Bug 1086558 - [abrt] polkit: LookupPropertyWithFlagsInline(): polkitd killed by SIGSEGV
Summary: [abrt] polkit: LookupPropertyWithFlagsInline(): polkitd killed by SIGSEGV
Keywords:
Status: CLOSED DUPLICATE of bug 910262
Alias: None
Product: Fedora
Classification: Fedora
Component: polkit
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miloslav Trmač
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:0b737ed05e4e26ab2a8d32fdd06...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-04-11 06:41 UTC by Fabrice A. Marie
Modified: 2014-09-23 04:21 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-14 22:07:55 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: backtrace (50.16 KB, text/plain)
2014-04-11 06:41 UTC, Fabrice A. Marie 		no flags Details
File: cgroup (157 bytes, text/plain)
2014-04-11 06:41 UTC, Fabrice A. Marie 		no flags Details
File: core_backtrace (17.88 KB, text/plain)
2014-04-11 06:41 UTC, Fabrice A. Marie 		no flags Details
File: dso_list (2.41 KB, text/plain)
2014-04-11 06:41 UTC, Fabrice A. Marie 		no flags Details
File: environ (72 bytes, text/plain)
2014-04-11 06:41 UTC, Fabrice A. Marie 		no flags Details
File: exploitable (82 bytes, text/plain)
2014-04-11 06:41 UTC, Fabrice A. Marie 		no flags Details
File: limits (1.29 KB, text/plain)
2014-04-11 06:42 UTC, Fabrice A. Marie 		no flags Details
File: maps (13.06 KB, text/plain)
2014-04-11 06:42 UTC, Fabrice A. Marie 		no flags Details
File: open_fds (1.48 KB, text/plain)
2014-04-11 06:42 UTC, Fabrice A. Marie 		no flags Details
File: proc_pid_status (925 bytes, text/plain)
2014-04-11 06:42 UTC, Fabrice A. Marie 		no flags Details
File: var_log_messages (3.02 KB, text/plain)
2014-04-11 06:42 UTC, Fabrice A. Marie 		no flags Details
View All

Description Fabrice A. Marie 2014-04-11 06:41:37 UTC 
Version-Release number of selected component:
polkit-0.112-2.fc20

Additional info:
reporter:       libreport-2.2.1
backtrace_rating: 4
cmdline:        /usr/lib/polkit-1/polkitd --no-debug
crash_function: LookupPropertyWithFlagsInline
executable:     /usr/lib/polkit-1/polkitd
kernel:         3.13.8-200.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            999

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 LookupPropertyWithFlagsInline at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4077
 #1 js_GetPropertyHelperInline at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4277
 #2 js::GetPropertyHelper at /usr/src/debug/mozjs17.0.0/js/src/jsobj.cpp:4365
 #3 js::Interpret at /usr/src/debug/mozjs17.0.0/js/src/jsinterpinlines.h:270
 #4 js::RunScript at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.cpp:309
 #5 js::InvokeKernel at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.cpp:363
 #6 js::Invoke at /usr/src/debug/mozjs17.0.0/js/src/jsinterp.h:119
 #7 JS_CallFunctionName at /usr/src/debug/mozjs17.0.0/js/src/jsapi.cpp:5837
 #8 call_js_function_with_runaway_killer at polkitbackendjsauthority.c:1019
 #9 polkit_backend_js_authority_check_authorization_sync at polkitbackendjsauthority.c:1180
Comment 1 Fabrice A. Marie 2014-04-11 06:41:48 UTC 
Created attachment 885260 [details]
File: backtrace
Comment 2 Fabrice A. Marie 2014-04-11 06:41:50 UTC 
Created attachment 885261 [details]
File: cgroup
Comment 3 Fabrice A. Marie 2014-04-11 06:41:52 UTC 
Created attachment 885262 [details]
File: core_backtrace
Comment 4 Fabrice A. Marie 2014-04-11 06:41:55 UTC 
Created attachment 885263 [details]
File: dso_list
Comment 5 Fabrice A. Marie 2014-04-11 06:41:57 UTC 
Created attachment 885264 [details]
File: environ
Comment 6 Fabrice A. Marie 2014-04-11 06:41:59 UTC 
Created attachment 885265 [details]
File: exploitable
Comment 7 Fabrice A. Marie 2014-04-11 06:42:01 UTC 
Created attachment 885266 [details]
File: limits
Comment 8 Fabrice A. Marie 2014-04-11 06:42:04 UTC 
Created attachment 885267 [details]
File: maps
Comment 9 Fabrice A. Marie 2014-04-11 06:42:06 UTC 
Created attachment 885268 [details]
File: open_fds
Comment 10 Fabrice A. Marie 2014-04-11 06:42:08 UTC 
Created attachment 885269 [details]
File: proc_pid_status
Comment 11 Fabrice A. Marie 2014-04-11 06:42:10 UTC 
Created attachment 885270 [details]
File: var_log_messages
Comment 12 Miloslav Trmač 2014-04-11 19:33:07 UTC 
Thanks for your report.  Can you reproduce this crash at will?
Comment 13 Miloslav Trmač 2014-04-11 19:41:58 UTC 
Notes to self:

crash in
> if (!proto->isNative()) {
where isNative is an inline from vm/ObjectImpl-inl.h, invisibly indirecting through proto->shape_ , which is NULL.

"current" at that time points to our generated Action() object, which is constructed by interpreting a script, so not too likely to be incorrect.

Overall likely to be a duplicate of #910262, but the only way to know is to have a reproducer and test with a fixed package.
Comment 14 Fabrice A. Marie 2014-04-13 10:03:11 UTC 
(In reply to Miloslav Trmač from comment #12)
> Thanks for your report.  Can you reproduce this crash at will?

Hi Miloslav,
Sorry, no I can't. I have no idea what I was doing at the time.
Comment 15 Miloslav Trmač 2014-04-14 22:07:55 UTC 
OK, I'll mark it as a duplicate of #910262 for now, which should be fixed Real Soon Now.

If, after fixing that bug, this crash reappears, please reopen this report.

*** This bug has been marked as a duplicate of bug 910262 ***
Note You need to log in before you can comment on or make changes to this bug.