weechat segfaults on /quit
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
weechat (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I've used weechat twice after upgrading to Ubuntu 24.04 LTS. Both times I got a segfault when I tried to /quit it.
coredumpctl gdb weechat gives me this stack trace:
Core was generated by `/usr/bin/weechat'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007efcd85d71e0 in ?? ()
(gdb) bt
#0 0x00007efcd85d71e0 in ?? ()
#1 <signal handler called>
#2 0x00007efcda037cdb in __freelocale (dataset=
#3 __freelocale (dataset=
#4 0x00007efcd8865a5e in perl_destruct () from /lib/x86_
#5 0x00007efcd8ebaea7 in weechat_perl_unload (script=
at /usr/src/
#6 0x00007efcd8ebb015 in weechat_
at /usr/src/
#7 0x00007efcd8ee81b1 in plugin_script_end (weechat_
plugin_
at /usr/src/
#8 0x00007efcd8ebbe2f in weechat_plugin_end (plugin=
at /usr/src/
#9 0x000062e3d3160317 in plugin_unload (plugin=
at /usr/src/
#10 0x000062e3d316034c in plugin_unload_all ()
at /usr/src/
#11 0x000062e3d3160492 in plugin_end ()
at /usr/src/
#12 0x000062e3d30c834d in weechat_end (gui_end_
at /usr/src/
#13 main (argc=<optimized out>, argv=<optimized out>)
at /usr/src/
I do have a couple of Perl plugins in ~/.weechat/
I can reproduce this easily by starting weechat and doing an immediate /quit. Here's a valgrind log of such a run:
==357063== Memcheck, a memory error detector
==357063== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==357063== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==357063== Command: /usr/bin/weechat
==357063== Parent PID: 355771
==357063==
==357063== Warning: client switching stacks? SP change: 0x1ffe8020e0 --> 0x1ffefff3d0
==357063== to suppress, use: --max-stackfram
==357087==
==357087== HEAP SUMMARY:
==357087== in use at exit: 52,351,034 bytes in 78,890 blocks
==357087== total heap usage: 244,339 allocs, 165,449 frees, 98,363,505 bytes allocated
==357087==
==357088==
==357088== HEAP SUMMARY:
==357088== in use at exit: 52,359,916 bytes in 79,061 blocks
==357088== total heap usage: 250,910 allocs, 171,849 frees, 98,650,952 bytes allocated
==357088==
==357063== Invalid read of size 8
==357063== at 0x4EE4ACD: __freelocale (freelocale.c:43)
==357063== by 0x4EE4ACD: freelocale (freelocale.c:31)
==357063== by 0x7639A5D: perl_destruct (in /usr/lib/
==357063== by 0x7572EA6: weechat_perl_unload (in /usr/lib/
==357063== by 0x7573014: weechat_
==357063== by 0x75A01B0: plugin_script_end (in /usr/lib/
==357063== by 0x7573E2E: weechat_plugin_end (in /usr/lib/
==357063== by 0x1AF316: ??? (in /usr/bin/weechat)
==357063== by 0x1AF34B: ??? (in /usr/bin/weechat)
==357063== by 0x1AF491: ??? (in /usr/bin/weechat)
==357063== by 0x11734C: ??? (in /usr/bin/weechat)
==357063== by 0x4ED71C9: (below main) (libc_start_
==357063== Address 0x8a522f0 is 272 bytes inside a block of size 638 free'd
==357063== at 0x484988F: free (in /usr/libexec/
==357063== by 0x7FF8E27: _PyObject_Free (obmalloc.c:1853)
==357063== by 0x7FF8E27: _PyObject_Free (obmalloc.c:1843)
==357063== by 0x800B3D0: type_dealloc (typeobject.c:5065)
==357063== by 0x8137EC7: Py_DECREF (object.h:705)
==357063== by 0x8137EC7: delete_garbage (gcmodule.c:1034)
==357063== by 0x8137EC7: gc_collect_main (gcmodule.c:1303)
==357063== by 0x8138875: _PyGC_CollectNoFail (gcmodule.c:2135)
==357063== by 0x810A170: interpreter_clear (pystate.c:895)
==357063== by 0x8101627: finalize_
==357063== by 0x8105FFE: Py_EndInterpreter (pylifecycle.
==357063== by 0x7DE7DEC: ???
==357063== by 0x7DE7ED4: ???
==357063== by 0x7E037D0: ???
==357063== by 0x7DE8D8E: ???
==357063== Block was alloc'd at
==357063== at 0x4846828: malloc (in /usr/libexec/
==357063== by 0x7FF9CDF: _PyObject_Malloc (obmalloc.c:1569)
==357063== by 0x8010997: _PyType_
==357063== by 0x8024D2B: _Py_initialize_
==357063== by 0x7FF2E70: _PyTypes_InitTypes (object.c:2164)
==357063== by 0x8102EC1: pycore_init_types (pylifecycle.c:694)
==357063== by 0x8102EC1: pycore_interp_init (pylifecycle.c:842)
==357063== by 0x81064A2: new_interpreter (pylifecycle.
==357063== by 0x81064A2: Py_NewInterpreter (pylifecycle.
==357063== by 0x7DE776E: ???
==357063== by 0x149FA3: ??? (in /usr/bin/weechat)
==357063== by 0x7E013DC: ???
==357063== by 0x7E064F8: ???
==357063== by 0x7DE8C8A: ???
==357063==
==357063== Invalid read of size 4
==357063== at 0x4EE4AD0: __freelocale (freelocale.c:43)
==357063== by 0x4EE4AD0: freelocale (freelocale.c:31)
==357063== by 0x7639A5D: perl_destruct (in /usr/lib/
==357063== by 0x7572EA6: weechat_perl_unload (in /usr/lib/
==357063== by 0x7573014: weechat_
==357063== by 0x75A01B0: plugin_script_end (in /usr/lib/
==357063== by 0x7573E2E: weechat_plugin_end (in /usr/lib/
==357063== by 0x1AF316: ??? (in /usr/bin/weechat)
==357063== by 0x1AF34B: ??? (in /usr/bin/weechat)
==357063== by 0x1AF491: ??? (in /usr/bin/weechat)
==357063== by 0x11734C: ??? (in /usr/bin/weechat)
==357063== by 0x4ED71C9: (below main) (libc_start_
==357063== Address 0xa0a2e637445204b is not stack'd, malloc'd or (recently) free'd
==357063==
==357063== Jump to the invalid address stated on the next line
==357063== at 0x7BF71E0: ???
==357063== by 0x4EF231F: ??? (in /usr/lib/
==357063== by 0x4EE4ACF: __freelocale (freelocale.c:43)
==357063== by 0x4EE4ACF: freelocale (freelocale.c:31)
==357063== Address 0x7bf71e0 is not stack'd, malloc'd or (recently) free'd
==357063==
==357063==
==357063== Process terminating with default action of signal 11 (SIGSEGV)
==357063== Access not within mapped region at address 0x7BF71E0
==357063== at 0x7BF71E0: ???
==357063== by 0x4EF231F: ??? (in /usr/lib/
==357063== by 0x4EE4ACF: __freelocale (freelocale.c:43)
==357063== by 0x4EE4ACF: freelocale (freelocale.c:31)
==357063== If you believe this happened as a result of a stack
==357063== overflow in your program's main thread (unlikely but
==357063== possible), you can try to increase the size of the
==357063== main thread stack using the --main-stacksize= flag.
==357063== The main thread stack size used in this run was 8388608.
==357063==
==357063== HEAP SUMMARY:
==357063== in use at exit: 43,878,604 bytes in 111,167 blocks
==357063== total heap usage: 1,930,690 allocs, 1,819,523 frees, 141,355,409 bytes allocated
==357063==
==357063== LEAK SUMMARY:
==357063== definitely lost: 150,481 bytes in 2,212 blocks
==357063== indirectly lost: 53,460 bytes in 204 blocks
==357063== possibly lost: 34,856,764 bytes in 352 blocks
==357063== still reachable: 8,817,899 bytes in 108,399 blocks
==357063== of which reachable via heuristic:
==357063== newarray : 896 bytes in 28 blocks
==357063== suppressed: 0 bytes in 0 blocks
==357063== Rerun with --leak-check=full to see details of leaked memory
==357063==
==357063== For lists of detected and suppressed errors, rerun with: -s
==357063== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: weechat-curses 4.1.1-1build7
ProcVersionSign
Uname: Linux 6.8.0-35-generic x86_64
ApportVersion: 2.28.1-0ubuntu3
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Wed Jun 12 16:35:22 2024
EcryptfsInUse: Yes
InstallationDate: Installed on 2019-06-12 (1827 days ago)
InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
SourcePackage: weechat
UpgradeStatus: Upgraded to noble on 2024-05-02 (41 days ago)
This might be https:/ /github. com/weechat/ weechat/ issues/ 2046, caused by a bug in Python 3.12.
I have both Perl and Python plugins loaded, and my Valgrind log shows that the memory that the Perl plugin is trying to free during unload was freed by _PyObject_Free earlier.