Bug 566182

Summary: general protection faults during gnome-greeter
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: polkitAssignee: David Zeuthen <davidz>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: davidz, mclasen, sangu.fedora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-13 18:47:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom London 2010-02-17 15:01:14 UTC 
Description of problem:
Noticed this:

Feb 17 06:11:00 tlondon gdm-simple-greeter[1787]: DEBUG(+): Getting list of sessions for user 501
Feb 17 06:11:00 tlondon gdm-simple-greeter[1787]: DEBUG(+): Found 0 sessions for user testFirefox
Feb 17 06:11:00 tlondon gdm-simple-greeter[1787]: DEBUG(+): Getting list of sessions for user 500
Feb 17 06:11:00 tlondon gdm-simple-greeter[1787]: DEBUG(+): Found 0 sessions for user tbl
Feb 17 06:11:01 tlondon kernel: polkitd[1804] general protection ip:3c9262d28f sp:7fff1fedb900 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 17 06:11:01 tlondon abrtd: Directory 'ccpp-1266415861-1804' creation detected
Feb 17 06:11:01 tlondon abrtd: Lock file '/var/cache/abrt/ccpp-1266415861-1804.lock' is locked by process 1806
Feb 17 06:11:01 tlondon rtkit-daemon[1800]: Warning: PolicyKit call failed: Message did not receive a reply (timeout by message bus)
Feb 17 06:11:01 tlondon polkitd[1808]: started daemon version 0.96 using authority implementation `local' version `0.96'

Appears to have started yesterday:
[root@tlondon ~]# grep 'general protection' /var/log/messages
Feb 16 06:41:20 tlondon kernel: polkitd[1774] general protection ip:3c9262d28f sp:7fff7fab09f0 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 16 06:41:20 tlondon kernel: polkitd[1776] general protection ip:3c9262d28f sp:7fff4e2da350 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 16 06:41:20 tlondon kernel: polkitd[1778] general protection ip:3c9262d28f sp:7fff26b919e0 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 16 06:41:21 tlondon kernel: polkitd[1780] general protection ip:3c9262d28f sp:7fffc4e0d990 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 16 08:09:40 tlondon kernel: polkitd[1826] general protection ip:3c9262d28f sp:7fffd59f4ad0 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 16 08:09:40 tlondon kernel: polkitd[1829] general protection ip:3c9262d28f sp:7fffa0823d30 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 16 08:09:40 tlondon kernel: polkitd[1833] general protection ip:3c9262d28f sp:7fff6ecade30 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 16 08:09:40 tlondon kernel: polkitd[1835] general protection ip:3c9262d28f sp:7fff599037c0 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 17 06:11:01 tlondon kernel: polkitd[1804] general protection ip:3c9262d28f sp:7fff1fedb900 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 17 06:11:01 tlondon kernel: polkitd[1808] general protection ip:3c9262d28f sp:7fff60d0c990 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 17 06:11:01 tlondon kernel: polkitd[1811] general protection ip:3c9262d28f sp:7fff68324990 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 17 06:11:01 tlondon kernel: polkitd[1814] general protection ip:3c9262d28f sp:7fff1a55fbc0 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
Feb 17 06:11:01 tlondon kernel: polkitd[1817] general protection ip:3c9262d28f sp:7fffae150760 error:0 in libgobject-2.0.so.0.2303.0[3c92600000+45000]
[root@tlondon ~]# 

There is a core dump.  

Here is what gdb says:

Core was generated by `/usr/libexec/polkit-1/polkitd'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003c9262d28f in IA__g_type_class_ref (type=5140087414976428585)
    at gtype.c:2856
2856	  if (!node || !node->is_classed)
(gdb) set pagination off
(gdb) thread apply all bt full

Thread 1 (Thread 1804):
#0  0x0000003c9262d28f in IA__g_type_class_ref (type=5140087414976428585) at gtype.c:2856
        node = 0x4755424544203a28
        ptype = <value optimized out>
        holds_ref = <value optimized out>
        pclass = <value optimized out>
#1  0x0000003956c2c325 in egg_dbus_error_new_remote_exception_valist (name=0x8486d0 "Org.freedesktop.ConsoleKit.Manager.GeneralError", message=0x848e10 "Unable to lookup session information for process '1798'", error_types=0x7a62a0, format=<value optimized out>, va_args=<value optimized out>) at eggdbuserror.c:309
        s = <value optimized out>
        literal_error = <value optimized out>
        name_escaped = 0x2 <Address 0x2 out of bounds>
        message_escaped = 0x7a62a0 "\200\351{"
        error = 0x8486d0
        error_domain = 212
        error_code = <value optimized out>
        enum_klass = <value optimized out>
        enum_value = <value optimized out>
        n = <value optimized out>
#2  0x0000003956c2c57f in _egg_dbus_error_new_remote_exception (name=<value optimized out>, message=<value optimized out>, error_types=<value optimized out>, format=<value optimized out>) at eggdbuserror.c:362
        va_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fff1fedbab0, reg_save_area = 0x7fff1fedb9d0}}
        new_error = <value optimized out>
#3  0x0000003956c1e52a in egg_dbus_connection_send_message_with_reply_cb (pending_call=0x7c0ff0, simple=0x7ab6a0) at eggdbusconnection.c:2366
        error = <value optimized out>
        error_types = <value optimized out>
        dreply = 0x7ad420
        derror = {name = 0x8486d0 "Org.freedesktop.ConsoleKit.Manager.GeneralError", message = 0x848e10 "Unable to lookup session information for process '1798'", dummy1 = 0, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 1, padding1 = 0x3c41a0ba4d}
        connection = 0x7b5990 [EggDBusConnection]
        message = <value optimized out>
        pending_call_id = <value optimized out>
        loop = <value optimized out>
        cancellable = <value optimized out>
#4  0x0000003c41a0e4fa in complete_pending_call_and_unlock (connection=0x7a48b0, pending=0x7c0ff0, message=<value optimized out>) at dbus-connection.c:2227
No locals.
#5  0x0000003c41a10042 in check_for_reply_and_update_dispatch_unlocked (connection=0x7a48b0, pending=0x7c0ff0) at dbus-connection.c:2246
        reply = 0x7ad420
        status = <value optimized out>
#6  0x0000003c41a10f23 in _dbus_connection_block_pending_call (pending=0x7c0ff0) at dbus-connection.c:2356
        start_tv_sec = 48
        start_tv_usec = 64582
        tv_sec = 260145563998
        tv_usec = 8042144
        status = <value optimized out>
        connection = 0x7a48b0
        client_serial = <value optimized out>
        timeout = 0x848730
        timeout_milliseconds = 25000
#7  0x0000003956c1e98b in egg_dbus_connection_send_message_with_reply_sync (connection=0x7b5990 [EggDBusConnection], call_flags=EGG_DBUS_CALL_FLAGS_NONE, message=0x7bc700 [EggDBusMessage], error_types=0x3953a40760, cancellable=0x0, error=0x0) at eggdbusconnection.c:2302
        reply = 0x7b5990 [EggDBusConnection]
        res = 0x0
        pending_call_id = <value optimized out>
        __PRETTY_FUNCTION__ = "egg_dbus_connection_send_message_with_reply_sync"
#8  0x00000039538164e9 in ck_manager_get_session_for_unix_process_sync (instance=<value optimized out>, call_flags=EGG_DBUS_CALL_FLAGS_NONE, _pid=<value optimized out>, _out_ssid=0x7fff1fedbd40, cancellable=0x0, error=0x0) at ckmanager.c:2022
        object_proxy = <value optimized out>
        message = 0x7bc700 [EggDBusMessage]
        reply = 0x0
        ret = 0
        __PRETTY_FUNCTION__ = "ck_manager_get_session_for_unix_process_sync"
#9  0x00000039538226d3 in polkit_backend_session_monitor_get_session_for_subject (monitor=0x7b4c80 [PolkitBackendSessionMonitor], subject=0x7c4410, error=0x0) at polkitbackendsessionmonitor.c:509
        session_id = 0x0
        session = 0x0
#10 0x000000395381ec39 in check_authorization_sync (authority=<value optimized out>, caller=0x7c69a0, subject=<value optimized out>, action_id=<value optimized out>, details=<value optimized out>, flags=<value optimized out>, cancellable=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at polkitbackendinteractiveauthority.c:931
        user_of_subject = <value optimized out>
        session_for_subject = 0x0
        implicit_authorization = <value optimized out>
        priv = 0x7ab420
        subject_str = <value optimized out>
        session_is_active = 0
        result_details = 0x0
        interactive_authority = <value optimized out>
        result = 0x0
        groups_of_user = 0x0
        session_is_local = 0
        tmp_authz_id = <value optimized out>
#11 polkit_backend_interactive_authority_check_authorization (authority=<value optimized out>, caller=0x7c69a0, subject=<value optimized out>, action_id=<value optimized out>, details=<value optimized out>, flags=<value optimized out>, cancellable=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at polkitbackendinteractiveauthority.c:784
        interactive_authority = <value optimized out>
        priv = 0x7a7200
        caller_str = <value optimized out>
        subject_str = <value optimized out>
        user_of_caller = 0x7cfda0
        user_of_subject = 0x7a7200
        user_of_caller_str = <value optimized out>
        user_of_subject_str = <value optimized out>
        result = 0x0
        implicit_authorization = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED
        error = 0x0
        simple = 0x7ab580
        has_details = <value optimized out>
        detail_keys = <value optimized out>
#12 0x000000395381b56b in authority_handle_check_authorization (instance=0x7c4410, real_subject=<value optimized out>, action_id=<value optimized out>, real_details=<value optimized out>, flags=<value optimized out>, cancellation_id=<value optimized out>, method_invocation=<value optimized out>) at polkitbackendauthority.c:953
        caller_name = 0x7bfd90 ":1.34"
        subject = 0x7c4410
        caller = <value optimized out>
        cancellable = 0x0
        details = <value optimized out>
#13 0x000000395382bf09 in handle_method_call (interface=0x7bdd80, message=<value optimized out>) at _polkitauthority.c:2883
        _cancellation_id = 0x7abc30 ""
        _subject = 0x7b5240 [EggDBusStructure]
        _action_id = 0x7aba70 "org.freedesktop.RealtimeKit1.acquire-high-priority"
        _details = 0x84d3d0 [EggDBusHashMap]
        method_name = 0x7aba70 "org.freedesktop.RealtimeKit1.acquire-high-priority"
        error = 0x0
        signature = 0x7b5180 "\260\v{"
        expected_signature = 0x358e1 <Address 0x358e1 out of bounds>
        iface = 0x7b5240
        method_invocation = 0x7b5180 [EggDBusMethodInvocation]
#14 handle_message (interface=0x7bdd80, message=<value optimized out>) at _polkitauthority.c:3545
        __PRETTY_FUNCTION__ = "handle_message"
#15 0x0000003956c206ec in filter_function_handle_method_call (dconnection=<value optimized out>, message=0x7a6300, user_data=<value optimized out>) at eggdbusconnection.c:2213
        interface_data = <value optimized out>
        connection = <value optimized out>
        method_name = <value optimized out>
        data = 0x7bb8a0
        message = <value optimized out>
        result = DBUS_HANDLER_RESULT_NOT_YET_HANDLED
        objpath = 0x7bbb58 "/org/freedesktop/PolicyKit1/Authority"
        sender = <value optimized out>
        interface_name = 0x7bbbb0 "org.freedesktop.PolicyKit1.Authority"
#16 filter_function (dconnection=<value optimized out>, message=0x7a6300, user_data=<value optimized out>) at eggdbusconnection.c:294
        ret = <value optimized out>
#17 0x0000003c41a109c6 in dbus_connection_dispatch (connection=0x7a48b0) at dbus-connection.c:4444
        filter = <value optimized out>
        next = 0x0
        message = 0x7a6300
        link = <value optimized out>
        filter_list_copy = 0x7bd740
        message_link = 0x7bd620
        result = <value optimized out>
        pending = <value optimized out>
        reply_serial = <value optimized out>
        status = <value optimized out>
        __FUNCTION__ = "dbus_connection_dispatch"
#18 0x0000003955009a25 in message_queue_dispatch (source=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at dbus-gmain.c:101
        connection = 0x7a48b0
#19 0x0000003c91e3a8a2 in g_main_dispatch (context=0x7a18a0) at gmain.c:1960
        dispatch = <value optimized out>
        was_in_call = 0
        user_data = 0x0
        callback = 0
        cb_funcs = 0x0
        cb_data = <value optimized out>
        current_source_link = {data = 0x7b9f90, next = 0x0}
        source = 0x7b9f90
        current = 0x7bd1b0
        i = <value optimized out>
#20 IA__g_main_context_dispatch (context=0x7a18a0) at gmain.c:2513
No locals.
#21 0x0000003c91e3e648 in g_main_context_iterate (context=0x7a18a0, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = 3
        allocated_nfds = <value optimized out>
        fds = <value optimized out>
        __PRETTY_FUNCTION__ = "g_main_context_iterate"
#22 0x0000003c91e3eb8d in IA__g_main_loop_run (loop=0x7a1980) at gmain.c:2799
        self = 0x798030
        __PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#23 0x0000000000400992 in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:59
        ret = 1
        error = 0x0
        loop = 0x0
        authority = 0x7ab400 [PolkitBackendLocalAuthority]
(gdb) 


Version-Release number of selected component (if applicable):
polkit-0.96-1.fc13.x86_64
glib2-2.23.3-1.fc13.x86_64


How reproducible:
Seems so.....

Steps to Reproduce:
1. gdm-greeter login?
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Matthias Clasen 2010-03-23 02:43:23 UTC 
(name=0x8486d0 "Org.freedesktop.ConsoleKit.Manager.GeneralError",

This is caused by a dbus-glib bug that was supposed to be fixed in 
dbus-glib-0.84-3.fc13. 

Which version of dbus-glib do you have ?
Comment 2 Tom London 2010-03-23 13:28:18 UTC 
Hmmm... last logged occurrence was on 28 February:

/var/log/messages-20100228:Feb 23 08:49:31 tlondon kernel: polkitd[1835] general protection ip:39e182d47f sp:7fff1a1bc270 error:0 in libgobject-2.0.so.0.2304.0[39e1800000+45000]
/var/log/messages-20100228:Feb 23 08:49:31 tlondon kernel: polkitd[1838] general protection ip:39e182d47f sp:7fff9dc24cf0 error:0 in libgobject-2.0.so.0.2304.0[39e1800000+45000]
/var/log/messages-20100228:Feb 23 08:49:32 tlondon kernel: polkitd[1844] general protection ip:39e182d47f sp:7fff96803ff0 error:0 in libgobject-2.0.so.0.2304.0[39e1800000+45000]

At that time, I was running  dbus-glib-0.84-2.fc13.x86_64.

I've been running dbus-glib-0.84-3.fc13.x86_64 since 9 March.

Sorry, I didn't notice this before.

Close?
Comment 3 Bug Zapper 2010-07-30 10:51:15 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Matthias Clasen 2010-08-13 18:47:04 UTC 
I assume this is fixed.