50112 – libaccountservice crash in unload_new_session

Bug 50112 - libaccountservice crash in unload_new_session

Summary: libaccountservice crash in unload_new_session

Status:	RESOLVED FIXED

Alias:	None

Product:	accountsservice
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	All Linux (All)

Importance:	high major
Assignee:	Matthias Clasen
QA Contact:

URL:
Whiteboard:
Keywords:

Duplicates (1):	55843 (view as bug list)
Depends on:
Blocks:

Reported:	2012-05-19 03:50 UTC by Riccardo Magliocchetti
Modified:	2012-11-05 17:06 UTC (History)
CC List:	4 users (show)

See Also:	http://bugs.debian.org/673185 http://bugs.debian.org/677088 http://bugs.debian.org/683092 http://bugs.debian.org/688413
i915 platform:
i915 features:

Attachments
backtrace with symbols (6.78 KB, text/plain) 2012-05-21 12:31 UTC, Daniel Leidert	Details
lib: manage pending consolekit calls with cancellable (4.32 KB, patch) 2012-06-11 08:35 UTC, Ray Strode [halfline]	Details \| Splinter Review
the patch that I'm trying out (4.48 KB, patch) 2012-11-02 09:36 UTC, Simon McVittie	Details \| Splinter Review
View All

Description Riccardo Magliocchetti 2012-05-19 03:50:33 UTC

gnome3 desktop with an active online account configured (gmail, only chat enabled) makes the gnome-shell crash every 10 minutes or so. So setting severity to major.

This is accountservice 0.6.18 in debian sid. Looked at the git log but haven't seen anything that looked related in newer versions.

I only have a picture of the backtrace taken from the phone:
https://p.twimg.com/AtMuxj1CAAAqnB3.jpg:large

Comment 1 Ray Strode [halfline] 2012-05-21 08:40:45 UTC

This code path is run when new sessions are registered.  Do you think it could be triggered by someone ssh'ing to your machine? Or perhaps a remote X session via XDMCP?

I guess it's possible the manager is already freed by the time the result completes.  That would explain a crash.  The only thing is, the new_session object takes a reference on the manager object, itself, so the manager should stay alive.  If it's not, then that suggests the manager may be getting unrefed when it shouldn't be.

Comment 2 Riccardo Magliocchetti 2012-05-21 10:00:30 UTC

(In reply to comment #1)
> This code path is run when new sessions are registered.  Do you think it could
> be triggered by someone ssh'ing to your machine? Or perhaps a remote X session
> via XDMCP?

ssh is off and xdmcp should be off too.

> I guess it's possible the manager is already freed by the time the result
> completes.  That would explain a crash.  The only thing is, the new_session
> object takes a reference on the manager object, itself, so the manager should
> stay alive.  If it's not, then that suggests the manager may be getting unrefed
> when it shouldn't be.

I've upgraded to 0.6.21, am running gnome-shell under gdb and haven't been able to reproduce it but it could be just luck.

Comment 3 Ray Strode [halfline] 2012-05-21 10:14:04 UTC

okay, let me know how it goes.

Comment 4 Daniel Leidert 2012-05-21 12:31:10 UTC

Created attachment 61928 [details]
backtrace with symbols

Here my backtrace. There isn't any attempt for a remote access to the machine. If you need more information, please tell me.

Comment 5 Ray Strode [halfline] 2012-05-21 12:51:06 UTC

okay, so i have a theory on what's happening here.

Somehow a session is getting created and destroyed very quickly.  If the removal happens within a few milliseconds after a request is made to consolekit before consolekit responds, then the new_session object will get freed early and the consolekit reply that comes later will access freed memory.

Comment 6 Ray Strode [halfline] 2012-05-21 12:56:18 UTC

so the correct fix for this is to pass a cancellable to all console_kit_session_proxy_new_sync calls, and cancel that cancellable in unload_new_session.

If I came up with that patch would one of you be willing to try it to verify the theory?

Comment 7 Ray Strode [halfline] 2012-05-21 14:25:45 UTC

bugzilla attachments aren't seemingly working at the moment so i've pushed the (untested) patch here (on the 50112 branch):

http://cgit.freedesktop.org/accountsservice/patch/?id=5a0de5922bffa234b5daae8e48e591530f5f7edd

I'd appreciate feedback.

Comment 8 Daniel Leidert 2012-05-22 14:09:25 UTC

The patch doesn't fix the issue. There is still a crash. Here the beginning of the backtrace:

#0  unload_new_session (new_session=0x7fffdc159400) at act-user-manager.c:973
        manager = 0x0
#1  0x00007fffd2bd8fa7 in on_get_unix_user_finished (object=<optimized out>, result=0x3221cf0, data=0x7fffdc159400)
    at act-user-manager.c:1041
        proxy = 0x7fffdc03c800
        new_session = 0x7fffdc159400
        error = 0x3c2a960
        uid = <optimized out>
#2  0x00007fffefd953f7 in g_simple_async_result_complete (simple=0x3221cf0) at /tmp/buildd/glib2.0-2.32.3/./gio/gsimpleasyncresult.c:767
        current_source = 0x7fffdc0e7000
        current_context = 0x6093a0
        __PRETTY_FUNCTION__ = "g_simple_async_result_complete"
...

Comment 9 Norbert Preining 2012-05-24 19:12:53 UTC

Hi everyone,
I am running Debian/sid and I see this problem, too. But I don't think it has to do with sessions or whatever, because I can reliably trigger it by simply plugging or unplugging my power chord?!? What does this have with account services?

Norbert

Comment 10 Anonymous Helper 2012-05-28 22:03:54 UTC

FWIW, I'm having the same problem.  Machine is Core i7 2700K desktop, 64-bit kernel but 32-bit Debian/unstable userland, stable power, no other users except one running nothing but xbmc from gnome-shell.  And gnome-shell restarts (glitching the display) a few times per hour.

I don't know what's up, but it's kind of annoying

May 16 15:29:43 localhost kernel: gnome-shell[7705]: segfault at 38 ip 00000000ede5c3cb sp 00000000ffaa3d30 error 4 in libaccountsservice.so.0.0.0[ede4b000+39000]
May 16 16:00:01 localhost kernel: gnome-shell[25546]: segfault at 38 ip 00000000ede483cb sp 00000000ffba3590 error 4 in libaccountsservice.so.0.0.0[ede37000+39000]
May 16 16:05:01 localhost kernel: gnome-shell[7131]: segfault at 38 ip 00000000ee0b43cb sp 00000000ffc6fb30 error 4 in libaccountsservice.so.0.0.0[ee0a3000+39000]
May 16 18:00:01 localhost kernel: gnome-shell[19663]: segfault at 38 ip 00000000edfb23cb sp 00000000ffdb8fb0 error 4 in libaccountsservice.so.0.0.0[edfa1000+39000]
May 16 20:00:02 localhost kernel: gnome-shell[7555]: segfault at 38 ip 00000000ee1773cb sp 00000000ff819000 error 4 in libaccountsservice.so.0.0.0[ee166000+39000]
May 16 20:05:01 localhost kernel: gnome-shell[30996]: segfault at 38 ip 00000000ee0273cb sp 00000000ffda8d70 error 4 in libaccountsservice.so.0.0.0[ee016000+39000]
May 16 20:15:01 localhost kernel: gnome-shell[7556]: segfault at 38 ip 00000000ee07c3cb sp 00000000ffdab210 error 4 in libaccountsservice.so.0.0.0[ee06b000+39000]
May 16 20:25:01 localhost kernel: gnome-shell[18953]: segfault at 38 ip 00000000ee0d53cb sp 00000000ffa92390 error 4 in libaccountsservice.so.0.0.0[ee0c4000+39000]
May 16 20:55:02 localhost kernel: gnome-shell[555]: segfault at 38 ip 00000000ee11e3cb sp 00000000ff9c9190 error 4 in libaccountsservice.so.0.0.0[ee10d000+39000]
May 16 21:35:01 localhost kernel: gnome-shell[7924]: segfault at 38 ip 00000000f20493cb sp 00000000ffcd0f90 error 4 in libaccountsservice.so.0.0.0[f2038000+39000]
May 16 21:45:01 localhost kernel: gnome-shell[26504]: segfault at 38 ip 00000000ee0973cb sp 00000000ffd7b320 error 4 in libaccountsservice.so.0.0.0[ee086000+39000]
May 16 21:55:01 localhost kernel: gnome-shell[5556]: segfault at 38 ip 00000000f20773cb sp 00000000ffaf9000 error 4 in libaccountsservice.so.0.0.0[f2066000+39000]
May 16 22:00:01 localhost kernel: gnome-shell[19644]: segfault at 38 ip 00000000ee1213cb sp 00000000ffd3ae30 error 4 in libaccountsservice.so.0.0.0[ee110000+39000]
May 16 22:05:01 localhost kernel: gnome-shell[25338]: segfault at 38 ip 00000000edfd53cb sp 00000000ff7fc640 error 4 in libaccountsservice.so.0.0.0[edfc4000+39000]
May 16 22:15:01 localhost kernel: gnome-shell[1405]: segfault at 38 ip 00000000ee1213cb sp 00000000ffbc0650 error 4 in libaccountsservice.so.0.0.0[ee110000+39000]
May 16 22:35:01 localhost kernel: gnome-shell[12924]: segfault at 38 ip 00000000edfd53cb sp 00000000ffa716d0 error 4 in libaccountsservice.so.0.0.0[edfc4000+39000]
May 16 22:45:01 localhost kernel: gnome-shell[6022]: segfault at 38 ip 00000000ee0943cb sp 00000000ff966b40 error 4 in libaccountsservice.so.0.0.0[ee083000+39000]
May 16 22:55:01 localhost kernel: gnome-shell[20100]: segfault at 38 ip 00000000ee0b43cb sp 00000000ffd16980 error 4 in libaccountsservice.so.0.0.0[ee0a3000+39000]
May 16 23:05:01 localhost kernel: gnome-shell[31430]: segfault at 38 ip 00000000ee16c3cb sp 00000000fff45410 error 4 in libaccountsservice.so.0.0.0[ee15b000+39000]
May 16 23:45:01 localhost kernel: gnome-shell[13371]: segfault at 38 ip 00000000ee0d53cb sp 00000000ffdb2df0 error 4 in libaccountsservice.so.0.0.0[ee0c4000+39000]
May 17 00:00:01 localhost kernel: gnome-shell[31824]: segfault at 38 ip 00000000ee0d53cb sp 00000000fff912c0 error 4 in libaccountsservice.so.0.0.0[ee0c4000+39000]
May 17 00:05:01 localhost kernel: gnome-shell[19314]: segfault at 38 ip 00000000ee0483cb sp 00000000ff807eb0 error 4 in libaccountsservice.so.0.0.0[ee037000+39000]
May 17 09:45:01 localhost kernel: gnome-shell[10717]: segfault at 38 ip 00000000ee1d53cb sp 00000000ff8c9c30 error 4 in libaccountsservice.so.0.0.0[ee1c4000+39000]
May 17 10:05:01 localhost kernel: gnome-shell[25118]: segfault at 38 ip 00000000ee05b3cb sp 00000000fff8f280 error 4 in libaccountsservice.so.0.0.0[ee04a000+39000]
May 17 10:15:01 localhost kernel: gnome-shell[18572]: segfault at 38 ip 00000000ee0b43cb sp 00000000ffc08620 error 4 in libaccountsservice.so.0.0.0[ee0a3000+39000]
May 17 10:25:01 localhost kernel: gnome-shell[29797]: segfault at 38 ip 00000000ee0973cb sp 00000000ffff1f30 error 4 in libaccountsservice.so.0.0.0[ee086000+39000]
May 17 10:33:01 localhost kernel: gnome-shell[11340]: segfault at 38 ip 00000000ee0b43cb sp 00000000ff916e70 error 4 in libaccountsservice.so.0.0.0[ee0a3000+39000]
May 17 10:35:01 localhost kernel: gnome-shell[9013]: segfault at 38 ip 00000000f20bc3cb sp 00000000ffb02290 error 4 in libaccountsservice.so.0.0.0[f20ab000+39000]
May 17 10:45:01 localhost kernel: gnome-shell[22544]: segfault at 38 ip 00000000ee13a3cb sp 00000000ff9f3550 error 4 in libaccountsservice.so.0.0.0[ee129000+39000]
May 17 10:55:01 localhost kernel: gnome-shell[4069]: segfault at 1 ip 0000000048adfbb0 sp 00000000ff9eff8c error 4 in libc-2.13.so[48a9e000+156000]
May 17 11:05:01 localhost kernel: gnome-shell[18092]: segfault at 38 ip 00000000ee0bb3cb sp 00000000ffc2cc50 error 4 in libaccountsservice.so.0.0.0[ee0aa000+39000]
May 17 11:15:01 localhost kernel: gnome-shell[29528]: segfault at 38 ip 00000000ee1513cb sp 00000000fffc30b0 error 4 in libaccountsservice.so.0.0.0[ee140000+39000]
May 17 11:33:01 localhost kernel: gnome-shell[11056]: segfault at 38 ip 00000000ee1ad3cb sp 00000000ffc4dbc0 error 4 in libaccountsservice.so.0.0.0[ee19c000+39000]
May 17 11:35:01 localhost kernel: gnome-shell[19842]: segfault at 38 ip 00000000ee16a3cb sp 00000000ffc3b850 error 4 in libaccountsservice.so.0.0.0[ee159000+39000]
May 17 12:00:01 localhost kernel: gnome-shell[3623]: segfault at 38 ip 00000000ee1a03cb sp 00000000ffe563c0 error 4 in libaccountsservice.so.0.0.0[ee18f000+39000]
May 17 12:05:01 localhost kernel: gnome-shell[2021]: segfault at 38 ip 00000000ee0973cb sp 00000000ffd45820 error 4 in libaccountsservice.so.0.0.0[ee086000+39000]
May 17 12:15:01 localhost kernel: gnome-shell[10582]: segfault at 38 ip 00000000edfd53cb sp 00000000ffcaa4b0 error 4 in libaccountsservice.so.0.0.0[edfc4000+39000]
May 17 12:25:01 localhost kernel: gnome-shell[21804]: segfault at 1 ip 0000000048adfbb0 sp 00000000ffe733cc error 4 in libc-2.13.so[48a9e000+156000]
May 17 12:35:01 localhost kernel: gnome-shell[3331]: segfault at 38 ip 00000000ee13a3cb sp 00000000ffae0bc0 error 4 in libaccountsservice.so.0.0.0[ee129000+39000]
May 17 12:45:01 localhost kernel: gnome-shell[14670]: segfault at 38 ip 00000000ee0b33cb sp 00000000ffa26b40 error 4 in libaccountsservice.so.0.0.0[ee0a2000+39000]
May 17 12:55:01 localhost kernel: gnome-shell[28569]: segfault at 38 ip 00000000ee0d53cb sp 00000000ffebdcb0 error 4 in libaccountsservice.so.0.0.0[ee0c4000+39000]
May 17 13:15:01 localhost kernel: gnome-shell[7565]: segfault at 38 ip 00000000ee0d53cb sp 00000000ffdb7350 error 4 in libaccountsservice.so.0.0.0[ee0c4000+39000]
May 17 19:35:46 localhost kernel: gnome-shell[3353]: segfault at 38 ip 00000000ee0d53cb sp 00000000ffb6a610 error 4 in libaccountsservice.so.0.0.0[ee0c4000+39000]
May 17 19:45:01 localhost kernel: gnome-shell[10460]: segfault at 38 ip 00000000ee1343cb sp 00000000ffa13b20 error 4 in libaccountsservice.so.0.0.0[ee123000+39000]
May 17 19:55:01 localhost kernel: gnome-shell[16273]: segfault at 38 ip 00000000f21bc3cb sp 00000000ff9cdd30 error 4 in libaccountsservice.so.0.0.0[f21ab000+39000]
May 17 20:00:01 localhost kernel: gnome-shell[30302]: segfault at 38 ip 00000000eddd53cb sp 00000000ffe6bb30 error 4 in libaccountsservice.so.0.0.0[eddc4000+39000]
May 17 20:05:01 localhost kernel: gnome-shell[3690]: segfault at 38 ip 00000000ee1643cb sp 00000000fff37e10 error 4 in libaccountsservice.so.0.0.0[ee153000+39000]
May 17 20:15:01 localhost kernel: gnome-shell[9962]: segfault at 38 ip 00000000ee1273cb sp 00000000ff8bd9b0 error 4 in libaccountsservice.so.0.0.0[ee116000+39000]
May 18 17:25:01 localhost kernel: gnome-shell[22665]: segfault at 1 ip 0000000048adfbb0 sp 00000000ffd5028c error 4 in libc-2.13.so[48a9e000+156000]
May 18 17:30:13 localhost kernel: gnome-shell[31538]: segfault at 10 ip 0000000048adfbb0 sp 00000000ff96568c error 4 in libc-2.13.so[48a9e000+156000]
May 18 17:55:01 localhost kernel: gnome-shell[13084]: segfault at 38 ip 00000000edfd53cb sp 00000000ffaa2430 error 4 in libaccountsservice.so.0.0.0[edfc4000+39000]
May 18 18:00:01 localhost kernel: gnome-shell[11379]: segfault at 38 ip 00000000ee2d53cb sp 00000000fff56e90 error 4 in libaccountsservice.so.0.0.0[ee2c4000+39000]
May 18 18:25:01 localhost kernel: gnome-shell[19294]: segfault at 38 ip 00000000ee2b43cb sp 00000000ffd16790 error 4 in libaccountsservice.so.0.0.0[ee2a3000+39000]
May 18 18:55:01 localhost kernel: gnome-shell[2505]: segfault at 38 ip 00000000ee36b3cb sp 00000000ff804cd0 error 4 in libaccountsservice.so.0.0.0[ee35a000+39000]
May 18 19:05:01 localhost kernel: gnome-shell[9940]: segfault at 38 ip 00000000ee35b3cb sp 00000000ffd66e90 error 4 in libaccountsservice.so.0.0.0[ee34a000+39000]
May 18 19:15:01 localhost kernel: gnome-shell[20807]: segfault at 38 ip 00000000ee3aa3cb sp 00000000ffe78e60 error 4 in libaccountsservice.so.0.0.0[ee399000+39000]
May 18 19:25:01 localhost kernel: gnome-shell[453]: segfault at 38 ip 00000000f2bb13cb sp 00000000ff9015c0 error 4 in libaccountsservice.so.0.0.0[f2ba0000+39000]
May 18 20:00:01 localhost kernel: gnome-shell[13995]: segfault at 38 ip 00000000ee2b43cb sp 00000000ff85c360 error 4 in libaccountsservice.so.0.0.0[ee2a3000+39000]
May 18 20:05:02 localhost kernel: gnome-shell[30137]: segfault at 38 ip 00000000ee4413cb sp 00000000ff84f320 error 4 in libaccountsservice.so.0.0.0[ee430000+39000]
May 18 20:45:01 localhost kernel: gnome-shell[24426]: segfault at 38 ip 00000000ee36a3cb sp 00000000ff9cdf30 error 4 in libaccountsservice.so.0.0.0[ee359000+39000]
May 18 21:45:01 localhost kernel: gnome-shell[2123]: segfault at 38 ip 00000000ee48b3cb sp 00000000fffaa900 error 4 in libaccountsservice.so.0.0.0[ee47a000+39000]
May 18 22:00:01 localhost kernel: gnome-shell[1656]: segfault at 38 ip 00000000ee4b03cb sp 00000000ffc133e0 error 4 in libaccountsservice.so.0.0.0[ee49f000+39000]
May 18 23:05:02 localhost kernel: gnome-shell[4339]: segfault at 38 ip 00000000ee1d53cb sp 00000000ffba2000 error 4 in libaccountsservice.so.0.0.0[ee1c4000+39000]
May 19 00:00:03 localhost kernel: gnome-shell[20494]: segfault at fc8c0ee8 ip 00000000498739cd sp 00000000ffccde20 error 4 in libglib-2.0.so.0.3200.3[4980e000+fb000]
May 19 02:00:01 localhost kernel: gnome-shell[476]: segfault at 1 ip 0000000048adfbb0 sp 00000000ff9b08ac error 4 in libc-2.13.so[48a9e000+156000]
May 19 12:00:01 localhost kernel: gnome-shell[28256]: segfault at 38 ip 00000000ee2b23cb sp 00000000ff8c6f70 error 4 in libaccountsservice.so.0.0.0[ee2a1000+39000]
May 19 16:55:04 localhost kernel: gnome-shell[10972]: segfault at 38 ip 00000000ee4263cb sp 00000000ffbb3130 error 4 in libaccountsservice.so.0.0.0[ee415000+39000]
May 19 17:05:02 localhost kernel: gnome-shell[13377]: segfault at 38 ip 00000000ee35b3cb sp 00000000ffa59990 error 4 in libaccountsservice.so.0.0.0[ee34a000+39000]
May 19 17:35:04 localhost kernel: gnome-shell[20260]: segfault at 38 ip 00000000ee4343cb sp 00000000ffc07790 error 4 in libaccountsservice.so.0.0.0.dpkg-new (deleted)[ee423000+39000]
May 19 17:45:01 localhost kernel: gnome-shell[12257]: segfault at 38 ip 00000000ee21e3cb sp 00000000ff9cd940 error 4 in libaccountsservice.so.0.0.0[ee20d000+39000]
May 19 18:00:03 localhost kernel: gnome-shell[14158]: segfault at 38 ip 00000000ee0d53cb sp 00000000ffbbf1c0 error 4 in libaccountsservice.so.0.0.0[ee0c4000+39000]
May 19 18:45:03 localhost kernel: gnome-shell[30236]: segfault at 38 ip 00000000ee2b33cb sp 00000000ffd7b370 error 4 in libaccountsservice.so.0.0.0[ee2a2000+39000]
May 19 19:35:19 localhost kernel: gnome-shell[7903]: segfault at 38 ip 00000000ee2d43cb sp 00000000ffd2d920 error 4 in libaccountsservice.so.0.0.0[ee2c3000+39000]
May 19 19:45:01 localhost kernel: gnome-shell[6527]: segfault at 38 ip 00000000ee35b3cb sp 00000000ff87ef40 error 4 in libaccountsservice.so.0.0.0[ee34a000+39000]
May 19 20:25:01 localhost kernel: gnome-shell[17318]: segfault at 38 ip 00000000ee3553cb sp 00000000ffa59740 error 4 in libaccountsservice.so.0.0.0[ee344000+39000]
May 20 00:00:02 localhost kernel: gnome-shell[9887]: segfault at 38 ip 00000000ee36d3cb sp 00000000ff900d40 error 4 in libaccountsservice.so.0.0.0[ee35c000+39000]
May 20 15:50:00 localhost kernel: gnome-shell[7125]: segfault at 38 ip 00000000ee27c3cb sp 00000000ff81b190 error 4 in libaccountsservice.so.0.0.0[ee26b000+39000]
May 20 16:00:01 localhost kernel: gnome-shell[5161]: segfault at 38 ip 00000000ee2b23cb sp 00000000ffe4c700 error 4 in libaccountsservice.so.0.0.0[ee2a1000+39000]
May 20 16:15:01 localhost kernel: gnome-shell[20885]: segfault at 38 ip 00000000ee4673cb sp 00000000ffbf3e10 error 4 in libaccountsservice.so.0.0.0[ee456000+39000]
May 20 16:25:01 localhost kernel: gnome-shell[9035]: segfault at 38 ip 00000000ee44b3cb sp 00000000ff8e0320 error 4 in libaccountsservice.so.0.0.0[ee43a000+39000]
May 20 16:45:02 localhost kernel: gnome-shell[16636]: segfault at 38 ip 00000000ee3483cb sp 00000000ffc1e170 error 4 in libaccountsservice.so.0.0.0[ee337000+39000]
May 20 17:05:01 localhost kernel: gnome-shell[809]: segfault at 38 ip 00000000ee42a3cb sp 00000000fff36e00 error 4 in libaccountsservice.so.0.0.0[ee419000+39000]
May 20 17:15:01 localhost kernel: gnome-shell[6709]: segfault at 38 ip 00000000ee2d53cb sp 00000000ffbc14e0 error 4 in libaccountsservice.so.0.0.0[ee2c4000+39000]
May 20 17:25:01 localhost kernel: gnome-shell[1683]: segfault at 38 ip 00000000ee39c3cb sp 00000000ffd17d80 error 4 in libaccountsservice.so.0.0.0[ee38b000+39000]
May 20 17:45:01 localhost kernel: gnome-shell[30947]: segfault at 38 ip 00000000ee1b43cb sp 00000000ffd7d850 error 4 in libaccountsservice.so.0.0.0[ee1a3000+39000]
May 20 17:55:01 localhost kernel: gnome-shell[22468]: segfault at 38 ip 00000000ee4553cb sp 00000000fff63370 error 4 in libaccountsservice.so.0.0.0[ee444000+39000]
May 20 18:00:01 localhost kernel: gnome-shell[17158]: segfault at 38 ip 00000000ee1d53cb sp 00000000ff919950 error 4 in libaccountsservice.so.0.0.0[ee1c4000+39000]
May 20 18:25:02 localhost kernel: gnome-shell[16658]: segfault at 38 ip 00000000ee4553cb sp 00000000ffe15760 error 4 in libaccountsservice.so.0.0.0[ee444000+39000]
May 20 18:35:01 localhost kernel: gnome-shell[5747]: segfault at 38 ip 00000000ee49f3cb sp 00000000ffaa9550 error 4 in libaccountsservice.so.0.0.0[ee48e000+39000]
May 20 18:55:01 localhost kernel: gnome-shell[2314]: segfault at 38 ip 00000000ee3213cb sp 00000000ffd7b3e0 error 4 in libaccountsservice.so.0.0.0[ee310000+39000]
May 20 19:05:01 localhost kernel: gnome-shell[25644]: segfault at 38 ip 00000000ee45b3cb sp 00000000ffb7d560 error 4 in libaccountsservice.so.0.0.0[ee44a000+39000]
May 20 19:12:54 localhost kernel: gnome-shell[20204]: segfault at 38 ip 00000000ee3a53cb sp 00000000ffb68ec0 error 4 in libaccountsservice.so.0.0.0[ee394000+39000]
May 20 20:00:01 localhost kernel: gnome-shell[3074]: segfault at 38 ip 00000000ee2d53cb sp 00000000ff9d2f30 error 4 in libaccountsservice.so.0.0.0[ee2c4000+39000]
May 20 22:00:02 localhost kernel: gnome-shell[7604]: segfault at 38 ip 00000000ee2b43cb sp 00000000ffd043b0 error 4 in libaccountsservice.so.0.0.0[ee2a3000+39000]
May 20 22:05:01 localhost kernel: gnome-shell[7655]: segfault at 38 ip 00000000ee47a3cb sp 00000000ff945510 error 4 in libaccountsservice.so.0.0.0[ee469000+39000]
May 20 22:15:01 localhost kernel: gnome-shell[27133]: segfault at 38 ip 00000000ee2d53cb sp 00000000ff92b7b0 error 4 in libaccountsservice.so.0.0.0[ee2c4000+39000]
May 20 22:22:39 localhost kernel: gnome-shell[1348]: segfault at 38 ip 00000000ee35b3cb sp 00000000ffe75990 error 4 in libaccountsservice.so.0.0.0[ee34a000+39000]
May 21 04:00:11 localhost kernel: gnome-shell[7614]: segfault at 38 ip 00000000f25453cb sp 00000000ff83cd50 error 4 in libaccountsservice.so.0.0.0[f2534000+39000]

Comment 11 Daniel Leidert 2012-06-02 06:28:48 UTC

Ping?! Anybody working on this?

PS: I'm willing to test your patches and send you the information you request to finally fix this.

Comment 12 Simon McVittie 2012-06-04 07:41:34 UTC

(In reply to comment #5)
> Somehow a session is getting created and destroyed very quickly.

I wonder whether this could be a non-interactive session, like cron?

For instance:

Jun  4 14:17:01 archetype CRON[2079]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun  4 14:17:01 archetype CRON[2079]: pam_unix(cron:session): session closed for user root

Debian's PAM configuration doesn't normally do much with non-interactive sessions (the default is just pam_permit and pam_unix - in particular, pam_ck_connector is not invoked by default), but if the libpam-systemd Debian package is installed, by default non-interactive sessions *will* invoke that (see also <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667470>).

Comment 13 Riccardo Magliocchetti 2012-06-04 08:11:17 UTC

(In reply to comment #12)
> (In reply to comment #5)
> > Somehow a session is getting created and destroyed very quickly.
> 
> I wonder whether this could be a non-interactive session, like cron?
> 
> For instance:
> 
> Jun  4 14:17:01 archetype CRON[2079]: pam_unix(cron:session): session opened
> for user root by (uid=0)
> Jun  4 14:17:01 archetype CRON[2079]: pam_unix(cron:session): session closed
> for user root
> 
> Debian's PAM configuration doesn't normally do much with non-interactive
> sessions (the default is just pam_permit and pam_unix - in particular,
> pam_ck_connector is not invoked by default), but if the libpam-systemd Debian
> package is installed, by default non-interactive sessions *will* invoke that
> (see also <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667470>).

That may explain it, no segfault since this morning after upgrading toaccountsservice built without systemd support.

Comment 14 Riccardo Magliocchetti 2012-06-06 00:37:47 UTC

(In reply to comment #13)
> (In reply to comment #12)
> > (In reply to comment #5)
> > > Somehow a session is getting created and destroyed very quickly.
> > 
> > I wonder whether this could be a non-interactive session, like cron?
> > 
> That may explain it, no segfault since this morning after upgrading
> toaccountsservice built without systemd support.

Well it happened again without systemd support, and looking at logs i can't see anything related to cron. Same crash as before but this time called from on_get_x11_display_finished
https://twitter.com/rmistaken/status/210270942394449920/photo/1/large

Rebuilding with patch at comment #7 + without systemd support and let's see.

Comment 15 Riccardo Magliocchetti 2012-06-07 00:26:05 UTC

(In reply to comment #14)
> (In reply to comment #13)
> > (In reply to comment #12)
> > > (In reply to comment #5)
> > > > Somehow a session is getting created and destroyed very quickly.
> > > 
> > > I wonder whether this could be a non-interactive session, like cron?
> > > 
> > That may explain it, no segfault since this morning after upgrading
> > toaccountsservice built without systemd support.
> 
> Well it happened again without systemd support, and looking at logs i can't see
> anything related to cron. Same crash as before but this time called from
> on_get_x11_display_finished
> https://twitter.com/rmistaken/status/210270942394449920/photo/1/large
> 
> Rebuilding with patch at comment #7 + without systemd support and let's see.

Still crash somewhere inside cancellable.

Comment 16 Riccardo Magliocchetti 2012-06-11 00:43:46 UTC

Is this useful? I have no idea on what process is su'ing to my user.

auth.log:

Jun 11 09:36:36 montag su[7459]: Successful su for rm by root
Jun 11 09:36:36 montag su[7459]: + ??? root:rm
Jun 11 09:36:36 montag su[7459]: pam_unix(su:session): session opened for user rm by (uid=0)
Jun 11 09:36:36 montag dbus[3721]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.152" (uid=1000 pid=7409 comm="/usr/bin/gnome-shell ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.17" (uid=0 pid=4393 comm="/usr/sbin/console-kit-daemon --no-daemon ")
Jun 11 09:36:36 montag su[7459]: pam_unix(su:session): session closed for user rm
Jun 11 09:36:36 montag polkitd(authority=local): Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session2 (system bus name :1.152, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale it_IT.utf8) (disconnected from bus)

syslog:
Jun 11 09:36:36 montag kernel: [ 2372.163888] gnome-shell[7409]: segfault at 30 ip 00000000f0f1cccb sp 00000000ff89d460 error 4 in libaccountsservice.so.0.0.0[f0f0c000+38000]
Jun 11 09:36:36 montag gnome-session[4790]: WARNING: Application 'gnome-shell.desktop' killed by signal 11

Comment 17 Ray Strode [halfline] 2012-06-11 08:35:50 UTC

Created attachment 62894 [details] [review]
lib: manage pending consolekit calls with cancellable

Pending NewSession objects can disappear just as quickly
as they appear in response to ConsoleKit signals.  If
we're in the middle of talking to ConsoleKit when an
object disappears and is subsequently freed, then we'll
still try to access it from the reply callback.

This commit cancels any pending messages to the consolekit
daemon, when the session goes away.

Comment 18 Ray Strode [halfline] 2012-06-11 08:38:55 UTC

Daniel, can you try the latest patch?

Comment 19 ALLurGroceries 2012-06-12 11:49:15 UTC

Ray, thanks very much. I tried your patch 45d55f7f on my Lenovo X220 (Debian Sid/Linux 3.5-rc2) and it has been running without the segfault that I could reliably trigger by opening/closing the lid or plugging/unplugging the AC adapter. I have previously commented on the Debian bug 673185 in comment #108.

Comment 20 Paul Menzel 2012-06-12 15:40:35 UTC

(In reply to comment #18)
> Daniel, can you try the latest patch?

Ray, your patch also fixed the segfault on the system where I experienced this bug [1].

Please note that the system is no notebook and a normal desktop and it was enough to open the activities overview and chose applications.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677088

Comment 21 Ray Strode [halfline] 2012-06-13 08:15:22 UTC

Alright, I've pushed the patch.  Closing bug, but please reopen if problems resurface.

Comment 22 Paul Menzel 2012-08-14 21:07:03 UTC

As commented on the GNOME ticket [1], I experienced a problem even with the patch attached.

Additionally I also got another problem with GDM [2], but I do not know if it is related.

[1] https://bugzilla.gnome.org/show_bug.cgi?id=679604#c3
[2] https://bugzilla.gnome.org/show_bug.cgi?id=681826

Comment 23 Paul Menzel 2012-09-25 10:30:29 UTC

(In reply to comment #22)
> As commented on the GNOME ticket [1], I experienced a problem even with the
> patch attached.

Could you please take a look at Debian bug report 688413 [3]?

--- begin quote ---
Switching users makes gnome-shell crash with this error:

#0  0x00007f70c5ea06c9 in g_cancellable_is_cancelled (
    cancellable=0x7f70c4a30660)
    at /tmp/buildd/glib2.0-2.33.12+really2.32.3/./gio/gcancellable.c:296
No locals.
#1  0x00007f70a7555d86 in on_get_unix_user_finished (object=<optimized out>, 
    result=0x4f93660, data=0x4e56240) at act-user-manager.c:1028
        proxy = <optimized out>
        new_session = 0x4e56240
        error = 0x0
        uid = <optimized out>
#2  0x00007f70c5ed93f7 in g_simple_async_result_complete (simple=0x4f93660)
    at /tmp/buildd/glib2.0-2.33.12+really2.32.3/./gio/gsimpleasyncresult.c:767
        current_source = 0x7f70980e4f90
        current_context = 0x0
        __PRETTY_FUNCTION__ = "g_simple_async_result_complete"
#3  0x00007f70c5f3177a in reply_cb (connection=<optimized out>, 
    res=<optimized out>, user_data=0x4f93660)
    at /tmp/buildd/glib2.0-2.33.12+really2.32.3/./gio/gdbusproxy.c:2614
        simple = 0x4f93660
        value = <optimized out>
        error = 0x38cfe60
        fd_list = 0x2740a00


This code is introduced by a patch you added: 
	9001-manage_pending_ck_calls_with_cancellable.patch

Obviously something is wrong with the cancellable management, because 
new_session->cancellable exists but is not a valid GCancellable.

I tried with accountsservice 0.6.24 in experimental, but it is much 
worse since it entirely prevents gnome-shell from starting up.
--- end quote ---

> Additionally I also got another problem with GDM [2], but I do not know if
> it is related.
> 
> [1] https://bugzilla.gnome.org/show_bug.cgi?id=679604#c3
> [2] https://bugzilla.gnome.org/show_bug.cgi?id=681826
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688413

Comment 24 Ray Strode [halfline] 2012-10-10 15:22:21 UTC

*** Bug 55843 has been marked as a duplicate of this bug. ***

Comment 25 Ray Strode [halfline] 2012-10-10 15:23:01 UTC

From the other bug:


[reply] [-] Comment 1 Paul Menzel 2012-10-10 10:04:06 EDT

Here is a description from Josselin on how to reproduce this.

»the crash in unstable is 100% reproducible with the following : have 2 sessions open, open a 3rd one, close it, use the login prompt to switch to one of the first twos«

Comment 26 Simon McVittie 2012-11-02 08:03:26 UTC

The g_cancellable_cancel() docs say:

"The convention within gio is that cancelling an asynchronous operation causes it to complete asynchronously. That is, if you cancel the operation from the same thread in which it is running, then the operation's GAsyncReadyCallback will not be invoked until the application returns to the main loop."

So I think we have this sequence of events:

* unload_new_session() calls g_cancellable_cancel()
* unload_new_session() calls g_slice_free (., new_session)
* back to the main loop
* asychronous operation completes
* user_data == new_session points to freed memory

I don't think there's much alternative to refcounting the new_session (either with a real refcount, or with a count of pending calls) so that the struct isn't freed until there are no longer any pending calls with it as user_data.

Comment 27 Simon McVittie 2012-11-02 09:36:10 UTC

Created attachment 69424 [details] [review]
the patch that I'm trying out

I'm trying out this patch against Debian's accountsservice 0.6.21-6, but I can't reproduce this crash on-demand (it sometimes happens when I resume from suspend). Comments/testing welcome.

Comment 28 Ray Strode [halfline] 2012-11-02 16:31:12 UTC

(In reply to comment #26)
> "The convention within gio is that cancelling an asynchronous operation
> causes it to complete asynchronously. That is, if you cancel the operation
> from the same thread in which it is running, then the operation's
> GAsyncReadyCallback will not be invoked until the application returns to the
> main loop."
Ugh, interesting.  It makes a lot of sense, though, in retrospect.

Comment 29 Josselin Mouette 2012-11-03 10:42:19 UTC

Although I’m not fond of this “manual reference counting”, the patch definitely fixes the crash for me.

Comment 30 Ray Strode [halfline] 2012-11-05 17:06:21 UTC

okay i've pushed this.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.