Ubuntu
indicator-sync package

indicator-sync-service crashed with SIGSEGV in g_type_check_instance_is_a()

Bug #1063003 reported by Mike
566
This bug affects 124 people
Affects Status Importance Assigned to Milestone
The Sync Menu
Fix Released
High
Charles Kerr
indicator-sync (Ubuntu)
Fix Released
High
Unassigned
Raring
Fix Released
High
Unassigned

Bug Description

Just switched an account and got the crash report.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: indicator-sync 12.10.4-0ubuntu1
Uname: Linux 3.6.0-999-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.6.1-0ubuntu1
Architecture: amd64
Date: Sat Oct 6 21:37:22 2012
ExecutablePath: /usr/lib/x86_64-linux-gnu/indicator-sync/indicator-sync-service
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120201.1)
ProcCmdline: /usr/lib/x86_64-linux-gnu/indicator-sync/indicator-sync-service
SegvAnalysis:
 Segfault happened at: 0x7fa835d6369c <g_type_check_instance_is_a+60>: testb $0x4,0x16(%rdi)
 PC (0x7fa835d6369c) ok
 source "$0x4" ok
 destination "0x16(%rdi)" (0x656572662e677282) not located in a known VMA region (needed writable region)!
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: indicator-sync
StacktraceTop:
 g_type_check_instance_is_a () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
 g_object_unref () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
 g_object_unref () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
 ?? ()
Title: indicator-sync-service crashed with SIGSEGV in g_type_check_instance_is_a()
UpgradeStatus: Upgraded to quantal on 2012-09-14 (21 days ago)
UserGroups: adm cdrom dip lp lpadmin plugdev sambashare sudo wireshark

Related branches

lp:~charlesk/indicator-sync/lp-1063003
PS Jenkins bot (community): Approve (continuous-integration)
Indicator Applet Developers: Pending requested
Diff: 43 lines (+11/-6)
2 files modified
src/service/app-menu-item.c (+0/-1)
src/service/sync-service.c (+11/-5)
PS Jenkins bot (community): Approve (continuous-integration)
Lars Karlitski (community): Approve
Diff: 43 lines (+11/-6)
2 files modified
src/service/app-menu-item.c (+0/-1)
src/service/sync-service.c (+11/-5)
lp:~charlesk/indicator-sync/lp-1063003-13.04
lp:ubuntu/raring/indicator-sync
Revision history for this message
Mike (0x656b694d) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 g_type_check_instance_is_a (type_instance=type_instance@entry=0x1df7f80, iface_type=iface_type@entry=80) at /build/buildd/glib2.0-2.34.0/./gobject/gtype.c:3964
 g_object_unref (_object=0x1df7f80) at /build/buildd/glib2.0-2.34.0/./gobject/gobject.c:2915
 g_desktop_app_info_finalize (object=0x1dfb580) at /build/buildd/glib2.0-2.34.0/./gio/gdesktopappinfo.c:180
 g_object_unref (_object=0x1dfb580) at /build/buildd/glib2.0-2.34.0/./gobject/gobject.c:3023
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in indicator-sync (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Robert Ancell (robert-ancell)
visibility: private → public
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in indicator-sync (Ubuntu):
status: New → Confirmed
Revision history for this message
Israel Dahl (israeldahl) wrote :

Ubuntu 13.04 (development) 3.8.0-6-generic i386 i686
Dual DE Unity & Lubuntu

Bug still present as of today

Revision history for this message
martin suchanek (martin-suc) wrote :

added crash report

Bruce Pieterse (octoquad)
tags: added: raring
Revision history for this message
Charles Kerr (charlesk) wrote :

The crash is happening in dbusmenu_server_finalize() when the server frees its lookup_cache hashtable of DbusmenuMenuitems. When the hash table is freed, g_object_unref() is called on each of its values. This crash indicates that one of the pointers in the lookup cache isn't a GObject.

Since the lookup_cache code looks fine (g_object_ref() is called for each menuitem added into the lookup cache) my first guess is there's an unbalanced unref() in either indicator-sync or ubuntuone's client code s.t. the menuitem is destroyed prematurely leaving a dangling pointer in lookup_cache.

It looks like quite a few people are experiencing this. Does anyone subbed to this ticket have suggestions on how to trigger this crash?

Revision history for this message
Perfecto (perfecto) wrote :

I think that it is due to those files installed from repositories not existing any more after the upgrade.

Revision history for this message
doweller (do-weller) wrote :

Bug in fresh install of Xubuntu 13.04 [with lots of KDE stuff (but not KDE as desktop-environment!) installed (like digikam, okular, dolphin)] after login and installation of all updates as from today.

Revision history for this message
Vladimir Scherbaev (zemik) wrote :

Affect me at 13.04

Revision history for this message
Mattia Rizzolo (mapreri) wrote :

I've got this crash after killing ubuntuone-syncdaemon process.

Charles Kerr (charlesk)
Changed in indicator-sync:
importance: Undecided → High
assignee: nobody → Charles Kerr (charlesk)
Revision history for this message
Sebastien Bacher (seb128) wrote :

@Charles: just to confirm your "It looks like quite a few people are experiencing this" statement, that issue is the third most reported bug on raring this month, on errors.ubuntu.com, with 262 reports

Changed in indicator-sync (Ubuntu):
importance: Medium → High
Revision history for this message
Sebastien Bacher (seb128) wrote :

Note also that looking through the duplicates, it could be a segfault on session closing (those tend to be displayed to the user on next login, which quite some users describe there)

Revision history for this message
Sebastien Bacher (seb128) wrote :
Download full text (3.9 KiB)

valgrind log, the error happens after killing syncdaemon (which was mentioned in the description of one of the dups):

"==18403== Invalid read of size 4
==18403== at 0x4208656: g_object_unref (gobject.c:2916)
==18403== by 0x411D9EE: g_desktop_app_info_finalize (gdesktopappinfo.c:189)
==18403== by 0x4208827: g_object_unref (gobject.c:3024)
==18403== by 0x80510BD: app_menu_item_dispose (app-menu-item.c:102)
==18403== by 0x4208797: g_object_unref (gobject.c:2987)
==18403== by 0x407AB81: dbusmenu_menuitem_dispose (menuitem.c:351)
==18403== by 0x4208797: g_object_unref (gobject.c:2987)
==18403== by 0x407F10D: prop_array_teardown (server.c:949)
==18403== by 0x4081592: menuitem_property_idle (server.c:1111)
==18403== by 0x428AF0F: g_idle_dispatch (gmain.c:5205)
==18403== by 0x428E3B2: g_main_context_dispatch (gmain.c:3054)
==18403== by 0x428E74F: g_main_context_iterate.isra.21 (gmain.c:3701)
==18403== by 0x428EC2A: g_main_loop_run (gmain.c:3895)
==18403== by 0x437C934: (below main) (libc-start.c:260)
==18403== Address 0x670fc40 is 0 bytes inside a block of size 20 free'd
==18403== at 0x402B1CC: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18403== by 0x42945BA: standard_free (gmem.c:98)
==18403== by 0x429472F: g_free (gmem.c:252)
==18403== by 0x42AAEDA: g_slice_free1 (gslice.c:1111)
==18403== by 0x4225EBD: g_type_free_instance (gtype.c:1957)
==18403== by 0x420882F: g_object_unref (gobject.c:3037)
==18403== by 0x805170B: app_menu_item_new (app-menu-item.c:344)
==18403== by 0x8052354: on_sync_menu_app_exists (sync-service.c:508)
==18403== by 0x4153115: emit_signal_instance_in_idle_cb (gdbusconnection.c:3715)
==18403== by 0x428AF0F: g_idle_dispatch (gmain.c:5205)
==18403== by 0x428E3B2: g_main_context_dispatch (gmain.c:3054)
==18403== by 0x428E74F: g_main_context_iterate.isra.21 (gmain.c:3701)
==18403== by 0x428EC2A: g_main_loop_run (gmain.c:3895)
==18403== by 0x437C934: (below main) (libc-start.c:260)
==18403==
==18403== Invalid read of size 4
==18403== at 0x4226E0A: g_type_check_instance_is_a (gtype.c:3989)
==18403== by 0x4208670: g_object_unref (gobject.c:2916)
==18403== by 0x411D9EE: g_desktop_app_info_finalize (gdesktopappinfo.c:189)
==18403== by 0x4208827: g_object_unref (gobject.c:3024)
==18403== by 0x80510BD: app_menu_item_dispose (app-menu-item.c:102)
==18403== by 0x4208797: g_object_unref (gobject.c:2987)
==18403== by 0x407AB81: dbusmenu_menuitem_dispose (menuitem.c:351)
==18403== by 0x4208797: g_object_unref (gobject.c:2987)
==18403== by 0x407F10D: prop_array_teardown (server.c:949)
==18403== by 0x4081592: menuitem_property_idle (server.c:1111)
==18403== by 0x428AF0F: g_idle_dispatch (gmain.c:5205)
==18403== by 0x428E3B2: g_main_context_dispatch (gmain.c:3054)
==18403== by 0x428E74F: g_main_context_iterate.isra.21 (gmain.c:3701)
==18403== by 0x428EC2A: g_main_loop_run (gmain.c:3895)
==18403== by 0x437C934: (below main) (libc-start.c:260)
==18403== Address 0x670fc40 is 0 bytes inside a block of size 20 free'd
==18403== at 0x402B1CC: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==...

Read more...

Charles Kerr (charlesk)
Changed in indicator-sync:
status: New → In Progress
Revision history for this message
Charles Kerr (charlesk) wrote :

seb128, thank you! I haven't been able to reproduce the issue but that valgrind log is very helpful.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:indicator-sync at revision 32, scheduled for release in indicator-sync, milestone Unknown

Changed in indicator-sync:
status: In Progress → Fix Committed
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:indicator-sync/13.04 at revision 32, scheduled for release in indicator-sync, milestone 13.04.0

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package indicator-sync - 12.10.5daily13.03.28.1-0ubuntu1

---------------
indicator-sync (12.10.5daily13.03.28.1-0ubuntu1) raring; urgency=low

  [ Charles Kerr ]
  * indicator-sync-service crashed with SIGSEGV in
    g_type_check_instance_is_a() (LP: #1063003)

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 32
 -- Ubuntu daily release <email address hidden> Thu, 28 Mar 2013 20:26:58 +0000

Changed in indicator-sync (Ubuntu Raring):
status: Confirmed → Fix Released
Ted Gould (ted)
Changed in indicator-sync:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.