Canonical System Image

dbus-cpp crash on arm64 in core::dbus::Object::get_property

Bug #1618390 reported by Michał Sawicz
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
High
Timo Jyrinki
Canonical System Image x1 "xenial bringup"
dbus-cpp (Ubuntu)
Invalid
High
Unassigned
location-service (Ubuntu)
Fix Released
High
Timo Jyrinki
mtp (Ubuntu)
Fix Released
High
Timo Jyrinki

Bug Description

Requests to location service cause crashes on arm64:

$ system-image-cli -i
current build number: 23
device name: frieza_arm64
channel: ubuntu-touch/staging/ubuntu
last update: 2016-08-30 09:13:12
version version: 23
version ubuntu: 20160830
version device: 20160824.0
version custom: 20160830

Steps:
* flash the above channel (remember --device frieza_arm64)
* go to a scope using location
* refresh

== Stacktrace =================================
#0 0x0000007f978d4328 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (__val=-1, __mem=0x29) at /usr/include/c++/5/ext/atomicity.h:49
        __val = -1
        __mem = 0x29
#1 0x0000007f978d4328 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (__val=-1, __mem=0x29) at /usr/include/c++/5/ext/atomicity.h:82
        __val = -1
        __mem = 0x29
#2 0x0000007f978d4328 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (this=0x21) at /usr/include/c++/5/bits/shared_ptr_base.h:147
#3 0x0000007f97922a28 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_count<(__gnu_cxx::_Lock_policy)2> const&) (this=this@entry=0x8b34558, __r=...) at /usr/include/c++/5/bits/shared_ptr_base.h:678
        __tmp = 0x8b34ba0
#4 0x0000007f9792cc64 in core::dbus::Object::get_property<com::ubuntu::location::service::Interface::Properties::State>() (this=0x8b34550) at /usr/include/c++/5/bits/shared_ptr_base.h:867
        property = <error reading variable: Cannot access memory at address 0x1fe000001ea41>
#5 0x0000007f9792cc64 in core::dbus::Object::get_property<com::ubuntu::location::service::Interface::Properties::State>() (this=0x8b34550) at /usr/include/c++/5/bits/shared_ptr.h:93
        property = <error reading variable: Cannot access memory at address 0x1fe000001ea41>
#6 0x0000007f9792cc64 in core::dbus::Object::get_property<com::ubuntu::location::service::Interface::Properties::State>() (this=0x8b342c0) at /usr/include/core/dbus/impl/object.h:162
        property = <error reading variable: Cannot access memory at address 0x1fe000001ea41>
#7 0x0000007f97931c08 in com::ubuntu::location::service::Stub::Stub(std::shared_ptr<core::dbus::Bus> const&) (object=warning: can't find linker symbol for virtual table for `std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>' value
warning: can't find linker symbol for virtual table for `std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>' value

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: libubuntu-location-service3 3.0.0+16.04.20160811-0ubuntu1 [origin: LP-PPA-ci-train-ppa-service-stable-phone-overlay]
Uname: Linux 3.10.93+ aarch64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: arm64
Date: Tue Aug 30 09:39:24 2016
SourcePackage: location-service
UpgradeStatus: No upgrade log present (probably fresh install)
---
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: arm64
DistroRelease: Ubuntu 16.04
Package: mtp-server 0.0.4+16.04.20160413-0ubuntu2 [origin: LP-PPA-ci-train-ppa-service-stable-phone-overlay]
PackageArchitecture: arm64
Tags: third-party-packages xenial
Uname: Linux 3.10.93+ aarch64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dialout dip plugdev sudo tty video
_MarkForUpload: True

See original description
Revision history for this message
Michał Sawicz (saviq) wrote :
description: updated
Changed in canonical-devices-system-image:
milestone: none → xenial
Revision history for this message
Michał Sawicz (saviq) wrote :
Revision history for this message
Michał Sawicz (saviq) wrote : Dependencies.txt

apport information

tags: added: apport-collected
description: updated
Revision history for this message
Michał Sawicz (saviq) wrote : ProcEnviron.txt

apport information

Revision history for this message
Michał Sawicz (saviq) wrote : SystemImageInfo.txt

apport information

Revision history for this message
Michał Sawicz (saviq) wrote : upstart.mtp-server.log.txt

apport information

summary: - crash on arm64 in
- com::ubuntu::location::service::Stub::Stub(std::shared_ptr<core::dbus::Bus>
- const&)
+ dbus-cpp crash on arm64 in core::dbus::Object::get_property
Revision history for this message
Michał Sawicz (saviq) wrote :

Very similar stacktrace for mtp-server:

== Stacktrace =================================
#0 0x000000000043ae20 in __gnu_cxx::__exchange_and_add (__val=-1, __mem=0x29) at /usr/include/c++/5/ext/atomicity.h:49
No locals.
#1 __gnu_cxx::__exchange_and_add_dispatch (__val=-1, __mem=0x29) at /usr/include/c++/5/ext/atomicity.h:82
        __val = -1
        __mem = 0x29
#2 std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release (this=0x21) at /usr/include/c++/5/bits/shared_ptr_base.h:147
No locals.
#3 0x000000000044b5e0 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::operator= (__r=..., this=0x7b0bf08) at /usr/include/c++/5/bits/shared_ptr_base.h:678
        __tmp = 0x7b0c480
#4 std::__shared_ptr<core::dbus::Signal<core::dbus::interfaces::Properties::Signals::PropertiesChanged, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, core::dbus::types::Variant, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, core::dbus::types::Variant> > >, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >, (__gnu_cxx::_Lock_policy)2>::operator= (this=0x7b0bf00) at /usr/include/c++/5/bits/shared_ptr_base.h:867
No locals.
#5 std::shared_ptr<core::dbus::Signal<core::dbus::interfaces::Properties::Signals::PropertiesChanged, std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, core::dbus::types::Variant, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, core::dbus::types::Variant> > >, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > > >::operator= (this=0x7b0bf00) at /usr/include/c++/5/bits/shared_ptr.h:93
No locals.
#6 core::dbus::Object::get_property<core::UnityGreeter::Properties::IsActive> (this=0x7b0bc70) at /usr/include/core/dbus/impl/object.h:162
        property = std::shared_ptr (count 1384120321, weak -2007007649) 0x7fd38dd190
#7 0x000000000044c080 in MtpDaemon::MtpDaemon (this=0x7aff8a0, fd=<optimized out>) at /build/mtp-TCjXBd/mtp-0.0.4+16.04.20160413/server/server.cpp:296
        greeter_service = std::shared_ptr (count 2, weak 1) 0x7b0bbc0
        greeter = std::shared_ptr (count 2, weak 1) 0x7b0bc70
#8 0x000000000042edc0 in main (argc=<optimized out>, argv=<optimized out>) at /build/mtp-TCjXBd/mtp-0.0.4+16.04.20160413/server/server.cpp:431
        d = <optimized out>
        fd = 3

Revision history for this message
James Henstridge (jamesh) wrote :

I'm not sure if it is related, but I've encountered test failures in my mediascanner2 silo for dbus-cpp code that previously ran without issue:

https://launchpadlibrarian.net/281863370/buildlog_ubuntu-yakkety-arm64.mediascanner2_0.112+16.10.20160831-0ubuntu1_BUILDING.txt.gz

It also failed on armhf, powerpc, and ppc64el, but passed on i386, amd64 and s390x. The branches in the silo make no changes to the code being run by the failing tests. I'll report back after I've investigated further.

Revision history for this message
James Henstridge (jamesh) wrote :

I'm not convinced my bug is the same as this one. That said, the changes in the latest dbus-cpp package don't look particularly ABI compatible, which may be the cause of this bug:

https://launchpadlibrarian.net/279409841/dbus-cpp_5.0.0+15.10.20151022.1-0ubuntu5_5.0.0+16.10.20160809-0ubuntu1.diff.gz

In particular, it adds and removes members from core::dbus::Object, and that type appears to be referenced by a few methods implemented by libdbus-cpp (so this isn't entirely a header-only type).

If the applications start working with the old libdbus-cpp.so.5, it is quite possible that they can also be made to work by recompiling them.

Revision history for this message
You-Sheng Yang (vicamo) wrote :

Hi, for the mtp-server crash, I found the mtp-server binary package (version 0.0.4+16.04.20160413-0ubuntu2) was built against an previous libdbus-cpp version, and a no-change rebuild against current libdbus-cpp (version 5.0.0+16.04.20160809-0ubuntu1) then mtp-server crash happens no more.

Revision history for this message
You-Sheng Yang (vicamo) wrote :

libmtpserver1 rebuilt against latest libdbus-cpp.

Revision history for this message
You-Sheng Yang (vicamo) wrote :

mtp-server rebuilt against latest libdbus-cpp. Verified on GNOME*, no mtp-server crash, file operations work just fine.

[1]: there seems to be some unresolved issue in kio-mtp: https://bugs.kde.org/show_bug.cgi?id=318980

Revision history for this message
You-Sheng Yang (vicamo) wrote :

BTW, I have location-service rebuilt for bug 1618412. The GPS works on avila. No crash found then. I think it suggests there might be some ABI change in libdbus-cpp recently, so packages linked to libdbus-cpp might need a rebuild then.

Yuan-Chen Cheng (ycheng-twn)
Changed in canonical-devices-system-image:
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dbus-cpp (Ubuntu):
status: New → Confirmed
Changed in location-service (Ubuntu):
status: New → Confirmed
Changed in mtp (Ubuntu):
status: New → Confirmed
Alberto Salvia Novella (es20490446e)
Changed in location-service (Ubuntu):
importance: Undecided → Medium
Changed in mtp (Ubuntu):
importance: Undecided → Medium
Changed in dbus-cpp (Ubuntu):
importance: Undecided → Medium
Jean-Baptiste Lallement (jibel)
Changed in dbus-cpp (Ubuntu):
importance: Medium → High
Changed in location-service (Ubuntu):
importance: Medium → High
Changed in mtp (Ubuntu):
importance: Medium → High
Changed in canonical-devices-system-image:
importance: Undecided → High
Timo Jyrinki (timo-jyrinki)
Changed in canonical-devices-system-image:
assignee: nobody → Timo Jyrinki (timo-jyrinki)
status: Confirmed → In Progress
Timo Jyrinki (timo-jyrinki)
Changed in dbus-cpp (Ubuntu):
status: Confirmed → Invalid
Changed in location-service (Ubuntu):
status: Confirmed → In Progress
Changed in mtp (Ubuntu):
status: Confirmed → In Progress
Changed in location-service (Ubuntu):
assignee: nobody → Timo Jyrinki (timo-jyrinki)
Changed in mtp (Ubuntu):
assignee: nobody → Timo Jyrinki (timo-jyrinki)
Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

location-service (3.0.0+16.04.20160811-0ubuntu2~xenialoverlay1) xenial; urgency=medium

  * No change rebuild for xenial (LP: #1618390)

 -- Timo Jyrinki <email address hidden> Tue, 06 Sep 2016 12:23:11 +0300

mtp (0.0.4+16.04.20160413-0ubuntu3~xenialoverlay1) xenial; urgency=medium

  * No change rebuild for xenial (LP: #1618390)

 -- Timo Jyrinki <email address hidden> Tue, 06 Sep 2016 12:23:37 +0300

https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/stable-phone-overlay/+sourcepub/6859582/+listing-archive-extra

https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/stable-phone-overlay/+sourcepub/6859583/+listing-archive-extra

Changed in mtp (Ubuntu):
status: In Progress → Fix Released
Changed in location-service (Ubuntu):
status: In Progress → Fix Released
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Timo Jyrinki (timo-jyrinki)
Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.