gnome-session crashed with SIGSEGV in g_str_hash()

Bug #426501 reported by Krzysztof Klimonda
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
DeviceKit-Power
Fix Released
Critical
devicekit-power (Fedora)
Won't Fix
Medium
devicekit-power (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Binary package hint: gnome-session

Unplugged USB mouse twice

ProblemType: Crash
Architecture: i386
Date: Tue Sep 8 23:11:17 2009
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/gnome-session
NonfreeKernelModules: nvidia
Package: gnome-session-bin 2.27.91-0ubuntu1
ProcCmdline: gnome-session
ProcEnviron:
 LANGUAGE=en_GB.UTF-8
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-9.29-generic-pae
SegvAnalysis:
 Segfault happened at: 0xb775d197 <g_str_hash+7>: movsbl (%edx),%eax
 PC (0xb775d197) ok
 source "(%edx)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: gnome-session
StacktraceTop:
 g_str_hash () from /usr/lib/libglib-2.0.so.0
 ?? () from /usr/lib/libglib-2.0.so.0
 g_cclosure_marshal_VOID__STRING ()
 ?? () from /usr/lib/libdbus-glib-1.so.2
 g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
Title: gnome-session crashed with SIGSEGV in g_str_hash()
Uname: Linux 2.6.31-9-generic-pae i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Revision history for this message
In , Adam (adam-redhat-bugs) wrote :

Mostly all in the summary :). If I disconnect the battery from my Vaio P (while it's plugged into the mains, obviously), g-p-m crashes a couple of seconds later. I'll attach bug-buddy's saved trace, and the console output from reproducing the issue with g-p-m running in a console.

Revision history for this message
In , Adam (adam-redhat-bugs) wrote :

Created attachment 359605
console output from g-p-m when the crash happens

I disconnect the battery somewhere between 15:25:46 and 15:26:08. As the logs suggest, g-p-m doesn't crash the instant the battery is removed; it gets as far as removing the icon from the panel (as no battery is present any more), then crashes a bit later.

Revision history for this message
In , Adam (adam-redhat-bugs) wrote :

Created attachment 359606
bug-buddy's log from the crash

Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :
visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt (retraced)

StacktraceTop:IA__g_str_hash (v=0x0) at /build/buildd/glib2.0-2.21.6/glib/gstring.c:99
g_hash_table_remove_internal (hash_table=0x81d1920,
IA__g_cclosure_marshal_VOID__STRING (closure=0x81a4250,
marshal_dbus_message_to_g_marshaller (closure=0x81a4250,
IA__g_closure_invoke (closure=0x81a4250, return_value=0x0,

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt (retraced)
Changed in gnome-session (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :

a gdb backtrace for G_DEBUG=fatal_criticals

Revision history for this message
Chris Coulson (chrisccoulson) wrote :

Thanks for your backtrace. This looks like a devicekit-power bug - reassigning.

affects: gnome-session (Ubuntu) → devicekit-power (Ubuntu)
Changed in devicekit-power (Ubuntu):
importance: Medium → High
status: New → Confirmed
Revision history for this message
Chris Coulson (chrisccoulson) wrote :

Would you mind posting the output of "devkit-power --verbose --monitor-detail" as you plug/unplug your USB mouse? you might need to do this from another terminal separate from your X session so that it doesn't die when the session terminates.

Thanks

Changed in devicekit-power (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
In , Chris Coulson (chrisccoulson) wrote :
Download full text (13.3 KiB)

Created an attachment (id=29355)
dbus-monitor --system

Some users are seeing simultaneous crashes in gnome-power-manager and gnome-session when disconnecting some USB devices. Both crashes have a similar stacktrace.

The crash can be triggered by doing the following steps with the device:

1) Insert, 2) Remove, 3) Insert, 4) Remove - crash

#0 IA__g_str_hash (v=0x0) at /build/buildd/glib2.0-2.21.6/glib/gstring.c:99
 p = (const signed char *) 0x0
 h = <value optimized out>
#1 0xb772bf97 in g_hash_table_remove_internal (hash_table=0x81d1920,
    key=0x0, notify=1) at /build/buildd/glib2.0-2.21.6/glib/ghash.c:195
 node = <value optimized out>
 node_index = <value optimized out>
 __PRETTY_FUNCTION__ = "g_hash_table_remove_internal"
#2 0xb781696c in IA__g_cclosure_marshal_VOID__STRING (closure=0x81a4250,
    return_value=0x0, n_param_values=2, param_values=0x8225ad8,
    invocation_hint=0xbfd13030, marshal_data=0x8070130)
    at /build/buildd/glib2.0-2.21.6/gobject/gmarshal.c:496
 data1 = (gpointer) 0x81e1388
 data2 = (gpointer) 0x81c4880
 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__STRING"
#3 0xb78afc54 in marshal_dbus_message_to_g_marshaller (closure=0x81a4250,
    return_value=0x0, n_param_values=3, param_values=0x81c4a80,
    invocation_hint=0xbfd13030, marshal_data=0x0) at dbus-gproxy.c:1680
 value_array = <value optimized out>
 c_marshaller = (
    GSignalCMarshaller) 0x805007c <g_cclosure_marshal_VOID__STRING@plt>
 proxy = (DBusGProxy *) 0x81e1388
 __PRETTY_FUNCTION__ = "marshal_dbus_message_to_g_marshaller"
#4 0xb78080f2 in IA__g_closure_invoke (closure=0x81a4250, return_value=0x0,
    n_param_values=3, param_values=0x81c4a80, invocation_hint=0xbfd13030)
    at /build/buildd/glib2.0-2.21.6/gobject/gclosure.c:767
 marshal = (
    GClosureMarshal) 0xb78afa80 <marshal_dbus_message_to_g_marshaller>
 marshal_data = (gpointer) 0x0
 __PRETTY_FUNCTION__ = "IA__g_closure_invoke"
#5 0xb781eaf8 in signal_emit_unlocked_R (node=<value optimized out>,
    detail=<value optimized out>, instance=0x81e1388, emission_return=0x0,
    instance_and_params=0x81c4a80)
    at /build/buildd/glib2.0-2.21.6/gobject/gsignal.c:3247
 tmp = (Handler *) 0xb784c200
 handler = (Handler *) 0x81a0ca0
 accumulator = (SignalAccumulator *) 0x0
 emission = {next = 0x0, instance = 0x81e1388, ihint = {
    signal_id = 142, detail = 727, run_type = G_SIGNAL_RUN_FIRST},
  state = EMISSION_RUN, chain_type = 4}
 class_closure = (GClosure *) 0x0
 handler_list = (Handler *) 0xb784c200
 return_accu = <value optimized out>
 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0,
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0,
      v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0,
      v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
 signal_id = 142
 max_sequential_handler_number = 140
 return_value_altered = 0
#6 0xb781fedd in IA__g_signal_emit_valist (instance=0x81e1388,
    signal_id=142, detail=727, var_args=0xbfd131f4 "ôß\211·82Ñ¿\202O\210·")
    at /build/buildd/glib2.0-2.21.6/gobject/gsignal.c:2980
 signal_return_type = 4
 node = (SignalNode *) 0x81e7aa8
 i = <value optimized ou...

Revision history for this message
In , Chris Coulson (chrisccoulson) wrote :

Created an attachment (id=29356)
devkit-power-daemon --verbose

Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :

devkit-power --verbose..

Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :

log from dbus-monitor --system

Changed in devicekit-power (Ubuntu):
status: Incomplete → New
Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :

devkit-power-daemon --verbose

Revision history for this message
Chris Coulson (chrisccoulson) wrote :

I've sent this on to https://bugs.freedesktop.org/show_bug.cgi?id=23820 now. Thanks!

Changed in devicekit-power (Ubuntu):
status: New → Triaged
Changed in devicekit-power:
status: Unknown → Confirmed
Revision history for this message
In , Peter (peter-redhat-bugs) wrote :

I have the same problem with my Dell Latitude D630 which has 2 batteries. It crashes when I remove one of the batteries. It also looks the same issue as RHBZ 513014

Revision history for this message
In , Richard Hughes (richard-hughes) wrote :

Tracking in https://bugzilla.redhat.com/show_bug.cgi?id=520960, I've fixed this earlier today.

Revision history for this message
In , Richard (richard-redhat-bugs) wrote :

*** Bug 522812 has been marked as a duplicate of this bug. ***

Revision history for this message
Chris Coulson (chrisccoulson) wrote :

This is fixed upstream now.

Changed in devicekit-power (Ubuntu):
status: Triaged → Fix Committed
Changed in devicekit-power (Fedora):
status: Unknown → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package devicekit-power - 010+git20090911-0ubuntu1

---------------
devicekit-power (010+git20090911-0ubuntu1) karmic; urgency=low

  * Update to current git to collect some bug fixes:
    - Return meaningful errors if the user tries to suspend or hibernate
      without kernel support or swap setup
    - Update list of HID UPS devices
    - Only disable the polling if the kernel tells us we're fully charged, not
      if we guessed it
    - Add some self tests and fix up some obvious bugs
    - Be more militant with refcount checking to prevent crashes (LP: #426501)
    - bugfix: freeze and thaw the device during initial coldplug
    - Fix up some more memory leaks
    - Fix up a few problems spotted by clang
    - Raise the checked GLib version to 2.21.5
  * Add 0001-fix-crash-on-freeing-history-data.patch: Fix double-free crash,
    forwarded to fd#23918.
  * debian/rules: Run test suite on build.

 -- Martin Pitt <email address hidden> Mon, 14 Sep 2009 10:48:19 +0200

Changed in devicekit-power (Ubuntu):
status: Fix Committed → Fix Released
Changed in devicekit-power:
status: Confirmed → Fix Released
Revision history for this message
In , Peter (peter-redhat-bugs) wrote :

It no longer crashes on battery removal for me. Although it has other issues which I'll report separately.

Revision history for this message
In , Douglas (douglas-redhat-bugs) wrote :

I see this problem on the HP 6910p.

Revision history for this message
In , Adam (adam-redhat-bugs) wrote :

still happens on my P with latest F11 packages.

--
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Revision history for this message
In , Bug (bug-redhat-bugs) wrote :

This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 11 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Revision history for this message
In , Bug (bug-redhat-bugs) wrote :

Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Changed in devicekit-power:
importance: Unknown → Critical
Changed in devicekit-power:
importance: Critical → Unknown
Changed in devicekit-power:
importance: Unknown → Critical
Changed in devicekit-power (Fedora):
importance: Unknown → Medium
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.