Bug 7675

Summary:	dbus-daemon crashes when accesses
Product:	dbus	Reporter:	Koen Kooi <koen>
Component:	core	Assignee:	Havoc Pennington <hp>
Status:	RESOLVED WONTFIX	QA Contact:
Severity:	blocker
Priority:	high	CC:	johnp, ross, stian
Version:	unspecified
Hardware:	Other
OS:	Linux (All)
Whiteboard:
i915 platform:		i915 features:
Attachments:	'fix' segfault

Description Koen Kooi 2006-07-28 07:10:52 UTC

dbus-daemon segfaults when being accessed via dbus-monitor --system:

root@ipaq-pxa270:/etc/init.d$ gdb 'dbus-daemon' ; rm
/var/run/dbus/pidGNU gdb 6.4
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "arm-angstrom-linux-gnueabi"...BFD:
/usr/bin/dbus-daemon.dbg: warning: sh_link not set for section `.ARM.exidx'
Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) run  --system --nofork
Starting program: /usr/bin/dbus-daemon --system --nofork

Program received signal SIGSEGV, Segmentation fault.
0x0001cd9c in _dbus_type_writer_write_reader_partial ()
(gdb) bt
#0  0x0001cd9c in _dbus_type_writer_write_reader_partial ()
#1  0x0001cf2c in replacement_block_replace ()
#2  0x0001d0e4 in _dbus_type_reader_set_basic ()
#3  0x00032ba8 in _dbus_header_set_field_basic ()
#4  0x0001e6b0 in set_or_delete_string_field ()
#5  0x000102fc in bus_transaction_send_from_driver ()
#6  0x00013714 in bus_driver_handle_hello ()
#7  0x00013ef4 in bus_driver_handle_message ()
#8  0x000125f4 in bus_dispatch_message_filter ()
#9  0x0001a46c in dbus_connection_dispatch ()
#10 0x0002b270 in _dbus_loop_dispatch ()
#11 0x0002b700 in _dbus_loop_iterate ()
#12 0x0002b780 in _dbus_loop_run ()
#13 0x000185c0 in main ()
#14 0x400183c4 in __libc_start_main () from /lib/libc.so.6
#15 0x0000a258 in _start ()
(gdb)

root@ipaq-pxa270:~$ dbus-daemon --version
D-BUS Message Bus Daemon 0.90
Copyright (C) 2002, 2003 Red Hat, Inc., CodeFactory AB, and others
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
root@ipaq-pxa270:~$ uname -a
Linux ipaq-pxa270 2.6.16-hh5 #3 PREEMPT Thu Jul 27 20:42:36 CEST 2006 armv5tel
unknown unknown GNU/Linux
root@ipaq-pxa270:~$

Comment 1 Koen Kooi 2006-07-28 07:13:11 UTC

Created attachment 6377 [details] [review]
'fix' segfault

While adding some debug helpers the sefgault suddenly went away. I attached the
patch that worked for me. It is obviously wrong, but I have no clue how to fix
it properly.

The problem exists in 0.61, 0.62 and 0.90

Comment 2 Havoc Pennington 2006-07-28 07:17:26 UTC

From your shell prompt, this is on an ipaq? I would suggest looking for 
problems that might happen only on ARM (isn't that thing ARM?)

I don't know what those problems might be though. Are any of the integer types 
a different size on ARM?

Comment 3 Koen Kooi 2006-07-28 07:33:55 UTC

Yes, this is on an ipaq (HP hx4700). The only problem I can image would be with
unsigned chars:
http://www.arm.linux.org.uk/docs/faqs/signedchar.php

The kernel is already running in fixup mode for alignment errors, the other ARM
niggle.

Comment 4 Koen Kooi 2006-07-28 07:35:59 UTC

It's all compiled with glibc 2.4/gcc 4.1.1/binutils 2.17.0

Comment 5 Havoc Pennington 2006-07-28 08:18:06 UTC

if you make clean and then rebuild, are there any errors related to unsigned 
char? it's certainly a possibility...

Comment 6 Ross Burton 2007-06-02 06:45:57 UTC

I can't replicate this with Poky Linux running DBus 1.0.1 on a Zaurus Akita (ARM based).

Comment 7 Tim Woo 2008-02-11 02:01:15 UTC

(In reply to comment #6)
> I can't replicate this with Poky Linux running DBus 1.0.1 on a Zaurus Akita
> (ARM based).
> 

I have the same symptoms.
Try compiling with -O0 (disable optimizations).  This seems to make the problem disappear for some reason.

(I'm using ARM with gcc 4.1.1 uclibc 0.9.29)

Comment 8 Ross Burton 2008-02-11 02:15:00 UTC

If it works with -O0 but not with -O(anything else), it's a compiler optimisation bug then surely?

Comment 9 Stian Skjelstad 2009-01-29 04:10:18 UTC

If this still is an issue

Hmm, could you:

a) compile with -g so that backtraces gives more information

b) when it crashes, also provide output from
disassamble

and

info registers


My first guess would be alignment issue, since that is very fragile (worked with that before on sparc and m68k in another project, though they gave SIGBUS on alignment error, and not SEGFAULT)

Comment 10 Ralf Habacker 2010-12-18 01:44:13 UTC

The requests belongs to very outdated versions. If the problem still exists with recent dbus versions feel free to reopen bug.

Comment 11 Stian Skjelstad 2010-12-18 02:40:54 UTC

I'm just adding some historical information related to this bug.

Open Cubic Player has checks for gcc version 4.1.1 related to unsigned chars and loops which might be the same bug.

See configure.ac test here:

AC_MSG_CHECKING([for broken signed char to signed int in loops (gcc version 4.1.1)])
AC_RUN_IFELSE(
[
@%:@include <stdio.h>
@%:@include <unistd.h>
void failcheck(signed int source, signed int filter)
{
        if ((source>128)&&(filter>0))
                _exit(1);
}

int main(int arg, char *argv@<:@@:>@)
{
        int j;
        for (j=0; j<256; j++)
        {
                signed char j2=(signed char)j;
                signed int j3=j2;
                failcheck(j, j3);
        }
        return 0;
}
],
        AC_MSG_RESULT([ok]),
        AC_MSG_ERROR([failed.
Try to remove any -O flag or to add -fwrapv to CFLAGS and CXXFLAGS]),
AC_DEFINE(GCC_411_RUNTIMECHECK, 1)
)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.