Circumstances of crash: * dbus-glib 0.80-3 from Debian (no source patches applied to 0.80) * telepathy-mission-control rev b4462ff8c069a1ec4436c05937673a80cd469906 from git://git.collabora.co.uk/home/smcv/public_html/git/telepathy-mission-control-smcv.git * ./autogen.sh '--enable-maintainer-mode' '--enable-gtk-doc' '--enable-coverage' * make check MISSIONCONTROL_TEST_VALGRIND=1 TWISTED_TESTS=test-connect.py * core is dumped and test/twisted/tools/missioncontrol-testing.log contains, among others: ==29622== Invalid read of size 4 ==29622== at 0x43CDF27: g_slist_find_custom (gslist.c:608) ==29622== by 0x42F441A: dbus_g_proxy_manager_filter (dbus-gproxy.c:733) ==29622== by 0x430E924: dbus_connection_dispatch (in /usr/lib/libdbus-1.so.3.4.0) ==29622== by 0x42EAB1C: message_queue_dispatch (dbus-gmain.c:101) ==29622== by 0x43AE717: g_main_context_dispatch (gmain.c:1814) ==29622== by 0x43B1C7A: g_main_context_iterate (gmain.c:2448) ==29622== by 0x43B2149: g_main_loop_run (gmain.c:2656) ==29622== by 0x407F03D: mcd_service_run (mcd-service.c:987) ==29622== by 0x80492BF: main (mc-debug-server.c:109) ==29622== Address 0x4726018 is 0 bytes inside a block of size 8 free'd ==29622== at 0x4024E3A: free (vg_replace_malloc.c:323) ==29622== by 0x43B6BC5: g_free (gmem.c:190) ==29622== by 0x43CE3E9: g_slist_delete_link (gslist.c:446) ==29622== by 0x42F442F: dbus_g_proxy_manager_filter (dbus-gproxy.c:739) ==29622== by 0x430E924: dbus_connection_dispatch (in /usr/lib/libdbus-1.so.3.4.0) ==29622== by 0x42EAB1C: message_queue_dispatch (dbus-gmain.c:101) ==29622== by 0x43AE717: g_main_context_dispatch (gmain.c:1814) ==29622== by 0x43B1C7A: g_main_context_iterate (gmain.c:2448) ==29622== by 0x43B2149: g_main_loop_run (gmain.c:2656) ==29622== by 0x407F03D: mcd_service_run (mcd-service.c:987) ==29622== by 0x80492BF: main (mc-debug-server.c:109) { <insert a suppression name here> Memcheck:Addr4 fun:g_slist_find_custom fun:dbus_g_proxy_manager_filter fun:dbus_connection_dispatch fun:message_queue_dispatch fun:g_main_context_dispatch fun:g_main_context_iterate fun:g_main_loop_run fun:mcd_service_run fun:main } ==29622== ==29622== Invalid read of size 4 ==29622== at 0x42EF6CC: find_name_in_info (dbus-gproxy.c:499) ==29622== by 0x43CDF2D: g_slist_find_custom (gslist.c:608) ==29622== by 0x42F441A: dbus_g_proxy_manager_filter (dbus-gproxy.c:733) ==29622== by 0x430E924: dbus_connection_dispatch (in /usr/lib/libdbus-1.so.3.4.0) ==29622== by 0x42EAB1C: message_queue_dispatch (dbus-gmain.c:101) ==29622== by 0x43AE717: g_main_context_dispatch (gmain.c:1814) ==29622== by 0x43B1C7A: g_main_context_iterate (gmain.c:2448) ==29622== by 0x43B2149: g_main_loop_run (gmain.c:2656) ==29622== by 0x407F03D: mcd_service_run (mcd-service.c:987) ==29622== by 0x80492BF: main (mc-debug-server.c:109) ==29622== Address 0x0 is not stack'd, malloc'd or (recently) free'd { <insert a suppression name here> Memcheck:Addr4 fun:find_name_in_info fun:g_slist_find_custom fun:dbus_g_proxy_manager_filter fun:dbus_connection_dispatch fun:message_queue_dispatch fun:g_main_context_dispatch fun:g_main_context_iterate fun:g_main_loop_run fun:mcd_service_run fun:main } ==29622== ==29622== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==29622== Access not within mapped region at address 0x0 ==29622== at 0x42EF6CC: find_name_in_info (dbus-gproxy.c:499) ==29622== by 0x43CDF2D: g_slist_find_custom (gslist.c:608) ==29622== by 0x42F441A: dbus_g_proxy_manager_filter (dbus-gproxy.c:733) ==29622== by 0x430E924: dbus_connection_dispatch (in /usr/lib/libdbus-1.so.3.4.0) ==29622== by 0x42EAB1C: message_queue_dispatch (dbus-gmain.c:101) ==29622== by 0x43AE717: g_main_context_dispatch (gmain.c:1814) ==29622== by 0x43B1C7A: g_main_context_iterate (gmain.c:2448) ==29622== by 0x43B2149: g_main_loop_run (gmain.c:2656) ==29622== by 0x407F03D: mcd_service_run (mcd-service.c:987) ==29622== by 0x80492BF: main (mc-debug-server.c:109) ==29622== If you believe this happened as a result of a stack overflow in your ==29622== program's main thread (unlikely but possible), you can try to increase ==29622== the size of the main thread stack using the --main-stacksize= flag. ==29622== The main thread stack size used in this run was 16777216. I believe that telepathy-mission-control is extremely buggy, but that this particular crash is not its fault. I'm able to avoid the crash by patching dbus-glib - a patch is on the way.
Created attachment 24279 [details] [review] A patch that seems to fix this crash for me http://git.collabora.co.uk/?p=user/smcv/dbus-glib-smcv.git;a=commitdiff;h=f36381131b6f410333a9a823a4fc131ac799394f git://git.collabora.co.uk/git/user/smcv/dbus-glib-smcv.git commit f36381131b6f410333a9a823a4fc131ac799394f
Colin, any chance you could opine on this? Or someone? Without this patch, the Mission Control regression tests fail...
Patch looks good to me.
Thanks, fixed in git.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.