bookworm
bookworm copied to clipboard
Published
20 hours ago •
babluboy
babluboy
Crashes with glibc heap consistency checking turned on
Forwarding downstream Debian bug report: https://bugs.debian.org/997670
This appears with bookworm git snapshot 20210715, which holds the same source code as current git HEAD except for translations.
When I turn on glibc heap consistency checking, bookworm crashes at
startup. From the gdb trace it looks like it is trying to g_strdup a
pointer that has not been initialised. Also valgrind indicates an
invalid memory read, which is probably cause of the crash.
https://www.gnu.org/software/libc/manual/html_node/Heap-Consistency-Checking.html https://udrepper.livejournal.com/11429.html
$ export MALLOC_CHECK_=2
$ export MALLOC_PERTURB_=$((0xF0))
$ gdb -batch -n -ex 'set pagination off' -ex run -ex bt -ex 'bt full' --args com.github.babluboy.bookworm
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
120 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1 0x00007ffff718eab4 in g_strdup (str=0x7f0f0f0f0f0f0d1 <error: Cannot access memory at address 0x7f0f0f0f0f0f0d1>) at ../../../glib/gstrfuncs.c:363
#2 0x00007ffff7389a67 in add_packed_option (entry=0x7fffffffd290, application=0x55555580c120 [BookwormAppBookworm]) at ../../../gio/gapplication.c:648
#3 g_application_add_main_option_entries (application=application@entry=0x55555580c120 [BookwormAppBookworm], entries=<optimized out>) at ../../../gio/gapplication.c:740
#4 0x0000555555567a8d in bookworm_app_bookworm_constructor (type=<optimized out>, n_construct_properties=<optimized out>, construct_properties=0x5555557b1bf0) at ../src/bookworm.vala:116
#5 0x00007ffff7268ab8 in g_object_new_with_custom_constructor (n_params=2, params=0x7fffffffd470, class=0x555555801200) at ../../../gobject/gobject.c:1863
#6 g_object_new_internal (class=class@entry=0x555555801200, params=params@entry=0x7fffffffd470, n_params=n_params@entry=2) at ../../../gobject/gobject.c:1943
#7 0x00007ffff726a508 in g_object_new_valist (object_type=0x5555557fb220 [BookwormAppBookworm/GraniteApplication/GtkApplication/GApplication], first_property_name=first_property_name@entry=0x5555555ad74b "application-id", var_args=var_args@entry=0x7fffffffd740) at ../../../gobject/gobject.c:2288
#8 0x00007ffff726aa39 in g_object_new (object_type=<optimized out>, first_property_name=first_property_name@entry=0x5555555ad74b "application-id") at ../../../gobject/gobject.c:1788
#9 0x00005555555676c5 in bookworm_app_bookworm_construct (object_type=<optimized out>) at ../src/bookworm.vala:120
#10 bookworm_app_bookworm_new () at ../src/bookworm.vala:119
#11 bookworm_app_bookworm_getAppInstance () at ../src/bookworm.vala:136
#12 0x00005555555633fb in _vala_main (args_length1=<optimized out>, args=<optimized out>) at ../src/main.vala:23
#13 main (argc=<optimized out>, argv=<optimized out>) at ../src/main.vala:20
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1 0x00007ffff718eab4 in g_strdup (str=0x7f0f0f0f0f0f0d1 <error: Cannot access memory at address 0x7f0f0f0f0f0f0d1>) at ../../../glib/gstrfuncs.c:363
new_str = <optimized out>
length = <optimized out>
#2 0x00007ffff7389a67 in add_packed_option (entry=0x7fffffffd290, application=0x55555580c120 [BookwormAppBookworm]) at ../../../gio/gapplication.c:648
__func__ = "add_packed_option"
my_entries = {{long_name = 0x7f0f0f0f0f0f0d1 <error: Cannot access memory at address 0x7f0f0f0f0f0f0d1>, short_name = -127 '\201', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x5555557b2e30, description = 0x0, arg_description = 0x1 <error: Cannot access memory at address 0x1>}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}}
i = 0
__func__ = "g_application_add_main_option_entries"
#3 g_application_add_main_option_entries (application=application@entry=0x55555580c120 [BookwormAppBookworm], entries=<optimized out>) at ../../../gio/gapplication.c:740
my_entries = {{long_name = 0x7f0f0f0f0f0f0d1 <error: Cannot access memory at address 0x7f0f0f0f0f0f0d1>, short_name = -127 '\201', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x5555557b2e30, description = 0x0, arg_description = 0x1 <error: Cannot access memory at address 0x1>}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}}
i = 0
__func__ = "g_application_add_main_option_entries"
#4 0x0000555555567a8d in bookworm_app_bookworm_constructor (type=<optimized out>, n_construct_properties=<optimized out>, construct_properties=0x5555557b1bf0) at ../src/bookworm.vala:116
obj = 0x55555580c120 [BookwormAppBookworm]
parent_class = <optimized out>
self = 0x55555580c120 [BookwormAppBookworm]
_tmp0_ = <optimized out>
_tmp1_ = <optimized out>
_tmp2_ = <optimized out>
_tmp3_ = <optimized out>
_tmp4_ = <optimized out>
_tmp5_ = <optimized out>
_tmp6_ = <optimized out>
_tmp7_ = {long_name = 0x5555555ad1c6 "version", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x5555557933d4 <bookworm_app_bookworm_command_line_option_version>, description = <optimized out>, arg_description = <optimized out>}
_tmp8_ = <optimized out>
_tmp9_ = {long_name = 0x5555555ad1d0 "debug", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x5555557933d0 <bookworm_app_bookworm_command_line_option_debug>, description = <optimized out>, arg_description = <optimized out>}
_tmp10_ = <optimized out>
_tmp11_ = {long_name = 0x5555555ad1d8 "info", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x5555557933cc <bookworm_app_bookworm_command_line_option_info>, description = <optimized out>, arg_description = <optimized out>}
_tmp12_ = 0x55555580ee70
_tmp13_ = {long_name = 0x5555555ad243 "discover", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x5555557933c8 <bookworm_app_bookworm_command_line_option_discover>, description = <optimized out>, arg_description = <optimized out>}
_tmp14_ = <optimized out>
#5 0x00007ffff7268ab8 in g_object_new_with_custom_constructor (n_params=2, params=0x7fffffffd470, class=0x555555801200) at ../../../gobject/gobject.c:1863
cparams = 0x5555557b1bf0
cvalues = 0x55555580b2b0
node = <optimized out>
i = 1
nqueue = 0x0
newly_constructed = <optimized out>
object = <optimized out>
n_cparams = 1
cvals_used = <optimized out>
nqueue = 0x0
object = <optimized out>
__func__ = "g_object_new_internal"
#6 g_object_new_internal (class=class@entry=0x555555801200, params=params@entry=0x7fffffffd470, n_params=n_params@entry=2) at ../../../gobject/gobject.c:1943
nqueue = 0x0
object = <optimized out>
__func__ = "g_object_new_internal"
#7 0x00007ffff726a508 in g_object_new_valist (object_type=0x5555557fb220 [BookwormAppBookworm/GraniteApplication/GtkApplication/GApplication], first_property_name=first_property_name@entry=0x5555555ad74b "application-id", var_args=var_args@entry=0x7fffffffd740) at ../../../gobject/gobject.c:2288
params = 0x7fffffffd470
values = 0x7fffffffd570
params_stack = {{pspec = 0x5555557fe020 [GParamString], value = 0x7fffffffd570}, {pspec = 0x5555557fe860 [GParamFlags], value = 0x7fffffffd588}, {pspec = 0x0, value = 0x0}, {pspec = 0x6e0000005f, value = 0xc81d1bae717eba00}, {pspec = 0x1, value = 0x400}, {pspec = 0x7ffff3483ba0, value = 0x5555557fb800}, {pspec = 0x555555794368, value = 0x400}, {pspec = 0x401, value = 0x7ffff334eb95 <_int_memalign+341>}, {pspec = 0x3000000003, value = 0x7fffffffd560}, {pspec = 0x400, value = 0x3f0}, {pspec = 0x555555794368, value = 0x400}, {pspec = 0x30, value = 0x7ffff334ec7e <memalign_check+94>}, {pspec = 0x18, value = 0x18}, {pspec = 0x3, value = 0x1}, {pspec = 0x8, value = 0x7ffff334e6e6 <_int_malloc+3238>}, {pspec = 0x5555557fb800 [GtkActionMuxer], value = 0x38}}
values_stack = {{g_type = 0x40 [gchararray], data = {{v_int = 1434497664, v_uint = 1434497664, v_long = 93824995078784, v_ulong = 93824995078784, v_int64 = 93824995078784, v_uint64 = 93824995078784, v_float = 1.76880175e+13, v_double = 4.6355706789651196e-310, v_pointer = 0x55555580b280}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {g_type = 0x5555557fda00 [GApplicationFlags], data = {{v_int = 8, v_uint = 8, v_long = 8, v_ulong = 8, v_int64 = 8, v_uint64 = 8, v_float = 1.12103877e-44, v_double = 3.9525251667299724e-323, v_pointer = 0x8}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 4, v_uint = 4, v_long = 4, v_ulong = 4, v_int64 = 4, v_uint64 = 4, v_float = 5.60519386e-45, v_double = 1.9762625833649862e-323, v_pointer = 0x4}}}, {g_type = 0x7 [void], data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 81, v_uint = 81, v_long = 81, v_ulong = 81, v_int64 = 81, v_uint64 = 81, v_float = 1.13505176e-43, v_double = 4.001931731314097e-322, v_pointer = 0x51}}}, {g_type = 0x6 [void], data = {{v_int = -214636670, v_uint = 4080330626, v_long = 140737273718658, v_ulong = 140737273718658, v_int64 = 140737273718658, v_uint64 = 140737273718658, v_float = -1.43327175e+31, v_double = 6.9533452033745058e-310, v_pointer = 0x7ffff334e782 <_int_malloc+3394>}, {v_int = 128, v_uint = 128, v_long = 128, v_ulong = 128, v_int64 = 128, v_uint64 = 128, v_float = 1.79366203e-43, v_double = 6.3240402667679558e-322, v_pointer = 0x80}}}, {g_type = 0x1, data = {{v_int = 255, v_uint = 255, v_long = 255, v_ulong = 255, v_int64 = 255, v_uint64 = 255, v_float = 3.57331108e-43, v_double = 1.2598673968951787e-321, v_pointer = 0xff}, {v_int = 7, v_uint = 7, v_long = 7, v_ulong = 7, v_int64 = 7, v_uint64 = 7, v_float = 9.80908925e-45, v_double = 3.4584595208887258e-323, v_pointer = 0x7}}}, {g_type = 0x0, data = {{v_int = -214637328, v_uint = 4080329968, v_long = 140737273718000, v_ulong = 140737273718000, v_int64 = 140737273718000, v_uint64 = 140737273718000, v_float = -1.4331922e+31, v_double = 6.9533452033419963e-310, v_pointer = 0x7ffff334e4f0 <_int_malloc+2736>}, {v_int = 99, v_uint = 99, v_long = 99, v_ulong = 99, v_int64 = 99, v_uint64 = 99, v_float = 1.38728548e-43, v_double = 4.8912498938283408e-322, v_pointer = 0x63}}}, {g_type = 0x38 [gfloat], data = {{v_int = 56, v_uint = 56, v_long = 56, v_ulong = 56, v_int64 = 56, v_uint64 = 56, v_float = 7.8472714e-44, v_double = 2.7667676167109806e-322, v_pointer = 0x38}, {v_int = -149369443, v_uint = 4145597853, v_long = 140737338985885, v_ulong = 140737338985885, v_int64 = 140737338985885, v_uint64 = 140737338985885, v_float = -3.09921662e+33, v_double = 6.9533484280039718e-310, v_pointer = 0x7ffff718cd9d <g_slice_alloc+29>}}}, {g_type = 0x0, data = {{v_int = -214638376, v_uint = 4080328920, v_long = 140737273716952, v_ulong = 140737273716952, v_int64 = 140737273716952, v_uint64 = 140737273716952, v_float = -1.4330655e+31, v_double = 6.9533452032902182e-310, v_pointer = 0x7ffff334e0d8 <_int_malloc+1688>}, {v_int = 9, v_uint = 9, v_long = 9, v_ulong = 9, v_int64 = 9, v_uint64 = 9, v_float = 1.26116862e-44, v_double = 4.4465908125712189e-323, v_pointer = 0x9}}}, {g_type = <error reading variable: Cannot access memory at address 0xe8001056b93d8d70>, data = {{v_int = 176, v_uint = 176, v_long = 176, v_ulong = 176, v_int64 = 176, v_uint64 = 176, v_float = 2.4662853e-43, v_double = 8.6955553668059392e-322, v_pointer = 0xb0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {g_type = 0x4 [void], data = {{v_int = 7, v_uint = 7, v_long = 7, v_ulong = 7, v_int64 = 7, v_uint64 = 7, v_float = 9.80908925e-45, v_double = 3.4584595208887258e-323, v_pointer = 0x7}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {g_type = 0x51 [GObject], data = {{v_int = 6, v_uint = 6, v_long = 6, v_ulong = 6, v_int64 = 6, v_uint64 = 6, v_float = 8.40779079e-45, v_double = 2.9643938750474793e-323, v_pointer = 0x6}, {v_int = 20, v_uint = 20, v_long = 20, v_ulong = 20, v_int64 = 20, v_uint64 = 20, v_float = 2.80259693e-44, v_double = 9.8813129168249309e-323, v_pointer = 0x14}}}, {g_type = <error reading variable: Cannot access memory at address 0x28>, data = {{v_int = 1, v_uint = 1, v_long = 1, v_ulong = 1, v_int64 = 1, v_uint64 = 1, v_float = 1.40129846e-45, v_double = 4.9406564584124654e-324, v_pointer = 0x1}, {v_int = 6, v_uint = 6, v_long = 210453397510, v_ulong = 210453397510, v_int64 = 210453397510, v_uint64 = 210453397510, v_float = 8.40779079e-45, v_double = 1.0397779376026274e-312, v_pointer = 0x3100000006}}}, {g_type = 0x0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {g_type = <error reading variable: Cannot access memory at address 0x6e00000080>, data = {{v_int = 124, v_uint = 124, v_long = 511101108348, v_ulong = 511101108348, v_int64 = 511101108348, v_uint64 = 511101108348, v_float = 1.7376101e-43, v_double = 2.5251749918613155e-312, v_pointer = 0x770000007c}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {g_type = 0x50 [GObject], data = {{v_int = 80, v_uint = 80, v_long = 80, v_ulong = 80, v_int64 = 80, v_uint64 = 80, v_float = 1.12103877e-43, v_double = 3.9525251667299724e-322, v_pointer = 0x50}, {v_int = 81, v_uint = 81, v_long = 81, v_ulong = 81, v_int64 = 81, v_uint64 = 81, v_float = 1.13505176e-43, v_double = 4.001931731314097e-322, v_pointer = 0x51}}}}
name = <optimized out>
n_params = <optimized out>
n_params_alloc = 16
class = <optimized out>
unref_class = <optimized out>
object = <optimized out>
__func__ = "g_object_new_valist"
#8 0x00007ffff726aa39 in g_object_new (object_type=<optimized out>, first_property_name=first_property_name@entry=0x5555555ad74b "application-id") at ../../../gobject/gobject.c:1788
object = <optimized out>
var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fffffffd820, reg_save_area = 0x7fffffffd760}}
#9 0x00005555555676c5 in bookworm_app_bookworm_construct (object_type=<optimized out>) at ../src/bookworm.vala:120
self = 0x0
_tmp1_ = <optimized out>
_tmp3_ = <optimized out>
_tmp5_ = <optimized out>
_tmp0_ = <optimized out>
_tmp2_ = <optimized out>
_tmp4_ = <optimized out>
_tmp6_ = <optimized out>
_tmp1_ = <optimized out>
_tmp0_ = 0x0
_tmp2_ = <optimized out>
#10 bookworm_app_bookworm_new () at ../src/bookworm.vala:119
_tmp1_ = <optimized out>
_tmp0_ = 0x0
_tmp2_ = <optimized out>
#11 bookworm_app_bookworm_getAppInstance () at ../src/bookworm.vala:136
_tmp1_ = <optimized out>
_tmp0_ = 0x0
_tmp2_ = <optimized out>
#12 0x00005555555633fb in _vala_main (args_length1=<optimized out>, args=<optimized out>) at ../src/main.vala:23
_tmp1_ = 0
_tmp3_ = 0
_tmp0_ = <optimized out>
_tmp2_ = 0
result = 0
#13 main (argc=<optimized out>, argv=<optimized out>) at ../src/main.vala:20
$ valgrind com.github.babluboy.bookworm
==761696== Memcheck, a memory error detector
==761696== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==761696== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==761696== Command: com.github.babluboy.bookworm
==761696==
==761696== Invalid read of size 8
==761696== at 0x545F9D4: g_application_add_main_option_entries (gapplication.c:730)
==761696== by 0x11BA8C: bookworm_app_bookworm_constructor (bookworm.vala:116)
==761696== by 0x557DAB7: g_object_new_with_custom_constructor (gobject.c:1863)
==761696== by 0x557DAB7: g_object_new_internal (gobject.c:1943)
==761696== by 0x557F507: g_object_new_valist (gobject.c:2288)
==761696== by 0x557FA38: g_object_new (gobject.c:1788)
==761696== by 0x11B6C4: bookworm_app_bookworm_construct (bookworm.vala:120)
==761696== by 0x11B6C4: bookworm_app_bookworm_new (bookworm.vala:119)
==761696== by 0x11B6C4: bookworm_app_bookworm_getAppInstance (bookworm.vala:136)
==761696== by 0x1173FA: _vala_main (main.vala:23)
==761696== by 0x1173FA: main (main.vala:20)
==761696== Address 0xfb8a890 is 0 bytes after a block of size 192 alloc'd
==761696== at 0x483E581: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==761696== by 0x5617C20: g_malloc0 (gmem.c:136)
==761696== by 0x11B937: bookworm_app_bookworm_constructor (bookworm.vala:111)
==761696== by 0x557DAB7: g_object_new_with_custom_constructor (gobject.c:1863)
==761696== by 0x557DAB7: g_object_new_internal (gobject.c:1943)
==761696== by 0x557F507: g_object_new_valist (gobject.c:2288)
==761696== by 0x557FA38: g_object_new (gobject.c:1788)
==761696== by 0x11B6C4: bookworm_app_bookworm_construct (bookworm.vala:120)
==761696== by 0x11B6C4: bookworm_app_bookworm_new (bookworm.vala:119)
==761696== by 0x11B6C4: bookworm_app_bookworm_getAppInstance (bookworm.vala:136)
==761696== by 0x1173FA: _vala_main (main.vala:23)
==761696== by 0x1173FA: main (main.vala:20)
==761696==
...
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (860, 'testing-proposed-updates-debug'), (860, 'testing-proposed-updates'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages bookworm depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.40.0-2
ii html2text 1.3.2a-28
ii libc6 2.32-4
ii libgdk-pixbuf-2.0-0 2.42.6+dfsg-2
ii libgee-0.8-2 0.20.4-1
ii libglib2.0-0 2.70.0-1+b1
ii libgranite6 6.1.1-1
ii libgtk-3-0 3.24.30-3
ii libpango-1.0-0 1.48.10+ds1-1
ii libpoppler-glib8 20.09.0-3.1
ii libsoup2.4-1 2.74.0-2
ii libsqlite3-0 3.36.0-2
ii libwebkit2gtk-4.0-37 2.34.1-1
ii libxml2 2.9.12+dfsg-5
ii poppler-utils 20.09.0-3.1
ii python3 3.9.2-3
ii unar 1.10.1-2+b6
ii unzip 6.0-26
