Bug 597818

Summary: [abrt] gjs-0.7-1.fc14: gconf_entry_unref: Process /usr/bin/gjs-console was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: gjsAssignee: Peter Robinson <pbrobinson>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: danw, otaylor, pbrobinson, walters
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: abrt_hash:48b2d064a997171d996faf63654e87085cea569b
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-05 12:16:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace none

Description Tom London 2010-05-30 16:24:08 UTC 
abrt version: 1.1.4
architecture: x86_64
Attached file: backtrace
cmdline: /usr/bin/gjs-console -c 'const ClockPreferences = imports.prefs.clockPreferences;\nClockPreferences.main({ progName: \'gnome-shell-clock-preferences\', uiFile: \'/usr/share/gnome-shell/clock-preferences.ui\' });'
component: gjs
crash_function: gconf_entry_unref
executable: /usr/bin/gjs-console
global_uuid: 48b2d064a997171d996faf63654e87085cea569b
kernel: 2.6.34-11.fc14.x86_64
package: gjs-0.7-1.fc14
rating: 4
reason: Process /usr/bin/gjs-console was killed by signal 11 (SIGSEGV)
release: Fedora release 14 (Rawhide)

How to reproduce
-----
1. I tried to configure the "clock display"; running 'gnome-shell'
2.
3.
Comment 1 Tom London 2010-05-30 16:24:10 UTC 
Created attachment 418056 [details]
File: backtrace
Comment 2 Tom London 2010-06-03 13:22:28 UTC 
I'm seeing this running compiz as well.

Looks like I get segfault/core every login:

Core was generated by `/usr/bin/gjs-console -c const ClockPreferences = imports.prefs.clockPreferences'.
Program terminated with signal 11, Segmentation fault.
#0  gconf_entry_unref (entry=0x3498e1cc00) at gconf-value.c:1510
1510	  real->refcount -= 1;
Missing separate debuginfos, use: debuginfo-install PackageKit-gtk-module-0.6.5-1.fc14.x86_64
(gdb) set pagination off
(gdb) where
#0  gconf_entry_unref (entry=0x3498e1cc00) at gconf-value.c:1510
#1  0x0000003d30209b0b in IA__g_boxed_free (boxed_type=14796768, boxed=0x3498e1cc00) at gboxed.c:526
#2  0x00007f89513b23de in boxed_finalize (context=<value optimized out>, obj=<value optimized out>) at gi/boxed.c:576
#3  0x000000315206048a in FinalizeObject (cx=0xd32bb0, gckind=<value optimized out>) at jsgc.cpp:3190
#4  js_GC (cx=0xd32bb0, gckind=<value optimized out>) at jsgc.cpp:3622
#5  0x0000003152033052 in js_DestroyContext (cx=0xd32bb0, mode=JSDCM_FORCE_GC) at jscntxt.cpp:755
#6  0x000000376e608e99 in gjs_context_dispose (object=0xd1a680 [GjsContext]) at gjs/context.c:362
#7  0x0000003d3020db0a in IA__g_object_unref (_object=0xd1a680) at gobject.c:2453
#8  0x0000000000400f62 in main (argc=1, argv=0x7fff907a80b8) at gjs/console.c:110
(gdb) thread apply all bt full

Thread 3 (Thread 6684):
#0  0x0000003d2dedb653 in __poll (fds=0x7f8944001460, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:83
        resultvar = 18446744073709551100
        oldtype = <value optimized out>
        result = <value optimized out>
#1  0x0000003d3f62cc0f in poll_func (ufds=0x7f8944001460, nfds=2, timeout=-1, userdata=0xe8a520) at pulse/thread-mainloop.c:75
        mutex = 0xe8a520
        r = 1140855904
        __func__ = "poll_func"
        __PRETTY_FUNCTION__ = "poll_func"
#2  0x0000003d3f61cae6 in pa_mainloop_poll (m=0xe8a420) at pulse/mainloop.c:879
        __func__ = "pa_mainloop_poll"
        __PRETTY_FUNCTION__ = "pa_mainloop_poll"
#3  0x0000003d3f61dec9 in pa_mainloop_iterate (m=0xe8a420, block=<value optimized out>, retval=0x0) at pulse/mainloop.c:961
        r = 0
        __func__ = "pa_mainloop_iterate"
        __PRETTY_FUNCTION__ = "pa_mainloop_iterate"
#4  0x0000003d3f61df80 in pa_mainloop_run (m=0xe8a420, retval=0x0) at pulse/mainloop.c:979
        r = <value optimized out>
#5  0x0000003d3f62ca0b in thread (userdata=0xe7f870) at pulse/thread-mainloop.c:94
        mask = {__val = {18446744067267100671, 18446744073709551615 <repeats 15 times>}}
#6  0x0000003d41a38878 in internal_thread_func (userdata=0xe8a370) at pulsecore/thread-posix.c:72
        t = 0xe8a370
        __func__ = "internal_thread_func"
        __PRETTY_FUNCTION__ = "internal_thread_func"
#7  0x0000003d2e207951 in start_thread (arg=0x7f894bb44710) at pthread_create.c:301
        __res = <value optimized out>
        pd = 0x7f894bb44710
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140227657352976, -2566878887408797743, 262766926592, 140227657353680, 0, 3, 2554115105785411537, -2586542827999823919}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <value optimized out>
        sp = <value optimized out>
        freesize = <value optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#8  0x0000003d2dee4d9d in ?? () from /lib64/libc.so.6
No symbol table info available.
#9  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 2 (Thread 6682):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
No locals.
#1  0x0000003d3e223cce in PR_WaitCondVar (cvar=0xd326a0, timeout=4294967295) at ../../../mozilla/nsprpub/pr/src/pthreads/ptsynch.c:417
        rv = <value optimized out>
        thred = 0xd326f0
#2  0x00000031520d648c in JSBackgroundThread::work (this=0xd325c0) at jstask.cpp:91
        t = <value optimized out>
#3  0x0000003d3e229843 in _pt_root (arg=0xd326f0) at ../../../mozilla/nsprpub/pr/src/pthreads/ptthread.c:228
        thred = 0xd326f0
        detached = 0
#4  0x0000003d2e207951 in start_thread (arg=0x7f8952200710) at pthread_create.c:301
        __res = <value optimized out>
        pd = 0x7f8952200710
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140227765077776, -2566878887408797743, 140735617334176, 140227765078480, 0, 3, 2554167158641555409, -2586542827999823919}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <value optimized out>
        sp = <value optimized out>
        freesize = <value optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#5  0x0000003d2dee4d9d in ?? () from /lib64/libc.so.6
No symbol table info available.
#6  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 1 (Thread 6681):
#0  gconf_entry_unref (entry=0x3498e1cc00) at gconf-value.c:1510
        real = 0x3498e1cc00
        __PRETTY_FUNCTION__ = "gconf_entry_unref"
#1  0x0000003d30209b0b in IA__g_boxed_free (boxed_type=14796768, boxed=0x3498e1cc00) at gboxed.c:526
        value_table = 0xe8cc18
        __PRETTY_FUNCTION__ = "IA__g_boxed_free"
#2  0x00007f89513b23de in boxed_finalize (context=<value optimized out>, obj=<value optimized out>) at gi/boxed.c:576
        gtype = <value optimized out>
        priv = 0xe6f680
        __PRETTY_FUNCTION__ = "boxed_finalize"
#3  0x000000315206048a in FinalizeObject (cx=0xd32bb0, gckind=<value optimized out>) at jsgc.cpp:3190
        clasp = <value optimized out>
#4  js_GC (cx=0xd32bb0, gckind=<value optimized out>) at jsgc.cpp:3622
        keepAtoms = 0
        i = <value optimized out>
        trc = {context = 0xd32bb0, callback = 0, debugPrinter = 0, debugPrintArg = 0x0, debugPrintIndex = 18446744073709551615}
        a = 0xe1efe0
        emptyArenas = 0x0
        allClear = 0
        callback = <value optimized out>
        thing = 0xe1ecc0
        requestDebit = <value optimized out>
        rt = 0xd24730
        type = <value optimized out>
        thingSize = 64
        flags = <value optimized out>
        freeList = 0xe1ed00
        ap = 0xeacfe8
        flagp = 0xe1efac " \020\020"
#5  0x0000003152033052 in js_DestroyContext (cx=0xd32bb0, mode=JSDCM_FORCE_GC) at jscntxt.cpp:755
        rt = 0xd24730
        cxCallback = <value optimized out>
        last = 0
#6  0x000000376e608e99 in gjs_context_dispose (object=0xd1a680 [GjsContext]) at gjs/context.c:362
        js_context = 0xd1a680 [GjsContext]
#7  0x0000003d3020db0a in IA__g_object_unref (_object=0xd1a680) at gobject.c:2453
        object = 0xd1a680 [GjsContext]
        old_ref = 1
        is_zero = <value optimized out>
        __PRETTY_FUNCTION__ = "IA__g_object_unref"
#8  0x0000000000400f62 in main (argc=1, argv=0x7fff907a80b8) at gjs/console.c:110
        command_line = <value optimized out>
        context = <value optimized out>
        error = 0x0
        js_context = 0xd1a680
        script = 0xd1dac0 "const ClockPreferences = imports.prefs.clockPreferences;\nClockPreferences.main({ progName: 'gnome-shell-clock-preferences', uiFile: '/usr/share/gnome-shell/clock-preferences.ui' });"
        filename = <value optimized out>
        len = 181
        code = <value optimized out>
(gdb) quit
[tbl@tlondon ~]$
Comment 3 Tom London 2010-06-03 13:40:36 UTC 
Hold off.... I made a typing error here.

There actually is only one core dump, the first one I reported.  Please ignore comment #2.... The core dump is valid, it just should be a repeat of the first one.

To repeat, I've only seen one of these crashes, when I was running gnome-shell.

Sorry for the bogus report....
Comment 4 Bug Zapper 2010-07-30 11:45:47 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Dan Winship 2011-04-05 12:16:18 UTC 
looks like maybe some bad use of GConf in the clock config UI? but that UI no longer exists, so...