Description: xfce4-session in current git segfautls at startup. The backtrace shows the crash occurs in xfce_rc_simple_parse() however there've been no change in the code for a long time if I am not mistaken. Backtrace: $ gdb /opt/bin/xfce4-session GNU gdb (GDB) Fedora (6.8.50.20090302-38.fc11) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... (gdb) run Starting program: /opt/bin/xfce4-session Detaching after fork from child process 4584. Detaching after fork from child process 4585. Detaching after fork from child process 4587. Detaching after fork from child process 4588. Detaching after fork from child process 4589. Detaching after fork from child process 4590. Detaching after fork from child process 4591. Detaching after fork from child process 4592. Detaching after fork from child process 4593. Detaching after fork from child process 4599. Detaching after fork from child process 4600. Detaching after fork from child process 4601. Detaching after fork from child process 4602. Detaching after fork from child process 4603. Detaching after fork from child process 4604. Detaching after fork from child process 4607. xfdesktop[4600]: starting up Detaching after fork from child process 4608. Detaching after fork from child process 4609. Detaching after fork from child process 4610. Detaching after fork from child process 4611. Detaching after fork from child process 4612. Detaching after fork from child process 4613. Detaching after fork from child process 4614. Detaching after fork from child process 4615. Detaching after fork from child process 4616. (Terminal:4517): Gdk-WARNING **: XID collision, trouble ahead xfce4-settings-helper is already running Detaching after fork from child process 4617. xfce4-settings-helper is already running Detaching after fork from child process 4621. xfce4-settings-helper is already running Detaching after fork from child process 4622. xfce4-settings-helper is already running Detaching after fork from child process 4623. xfce4-settings-helper is already running Detaching after fork from child process 4624. Program received signal SIGSEGV, Segmentation fault. 0x0000003d81854e04 in g_slice_alloc () from /lib64/libglib-2.0.so.0 Missing separate debuginfos, use: debuginfo-install atk-1.25.2-2.fc11.x86_64 cairo-1.8.8-1.fc11.x86_64 dbus-glib-0.80-2.fc11.x86_64 dbus- libs-1.2.12-2.fc11.x86_64 e2fsprogs-libs-1.41.4-12.fc11.x86_64 expat-2.0.1-6.x86_64 fontconfig-2.7.1-1.fc11.x86_64 freetype-2.3.9-5.fc11. x86_64 glib2-2.20.5-1.fc11.x86_64 glibc-2.10.1-5.x86_64 gtk2-2.16.6-2.fc11.x86_64 libICE-1.0.4-7.fc11.x86_64 libSM-1.1.0-4.fc11.x86_64 li bX11-1.2.2-1.fc11.x86_64 libXau-1.0.4-5.fc11.x86_64 libXcomposite-0.4.0-7.fc11.x86_64 libXcursor-1.1.9-4.fc11.x86_64 libXdamage-1.1.1-6.f c11.x86_64 libXext-1.0.99.1-3.fc11.x86_64 libXfixes-4.0.3-5.fc11.x86_64 libXi-1.2.1-1.fc11.x86_64 libXinerama-1.0.3-4.fc11.x86_64 libXran dr-1.2.99.4-3.fc11.x86_64 libXrender-0.9.4-5.fc11.x86_64 libXres-1.0.3-6.fc11.x86_64 libattr-2.4.43-3.fc11.x86_64 libcap-2.16-4.fc11.1.x8 6_64 libpng-1.2.37-1.fc11.x86_64 libselinux-2.0.80-1.fc11.x86_64 libwnck-2.26.2-1.fc11.x86_64 libxcb-1.2-4.fc11.x86_64 pango-1.24.5-1.fc1 1.x86_64 pixman-0.14.0-2.fc11.x86_64 startup-notification-0.9-6.fc11.x86_64 zlib-1.2.3-22.fc11.x86_64 (gdb) xfce4-settings-helper is already running (gdb) (gdb) bt #0 0x0000003d81854e04 in g_slice_alloc () from /lib64/libglib-2.0.so.0 #1 0x00007ffff796f79e in simple_add_entry (simple=0x67c290, key=0x7fffffffbe60 "Type", value=0x7fffffffbe65 "Application", locale=0x0) at xfce-rc-simple.c:204 #2 0x00007ffff7970262 in _xfce_rc_simple_parse (simple=0x67c290) at xfce-rc-simple.c:683 #3 0x00007ffff796f35c in _xfce_rc_config_new (type=<value optimized out>, resource=<value optimized out>, readonly=<value optimized out>) at xfce-rc-config.c:144 #4 0x0000000000416879 in xfsm_startup_autostart_xdg () at xfsm-startup.c:329 #5 xfsm_startup_autostart () at xfsm-startup.c:419 #6 0x0000000000416f99 in xfsm_startup_session_continue (manager=0x65f020) at xfsm-startup.c:590 #7 0x0000000000417126 in xfsm_startup_child_watch (pid=4623, status=<value optimized out>, user_data=<value optimized out>) at xfsm-startup.c:698 #8 0x0000003d81835b24 in ?? () from /lib64/libglib-2.0.so.0 #9 0x0000003d8183790e in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #10 0x0000003d8183b0e8 in ?? () from /lib64/libglib-2.0.so.0 #11 0x0000003d8183b535 in g_main_loop_run () from /lib64/libglib-2.0.so.0 #12 0x0000003d861422b7 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0 #13 0x000000000040aa5e in main (argc=1, argv=0x7fffffffe2e8) at main.c:299 (gdb) (gdb) bt f #0 0x0000003d81854e04 in g_slice_alloc () from /lib64/libglib-2.0.so.0 No symbol table info available. #1 0x00007ffff796f79e in simple_add_entry (simple=0x67c290, key=0x7fffffffbe60 "Type", value=0x7fffffffbe65 "Application", locale=0x0) at xfce-rc-simple.c:204 lentry_before = <value optimized out> lentry = <value optimized out> entry = 0x0 result = <value optimized out> #2 0x00007ffff7970262 in _xfce_rc_simple_parse (simple=0x67c290) at xfce-rc-simple.c:683 readonly = 1 line = "Type\0Application\0\0訣與撇步\0\0\247\0\0 nước\0\0\267\212\0\0\254ો\0\0\0\243་ཐབས།\0\0\275\226ྱ།\0\0fourdan", '\0' <repeats 29 times>, "\6\347\300<0\0\0\0\370\372\341<0\0\0\0x\340\377\377\377\177\0\0\200\340\377\377\377\177\0\0\217\340\377\377\377\177\0\0\260\307\300<0\0\0\0\16A\a=0\0\0\0\340\305\377\377\377\177\0\0\320\305\377\377\377\177\0\0,\0\0\0\0\0\0\0\20\307\377\377\377\177\0\0\232\246\v?0\0\0\0\5R\4=0\0\0\0\232\246\v?0\0\0\0\34;u\367\377\177", '\0' <repeats 12 times>"\300, }\377\377\377\377\0\0\326́y`\0\25\0\0\0\0\0\0\0\300\304\377\377\377\177\0\0\26\0\0\0\27\0\0\0\35\0\0\0\0\0\0\0h\305\377\377\377\177\0\0H\305\377\377\377\177\0\0\225\246\v?0\0\0\0,\305"... section = <value optimized out> locale = 0x0 value = 0x7fffffffbe65 "Application" key = 0x7fffffffbe60 "Type" fp = 0x66dbf0 #3 0x00007ffff796f35c in _xfce_rc_config_new (type=<value optimized out>, resource=<value optimized out>, readonly=<value optimized out>) at xfce-rc-config.c:144 simple = 0x67c290 user_present = 1 user = 0x67c030 "/home/ofourdan/.config/autostart/xfce4-tips-autostart.desktop" paths = 0x66b490 p = 0x66b498 #4 0x0000000000416879 in xfsm_startup_autostart_xdg () at xfsm-startup.c:329 try_exec = <value optimized out> exec = <value optimized out> files = 0x66be08 type = <value optimized out> only_show_in = <value optimized out> startup_notify = 0 terminal = 0 skip = <value optimized out> error = 0x0 rc = 0x67c730 not_show_in = 0x0 #5 xfsm_startup_autostart () at xfsm-startup.c:419 n = 1 #6 0x0000000000416f99 in xfsm_startup_session_continue (manager=0x65f020) at xfsm-startup.c:590 pending_properties = 0x63b100 ---Type <return> to continue, or q <return> to quit--- client_started = 6644960 #7 0x0000000000417126 in xfsm_startup_child_watch (pid=4623, status=<value optimized out>, user_data=<value optimized out>) at xfsm-startup.c:698 cwdata = 0x667db0 starting_properties = <value optimized out> #8 0x0000003d81835b24 in ?? () from /lib64/libglib-2.0.so.0 No symbol table info available. #9 0x0000003d8183790e in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 No symbol table info available. #10 0x0000003d8183b0e8 in ?? () from /lib64/libglib-2.0.so.0 No symbol table info available. #11 0x0000003d8183b535 in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #12 0x0000003d861422b7 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #13 0x000000000040aa5e in main (argc=1, argv=0x7fffffffe2e8) at main.c:299 manager = 0x65f020 shutdown_type = <value optimized out> error = 0x0 (gdb)
New different backtrace now it crashes elsewhere. Looks like an earlier memory corruption though. Will try to run valgrind. (gdb) bt full #0 0x0000003d81854e04 in g_slice_alloc () from /lib64/libglib-2.0.so.0 No symbol table info available. #1 0x0000003d81c1f305 in g_signal_connect_closure_by_id () from /lib64/libgobject-2.0.so.0 No symbol table info available. #2 0x0000003d86c0aea6 in dbus_g_connection_register_g_object () from /usr/lib64/libdbus-glib-1.so.2 No symbol table info available. #3 0x000000000040e415 in xfsm_client_dbus_init (client=<value optimized out>) at xfsm-client.c:446 error = 0x0 #4 xfsm_client_set_initial_properties (client=<value optimized out>) at xfsm-client.c:254 __PRETTY_FUNCTION__ = "xfsm_client_set_initial_properties" #5 0x000000000041133b in xfsm_manager_register_client (manager=0x1bcf010, client=0x1bf2400, previous_id=0x1bf9160 "23f20ceb0-06cc-421f-b810-f234a38322f7") at xfsm-manager.c:887 properties = 0x1bd8aa0 client_id = <value optimized out> lp = <value optimized out> sms_conn = 0x1bd8310 #6 0x000000000040d039 in sm_register_client (sms_conn=<value optimized out>, client_data=0x1bf2400, previous_id=0x1bf9160 "23f20ceb0-06cc-421f-b810-f234a38322f7") at sm-layer.c:213 result = <value optimized out> #7 0x0000003042c04a63 in _SmsProcessMessage () from /usr/lib64/libSM.so.6 No symbol table info available. #8 0x0000003042812342 in IceProcessMessages () from /usr/lib64/libICE.so.6 No symbol table info available. #9 0x000000000040a6b1 in ice_process_messages (channel=<value optimized out>, condition=<value optimized out>, user_data=0x1bdc730) at ice-layer.c:111 status = <value optimized out> ---Type <return> to continue, or q <return> to quit--- #10 0x0000003d8183790e in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 No symbol table info available. #11 0x0000003d8183b0e8 in ?? () from /lib64/libglib-2.0.so.0 No symbol table info available. #12 0x0000003d8183b535 in g_main_loop_run () from /lib64/libglib-2.0.so.0 No symbol table info available. #13 0x0000003d861422b7 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #14 0x000000000040aa5e in main (argc=1, argv=0x7fffbeaf7aa8) at main.c:299 manager = 0x1bcf010 shutdown_type = <value optimized out> error = 0x0
Created attachment 2567 valgrind log
Hmm, I can't see anything obviously wrong based on that. Can you try running with G_DEBUG=gc-friendly, G_SLICE=always-malloc, and MALLOC_CHECK_=3? Might not even need to run inside valgrind, thought that would probably be helpful too.
Also weird: the valgrind log points to an invalid access to address 0xffffffff00000000... that looks suspiciously like a NULL pointer that got truncated to 32 bits and then somehow 1-extended out to 64 again. Not sure how that could happen, though... If you can run it in gdb and get the same crash, it might be useful to examine the contents of the XfsmClient struct at the time of the crash.
Created attachment 2573 Valgrind log with the requested env variables set Today I got the same problem. I tried the suggested env variables and noticed once I set either G_DEBUG=gc-friendly or G_SLICE=always-malloc, it doesn't crash anymore. This is good enough for a temporary workaround but obviously not a solution. Attached is also a (big) valgrind log of xfce4-session with the three variables defined before. In case it's in any way related to GLib, I'm using version 2.22.0 (Debian Testing/Unstable).
I get binary junk when I click on that attachment. Please reattach, uncompressed.
Ok, I think this is probably the problem: ==26828== Invalid write of size 4 ==26828== at 0x41B53C: xfsm_startup_child_watch (xfsm-startup.c:702) ==26828== by 0xB480EA3: g_child_watch_dispatch (gmain.c:3638) ==26828== by 0xB482D5F: g_main_context_dispatch (gmain.c:1824) ==26828== by 0xB486487: g_main_context_iterate (gmain.c:2455) ==26828== by 0xB48697C: g_main_loop_run (gmain.c:2663) ==26828== by 0x64579F6: gtk_main (gtkmain.c:1205) ==26828== by 0x40C647: main (main.c:299) ==26828== Address 0xc76e128 is 16 bytes inside a block of size 48 free'd ==26828== at 0x4C239FF: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==26828== by 0x418217: xfsm_properties_free (xfsm-properties.c:727) ==26828== by 0x41B653: xfsm_startup_handle_failed_startup (xfsm-startup.c:744) ==26828== by 0x41B533: xfsm_startup_child_watch (xfsm-startup.c:699) ==26828== by 0xB480EA3: g_child_watch_dispatch (gmain.c:3638) ==26828== by 0xB482D5F: g_main_context_dispatch (gmain.c:1824) ==26828== by 0xB486487: g_main_context_iterate (gmain.c:2455) ==26828== by 0xB48697C: g_main_loop_run (gmain.c:2663) ==26828== by 0x64579F6: gtk_main (gtkmain.c:1205) ==26828== by 0x40C647: main (main.c:299) I've been staring at code and adding printfs all over the place, and I still can't figure it out. The code is never called after the memory is freed, at least according to the printfs. I don't get it.
Created attachment 2574 possible weird fix On my machine, at least, this makes the valgrind warning go away. I have no idea why, or if this is just hiding another problem. But please give it a try and see if it fixes the crash... I'm curious to see if this tells us anything.
(In reply to comment #8) > Created an attachment (id=2574) [details] > possible weird fix > > On my machine, at least, this makes the valgrind warning go away. I have no > idea why, or if this is just hiding another problem. But please give it a try > and see if it fixes the crash... I'm curious to see if this tells us anything. This seems to fix the issue at least in my case. I shall try it for a bit more time though.
Damn, I was kinda hoping it wouldn't fix it. I sincerely doubt glib's slice allocator is actually broken, so it's probably just papering over a problem somewhere in the code, even though I can't find it. But then again, with G_SLICE=always-malloc, the slice allocator should look almost exactly like malloc/free, so... I dunno.
God, this one was hard to debug. Can you update to git master and verify that it's fixed? (Be sure to revert the patch in attachment #2574 , which isn't needed and may mask the bug's presence.)