wireshark crashes in slab_allocator_free_chunk() due to abort() or SIGSEGV
Environment
- wireshark-1.10.14-10.el7_3.x86_64
- Red Hat Enterprise Linux (RHEL) Workstation 7
Issue
- wireshark crashes in in
slab_allocator_free_chunk()due toabort()orSIGSEGV
Resolution
- This bug is being tracked under Bugzilla #1286987
- Temporary workaround consists of setting environmental variable
G_SLICEtoalways-mallocbefore runningwireshark:
# export G_SLICE=always-malloc
# wireshark <file.pcapng>
Root Cause
Not known yet. See the results from gslice memory allocator in Diagnostic Steps section happening when G_SLICE=debug-blocks gets exported before running Wireshark (immediate crash).
Diagnostic Steps
- crash can be reproduced by repeatedly:
-doing a follow tcp stream on http protocol, then either clearing the search or saving the results as a filter.
-clicking on the statistics and summary after a follow tcp stream.
-clicking on a packet and selecting tcp stream
Various gdb backtraces:
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `wireshark test.pcapng'.
Program terminated with signal 6, Aborted.
#0 0x00007f11c370e1d7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0 0x00007f11c370e1d7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007f11c370f8c8 in __GI_abort () at abort.c:90
#2 0x00007f11c41e8d49 in mem_error (format=format@entry=0x7f11c428fccd "assertion failed: %s") at gslice.c:1439
#3 0x00007f11c423268b in slab_allocator_free_chunk (chunk_size=chunk_size@entry=16, mem=mem@entry=0x7f11cd6202d0) at gslice.c:1321
#4 0x00007f11c4232946 in magazine_cache_push_magazine (allocator=0x7f11c4504260 <allocator>, stamp=<optimized out>, ix=<optimized out>) at gslice.c:679
#5 0x00007f11c4232946 in magazine_cache_push_magazine (ix=ix@entry=0, magazine_chunks=<optimized out>, count=<optimized out>) at gslice.c:710
#6 0x00007f11c41e92ae in thread_memory_magazine2_unload (ix=ix@entry=0, tmem=<optimized out>) at gslice.c:809
#7 0x00007f11c4233b19 in g_slice_free_chain_with_offset (mem_size=16, mem_chain=<optimized out>, next_offset=8) at gslice.c:1173
#8 0x00007f11c738d3ec in epan_dissect_cleanup (edt=0x7ffd08845b30) at epan.c:230
#9 0x00007f11cad06dc1 in add_packet_to_packet_list (fdata=0x7f11b3294998, cf=0x7f11cb159480 <cfile>, dfcode=0x7f11cd6520d0, create_proto_tree=1, cinfo=0x0, phdr=0x7f11cb159558 <cfile+216>, buf=0x7f11cb159630 <cfile+432> "@\250\360\311\034\241", add_to_packet_list=0) at file.c:1140
#10 0x00007f11cad084b9 in rescan_packets (cf=0x7f11cb159480 <cfile>, action=0x7f11cae6941e "Filtering", action_item=0x7f11cd64dd90 "tcp.stream eq 1", redissect=0) at file.c:1901
#11 0x00007f11cad07ea6 in cf_filter_packets (cf=0x7f11cb159480 <cfile>, dftext=0x7f11cd64dd90 "tcp.stream eq 1", force=1) at file.c:1622
#12 0x00007f11cad2b8bb in main_filter_packets (cf=0x7f11cb159480 <cfile>, dftext=0x7f11cd61fc00 "tcp.stream eq 1", force=1) at main_filter_toolbar.c:380
#13 0x00007f11cae2317b in follow_tcp_stream_cb (w=0x7f11ccf199e0 [GtkAction], data=0x7f11cbc697d0) at follow_tcp.c:195
#17 0x00007f11c4732d9f in <emit signal ??? on instance 0x7f11ccf199e0 [GtkAction]> (instance=instance@entry=0x7f11ccf199e0, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#14 0x00007f11c4718908 in g_closure_invoke (closure=0x7f11ccf1a420, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffd08846220, invocation_hint=invocation_hint@entry=0x7ffd088461c0) at gclosure.c:801
#15 0x00007f11c472aa1d in signal_emit_unlocked_R (node=node@entry=0x7f11ccef00e0, detail=detail@entry=0, instance=instance@entry=0x7f11ccf199e0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffd08846220) at gsignal.c:3627
#16 0x00007f11c4732ab1 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffd088463a0) at gsignal.c:3383
#18 0x00007f11c5633630 in _gtk_action_emit_activate (action=0x7f11ccf199e0 [GtkAction]) at gtkaction.c:795
#19 0x00007f11c4718b37 in _g_closure_invoke_va (closure=closure@entry=0x7f11ccef6f80, return_value=return_value@entry=0x0, instance=instance@entry=0x7f11ccf5b100, args=args@entry=0x7ffd08846670, n_params=0, param_types=0x0) at gclosure.c:864
#20 0x00007f11c4732117 in g_signal_emit_valist (instance=0x7f11ccf5b100, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffd08846670) at gsignal.c:3292
#21 0x00007f11c4732d9f in g_signal_emit (instance=instance@entry=0x7f11ccf5b100, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#22 0x00007f11c583609c in IA__gtk_widget_activate (widget=widget@entry=0x7f11ccf5b100 [GtkImageMenuItem]) at gtkwidget.c:5048
#23 0x00007f11c571c63d in IA__gtk_menu_shell_activate_item (menu_shell=0x7f11cbc69cb0 [GtkMenu], menu_item=0x7f11ccf5b100 [GtkImageMenuItem], force_deactivate=<optimized out>) at gtkmenushell.c:1303
#24 0x00007f11c571ca11 in gtk_menu_shell_button_release (widget=0x7f11cbc69cb0 [GtkMenu], event=<optimized out>) at gtkmenushell.c:730
#29 0x00007f11c4732d9f in <emit signal ??? on instance 0x7f11cbc69cb0 [GtkMenu]> (instance=instance@entry=0x7f11cbc69cb0, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#25 0x00007f11c57072ec in _gtk_marshal_BOOLEAN__BOXED (closure=0x7f11cbc2dda0, return_value=0x7ffd08846940, n_param_values=<optimized out>, param_values=0x7ffd088469f0, invocation_hint=<optimized out>, marshal_data=<optimized out>) at gtkmarshalers.c:86
#26 0x00007f11c4718908 in g_closure_invoke (closure=closure@entry=0x7f11cbc2dda0, return_value=return_value@entry=0x7ffd08846940, n_param_values=2, param_values=param_values@entry=0x7ffd088469f0, invocation_hint=invocation_hint@entry=0x7ffd08846990) at gclosure.c:801
#27 0x00007f11c472a7db in signal_emit_unlocked_R (node=node@entry=0x7f11cbc2de00, detail=detail@entry=0, instance=instance@entry=0x7f11cbc69cb0, emission_return=emission_return@entry=0x7ffd08846aa0, instance_and_params=instance_and_params@entry=0x7ffd088469f0) at gsignal.c:3665
#28 0x00007f11c473279c in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffd08846b80) at gsignal.c:3393
#30 0x00007f11c5837494 in gtk_widget_event_internal (widget=widget@entry=0x7f11cbc69cb0 [GtkMenu], event=event@entry=0x7f11cd6b4a70) at gtkwidget.c:5017
#31 0x00007f11c5837769 in IA__gtk_widget_event (widget=widget@entry=0x7f11cbc69cb0 [GtkMenu], event=event@entry=0x7f11cd6b4a70) at gtkwidget.c:4814
#32 0x00007f11c5705514 in IA__gtk_propagate_event (widget=0x7f11cbc69cb0 [GtkMenu], event=0x7f11cd6b4a70) at gtkmain.c:2501
#33 0x00007f11c570590b in IA__gtk_main_do_event (event=0x7f11cd6b4a70) at gtkmain.c:1696
#34 0x00007f11c535e4ec in gdk_event_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at gdkevents-x11.c:2425
#35 0x00007f11c4217d7a in g_main_context_dispatch (context=0x7f11cbc26730) at gmain.c:3152
#36 0x00007f11c4217d7a in g_main_context_dispatch (context=context@entry=0x7f11cbc26730) at gmain.c:3767
#37 0x00007f11c42180b8 in g_main_context_iterate (context=0x7f11cbc26730, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3838
#38 0x00007f11c421838a in g_main_loop_run (loop=0x7f11cd61f9f0) at gmain.c:4032
#39 0x00007f11c5704957 in IA__gtk_main () at gtkmain.c:1268
#40 0x00007f11cad282ce in main (argc=0, argv=0x7ffd088471a8) at main.c:3153
(gdb)
Core was generated by `wireshark test.pcapng'.
Program terminated with signal 11, Segmentation fault.
#0 slab_allocator_free_chunk (chunk_size=chunk_size@entry=16, mem=mem@entry=0x7f5fc7396840) at gslice.c:1334
1334 prev->next = next;
(gdb) bt
#0 0x00007f5fbd7c7705 in slab_allocator_free_chunk (chunk_size=chunk_size@entry=16, mem=mem@entry=0x7f5fc7396840) at gslice.c:1334
#1 0x00007f5fbd7c7946 in magazine_cache_push_magazine (allocator=0x7f5fbda99260 <allocator>, stamp=<optimized out>, ix=<optimized out>) at gslice.c:679
#2 0x00007f5fbd7c7946 in magazine_cache_push_magazine (ix=<optimized out>, magazine_chunks=<optimized out>, count=<optimized out>) at gslice.c:710
#3 0x00007f5fbd77e2ae in thread_memory_magazine2_unload (ix=<optimized out>, tmem=<optimized out>) at gslice.c:809
#4 0x00007f5fbd7c87f8 in g_slice_free1 (mem_size=mem_size@entry=16, mem_block=0x7f5fc6001d70) at gslice.c:1094
#5 0x00007f5fbd7c8eed in g_slist_free_1 (list=<optimized out>) at gslist.c:155
#6 0x00007f5fbd7c904d in g_slist_remove (list=0x0, data=data@entry=0x7f5fc787d3f0) at gslist.c:414
#7 0x00007f5fbecdf54e in gtk_radio_menu_item_destroy (object=0x7f5fc787d3f0 [GtkRadioMenuItem]) at gtkradiomenuitem.c:411
#11 0x00007f5fbdcc7d9f in <emit signal ??? on instance 0x7f5fc787d3f0 [GtkRadioMenuItem]> (instance=instance@entry=0x7f5fc787d3f0, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#8 0x00007f5fbdcad882 in g_closure_invoke (closure=closure@entry=0x7f5fc5e88e90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffe5e688940, invocation_hint=invocation_hint@entry=0x7ffe5e6888e0) at gclosure.c:801
#9 0x00007f5fbdcbfd94 in signal_emit_unlocked_R (node=node@entry=0x7f5fc5e88f00, detail=detail@entry=0, instance=instance@entry=0x7f5fc787d3f0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe5e688940) at gsignal.c:3743
#10 0x00007f5fbdcc7ab1 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe5e688ac0) at gsignal.c:3383
#12 0x00007f5fbecc78af in gtk_object_dispose (gobject=0x7f5fc787d3f0 [GtkRadioMenuItem]) at gtkobject.c:421
#13 0x00007f5fbdcb42f9 in g_object_run_dispose (object=0x7f5fc787d3f0 [GtkRadioMenuItem]) at gobject.c:1081
#14 0x00007f5fbecb00bd in gtk_menu_shell_forall (container=<optimized out>, include_internals=<optimized out>, callback=0x7f5fbedca710 <IA__gtk_widget_destroy>, callback_data=0x0) at gtkmenushell.c:1113
#15 0x00007f5fbec13987 in gtk_container_destroy (object=0x7f5fc7421bf0 [GtkMenu]) at gtkcontainer.c:1073
#19 0x00007f5fbdcc7d9f in <emit signal ??? on instance 0x7f5fc7421bf0 [GtkMenu]> (instance=instance@entry=0x7f5fc7421bf0, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#16 0x00007f5fbdcad882 in g_closure_invoke (closure=closure@entry=0x7f5fc5e88e90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffe5e688da0, invocation_hint=invocation_hint@entry=0x7ffe5e688d40) at gclosure.c:801
#17 0x00007f5fbdcbfd94 in signal_emit_unlocked_R (node=node@entry=0x7f5fc5e88f00, detail=detail@entry=0, instance=instance@entry=0x7f5fc7421bf0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe5e688da0) at gsignal.c:3743
#18 0x00007f5fbdcc7ab1 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe5e688f20) at gsignal.c:3383
#20 0x00007f5fbecc78af in gtk_object_dispose (gobject=0x7f5fc7421bf0 [GtkMenu]) at gtkobject.c:421
#21 0x00007f5fbdcb42f9 in g_object_run_dispose (object=0x7f5fc7421bf0 [GtkMenu]) at gobject.c:1081
#22 0x00007f5fbecad032 in gtk_menu_item_destroy (object=0x7f5fc7403c30 [GtkMenuItem]) at gtkmenuitem.c:545
#26 0x00007f5fbdcc7d9f in <emit signal ??? on instance 0x7f5fc7403c30 [GtkMenuItem]> (instance=instance@entry=0x7f5fc7403c30, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#23 0x00007f5fbdcad882 in g_closure_invoke (closure=closure@entry=0x7f5fc5e88e90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffe5e6891d0, invocation_hint=invocation_hint@entry=0x7ffe5e689170) at gclosure.c:801
#24 0x00007f5fbdcbfd94 in signal_emit_unlocked_R (node=node@entry=0x7f5fc5e88f00, detail=detail@entry=0, instance=instance@entry=0x7f5fc7403c30, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe5e6891d0) at gsignal.c:3743
#25 0x00007f5fbdcc7ab1 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe5e689350) at gsignal.c:3383
#27 0x00007f5fbecc78af in gtk_object_dispose (gobject=0x7f5fc7403c30 [GtkMenuItem]) at gtkobject.c:421
#28 0x00007f5fbdcb42f9 in g_object_run_dispose (object=0x7f5fc7403c30 [GtkMenuItem]) at gobject.c:1081
#29 0x00007f5fbecb00bd in gtk_menu_shell_forall (container=<optimized out>, include_internals=<optimized out>, callback=0x7f5fbedca710 <IA__gtk_widget_destroy>, callback_data=0x0) at gtkmenushell.c:1113
#30 0x00007f5fbec13987 in gtk_container_destroy (object=0x7f5fc7421570 [GtkMenu]) at gtkcontainer.c:1073
#34 0x00007f5fbdcc7d9f in <emit signal ??? on instance 0x7f5fc7421570 [GtkMenu]> (instance=instance@entry=0x7f5fc7421570, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#31 0x00007f5fbdcad908 in g_closure_invoke (closure=closure@entry=0x7f5fc5e88e90, return_value=return_value@entry=0x0, n_param_values=1, param_values=param_values@entry=0x7ffe5e689630, invocation_hint=invocation_hint@entry=0x7ffe5e6895d0) at gclosure.c:801
#32 0x00007f5fbdcbfd94 in signal_emit_unlocked_R (node=node@entry=0x7f5fc5e88f00, detail=detail@entry=0, instance=instance@entry=0x7f5fc7421570, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffe5e689630) at gsignal.c:3743
#33 0x00007f5fbdcc7ab1 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe5e6897b0) at gsignal.c:3383
#35 0x00007f5fbecc78af in gtk_object_dispose (gobject=0x7f5fc7421570 [GtkMenu]) at gtkobject.c:421
#36 0x00007f5fbdcb25a2 in g_object_unref (_object=0x7f5fc7421570) at gobject.c:3142
#37 0x00007f5fbdcb0c18 in g_cclosure_marshal_VOID__OBJECTv (closure=0x7f5fc5e63850, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=0x7f5fbebd5e30 <gtk_bin_remove>, n_params=<optimized out>, param_types=0x7f5fc5e63920) at gmarshal.c:2106
#38 0x00007f5fbdcadb37 in _g_closure_invoke_va (closure=closure@entry=0x7f5fc5e63850, return_value=return_value@entry=0x0, instance=instance@entry=0x7f5fc7374190, args=args@entry=0x7ffe5e689b00, n_params=1, param_types=0x7f5fc5e63920) at gclosure.c:864
#39 0x00007f5fbdcc7117 in g_signal_emit_valist (instance=0x7f5fc7374190, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffe5e689b00) at gsignal.c:3292
#40 0x00007f5fbdcc7d9f in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#41 0x00007f5fbec11e06 in IA__gtk_container_remove (container=<optimized out>, widget=widget@entry=0x7f5fc7421570 [GtkMenu]) at gtkcontainer.c:1240
#42 0x00007f5fbedd2a9e in gtk_widget_dispose (object=0x7f5fc7421570 [GtkMenu]) at gtkwidget.c:8792
#43 0x00007f5fbdcb25a2 in g_object_unref (_object=0x7f5fc7421570) at gobject.c:3142
#44 0x00007f5fbeca837f in IA__gtk_menu_detach (menu=<optimized out>) at gtkmenu.c:1268
#45 0x00007f5fbecadbe8 in IA__gtk_menu_item_set_submenu (menu_item=0x7f5fc71bfc30 [GtkImageMenuItem], submenu=0x7f5fc7879d90 [GtkMenu]) at gtkmenuitem.c:781
#46 0x00007f5fc42c90fa in rebuild_protocol_prefs_menu (prefs_module_p=0x7f5fc65f5180, preferences=1, ui_menu=0x7f5fc5f533a0 [GtkUIManager], path=0x7f5fc442d6d8 "/PacketListMenuPopup/ProtocolPreferences") at main_menubar.c:5462
#47 0x00007f5fc42c7c51 in set_menus_for_selected_packet (cf=0x7f5fc46ee480 <cfile>) at main_menubar.c:5086
#48 0x00007f5fc42baf18 in main_cf_cb_packet_selected (data=0x7f5fc46ee480 <cfile>) at main.c:1703
#49 0x00007f5fc42bb1fb in main_cf_callback (event=10, data=0x7f5fc46ee480 <cfile>, user_data=0x0) at main.c:1777
#50 0x00007f5fc429a2f5 in cf_callback_invoke (event=10, data=0x7f5fc46ee480 <cfile>) at file.c:184
#51 0x00007f5fc42a05ad in cf_select_packet (cf=0x7f5fc46ee480 <cfile>, row=9) at file.c:3694
#52 0x00007f5fc42d8af6 in packet_list_select_cb (tree_view=0x7f5fc7382d50 [GtkTreeView], data=0x0) at packet_list.c:1240
#53 0x00007f5fbdcadb37 in _g_closure_invoke_va (closure=closure@entry=0x7f5fc7389390, return_value=return_value@entry=0x0, instance=instance@entry=0x7f5fc7382d50, args=args@entry=0x7ffe5e68a040, n_params=0, param_types=0x0) at gclosure.c:864
#54 0x00007f5fbdcc7117 in g_signal_emit_valist (instance=0x7f5fc7382d50, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffe5e68a040) at gsignal.c:3292
#55 0x00007f5fbdcc7d9f in g_signal_emit (instance=instance@entry=0x7f5fc7382d50, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#56 0x00007f5fbedac8af in gtk_tree_view_real_set_cursor (tree_view=0x7f5fc7382d50 [GtkTreeView], path=0x7f5fc7ee6fb0, clear_and_select=1, clamp_node=1) at gtktreeview.c:12631
#57 0x00007f5fbedb0cb6 in IA__gtk_tree_view_set_cursor_on_cell (tree_view=0x7f5fc7382d50 [GtkTreeView], path=0x7f5fc7ee6fb0, focus_column=0x0, focus_cell=0x0, start_editing=0) at gtktreeview.c:12747
#58 0x00007f5fc42d8951 in packet_list_set_selected_row (row=9) at packet_list.c:1188
#59 0x00007f5fc42c680b in popup_menu_handler (widget=0x7f5fc7382d50 [GtkTreeView], event=0x7f5fc794e330, data=0x7f5fc5ec8cb0) at main_menubar.c:4699
#64 0x00007f5fbdcc7d9f in <emit signal ??? on instance 0x7f5fc7382d50 [GtkTreeView]> (instance=instance@entry=0x7f5fc7382d50, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3439
#60 0x00007f5fbec9c2ec in _gtk_marshal_BOOLEAN__BOXED (closure=0x7f5fc73378e0, return_value=0x7ffe5e68a3e0, n_param_values=<optimized out>, param_values=0x7ffe5e68a490, invocation_hint=<optimized out>, marshal_data=<optimized out>) at gtkmarshalers.c:86
#61 0x00007f5fbdcad908 in g_closure_invoke (closure=0x7f5fc73378e0, return_value=return_value@entry=0x7ffe5e68a3e0, n_param_values=2, param_values=param_values@entry=0x7ffe5e68a490, invocation_hint=invocation_hint@entry=0x7ffe5e68a430) at gclosure.c:801
#62 0x00007f5fbdcbfa1d in signal_emit_unlocked_R (node=node@entry=0x7f5fc5e8c990, detail=detail@entry=0, instance=instance@entry=0x7f5fc7382d50, emission_return=emission_return@entry=0x7ffe5e68a540, instance_and_params=instance_and_params@entry=0x7ffe5e68a490) at gsignal.c:3627
#63 0x00007f5fbdcc779c in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffe5e68a620) at gsignal.c:3393
#65 0x00007f5fbedcc494 in gtk_widget_event_internal (widget=widget@entry=0x7f5fc7382d50 [GtkTreeView], event=event@entry=0x7f5fc794e330) at gtkwidget.c:5017
#66 0x00007f5fbedcc769 in IA__gtk_widget_event (widget=widget@entry=0x7f5fc7382d50 [GtkTreeView], event=event@entry=0x7f5fc794e330) at gtkwidget.c:4814
#67 0x00007f5fbec9a514 in IA__gtk_propagate_event (widget=0x7f5fc7382d50 [GtkTreeView], event=0x7f5fc794e330) at gtkmain.c:2501
#68 0x00007f5fbec9a90b in IA__gtk_main_do_event (event=0x7f5fc794e330) at gtkmain.c:1696
#69 0x00007f5fbe8f34ec in gdk_event_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at gdkevents-x11.c:2425
#70 0x00007f5fbd7acd7a in g_main_context_dispatch (context=0x7f5fc5e85720) at gmain.c:3152
#71 0x00007f5fbd7acd7a in g_main_context_dispatch (context=context@entry=0x7f5fc5e85720) at gmain.c:3767
#72 0x00007f5fbd7ad0b8 in g_main_context_iterate (context=0x7f5fc5e85720, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3838
#73 0x00007f5fbd7ad38a in g_main_loop_run (loop=0x7f5fc7881ca0) at gmain.c:4032
#74 0x00007f5fbec99957 in IA__gtk_main () at gtkmain.c:1268
#75 0x00007f5fc42bd2ce in main (argc=0, argv=0x7ffe5e68ac48) at main.c:3153
(gdb)
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `wireshark test.pcapng'.
Program terminated with signal 6, Aborted.
#0 0x00007f11c370e1d7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb)
Core was generated by `wireshark test.pcapng'.
Program terminated with signal 11, Segmentation fault.
#0 slab_allocator_free_chunk (chunk_size=chunk_size@entry=16, mem=mem@entry=0x7feca2d12200) at gslice.c:1333
1333 next->prev = prev;
(gdb) bt
#0 0x00007fec999b8701 in slab_allocator_free_chunk (chunk_size=chunk_size@entry=16, mem=mem@entry=0x7feca2d12200) at gslice.c:1333
#1 0x00007fec999b8946 in magazine_cache_push_magazine (allocator=0x7fec99c8a260 <allocator>, stamp=<optimized out>, ix=<optimized out>) at gslice.c:679
#2 0x00007fec999b8946 in magazine_cache_push_magazine (ix=<optimized out>, magazine_chunks=<optimized out>, count=<optimized out>) at gslice.c:710
#3 0x00007fec9996f2ae in thread_memory_magazine2_unload (ix=<optimized out>, tmem=<optimized out>) at gslice.c:809
#4 0x00007fec999b97f8 in g_slice_free1 (mem_size=16, mem_block=0x7feca35c6d00) at gslice.c:1094
#5 0x00007fec999ba5b8 in g_slist_foreach (list=<optimized out>, func=func@entry=0x7fec9a0fc670 <free_run>, user_data=user_data@entry=0x1) at gslist.c:878
#6 0x00007fec9a0fd315 in pango_layout_line_unref (line=0x7feca3219e30) at pango-layout.c:4106
#7 0x00007fec9a0fd35b in pango_layout_clear_lines (layout=layout@entry=0x7feca2cb5ee0 [PangoLayout]) at pango-layout.c:2900
#8 0x00007fec9a0fd3c9 in pango_layout_finalize (object=0x7feca2cb5ee0 [PangoLayout]) at pango-layout.c:283
#9 0x00007fec99ea3694 in g_object_unref (_object=0x7feca2cb5ee0) at gobject.c:3179
#10 0x00007fec9af45b67 in IA__gtk_text_layout_free_line_display (layout=layout@entry=0x7feca31e76b0 [GtkTextLayout], display=display@entry=0x7feca36a4a40) at gtktextlayout.c:2519
#11 0x00007fec9af46359 in IA__gtk_text_layout_get_line_display (layout=layout@entry=0x7feca31e76b0 [GtkTextLayout], line=line@entry=0x7feca32ea1f0, size_only=size_only@entry=1) at gtktextlayout.c:2178
#12 0x00007fec9af47552 in gtk_text_layout_real_wrap (layout=0x7feca31e76b0 [GtkTextLayout], line=0x7feca32ea1f0, line_data=0x7feca35e22e0) at gtktextlayout.c:1167
#13 0x00007fec9af29c62 in gtk_text_btree_node_validate (view=view@entry=0x7feca33035d0, node=node@entry=0x7feca32e9ad0, view_id=view_id@entry=0x7feca31e76b0, state=state@entry=0x7ffe3ba415c0) at gtktextbtree.c:5103
#14 0x00007fec9af29d7b in gtk_text_btree_node_validate (view=view@entry=0x7feca33035d0, node=node@entry=0x7feca33146c0, view_id=view_id@entry=0x7feca31e76b0, state=state@entry=0x7ffe3ba415c0) at gtktextbtree.c:5176
#15 0x00007fec9af29d7b in gtk_text_btree_node_validate (view=view@entry=0x7feca33035d0, node=node@entry=0x7feca3317630, view_id=view_id@entry=0x7feca31e76b0, state=state@entry=0x7ffe3ba415c0) at gtktextbtree.c:5176
#16 0x00007fec9af29d7b in gtk_text_btree_node_validate (view=view@entry=0x7feca33035d0, node=node@entry=0x7feca33176d0, view_id=view_id@entry=0x7feca31e76b0, state=state@entry=0x7ffe3ba415c0) at gtktextbtree.c:5176
#17 0x00007fec9af29d7b in gtk_text_btree_node_validate (view=view@entry=0x7feca33035d0, node=<optimized out>, view_id=view_id@entry=0x7feca31e76b0, state=state@entry=0x7ffe3ba415c0) at gtktextbtree.c:5176
#18 0x00007fec9af2e098 in _gtk_text_btree_validate (tree=0x7feca3223020, view_id=view_id@entry=0x7feca31e76b0, max_pixels=max_pixels@entry=2000, y=y@entry=0x7ffe3ba4162c, old_height=old_height@entry=0x7ffe3ba41630, new_height=new_height@entry=0x7ffe3ba41634) at gtktextbtree.c:5255
#19 0x00007fec9af45b37 in IA__gtk_text_layout_validate (layout=0x7feca31e76b0 [GtkTextLayout], max_pixels=max_pixels@entry=2000) at gtktextlayout.c:1139
#20 0x00007fec9af54c52 in incremental_validate_callback (data=0x7feca2c3b940) at gtktextview.c:3642
#21 0x00007fec9aaa2a77 in gdk_threads_dispatch (data=0x7feca3867a00) at gdk.c:534
#22 0x00007fec9999dd7a in g_main_context_dispatch (context=0x7feca1772100) at gmain.c:3152
#23 0x00007fec9999dd7a in g_main_context_dispatch (context=context@entry=0x7feca1772100) at gmain.c:3767
#24 0x00007fec9999e0b8 in g_main_context_iterate (context=0x7feca1772100, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3838
#25 0x00007fec9999e38a in g_main_loop_run (loop=0x7feca3203fe0) at gmain.c:4032
#26 0x00007fec9ae8a957 in IA__gtk_main () at gtkmain.c:1268
#27 0x00007feca04ae2ce in main (argc=0, argv=0x7ffe3ba41b08) at main.c:3153
(gdb)
Backtrace from abrt report could look like:
bash# while read Input; do if [ ! -z "`echo $Input | grep frames`" ]; then Line=0; echo; fi; if [ ! -z "`echo $Input | grep address`" ]; then Address="`echo $Input | sed -e 's#.* \(.*\)$#\1#'`"; printf "#%d 0x%x " $Line $Address; ((Line++)); fi; if [ ! -z "`echo $Input | grep function_name`" ]; then FuncName="`echo $Input | sed -e 's#.* "\(.*\)"$#\1#'`"; printf "in %s " $FuncName; fi; if [ ! -z "`echo $Input | grep file_name`" ]; then FileName="`echo $Input | sed -e 's#.* "\(.*\)"$#\1#'`"; printf "from %s\n" $FileName; fi;done < <(cat ccpp-2017-06-20-09:45:59-14388/core_backtrace)
#0 0x7f45956801d7 in raise from /usr/lib64/libc-2.17.so
#1 0x7f45956818c8 in abort from /usr/lib64/libc-2.17.so
#2 0x7f459615ad49 in smc_tree_abort from /usr/lib64/libglib-2.0.so.0.4600.2
#3 0x7f45961a468b in slab_allocator_free_chunk from /usr/lib64/libglib-2.0.so.0.4600.2
#4 0x7f45961a4946 in magazine_cache_push_magazine from /usr/lib64/libglib-2.0.so.0.4600.2
#5 0x7f459615b2ae in thread_memory_magazine2_unload.isra.11 from /usr/lib64/libglib-2.0.so.0.4600.2
#6 0x7f45961a5b19 in g_slice_free_chain_with_offset from /usr/lib64/libglib-2.0.so.0.4600.2
#7 0x7f45976c9cbc in gtk_rc_style_finalize from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#8 0x7f459668f694 in g_object_unref from /usr/lib64/libgobject-2.0.so.0.4600.2
#9 0x7f459616e570 in g_datalist_clear from /usr/lib64/libglib-2.0.so.0.4600.2
#10 0x7f459668f694 in g_object_unref from /usr/lib64/libgobject-2.0.so.0.4600.2
#11 0x7f45976e407b in gtk_scrolled_window_forall from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#12 0x7f45975f0987 in gtk_container_destroy from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#13 0x7f459668a908 in g_closure_invoke from /usr/lib64/libgobject-2.0.so.0.4600.2
#14 0x7f459669cd94 in signal_emit_unlocked_R from /usr/lib64/libgobject-2.0.so.0.4600.2
#15 0x7f45966a4ab1 in g_signal_emit_valist from /usr/lib64/libgobject-2.0.so.0.4600.2
#16 0x7f45966a4d9f in g_signal_emit from /usr/lib64/libgobject-2.0.so.0.4600.2
#17 0x7f45976a48af in gtk_object_dispose from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#18 0x7f459668f5a2 in g_object_unref from /usr/lib64/libgobject-2.0.so.0.4600.2
#19 0x7f459668dc18 in g_cclosure_marshal_VOID__OBJECTv from /usr/lib64/libgobject-2.0.so.0.4600.2
#20 0x7f459668ab37 in _g_closure_invoke_va from /usr/lib64/libgobject-2.0.so.0.4600.2
#21 0x7f45966a4117 in g_signal_emit_valist from /usr/lib64/libgobject-2.0.so.0.4600.2
#22 0x7f45966a4d9f in g_signal_emit from /usr/lib64/libgobject-2.0.so.0.4600.2
#23 0x7f459c63b566 in packet_list_select_cb from /usr/sbin/wireshark
#24 0x7f459668a908 in g_closure_invoke from /usr/lib64/libgobject-2.0.so.0.4600.2
#25 0x7f459669ca1d in signal_emit_unlocked_R from /usr/lib64/libgobject-2.0.so.0.4600.2
#26 0x7f45966a4ab1 in g_signal_emit_valist from /usr/lib64/libgobject-2.0.so.0.4600.2
#27 0x7f45966a4d9f in g_signal_emit from /usr/lib64/libgobject-2.0.so.0.4600.2
#28 0x7f45977898af in gtk_tree_view_real_set_cursor from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#29 0x7f459778eaa8 in gtk_tree_view_button_press from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#30 0x7f45976792ec in _gtk_marshal_BOOLEAN__BOXED from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#31 0x7f459668a908 in g_closure_invoke from /usr/lib64/libgobject-2.0.so.0.4600.2
#32 0x7f459669c7db in signal_emit_unlocked_R from /usr/lib64/libgobject-2.0.so.0.4600.2
#33 0x7f45966a479c in g_signal_emit_valist from /usr/lib64/libgobject-2.0.so.0.4600.2
#34 0x7f45966a4d9f in g_signal_emit from /usr/lib64/libgobject-2.0.so.0.4600.2
#35 0x7f45977a9494 in gtk_widget_event_internal from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#36 0x7f4597677514 in gtk_propagate_event from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#37 0x7f459767790b in gtk_main_do_event from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#38 0x7f45972d04ec in gdk_event_dispatch from /usr/lib64/libgdk-x11-2.0.so.0.2400.28
#39 0x7f4596189d7a in g_main_context_dispatch from /usr/lib64/libglib-2.0.so.0.4600.2
#40 0x7f459618a0b8 in g_main_context_iterate.isra.24 from /usr/lib64/libglib-2.0.so.0.4600.2
#41 0x7f459618a38a in g_main_loop_run from /usr/lib64/libglib-2.0.so.0.4600.2
#42 0x7f4597676957 in gtk_main from /usr/lib64/libgtk-x11-2.0.so.0.2400.28
#43 0x7f459c5fcf15 in main from /usr/sbin/wireshark
$
There is also a problem reported by gslice memory allocator which might be related (immediate crash):
# export G_SLICE=debug-blocks
# wireshark test.pcapng
GSlice: MemChecker: attempt to release non-allocated block: 0x7f291e343920 size=16
Aborted (core dumped)
#
(gdb) bt
#0 0x00007f2912fc91d7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007f2912fca8c8 in __GI_abort () at abort.c:90
#2 0x00007f2913aee868 in g_slice_free1 (mem_size=16, mem_block=0x7f291e343920) at gslice.c:1085
#3 0x00007f2916c54127 in remove_last_data_source (pinfo=0x7ffd10cc8db0) at packet.c:255
#4 0x00007f29174dc8ea in desegment_tcp (tvb=0x7f291e3a5360, pinfo=0x7ffd10cc8db0, offset=32, seq=13738, nxtseq=15792, sport=80, dport=33450, tree=0x0, tcp_tree=0x0, tcpd=0x7f28ff5f6ad8) at packet-tcp.c:1927
#5 0x00007f29174e158a in dissect_tcp_payload (tvb=0x7f291e3a5360, pinfo=0x7ffd10cc8db0, offset=32, seq=13738, nxtseq=15792, sport=80, dport=33450, tree=0x0, tcp_tree=0x0, tcpd=0x7f28ff5f6ad8) at packet-tcp.c:4091
#6 0x00007f29174e4917 in dissect_tcp (tvb=0x7f291e3a5360, pinfo=0x7ffd10cc8db0, tree=0x0) at packet-tcp.c:4869
#7 0x00007f2916c547ac in call_dissector_through_handle (handle=0x7f291c9d92c0, tvb=0x7f291e3a5360, pinfo=0x7ffd10cc8db0, tree=0x0, data=0x0) at packet.c:473
#8 0x00007f2916c5498a in call_dissector_work (handle=0x7f291c9d92c0, tvb=0x7f291e3a5360, pinfo_arg=0x7ffd10cc8db0, tree=0x0, add_proto_name=1, data=0x0) at packet.c:564
#9 0x00007f2916c553b4 in dissector_try_uint_new (sub_dissectors=0x7f291cb0c490, uint_val=6, tvb=0x7f291e3a5360, pinfo=0x7ffd10cc8db0, tree=0x0, add_proto_name=1, data=0x0) at packet.c:981
#10 0x00007f2916c5541e in dissector_try_uint (sub_dissectors=0x7f291cb0c490, uint_val=6, tvb=0x7f291e3a5360, pinfo=0x7ffd10cc8db0, tree=0x0) at packet.c:1007
#11 0x00007f29171199a5 in dissect_ip (tvb=0x7f291e3ca920, pinfo=0x7ffd10cc8db0, parent_tree=0x0) at packet-ip.c:2417
#12 0x00007f2916c547ac in call_dissector_through_handle (handle=0x7f291d16f1b0, tvb=0x7f291e3ca920, pinfo=0x7ffd10cc8db0, tree=0x0, data=0x0) at packet.c:473
#13 0x00007f2916c5498a in call_dissector_work (handle=0x7f291d16f1b0, tvb=0x7f291e3ca920, pinfo_arg=0x7ffd10cc8db0, tree=0x0, add_proto_name=1, data=0x0) at packet.c:564
#14 0x00007f2916c553b4 in dissector_try_uint_new (sub_dissectors=0x7f291ce521b0, uint_val=2048, tvb=0x7f291e3ca920, pinfo=0x7ffd10cc8db0, tree=0x0, add_proto_name=1, data=0x0) at packet.c:981
#15 0x00007f2916c5541e in dissector_try_uint (sub_dissectors=0x7f291ce521b0, uint_val=2048, tvb=0x7f291e3ca920, pinfo=0x7ffd10cc8db0, tree=0x0) at packet.c:1007
#16 0x00007f2916f90d29 in ethertype (etype=2048, tvb=0x7f291e3ca9e0, offset_after_etype=14, pinfo=0x7ffd10cc8db0, tree=0x0, fh_tree=0x0, etype_id=23721, trailer_id=23725, fcs_len=-1) at packet-ethertype.c:280
#17 0x00007f2916f8fa67 in dissect_eth_common (tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, parent_tree=0x0, fcs_len=-1) at packet-eth.c:404
#18 0x00007f2916f90401 in dissect_eth_maybefcs (tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, tree=0x0) at packet-eth.c:663
#19 0x00007f2916c547ac in call_dissector_through_handle (handle=0x7f291cf69bb0, tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, tree=0x0, data=0x0) at packet.c:473
#20 0x00007f2916c5498a in call_dissector_work (handle=0x7f291cf69bb0, tvb=0x7f291e3ca9e0, pinfo_arg=0x7ffd10cc8db0, tree=0x0, add_proto_name=1, data=0x0) at packet.c:564
#21 0x00007f2916c553b4 in dissector_try_uint_new (sub_dissectors=0x7f291ce52000, uint_val=1, tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, tree=0x0, add_proto_name=1, data=0x0) at packet.c:981
#22 0x00007f2916c5541e in dissector_try_uint (sub_dissectors=0x7f291ce52000, uint_val=1, tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, tree=0x0) at packet.c:1007
#23 0x00007f2916fda7a2 in dissect_frame (tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, parent_tree=0x0) at packet-frame.c:481
#24 0x00007f2916c547ac in call_dissector_through_handle (handle=0x7f291cfe5850, tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, tree=0x0, data=0x0) at packet.c:473
#25 0x00007f2916c5498a in call_dissector_work (handle=0x7f291cfe5850, tvb=0x7f291e3ca9e0, pinfo_arg=0x7ffd10cc8db0, tree=0x0, add_proto_name=1, data=0x0) at packet.c:564
#26 0x00007f2916c56d92 in call_dissector_only (handle=0x7f291cfe5850, tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, tree=0x0, data=0x0) at packet.c:2076
#27 0x00007f2916c56dd5 in call_dissector_with_data (handle=0x7f291cfe5850, tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, tree=0x0, data=0x0) at packet.c:2089
#28 0x00007f2916c56eb6 in call_dissector (handle=0x7f291cfe5850, tvb=0x7f291e3ca9e0, pinfo=0x7ffd10cc8db0, tree=0x0) at packet.c:2107
#29 0x00007f2916c545e7 in dissect_packet (edt=0x7ffd10cc8da0, phdr=0x7f291e36a230, pd=0x7f291e3d5670 "@\250\360\311\034\241", fd=0x7f2902b428d0, cinfo=0x0) at packet.c:407
#30 0x00007f2916c4838a in epan_dissect_run_with_taps (edt=0x7ffd10cc8da0, phdr=0x7f291e36a230, data=0x7f291e3d5670 "@\250\360\311\034\241", fd=0x7f2902b428d0, cinfo=0x0) at epan.c:217
#31 0x00007f291a5c1c3a in add_packet_to_packet_list (fdata=0x7f2902b428d0, cf=0x7f291aa14480 <cfile>, dfcode=0x0, create_proto_tree=0, cinfo=0x0, phdr=0x7f291e36a230, buf=0x7f291e3d5670 "@\250\360\311\034\241", add_to_packet_list=1) at file.c:1091
#32 0x00007f291a5c1ffa in read_packet (cf=0x7f291aa14480 <cfile>, dfcode=0x0, create_proto_tree=0, cinfo=0x0, offset=426217) at file.c:1192
#33 0x00007f291a5c1014 in cf_read (cf=0x7f291aa14480 <cfile>, reloading=0) at file.c:622
#34 0x00007f291a5e2fa7 in main (argc=0, argv=0x7ffd10cc97b8) at main.c:3021
(gdb)
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments