Bug 43242 - upowerd crashed with SIGSEGV in node_list_remove()
Summary: upowerd crashed with SIGSEGV in node_list_remove()
Status: RESOLVED NOTOURBUG
Alias: None
Product: upower
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: medium critical
Assignee: Richard Hughes
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-11-25 04:29 UTC by Pedro Villavicencio
Modified: 2013-10-14 07:32 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Pedro Villavicencio 2011-11-25 04:29:56 UTC 
this report has been filed here:

https://bugs.launchpad.net/ubuntu/+source/upower/+bug/870593

there's no specific steps on how to reproduce the crash, most of users are commenting that the crash appears just after login. Btw is this more like a libplist issue? Thanks!.

".
Thread 3 (Thread 0x7f590e702700 (LWP 1489)):
#0  0x00007f5911ecc0dd in read () at ../sysdeps/unix/syscall-template.S:82
No locals.
#1  0x00007f591159ea83 in read (__nbytes=128, __buf=0x7f590e701d30, __fd=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/unistd.h:45
No locals.
#2  unix_signal_helper_thread (data=<optimized out>) at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:4567
        i = <optimized out>
        bytes_read = 140020529529296
        b = '\000' <repeats 16 times>"\377, \377\377\377", '\000' <repeats 28 times>"\320, \200!", '\000' <repeats 21 times>, "\003\000\000\000\000\000\000\000\000\320\353\021Y\177\000\000\264\377\277\022Y\177\000\000\005", '\000' <repeats 23 times>"\220, &\332\020Y\177\000"
        sigterm_received = 0
        sigint_received = 0
        sighup_received = 0
#3  0x00007f59115c82b6 in g_thread_create_proxy (data=0x2290ea0) at /build/buildd/glib2.0-2.30.0/./glib/gthread.c:1962
        thread = 0x2290ea0
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#4  0x00007f5911ec4efc in start_thread (arg=0x7f590e702700) at pthread_create.c:304
        __res = <optimized out>
        pd = 0x7f590e702700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 6404682131891087322, 140734146252624, 140020471048640, 0, 3, -6462634030028757030, -6462626227677239334}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        robust = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#5  0x00007f5910e7a89d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#6  0x0000000000000000 in ?? ()
No symbol table info available.
.
Thread 2 (Thread 0x7f590df01700 (LWP 1490)):
#0  0x00007f5910e6e773 in __GI___poll (fds=<optimized out>, nfds=<optimized out>, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
        resultvar = <optimized out>
        oldtype = 0
        result = <optimized out>
#1  0x00007f59115a2f68 in g_main_context_poll (n_fds=3, fds=0x7f5908001100, timeout=-1, context=0x22a2aa0, priority=<optimized out>) at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3402
        poll_func = 0x7f59115b14c0 <g_poll>
#2  g_main_context_iterate (context=0x22a2aa0, block=<optimized out>, dispatch=1, self=<optimized out>) at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3084
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 3
        allocated_nfds = <optimized out>
        fds = 0x7f5908001100
#3  0x00007f59115a3792 in g_main_loop_run (loop=0x22a2a50) at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3297
        __PRETTY_FUNCTION__ = "g_main_loop_run"
#4  0x00007f5910b15516 in gdbus_shared_thread_func (user_data=0x22a2a70) at /build/buildd/glib2.0-2.30.0/./gio/gdbusprivate.c:276
        data = 0x22a2a70
#5  0x00007f59115c82b6 in g_thread_create_proxy (data=0x22a2b90) at /build/buildd/glib2.0-2.30.0/./glib/gthread.c:1962
        thread = 0x22a2b90
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#6  0x00007f5911ec4efc in start_thread (arg=0x7f590df01700) at pthread_create.c:304
        __res = <optimized out>
        pd = 0x7f590df01700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 6404682131891087322, 140734146249920, 140020462655936, 0, 3, -6462635129003513894, -6462626227677239334}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        robust = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#7  0x00007f5910e7a89d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#8  0x0000000000000000 in ?? ()
No symbol table info available.
.
Thread 1 (Thread 0x7f5912de27c0 (LWP 1486)):
#0  node_list_remove (list=0x1a74000000cab800, node=0x7f5911852840) at /build/buildd/libplist-1.6/libcnary/node_list.c:122
        n = <optimized out>
#1  0x00007f591113e80e in node_detach (parent=0x7f5911ec97f0, child=<optimized out>) at /build/buildd/libplist-1.6/libcnary/node.c:99
No locals.
#2  0x00007f591113a315 in plist_free_node (node=0x7f5911852840) at /build/buildd/libplist-1.6/src/plist.c:73
        data = 0x0
        ni = <optimized out>
        ch = <optimized out>
#3  0x0000000000412a0e in up_device_idevice_coldplug (device=0x22b3190) at up-device-idevice.c:117
        idevice = 0x22b3190
        native = 0x22c4450
        uuid = 0x228d450 "d08f22fdf4f57e5cc090926e24282cede4eada1e"
        model = <optimized out>
        dict = 0x7f5911852840
        node = <optimized out>
        poll_seconds = 60
        dev = 0x228d670
        client = 0x2292620
        kind = <optimized out>
#4  0x000000000040b2c9 in up_device_coldplug (device=0x22b3190, daemon=<optimized out>, native=0x22c4450) at up-device.c:548
        ret = <optimized out>
        native_path = <optimized out>
        klass = 0x229b910
        id = 0x0
        __PRETTY_FUNCTION__ = "up_device_coldplug"
#5  0x0000000000411548 in up_backend_device_new (native=0x22c4450, backend=0x22a6ed0) at up-backend.c:128
        native_path = <optimized out>
        device = 0x22b3190
        ret = <optimized out>
        subsys = <optimized out>
        input = <optimized out>
#6  up_backend_device_add (backend=0x22a6ed0, native=0x22c4450) at up-backend.c:229
        object = <optimized out>
        device = <optimized out>
#7  0x00007f59118630a4 in g_closure_invoke (closure=0x229aff0, return_value=0x0, n_param_values=3, param_values=0x7f5908003de0, invocation_hint=<optimized out>) at /build/buildd/glib2.0-2.30.0/./gobject/gclosure.c:774
        marshal = 0x7f5911aaadc8 <g_udev_marshal_VOID__STRING_OBJECT>
        marshal_data = <optimized out>
        in_marshal = <optimized out>
        __PRETTY_FUNCTION__ = "g_closure_invoke"
#8  0x00007f591187502a in signal_emit_unlocked_R (node=<optimized out>, detail=0, instance=0x2294b40, emission_return=0x0, instance_and_params=0x7f5908003de0) at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3272
        tmp = <optimized out>
        handler = 0x7f5908006ed0
        accumulator = 0x0
        emission = {next = 0x0, instance = 0x2294b40, ihint = {signal_id = 24, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
        class_closure = 0x22a8490
        hlist = 0x7f5911ec81d0
        handler_list = 0x7f5908006ed0
        return_accu = 0x0
        accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        signal_id = 24
        max_sequential_handler_number = 208
        return_value_altered = 0
#9  0x00007f591187e6b1 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=<optimized out>) at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3003
        instance_and_params = 0x7f5908003de0
        signal_return_type = 4
        param_values = 0x7f5908003df8
        node = 0x22a7d20
        i = <optimized out>
        n_params = 2
        __PRETTY_FUNCTION__ = "g_signal_emit_valist"
#10 0x00007f591187e852 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at /build/buildd/glib2.0-2.30.0/./gobject/gsignal.c:3060
        var_args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff38cb9030, reg_save_area = 0x7fff38cb8f70}}
#11 0x00007f5911aa8aac in ?? () from /tmp/tmpXgDO0d/usr/lib/x86_64-linux-gnu/libgudev-1.0.so.0
No symbol table info available.
#12 0x00007f59115a2a5d in g_main_dispatch (context=0x228ff30) at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:2441
        dispatch = 0x7f59115e5160 <g_io_unix_dispatch>
        was_in_call = 0
        user_data = 0x2294b40
        callback = 0x7f5911aa8a58
        cb_funcs = 0x7f5911852670
        cb_data = 0x229b0f0
        current_source_link = {data = 0x229b5d0, next = 0x0}
        need_destroy = <optimized out>
        source = 0x229b5d0
        current = 0x229fe00
        i = <optimized out>
#13 g_main_context_dispatch (context=0x228ff30) at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3011
No locals.
#14 0x00007f59115a3258 in g_main_context_iterate (context=0x228ff30, block=<optimized out>, dispatch=1, self=<optimized out>) at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3089
        max_priority = 2147483647
        timeout = -1
        some_ready = 1
        nfds = 4
        allocated_nfds = <optimized out>
        fds = <optimized out>
#15 0x00007f59115a3792 in g_main_loop_run (loop=0x22a8030) at /build/buildd/glib2.0-2.30.0/./glib/gmain.c:3297
        __PRETTY_FUNCTION__ = "g_main_loop_run"
#16 0x0000000000406a2b in main (argc=1, argv=0x7fff38cb9398) at up-main.c:241
        error = 0x0
        daemon = 0x22a18e0
        qos = 0x2291240
        kbd_backlight = 0x2294b00
        wakeups = 0x229eb20
        context = <optimized out>
        bus_proxy = <optimized out>
        bus = <optimized out>
        ret = <optimized out>
        retval = 1
        timed_exit = 0
        immediate_exit = 0
        session_bus = 0
        timer_id = <optimized out>
        options = {{long_name = 0x41b9a8 "timed-exit", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff38cb9280, description = 0x41b9b3 "Exit after a small delay", arg_description = 0x0}, {long_name = 0x41b9cc "immediate-exit", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff38cb9284, description = 0x41ba70 "Exit after the engine has loaded", arg_description = 0x0}, {long_name = 0x41b9db "test", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fff38cb9288, description = 0x41ba98 "Run on the session bus (only for testing)", arg_description = 0x0}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}}"
Comment 1 Bastien Nocera 2013-10-14 07:32:28 UTC 
It's either a bug in libimobiledevice, or our use of it. I cannot reproduce the problem locally, and the last bug dates back from 2012. As nothing changed on the UPower side, it's likely a problem lower down the stack.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.