Bug 1029408

Summary: SIGSEGV in g_object_notify
Product: [Fedora] Fedora Reporter: Tim Waugh <twaugh>
Component: gnome-shellAssignee: Owen Taylor <otaylor>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: fmuellner, otaylor, samkraju, walters
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-12 11:33:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tim Waugh 2013-11-12 11:05:39 UTC
Description of problem:
Not sure entirely what caused this, but the abrt trace is here:
https://retrace.fedoraproject.org/faf/reports/205226/

Version-Release number of selected component (if applicable):
gnome-shell-3.10.1-2.fc20.x86_64

How reproducible:
Don't know.

#0  0x00000037e0016ecb in g_object_notify (object=0x7f2de800e1a0, 
    property_name=0x3552e25c51 "globally-enabled") at gobject.c:1162
#1  0x00000037e0012fa9 in g_cclosure_marshal_VOID__STRINGv (closure=0x8d315a0, 
    return_value=<optimized out>, instance=<optimized out>, 
    args=<optimized out>, marshal_data=<optimized out>, 
    n_params=<optimized out>, param_types=0x25e1d10) at gmarshal.c:1004
#2  0x00000037e00104c7 in _g_closure_invoke_va (
    closure=closure@entry=0x8d315a0, return_value=return_value@entry=0x0, 
    instance=instance@entry=0x4b29880, args=args@entry=0x7fff8d681c70, 
    n_params=1, param_types=0x25e1d10) at gclosure.c:840
#3  0x00000037e0029749 in g_signal_emit_valist (instance=0x4b29880, 
    signal_id=<optimized out>, detail=1365, 
    var_args=var_args@entry=0x7fff8d681c70) at gsignal.c:3238
#4  0x00000037e002a3af in g_signal_emit (instance=instance@entry=0x4b29880, 
    signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
#5  0x00000037e08aef1c in g_settings_real_change_event (settings=0x4b29880, 
    keys=<optimized out>, n_keys=1) at gsettings.c:288
#6  0x00000031a1805d8c in ffi_call_unix64 () from /lib64/libffi.so.6
#7  0x00000031a18056bc in ffi_call () from /lib64/libffi.so.6
#8  0x00000037e0010f35 in g_cclosure_marshal_generic_va (closure=0x25e7c80, 
    return_value=0x7fff8d682130, instance=0x4b29880, 
    args_list=<optimized out>, 
    marshal_data=0x37e08aeeb0 <g_settings_real_change_event>, n_params=2, 
    param_types=0x25e7cb0) at gclosure.c:1550
#9  0x00000037e00104c7 in _g_closure_invoke_va (
    closure=closure@entry=0x25e7c80, 
    return_value=return_value@entry=0x7fff8d682130, 
    instance=instance@entry=0x4b29880, args=args@entry=0x7fff8d682230, 
    n_params=2, param_types=0x25e7cb0) at gclosure.c:840
#10 0x00000037e0029749 in g_signal_emit_valist (instance=0x4b29880, 
    signal_id=<optimized out>, detail=0, 
    var_args=var_args@entry=0x7fff8d682230) at gsignal.c:3238
#11 0x00000037e002a3af in g_signal_emit (instance=instance@entry=0x4b29880, 
    signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3386
#12 0x00000037e08af668 in settings_backend_path_changed (target=0x4b29880, 
    backend=<optimized out>, path=<optimized out>, origin_tag=<optimized out>)
    at gsettings.c:363
#13 0x00000037e08ab29a in g_settings_backend_invoke_closure (
    user_data=0x7f2d8d1b7040) at gsettingsbackend.c:271
#14 0x00000037dfc49266 in g_main_dispatch (context=0xfb1b30) at gmain.c:3065
#15 g_main_context_dispatch (context=context@entry=0xfb1b30) at gmain.c:3641
#16 0x00000037dfc495e8 in g_main_context_iterate (context=0xfb1b30, 
    block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at gmain.c:3712
#17 0x00000037dfc499fa in g_main_loop_run (loop=0xfb4690) at gmain.c:3906
#18 0x00000036e2462b48 in meta_run () at core/main.c:556
#19 0x0000000000402131 in main (argc=1, argv=0x7fff8d682628) at main.c:439

The cause seems to be a bad pointer in the closure:

#0  0x00000037e0016ecb in g_object_notify (object=0x7f2de800e1a0, 
    property_name=0x3552e25c51 "globally-enabled") at gobject.c:1162
1162	  g_return_if_fail (G_IS_OBJECT (object));
(gdb) p *object
$26 = {g_type_instance = {g_class = 0x7f2c0000000c}, ref_count = 1, 
  qdata = 0x0}
(gdb) p *((GObject*)object)->g_type_instance.g_class
Cannot access memory at address 0x7f2c0000000c

Comment 1 Tim Waugh 2013-11-12 11:33:30 UTC

*** This bug has been marked as a duplicate of bug 1029415 ***