Comment 20 for bug 1538471

I was able to trigger the segfault just by running the scope from a terminal using the command line found in the dbus service activation file. For example:

    /usr/bin/python3 /usr/share/unity-scopes/scope-runner-dbus.py -s info/calculator.scope

When run, I get the following error message:

    *** Error in `/usr/bin/python3': free(): invalid next size (fast): 0x0000000000cb77e0 ***

Attached is a stack trace with symbols for the relevant libraries available. The inner call here is a to the overriden get_scopes() implementation of the Python UnityScopeLoader subclass.

Frames #8 and #9 are the libffi stubs to marshal this function call. Frame #7 is the function that takes the libffi function call data and calls a Python function, converting the arguments as needed.

While frame #6 says it is the same function, it looks to actually be an inlined version of _invoke_state_clear, which is called right at the end of _pygi_closure_handle. So at this point, the Python implementation of get_scopes() has finished running, and it is trying to clean up afterwards.