"double free or corruption (out)" error on start-up after updating to thunar 4.16.6
After updating my system I ran into an issue where thunar window wouldn't open. Running thunar
from command line multiple times produced a variety of errors (see below).
- OS: Manjaro Linux 21.0 x86_64
- Kernel: 5.11.10-1-MANJARO
- WM: Xfwm4
- thunar version: thunar 4.16.6 (Xfce 4.16)
Here are the errors I ran into initially:
Welcome to fish, the friendly interactive shell
~> thunar # no error but didn't get a thunar window either
~> thunar
double free or corruption (out)
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
double free or corruption (out)
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
fish: Job 1, 'thunar' terminated by signal SIGSEGV (Address boundary error)
~> thunar
double free or corruption (out)
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
double free or corruption (out)
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
(thunar:3530): GLib-GObject-CRITICAL **: 00:02:48.819: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(thunar:3530): Gtk-CRITICAL **: 00:02:48.848: _gtk_css_image_equal: assertion 'image1 == NULL || GTK_IS_CSS_IMAGE (image1)' failed
(thunar:3530): Gtk-CRITICAL **: 00:02:48.848: _gtk_css_image_equal: assertion 'image1 == NULL || GTK_IS_CSS_IMAGE (image1)' failed
(thunar:3530): GLib-GIO-CRITICAL **: 00:02:48.878: g_file_has_uri_scheme: assertion 'G_IS_FILE (file)' failed
(thunar:3530): GLib-GIO-CRITICAL **: 00:02:48.878: g_file_query_filesystem_info: assertion 'G_IS_FILE (file)' failed
(thunar:3530): GLib-GIO-CRITICAL **: 00:02:48.878: g_file_has_uri_scheme: assertion 'G_IS_FILE (file)' failed
(thunar:3530): GLib-GIO-CRITICAL **: 00:02:48.878: g_file_get_parent: assertion 'G_IS_FILE (file)' failed
(thunar:3530): GLib-GIO-CRITICAL **: 00:02:48.878: g_file_has_uri_scheme: assertion 'G_IS_FILE (file)' failed
(thunar:3530): GLib-GIO-CRITICAL **: 00:02:48.878: g_file_has_uri_scheme: assertion 'G_IS_FILE (file)' failed
(thunar:3530): GLib-GIO-CRITICAL **: 00:02:48.878: g_file_has_uri_scheme: assertion 'G_IS_FILE (file)' failed
(thunar:3530): GLib-GIO-CRITICAL **: 00:02:48.878: g_file_has_uri_scheme: assertion 'G_IS_FILE (file)' failed
fish: Job 1, 'thunar' terminated by signal SIGSEGV (Address boundary error)
After this I asked around in #xfce irc channel and it was suggested that I change the theme to 'greybird' as the last error message seems to be related to styling. After doing that I kept seeing the same errors for a while:
Welcome to fish, the friendly interactive shell
~> xfce4-appearance-settings # Changed theme to greybird
~> thunar
double free or corruption (out)
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
double free or corruption (out)
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
(thunar:15911): GLib-GObject-CRITICAL **: 00:50:44.309: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
fish: Job 1, 'thunar' terminated by signal SIGSEGV (Address boundary error)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
fish: Job 1, 'thunar' terminated by signal SIGSEGV (Address boundary error)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
double free or corruption (out)
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
double free or corruption (out)
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
~> thunar
free(): invalid pointer
fish: Job 1, 'thunar' terminated by signal SIGABRT (Abort)
But on the 17th(!) try, to my surprise, I successfully got the window to open.
~> thunar # this one worked!
(thunar:16174): GLib-GObject-CRITICAL **: 00:51:12.546: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(thunar:16174): GLib-GIO-CRITICAL **: 00:51:26.013: g_icon_new_for_string: assertion 'str != NULL' failed
(thunar:16174): GLib-GObject-CRITICAL **: 00:51:26.013: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
(thunar:16174): GLib-GIO-CRITICAL **: 00:51:26.840: g_icon_new_for_string: assertion 'str != NULL' failed
(thunar:16174): GLib-GObject-CRITICAL **: 00:51:26.840: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
~> thunar # works now
I tried reproducing the issue again (to gather more information for the bug report) by changing the theme back but it seems to work every time now. I did manage to get this backtrace from gdb before changing the theme but since it doesn't have debug symbols I'm not sure how helpful it is:
Starting program: /usr/bin/thunar
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff5f77640 (LWP 7687)]
[New Thread 0x7ffff5776640 (LWP 7688)]
[New Thread 0x7fffee4be640 (LWP 7689)]
[New Thread 0x7fffedcbd640 (LWP 7690)]
[New Thread 0x7fffed3c0640 (LWP 7691)]
Thread 1 "thunar" received signal SIGABRT, Aborted.
0x00007ffff6f3bef5 in raise () from /usr/lib/libc.so.6
Thread 6 (Thread 0x7fffed3c0640 (LWP 7691) "pool-thunar"):
#0 0x00007ffff6ff8a9d in syscall () at /usr/lib/libc.so.6
#1 0x00007ffff7190a71 in g_cond_wait () at /usr/lib/libglib-2.0.so.0
#2 0x00007ffff72ee18c in g_io_scheduler_job_send_to_mainloop () at /usr/lib/libgio-2.0.so.0
#3 0x00007ffff7f5e6d9 in exo_job_emit () at /usr/lib/libexo-2.so.0
#4 0x00005555555a1d22 in ()
#5 0x000055555559f3b1 in ()
#6 0x00005555555c5887 in ()
#7 0x00007ffff7f5e337 in () at /usr/lib/libexo-2.so.0
#8 0x00007ffff72f039e in () at /usr/lib/libgio-2.0.so.0
#9 0x00007ffff73228e1 in () at /usr/lib/libgio-2.0.so.0
#10 0x00007ffff7173b77 in () at /usr/lib/libglib-2.0.so.0
#11 0x00007ffff7170fb1 in () at /usr/lib/libglib-2.0.so.0
#12 0x00007ffff70d5299 in start_thread () at /usr/lib/libpthread.so.0
#13 0x00007ffff6ffe053 in clone () at /usr/lib/libc.so.6
Thread 5 (Thread 0x7fffedcbd640 (LWP 7690) "pool-thunar"):
#0 0x00007ffff6ff8a9d in syscall () at /usr/lib/libc.so.6
#1 0x00007ffff7190a71 in g_cond_wait () at /usr/lib/libglib-2.0.so.0
#2 0x00007ffff72ee18c in g_io_scheduler_job_send_to_mainloop () at /usr/lib/libgio-2.0.so.0
#3 0x00007ffff7f5e6d9 in exo_job_emit () at /usr/lib/libexo-2.so.0
#4 0x00005555555a1d22 in ()
#5 0x000055555559f3b1 in ()
#6 0x00005555555c5887 in ()
#7 0x00007ffff7f5e337 in () at /usr/lib/libexo-2.so.0
#8 0x00007ffff72f039e in () at /usr/lib/libgio-2.0.so.0
#9 0x00007ffff73228e1 in () at /usr/lib/libgio-2.0.so.0
#10 0x00007ffff7173b77 in () at /usr/lib/libglib-2.0.so.0
#11 0x00007ffff7170fb1 in () at /usr/lib/libglib-2.0.so.0
#12 0x00007ffff70d5299 in start_thread () at /usr/lib/libpthread.so.0
#13 0x00007ffff6ffe053 in clone () at /usr/lib/libc.so.6
Thread 4 (Thread 0x7fffee4be640 (LWP 7689) "pool-thunar"):
#0 0x00007ffff6ff8a9d in syscall () at /usr/lib/libc.so.6
#1 0x00007ffff7190f5b in g_cond_wait_until () at /usr/lib/libglib-2.0.so.0
#2 0x00007ffff71128b3 in () at /usr/lib/libglib-2.0.so.0
#3 0x00007ffff7173ccb in () at /usr/lib/libglib-2.0.so.0
#4 0x00007ffff7170fb1 in () at /usr/lib/libglib-2.0.so.0
#5 0x00007ffff70d5299 in start_thread () at /usr/lib/libpthread.so.0
#6 0x00007ffff6ffe053 in clone () at /usr/lib/libc.so.6
Thread 3 (Thread 0x7ffff5776640 (LWP 7688) "gdbus"):
#0 0x00007ffff6ff337f in poll () at /usr/lib/libc.so.6
#1 0x00007ffff71969d8 in () at /usr/lib/libglib-2.0.so.0
#2 0x00007ffff7142503 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#3 0x00007ffff7380558 in () at /usr/lib/libgio-2.0.so.0
#4 0x00007ffff7170fb1 in () at /usr/lib/libglib-2.0.so.0
#5 0x00007ffff70d5299 in start_thread () at /usr/lib/libpthread.so.0
#6 0x00007ffff6ffe053 in clone () at /usr/lib/libc.so.6
Thread 2 (Thread 0x7ffff5f77640 (LWP 7687) "gmain"):
#0 0x00007ffff6ff337f in poll () at /usr/lib/libc.so.6
#1 0x00007ffff71969d8 in () at /usr/lib/libglib-2.0.so.0
#2 0x00007ffff71406f1 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#3 0x00007ffff7140742 in () at /usr/lib/libglib-2.0.so.0
#4 0x00007ffff7170fb1 in () at /usr/lib/libglib-2.0.so.0
#5 0x00007ffff70d5299 in start_thread () at /usr/lib/libpthread.so.0
#6 0x00007ffff6ffe053 in clone () at /usr/lib/libc.so.6
Thread 1 (Thread 0x7ffff5f78980 (LWP 7683) "thunar"):
#0 0x00007ffff6f3bef5 in raise () at /usr/lib/libc.so.6
#1 0x00007ffff6f25862 in abort () at /usr/lib/libc.so.6
#2 0x00007ffff6f7df38 in __libc_message () at /usr/lib/libc.so.6
#3 0x00007ffff6f85bea in () at /usr/lib/libc.so.6
#4 0x00007ffff6f86fbc in _int_free () at /usr/lib/libc.so.6
#5 0x00007ffff6f8aca8 in free () at /usr/lib/libc.so.6
#6 0x00005555555c045e in ()
#7 0x00005555555c0e86 in ()
#8 0x00005555555d66a6 in ()
#9 0x00005555555c0dde in ()
#10 0x00007ffff7142ea0 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#11 0x00007ffff7196a49 in () at /usr/lib/libglib-2.0.so.0
#12 0x00007ffff71406f1 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#13 0x00007ffff734b22e in g_application_run () at /usr/lib/libgio-2.0.so.0
#14 0x00005555555760da in ()
#15 0x00007ffff6f26b25 in __libc_start_main () at /usr/lib/libc.so.6
#16 0x000055555557616e in ()
I'm sorry I don't have more information to go on but I thought it might be worth reporting anyway. I will keep an eye on the situation and try to gather more data if I get the issue to happen again. If you have any tips on how to debug/reproduce the issue I would appreciate it. I don't have much experience with gdb so let me know if there's anything I should do to provide better traces.