gjs-console assert failure: *** Error in `/usr/bin/gjs-console': free(): invalid next size (fast): 0x00007f74a804b240 ***
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| | Ubuntu GNOME |
Undecided
|
Unassigned | |||
| | gjs |
Fix Released
|
Medium
|
|||
| | gjs (Debian) |
Fix Released
|
Unknown
|
|||
| gjs (Ubuntu) | ||||||
| | Wily |
Undecided
|
Unassigned | |||
| | tracker (Ubuntu) |
Medium
|
Unassigned | |||
| | Wily |
Medium
|
Unassigned | |||
Bug Description
[Impact]
gnome-documents search provider crashes due to a buffer overrun in libunistring handling.
I have also included a few other patches cherry-picked from the upstream tracker-1.4 branch, that deal with crashes mishandling gcancellables.
[Test Case]
- in one terminal run /usr/bin/
- within 10 seconds of the above, in another terminal run dbus-send --print-reply --dest=
[Regression Potential]
Low, these are all simple patches from the upstream stable branch
| Tim (darkxst) wrote : | #1 |
| Ubuntu GNOME (ug-bot) wrote : | #2 |
| Ubuntu GNOME (ug-bot) wrote : Stacktrace.txt | #3 |
| information type: | Private → Public |
| Changed in ubuntu-gnome: | |
| milestone: | none → vivid |
| Changed in ubuntu-gnome: | |
| status: | New → Confirmed |
| Marius Gedminas (mgedmin) wrote : | #5 |
(I got this crash without attempting to opt in into wayland.)
| Andreas (andreas-rabus) wrote : | #6 |
Annoyingly just after each new login. every day....
| Curtis (curtbezault) wrote : | #7 |
Only happens when I don't run startx as root (I know that it's not a good thing to do but was just checking things out.)
| Eustachy Motyka (eusmotyka) wrote : | #8 |
Ocure randomly (even without wayland used atall)
| Edson T. Marques (edsontmarques) wrote : | #9 |
Crash when I try to paste (Ctrl+V) a bitmap from clipboard to a Pidgin message.
| GT (gleppert) wrote : | #10 |
Occurred during Start-up of Gnome 3.16 (Ubuntu 15.04). I have not Wayland installed.
| GT (gleppert) wrote : | #11 |
Additional note: This bug occurs frequently, about once or twice everyday.
| Kaare Baastrup (kaare-baastrup) wrote : | #12 |
Same for gome 3.18
| GT (gleppert) wrote : | #13 |
It would be great, if a developer could have a look at this bug. It currently affects 55 people, bug heat 246 and - on my system - there are crashes of gjs everyday. Also, please not that this bug has nothing to do with Wayland. It also affects X11 users. Thanks a lot!
| Bruce Pieterse (octoquad) wrote : | #14 |
I'm not sure, but I think this but might be related: https:/
| Tim (darkxst) wrote : Re: [Bug 1418771] Re: gjs-console assert failure: *** Error in `/usr/bin/gjs-console': free(): invalid next size (fast): 0x00007f74a804b240 *** | #15 |
That is likely gnome-documents search provider crashing
> On 21 Aug 2015, at 5:24 am, Bruce Pieterse <email address hidden> wrote:
>
> I'm not sure, but I think this but might be related:
> https:/
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> gjs-console assert failure: *** Error in `/usr/bin/
> free(): invalid next size (fast): 0x00007f74a804b240 ***
>
> To manage notifications about this bug go to:
> https:/
| Changed in gjs: | |
| importance: | Unknown → Medium |
| status: | Unknown → Incomplete |
| GT (gleppert) wrote : | #16 |
What does "Status incomplete" mean? Do you need any additional info?
| Bruce Pieterse (octoquad) wrote : | #17 |
Hi GT,
The status "incomplete" is for the upstream project gjs. The status for Ubuntu GNOME however is confirmed. The crash seems to occur when searching for an application via activities but we are currently trying to reproduce this reliably in order to provide the relevant information upstream if necessary.
Thanks
| Changed in ubuntu-gnome: | |
| milestone: | vivid → wily |
| Changed in gjs (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Changed in gjs (Debian): | |
| status: | Unknown → Confirmed |
| Marius Gedminas (mgedmin) wrote : | #18 |
Steps to reproduce:
- in one terminal run /usr/bin/
- in another terminal run dbus-send --print-reply --dest=
Note: you must run dbus-send within 10 seconds of the 1st command, because gnome-documents exits when it's idle.
Note: you can use DOCUMENTS_
| Marius Gedminas (mgedmin) wrote : | #19 |
I ran the reproduction scenarion under valgrind and saw this:
==23172== Thread 8 pool:
==23172== Invalid write of size 1
==23172== at 0x174A56C1: tracker_
==23172== by 0x1726AA02: function_
==23172== by 0x1791D6EE: sqlite3VdbeExec (in /usr/lib/
==23172== by 0x17926826: sqlite3_step (in /usr/lib/
==23172== by 0x1726B2FF: db_cursor_iter_next (in /usr/lib/
==23172== by 0x1726BAB6: tracker_
==23172== by 0x70A68FE: run_in_thread (in /usr/lib/
==23172== by 0x7092985: io_job_thread (in /usr/lib/
==23172== by 0x70B7D87: g_task_
==23172== by 0x50FC2FD: g_thread_
==23172== by 0x50FB964: g_thread_proxy (in /lib/x86_
==23172== by 0x5E706A9: start_thread (pthread_
==23172== Address 0x14072b52 is 0 bytes after a block of size 2 alloc'd
==23172== at 0x4C2DD9F: realloc (in /usr/lib/
==23172== by 0x17B9D516: u8_normalize (in /usr/lib/
==23172== by 0x1726A9F4: function_
==23172== by 0x1791D6EE: sqlite3VdbeExec (in /usr/lib/
==23172== by 0x17926826: sqlite3_step (in /usr/lib/
==23172== by 0x1726B2FF: db_cursor_iter_next (in /usr/lib/
==23172== by 0x1726BAB6: tracker_
==23172== by 0x70A68FE: run_in_thread (in /usr/lib/
==23172== by 0x7092985: io_job_thread (in /usr/lib/
==23172== by 0x70B7D87: g_task_
==23172== by 0x50FC2FD: g_thread_
==23172== by 0x50FB964: g_thread_proxy (in /lib/x86_
==23172==
| Changed in gjs: | |
| status: | Incomplete → Fix Released |
| no longer affects: | gjs (Ubuntu) |
| Changed in gjs (Debian): | |
| status: | Confirmed → Fix Released |
| description: | updated |
| Changed in tracker (Ubuntu): | |
| status: | New → Fix Committed |
| Changed in tracker (Ubuntu Wily): | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| Changed in tracker (Ubuntu): | |
| importance: | Undecided → Medium |
| Launchpad Janitor (janitor) wrote : | #20 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in gjs (Ubuntu Wily): | |
| status: | New → Confirmed |
| Changed in gjs (Ubuntu Wily): | |
| status: | Confirmed → Invalid |
| Changed in ubuntu-gnome: | |
| status: | Confirmed → Fix Committed |
Hello Tim, or anyone else affected,
Accepted tracker into wily-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in tracker (Ubuntu Wily): | |
| status: | Triaged → Fix Committed |
| tags: | added: verification-needed |
| Launchpad Janitor (janitor) wrote : | #22 |
This bug was fixed in the package tracker - 1.6.0-1ubuntu1
---------------
tracker (1.6.0-1ubuntu1) xenial; urgency=medium
* Merge with Debian, remaining changes:
+ Disable libencai, libiptcdata and libstemmer support, all in Universe
+ Have tracker suggest instead of recommend tracker-gui
+ Run tests with VERBOSE=1 so we get useful output.
* Drop git patches included in new release
* debian/patches: Cherry-pick git crash fixes
- 0001-libtracker
- 0002-libtracker
- 0003-libtracker
- 0004-Fix-
-- Tim Lunn <email address hidden> Sat, 24 Oct 2015 09:40:10 +1100
| Changed in tracker (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Tim (darkxst) wrote : | #23 |
tested as per testcase was unable to produce the crash, tagging verification-done
| tags: |
added: verification-done removed: verification-needed |
| Changed in tracker (Ubuntu Wily): | |
| status: | Fix Committed → Fix Released |
| Changed in tracker (Ubuntu Wily): | |
| status: | Fix Released → Fix Committed |
| Launchpad Janitor (janitor) wrote : | #24 |
This bug was fixed in the package tracker - 1.4.1-1ubuntu2.1
---------------
tracker (1.4.1-1ubuntu2.1) wily; urgency=medium
* debian/patches: Cherry-pick patches for crash fixes from upstream
- 0003-libtracker
0004-
0005-
- 0006-Fix-
-- Tim Lunn <email address hidden> Sat, 24 Oct 2015 09:18:04 +1100
| Changed in tracker (Ubuntu Wily): | |
| status: | Fix Committed → Fix Released |
The verification of the Stable Release Update for tracker has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
| Changed in ubuntu-gnome: | |
| status: | Fix Committed → Fix Released |
StacktraceTop:
__libc_message (do_abort=
malloc_printerr (ptr=<optimized out>, str=0x7f74d0bf9ca0 "free(): invalid next size (fast)", action=1) at malloc.c:4996
_int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
sqlite3VdbeMemGrow (pMem=pMem@
vdbeMemAddTerm