Bug 622830 - upowerd segfaults (aborts)....
Summary: upowerd segfaults (aborts)....
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: upower
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Richard Hughes
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 622841 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-10 14:11 UTC by Tom London
Modified: 2010-09-01 13:52 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-09-01 13:52:59 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
gdb output showing output of 'thread apply all bt full' (21.86 KB, text/plain)
2010-08-10 14:11 UTC, Tom London 		no flags Details
View All

Description Tom London 2010-08-10 14:11:47 UTC 
Created attachment 437895 [details]
gdb output showing output of 'thread apply all bt full'

Description of problem:
I'm seeing this each time I boot up/login.

I updated polkit to polkit-0.97-2.fc15.x86_64 and glib2 to glib2-2.25.13-2.fc15.x86_64 before shutting down yesterday....

I attach complete output of 'thread apply all bt full'.

Core was generated by `/usr/libexec/upowerd'.
Program terminated with signal 11, Segmentation fault.
#0  abort () at abort.c:128
128	      ABORT_INSTRUCTION;
(gdb) set pagination off
(gdb) bt full
#0  abort () at abort.c:128
        act = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {18446744073709551615 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#1  0x0000003626a710cb in __libc_message (do_abort=2, fmt=0x3626b52d50 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
        ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffea3aaf30, reg_save_area = 0x7fffea3aae40}}
        ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffea3aaf30, reg_save_area = 0x7fffea3aae40}}
        fd = 2
        on_2 = <value optimized out>
        list = <value optimized out>
        nlist = <value optimized out>
        cp = <value optimized out>
        written = <value optimized out>
#2  0x0000003626a76986 in malloc_printerr (action=3, str=0x3626b52ee8 "munmap_chunk(): invalid pointer", ptr=<value optimized out>) at malloc.c:6283
        buf = "0000000000d574a0"
        cp = <value optimized out>
#3  0x00007fb5b22f8dd3 in g_free (mem=0xd574a0) at gmem.c:204
No locals.
#4  0x00007fb5b22df2b2 in g_error_free (error=0xd550b0) at gerror.c:137
        __PRETTY_FUNCTION__ = "g_error_free"
#5  0x00000000004079cb in up_polkit_is_allowed (polkit=<value optimized out>, subject=<value optimized out>, action_id=<value optimized out>, context=<value optimized out>) at up-polkit.c:115
        ret = 0
        error = 0xd5a860
        error_local = 0xd550b0
        result = <value optimized out>
#6  0x0000000000407f81 in up_daemon_suspend_allowed (daemon=<value optimized out>, context=0xd5ab30) at up-daemon.c:515
        ret = <value optimized out>
        subject = 0xd64b40
        priv = 0xd550b0
#7  0x0000003630e0c87a in invoke_object_method (connection=0xd4b130, message=0xd4b4a0, user_data=<value optimized out>) at dbus-gobject.c:1601
        had_error = <value optimized out>
        value_array = 0xd405a0
        result = <value optimized out>
        gerror = 0x0
        closure = {ref_count = 0, meta_marshal = 0, n_guards = 0, n_fnotifiers = 0, n_inotifiers = 0, in_inotify = 0, floating = 0, derivative_flag = 0, in_marshal = 0, is_invalid = 0, marshal = 0, data = 0x0, notifiers = 0x0}
        out_param_pos = <value optimized out>
        have_retval = 0
        send_reply = <value optimized out>
        in_signature = 0xd66580 ""
        out_param_count = <value optimized out>
        out_param_gvalue_pos = <value optimized out>
        retval_signals_error = 0
        arg_metadata = <value optimized out>
        is_async = <value optimized out>
        out_param_values = 0x0
        return_value = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        out_param_gvalues = 0x0
        reply = 0x0
        retval_is_synthetic = 0
        retval_is_constant = 0
#8  object_registration_message (connection=0xd4b130, message=0xd4b4a0, user_data=<value optimized out>) at dbus-gobject.c:1757
        pspec = <value optimized out>
        object = 0xd55090
        setter = <value optimized out>
        getter = <value optimized out>
        getall = <value optimized out>
        s = <value optimized out>
        wincaps_propname = <value optimized out>
        wincaps_propiface = <value optimized out>
        iter = {dummy1 = 0xd62b70, dummy2 = 0x0, dummy3 = 14092912, dummy4 = 0, dummy5 = 0, dummy6 = 0, dummy7 = 1, dummy8 = 0, dummy9 = -1300076760, dummy10 = 32693, dummy11 = 7, pad1 = 0, pad2 = 7, pad3 = 0x0}
        method = 0x418c28
        object_info = <value optimized out>
        ret = <value optimized out>
        o = <value optimized out>
#9  0x00007fb5b2826d41 in _dbus_object_tree_dispatch_and_unlock (tree=0xd4ade0, message=0xd4b4a0) at dbus-object-tree.c:858
        message_function = 0x3630e0b230 <object_registration_message>
        user_data = <value optimized out>
        next = 0x0
        path = 0xd70a60
        exact_match = 0
        list = 0xd4dfd0
        link = <value optimized out>
        result = DBUS_HANDLER_RESULT_NOT_YET_HANDLED
        subtree = <value optimized out>
#10 0x00007fb5b2818ba2 in dbus_connection_dispatch (connection=0xd4b130) at dbus-connection.c:4691
        message = 0xd4b4a0
        link = <value optimized out>
        filter_list_copy = 0x0
        message_link = 0xd4dfb8
        result = <value optimized out>
        pending = <value optimized out>
        reply_serial = <value optimized out>
        status = <value optimized out>
        __FUNCTION__ = "dbus_connection_dispatch"
#11 0x0000003630e099d5 in message_queue_dispatch (source=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at dbus-gmain.c:101
        connection = 0xd4b130
#12 0x00007fb5b22f1f33 in g_main_dispatch (context=0xd4e130) at gmain.c:2119
        dispatch = 0x3630e099c0 <message_queue_dispatch>
        was_in_call = 0
        user_data = 0x0
        callback = 0
        cb_funcs = 0x0
        cb_data = 0x0
        current_source_link = {data = 0xd4e210, next = 0x0}
        need_destroy = <value optimized out>
        source = 0xd4e210
        current = 0xd5f050
        i = <value optimized out>
#13 g_main_context_dispatch (context=0xd4e130) at gmain.c:2672
No locals.
#14 0x00007fb5b22f2710 in g_main_context_iterate (context=0xd4e130, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2750
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = 4
        allocated_nfds = <value optimized out>
        fds = <value optimized out>
#15 0x00007fb5b22f2d82 in g_main_loop_run (loop=0xd65ca0) at gmain.c:2958
        __PRETTY_FUNCTION__ = "g_main_loop_run"
#16 0x0000000000410a6d in main (argc=1, argv=0x7fffea3ab828) at up-main.c:207
        error = 0x0
        daemon = 0xd55090
        qos = 0xd4f640
        wakeups = 0xd64140
        context = <value optimized out>
        bus_proxy = <value optimized out>
        bus = <value optimized out>
        ret = <value optimized out>
        retval = 1
        timed_exit = 0
        immediate_exit = 0
        timer_id = <value optimized out>
        options = {{long_name = 0x41aec3 "timed-exit", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffea3ab71c, description = 0x41aeaa "Exit after a small delay", arg_description = 0x0}, {long_name = 0x41aece "immediate-exit", short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffea3ab718, description = 0x41af68 "Exit after the engine has loaded", arg_description = 0x0}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}}
        __FUNCTION__ = "main"
(gdb)

Version-Release number of selected component (if applicable):
upower-0.9.5-4.fc14.x86_64
dbus-1.3.2-0.1.885483.fc15.x86_64
glib2-2.25.13-2.fc15.x86_64
glib2-2.25.13-2.fc15.i686
glibc-2.12.90-6.x86_64
glibc-2.12.90-6.i686
polkit-0.97-2.fc15.x86_64


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2010-08-10 14:12:31 UTC 
Ooops... Forgot to say that it happens every boot/login.
Comment 2 Tom London 2010-08-10 14:14:46 UTC 
Notice this in ~/.xsession-errors:

(gnome-power-manager:2262): GLib-GObject-WARNING **: gsignal.c:2275: signal `proxy-status' is invalid for instance `0xcb0870'

(gnome-settings-daemon:2223): GdkPixbuf-CRITICAL **: gdk_pixbuf_format_get_name: assertion `format != NULL' failed

(gnome-power-manager:2262): libupower-glib-WARNING **: Couldn't enumerate devices: Message did not receive a reply (timeout by message bus)
*** ERROR ***
TI:06:45:17	TH:0xc1b0b0	FI:gpm-engine.c	FN:gpm_engine_coldplug_idle_cb,828
 - failed to get device list: Message did not receive a reply (timeout by message bus)
Traceback:
	gnome-power-manager(egg_error_real+0xd4) [0x41a464]
	gnome-power-manager() [0x4195e2]
	/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x1f3) [0x7f7482873f33]
	/lib64/libglib-2.0.so.0(+0x3f710) [0x7f7482874710]
	/lib64/libglib-2.0.so.0(g_main_loop_run+0x182) [0x7f7482874d82]
	gnome-power-manager(main+0x597) [0x40f887]
	/lib64/libc.so.6(__libc_start_main+0xfd) [0x3626a1ecdd]
	gnome-power-manager() [0x40a4b9]
Comment 3 Richard Hughes 2010-08-10 15:02:10 UTC 
This is the problem:

** (upowerd:21187): CRITICAL **: polkit_authority_check_authorization_sync: assertion `error == NULL || *error == NULL' failed

Old versions of PolicyKit did not check the error value, but this new version (correctly) does, and this exposes a bug in the upower package. I'll build a new package now for testing.
Comment 4 Richard Hughes 2010-08-10 15:11:08 UTC 
Can you try the build here please: http://koji.fedoraproject.org/koji/taskinfo?taskID=2391442
Comment 5 Richard Hughes 2010-08-10 15:16:22 UTC 
*** Bug 622841 has been marked as a duplicate of this bug. ***
Comment 6 Tom London 2010-08-10 15:40:04 UTC 
I updated to:

[tbl@tlondon ~]$ rpm -qa upower\*
upower-debuginfo-0.9.5-5.fc15.x86_64
upower-0.9.5-5.fc15.x86_64
[tbl@tlondon ~]$ 

Appears to be working: no more upowerd core dumps, etc.

Only related message in ~/.xsession-errors:

(gnome-power-manager:2237): GLib-GObject-WARNING **: gsignal.c:2275: signal `proxy-status' is invalid for instance `0x1008870'

Thanks for the quick fix!
Comment 7 Tom London 2010-09-01 13:52:59 UTC 
Believe this can be closed.

Fixed in upower-0.9.5-5.fc15.x86_64
Note You need to log in before you can comment on or make changes to this bug.