Bugzilla – Bug 374470
gnome-main-menu crash
Last modified: 2008-04-07 15:30:18 UTC
Created attachment 204377 [details] Trace. Unlocked gnome-screensaver, gnome-main-menu crashed. Attaching trace.
I get a similar crash, apparently when my DHCP lease gets renewed. Valgrind says this: ==18365== Invalid read of size 4 ==18365== at 0x51B9C3B: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x521D50A: (within /usr/lib/libglib-2.0.so.0.1600.1) ==18365== by 0x521E453: (within /usr/lib/libglib-2.0.so.0.1600.1) ==18365== by 0x4069E06: (within /usr/lib/libnm_glib.so.0.0.0) ==18365== by 0x51C499B: g_cclosure_marshal_VOID__BOXED (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x44587DE: (within /usr/lib/libdbus-glib-1.so.2.1.0) ==18365== by 0x51B7C3A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x51CC41C: (within /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x51CD94D: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x51CDDB5: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x4459A66: (within /usr/lib/libdbus-glib-1.so.2.1.0) ==18365== by 0x462B724: dbus_connection_dispatch (in /lib/libdbus-1.so.3.4.0) ==18365== Address 0x64b34c0 is 0 bytes inside a block of size 382 free'd ==18365== at 0x4024E7C: realloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==18365== by 0x4F0F7CD: (within /usr/lib/libfontconfig.so.1.2.0) ==18365== by 0x4F0FB38: (within /usr/lib/libfontconfig.so.1.2.0) ==18365== by 0x4F0FB85: (within /usr/lib/libfontconfig.so.1.2.0) ==18365== by 0x4F10752: (within /usr/lib/libfontconfig.so.1.2.0) ==18365== by 0x4F10885: FcCharSetUnion (in /usr/lib/libfontconfig.so.1.2.0) ==18365== by 0x4F194DD: FcFontSetSort (in /usr/lib/libfontconfig.so.1.2.0) ==18365== by 0x4F1977A: FcFontSort (in /usr/lib/libfontconfig.so.1.2.0) ==18365== by 0x43B6ACB: (within /usr/lib/libpangoft2-1.0.so.0.2000.0) ==18365== by 0x4E5B379: pango_font_map_load_fontset (in /usr/lib/libpango-1.0.so.0.2000.0) ==18365== by 0x4E58F8B: (within /usr/lib/libpango-1.0.so.0.2000.0) ==18365== by 0x4E5946E: pango_itemize_with_base_dir (in /usr/lib/libpango-1.0.so.0.2000.0) ==18365== ==18365== Invalid read of size 4 ==18365== at 0x51B9C41: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x521D50A: (within /usr/lib/libglib-2.0.so.0.1600.1) ==18365== by 0x521E453: (within /usr/lib/libglib-2.0.so.0.1600.1) ==18365== by 0x4069E06: (within /usr/lib/libnm_glib.so.0.0.0) ==18365== by 0x51C499B: g_cclosure_marshal_VOID__BOXED (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x44587DE: (within /usr/lib/libdbus-glib-1.so.2.1.0) ==18365== by 0x51B7C3A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x51CC41C: (within /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x51CD94D: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x51CDDB5: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1600.1) ==18365== by 0x4459A66: (within /usr/lib/libdbus-glib-1.so.2.1.0) ==18365== by 0x462B724: dbus_connection_dispatch (in /lib/libdbus-1.so.3.4.0) ==18365== Address 0x10000 is not stack'd, malloc'd or (recently) free'd So the bug seems to have been introduced with gnome-main-menu_to_NM7.patch. Some things that seem suspicious from the patch: * network_status_agent_dispose() should NULL out priv->nm_client, as the dispose method may be called more than once. * network-status-agent.c:nm_get_first_active_device_info() connects to "status-changed" on the device object, with the "agent" as the closure. What's the lifetime of the agent? If the agent can be freed before the underlying device is freed, then the agent should disconnect from the device at dispose time.
*** This bug has been marked as a duplicate of bug 377019 ***