Bug 1086558

Summary: [abrt] polkit: LookupPropertyWithFlagsInline(): polkitd killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Fabrice A. Marie <fabrice>
Component: polkitAssignee: Miloslav Trmač <mitr>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: fabrice, mitr, pjvh
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/55530643c256891ab513341420e26080c5464db8
Whiteboard: abrt_hash:0b737ed05e4e26ab2a8d32fdd061be3ff18a0d31
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-14 22:07:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Fabrice A. Marie 2014-04-11 06:41:37 UTC 
Version-Release number of selected component:
polkit-0.112-2.fc20

Additional info:
reporter:       libreport-2.2.1
backtrace_rating: 4
cmdline:        /usr/lib/polkit-1/polkitd --no-debug
crash_function: LookupPropertyWithFlagsInline
executable:     /usr/lib/polkit-1/polkitd
kernel:         3.13.8-200.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            999

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 LookupPropertyWithFlagsInline at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4077
 #1 js_GetPropertyHelperInline at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4277
 #2 js::GetPropertyHelper at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4365
 #3 js::Interpret at /usr/src/debug/mozjs17.0.0/js/src/jsinterpinlines.h:270
 #4 js::RunScript at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.cpp:309
 #5 js::InvokeKernel at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.cpp:363
 #6 js::Invoke at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.h:119
 #7 JS_CallFunctionName at /usr/src/debug/mozjs17.0.0/js/src/jsapi.cpp:5837
 #8 call_js_function_with_runaway_killer at polkitbackendjsauthority.c:1019
 #9 polkit_backend_js_authority_check_authorization_sync at polkitbackendjsauthority.c:1180
Comment 1 Fabrice A. Marie 2014-04-11 06:41:48 UTC 
Created attachment 885260 [details]
File: backtrace
Comment 2 Fabrice A. Marie 2014-04-11 06:41:50 UTC 
Created attachment 885261 [details]
File: cgroup
Comment 3 Fabrice A. Marie 2014-04-11 06:41:52 UTC 
Created attachment 885262 [details]
File: core_backtrace
Comment 4 Fabrice A. Marie 2014-04-11 06:41:55 UTC 
Created attachment 885263 [details]
File: dso_list
Comment 5 Fabrice A. Marie 2014-04-11 06:41:57 UTC 
Created attachment 885264 [details]
File: environ
Comment 6 Fabrice A. Marie 2014-04-11 06:41:59 UTC 
Created attachment 885265 [details]
File: exploitable
Comment 7 Fabrice A. Marie 2014-04-11 06:42:01 UTC 
Created attachment 885266 [details]
File: limits
Comment 8 Fabrice A. Marie 2014-04-11 06:42:04 UTC 
Created attachment 885267 [details]
File: maps
Comment 9 Fabrice A. Marie 2014-04-11 06:42:06 UTC 
Created attachment 885268 [details]
File: open_fds
Comment 10 Fabrice A. Marie 2014-04-11 06:42:08 UTC 
Created attachment 885269 [details]
File: proc_pid_status
Comment 11 Fabrice A. Marie 2014-04-11 06:42:10 UTC 
Created attachment 885270 [details]
File: var_log_messages
Comment 12 Miloslav Trmač 2014-04-11 19:33:07 UTC 
Thanks for your report.  Can you reproduce this crash at will?
Comment 13 Miloslav Trmač 2014-04-11 19:41:58 UTC 
Notes to self:

crash in
> if (!proto->isNative()) {
where isNative is an inline from vm/ObjectImpl-inl.h, invisibly indirecting through proto->shape_ , which is NULL.

"current" at that time points to our generated Action() object, which is constructed by interpreting a script, so not too likely to be incorrect.

Overall likely to be a duplicate of #910262, but the only way to know is to have a reproducer and test with a fixed package.
Comment 14 Fabrice A. Marie 2014-04-13 10:03:11 UTC 
(In reply to Miloslav Trmač from comment #12)
> Thanks for your report.  Can you reproduce this crash at will?

Hi Miloslav,
Sorry, no I can't. I have no idea what I was doing at the time.
Comment 15 Miloslav Trmač 2014-04-14 22:07:55 UTC 
OK, I'll mark it as a duplicate of #910262 for now, which should be fixed Real Soon Now.

If, after fixing that bug, this crash reappears, please reopen this report.

*** This bug has been marked as a duplicate of bug 910262 ***