/ also has a link to a gvfs bug which looks very very similar.