| Summary: | SIGSEGV in dbus_address_entry_get_value() | ||
|---|---|---|---|
| Product: | dbus | Reporter: | Scott James Remnant <scott> |
| Component: | core | Assignee: | Havoc Pennington <hp> |
| Status: | RESOLVED NOTOURBUG | QA Contact: | John (J5) Palmieri <johnp> |
| Severity: | normal | ||
| Priority: | medium | CC: | walters |
| Version: | 1.2.x | ||
| Hardware: | Other | ||
| OS: | All | ||
| URL: | https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/395216 | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
Ok, multiple levels of fun in this bug. The first thing to notice is that we're running in a non-main thread (created for processing ORBit requests it looks like?). Inside there we drop into some Evolution code, and then we happen to be the first caller of IA__g_vfs_get_default.
Now...here's an interesting thing to note:
static void
g_daemon_vfs_init (GDaemonVfs *vfs)
{
...
vfs->async_bus = dbus_bus_get_private (DBUS_BUS_SESSION, NULL);
...
if (g_thread_supported ())
dbus_threads_init_default ();
Seems wrong, because that means if dbus_threads_init_default hasn't been called before now, the call to dbus_bus_get_private won't be locked. So this is a possible race condition between a worker thread and a main thread, but may or may not be the cause of the crash. I suspect it's not, but we should fix gvfs anyways.
Now hmmm...assuming gdb hasn't lost its marbles due to gcc optimization,
keys = (DBusList *) 0x19
just looks wrong. However in a quick review of this code I'm not seeing anything obviously wrong, though dbus_parse_address isn't the simplest function in the world.
Anyways I'll submit a patch for gvfs.
I'm going to assume this was fallout from "libdbus isn't actually thread-safe". |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Filed in Launchpad: #0 0x00b1da6d in dbus_address_entry_get_value (entry=0x90997e0, key=0xb48e72 "guid") at dbus-address.c:256 values = (DBusList *) 0x64697567 keys = (DBusList *) 0x19 #1 0x00b3bb30 in _dbus_transport_open (entry=0x90997e0, error=0xb7cfe838) at dbus-transport.c:362 transport = (DBusTransport *) 0x0 expected_guid_orig = <value optimized out> expected_guid = <value optimized out> tmp_error = {name = 0x0, message = 0x0, dummy1 = 1, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x0} #2 0x00b267be in _dbus_connection_open_internal ( address=<value optimized out>, shared=<value optimized out>, error=0x0) at dbus-connection.c:1726 connection = (DBusConnection *) 0x0 entries = (DBusAddressEntry **) 0x909aa30 tmp_error = {name = 0x0, message = 0x0, dummy1 = 1, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x0} first_error = {name = 0x0, message = 0x0, dummy1 = 1, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x0} len = 1 i = 0 #3 0x00b21d4c in internal_bus_get (type=DBUS_BUS_SESSION, private=<value optimized out>, error=0x0) at dbus-bus.c:430 address = 0xb48e72 "guid" connection = (DBusConnection *) 0x1 bd = <value optimized out> __FUNCTION__ = "internal_bus_get" #4 0x08ae61a8 in g_daemon_vfs_init (vfs=0x9086f50) at gdaemonvfs.c:300 mappers = (GType *) 0xb7cfe998 n_mappers = <value optimized out> schemes = <value optimized out> mount_types = <value optimized out> mapper = <value optimized out> modules = (GList *) 0xd06ff4 i = 2588565 __PRETTY_FUNCTION__ = "g_daemon_vfs_init" #5 0x007b636f in IA__g_type_create_instance (type=151616368) at /build/buildd/glib2.0-2.21.2/gobject/gtype.c:1674 node = (TypeNode *) 0x9097b70 instance = (GTypeInstance *) 0x9086f50 class = (GTypeClass *) 0x90996b8 i = 0 total_size = <value optimized out> #6 0x00799d08 in g_object_constructor (type=151616368, n_construct_properties=0, construct_params=0x0) at /build/buildd/glib2.0-2.21.2/gobject/gobject.c:1338 object = (GObject *) 0x0 #7 0x0079a88c in IA__g_object_newv (object_type=151616368, n_parameters=0, parameters=0x0) at /build/buildd/glib2.0-2.21.2/gobject/gobject.c:1215 nqueue = (GObjectNotifyQueue *) 0x1 object = <value optimized out> class = (GObjectClass *) 0x90996b8 unref_class = (GObjectClass *) 0x90996b8 slist = <value optimized out> n_total_cparams = <value optimized out> n_cparams = 0 n_oparams = 0 n_cvalues = <value optimized out> clist = (GList *) 0x0 newly_constructed = -1211110392 i = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_object_newv" #8 0x0079b4c2 in IA__g_object_new_valist (object_type=151616368, first_property_name=0x0, var_args=0xb7cfed48 "6M") at /build/buildd/glib2.0-2.21.2/gobject/gobject.c:1278 params = (GParameter *) 0x10 name = <value optimized out> object = <value optimized out> n_params = <value optimized out> n_alloced_params = 151609832 __PRETTY_FUNCTION__ = "IA__g_object_new_valist" #9 0x0079b63e in IA__g_object_new (object_type=151616368, first_property_name=0x0) at /build/buildd/glib2.0-2.21.2/gobject/gobject.c:1060 __PRETTY_FUNCTION__ = "IA__g_object_new" #10 0x00bcb5a6 in get_default_vfs (arg=0x0) at /build/buildd/glib2.0-2.21.2/gio/gvfs.c:209 use_this = <value optimized out> l = <value optimized out> ep = (GIOExtensionPoint *) 0x90961d8 extension = <value optimized out> #11 0x00ca511e in IA__g_once_impl (once=0xc1ac3c, func=0xbcb4e0 <get_default_vfs>, arg=0x0) at /build/buildd/glib2.0-2.21.2/glib/gthread.c:190 No locals. #12 0x00bcb12d in IA__g_vfs_get_default () at /build/buildd/glib2.0-2.21.2/gio/gvfs.c:233 once_init = {status = G_ONCE_STATUS_PROGRESS, retval = 0x0} #13 0x00b959c3 in IA__g_file_new_for_uri ( uri=0xb7d01868 "/home/amit/.evolution/calendar/local/system/calendar.ics") at /build/buildd/glib2.0-2.21.2/gio/gfile.c:5556 __PRETTY_FUNCTION__ = "IA__g_file_new_for_uri" #14 0x01fca6e3 in uri_to_path (backend=<value optimized out>) at e-cal-backend-file.c:663 priv = <value optimized out> master_uri = ( const gchar *) 0x90891f0 "/home/amit/.evolution/calendar/local/system" str_uri = <value optimized out> file = <value optimized out> #15 0x01fca73f in get_uri_string (backend=0xb48e72) at e-cal-backend-file.c:903 str_uri = <value optimized out> full_uri = <value optimized out> #16 0x01fcebd9 in e_cal_backend_file_open (backend=0x9089800, cal=0x9086d50, only_if_exists=1, username=0x90849b9 "", password=0xb7d01859 "") at e-cal-backend-file.c:1028 priv = (ECalBackendFilePrivate *) 0x90897a0 str_uri = (gchar *) 0xb7d01850 "\001" status = 151546760 #17 0x001ccdf5 in e_cal_backend_sync_open (backend=0x9089800, cal=0x9086d50, only_if_exists=1, username=0x90849b9 "", password=0xb7d01859 "") at e-cal-backend-sync.c:187 status = <value optimized out> __PRETTY_FUNCTION__ = "e_cal_backend_sync_open" #18 0x001ccecb in _e_cal_backend_open (backend=0x9089800, cal=0x9086d50, only_if_exists=1, username=0x90849b9 "", password=0xb7d01859 "") at e-cal-backend-sync.c:707 status = <value optimized out> #19 0x001c58a7 in e_cal_backend_open (backend=0x9089800, cal=0x9086d50, only_if_exists=1, username=0x90849b9 "", password=0xb7d01859 "") at e-cal-backend.c:650 __PRETTY_FUNCTION__ = "e_cal_backend_open" #20 0x001d0c7b in impl_Cal_open (servant=0x9086d64, only_if_exists=1 '\001', username=0x90849b9 "", password=0xb7d01859 "", ev=0xb7cff218) at e-data-cal.c:80 No locals. #21 0x001bf2a4 in _ORBIT_skel_small_GNOME_Evolution_Calendar_Cal_open ( _o_servant=0x9086d64, _o_retval=0x0, _o_args=0xb7cff0b0, _o_ctx=0xb7cff148, _o_ev=0xb7cff218, _impl_open=0x1d0c20 <impl_Cal_open>) at Evolution-DataServer-Calendar-common.c:44 No locals. #22 0x0096e537 in ORBit_POAObject_invoke (pobj=0x9095b98, ret=0x0, args=0xb7cff0b0, ctx=0xb7cff148, data=0xb7cff1c8, ev=0xb7cff218) at poa.c:1148 No locals. #23 0x00974b45 in ORBit_OAObject_invoke (adaptor_obj=0x9095b98, ret=0x0, args=0xb7cff0b0, ctx=0xb7cff148, data=0xb7cff1c8, ev=0xb7cff218) at orbit-adaptor.c:340 No locals. #24 0x00960e63 in ORBit_small_invoke_adaptor (adaptor_obj=0x9095b98, recv_buffer=0x9084a80, m_data=0x1de620, data=0xb7cff1c8, ev=0xb7cff218) at orbit-small.c:846 ctx = {parent = {interface = 0x0, refs = 2633716}, mappings = 0x2764bb, children = 0x9095858, the_name = 0xb7cff178 "????I&\227", parent_ctx = 0x0} args = (gpointer *) 0xb7cff0b0 scratch = (gpointer *) 0xb7cff090 pretval = (gpointer) 0x0 retval = (gpointer) 0x0 send_buffer = <value optimized out> orb = (CORBA_ORB) 0x906a808 tc = (CORBA_TypeCode) 0x98ece0 i = 3 #25 0x00972649 in ORBit_POAObject_handle_request (pobj=0x9095b98, opname=0x9084b2c "open", ret=0x0, args=0x0, ctx=0x0, recv_buffer=0x9084a80, ev=0xb7cff218) at poa.c:1357 invoke_data = { small_skel = 0x1bf270 <_ORBIT_skel_small_GNOME_Evolution_Calendar_Cal_open>, imp = 0x1d0c20} poa = (PortableServer_POA) 0x9095858 cookie = (PortableServer_ServantLocator_Cookie) 0x0 oid = (PortableServer_ObjectId *) 0x9095bd4 m_data = (ORBit_IMethod *) 0x1de620 small_skel = ( ORBitSmallSkeleton) 0x1bf270 <_ORBIT_skel_small_GNOME_Evolution_Calendar_Cal_open> imp = (gpointer) 0x1d0c20 __PRETTY_FUNCTION__ = "ORBit_POAObject_handle_request" #26 0x00972d22 in ORBit_POAObject_invoke_incoming_request (pobj=0x9095b98, recv_buffer=0x9084a80, opt_ev=0x0) at poa.c:1427 opname = <value optimized out> real_ev = {_id = 0x0, _major = 0, _any = {_type = 0x0, _value = 0x0, _release = 0 '\0'}} ev = (CORBA_Environment *) 0xb7cff218 #27 0x00959595 in giop_thread_queue_process (tdata=0x9084b68) at giop.c:792 ent = (GIOPMessageQueueEntry *) 0x0 qe = (GIOPQueueEntry *) 0x9095ad8 request = (GList *) 0x0 no_policy = <value optimized out> #28 0x009599c8 in giop_request_handler_thread (data=0x9084b68, user_data=0x0) at giop.c:502 done = 9804171 l = (GList *) 0x9069c08 #29 0x00ca81cf in g_thread_pool_thread_proxy (data=0x9069c08) at /build/buildd/glib2.0-2.21.2/glib/gthreadpool.c:265 task = (gpointer) 0x9084b68 pool = (GRealThreadPool *) 0x9069c08 #30 0x00ca6b9f in g_thread_create_proxy (data=0x9084d48) at /build/buildd/glib2.0-2.21.2/glib/gthread.c:635 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #31 0x002734ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #32 0x010c370e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals.