GNOME Bugzilla – Bug 699491
Don't crash when an identity could not be looked up
Last modified: 2013-09-23 01:37:03 UTC
With 3.8.1 ==12033== Invalid read of size 8 ==12033== at 0x413A5B: on_timer_source_ready (goaalarm.c:357) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846278 is 24 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== ==12033== Invalid read of size 8 ==12033== at 0x413A5F: on_timer_source_ready (goaalarm.c:357) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846280 is 32 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== 18:19:11.117:[12067]:[DEBUG]: GoaKerberosIdentityManager: Refreshing identities [goakerberosidentitymanager.c:528, refresh_identities()] ==12033== Invalid read of size 8 ==12033== at 0x413605: fire_or_rearm_alarm (goaalarm.c:287) ==12033== by 0x413AC1: on_timer_source_ready (goaalarm.c:374) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846278 is 24 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== ==12033== Invalid read of size 8 ==12033== at 0x41360C: fire_or_rearm_alarm (goaalarm.c:287) ==12033== by 0x413AC1: on_timer_source_ready (goaalarm.c:374) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846290 is 48 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== (goa-daemon:12033): GLib-CRITICAL **: g_date_time_difference: assertion `end != NULL' failed ==12033== Invalid read of size 8 ==12033== at 0x413615: fire_or_rearm_alarm (goaalarm.c:289) ==12033== by 0x413AC1: on_timer_source_ready (goaalarm.c:374) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846278 is 24 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== ==12033== Invalid read of size 8 ==12033== at 0x41361C: fire_or_rearm_alarm (goaalarm.c:289) ==12033== by 0x413AC1: on_timer_source_ready (goaalarm.c:374) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846298 is 56 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== ==12033== Invalid write of size 8 ==12033== at 0x413693: fire_or_rearm_alarm (goaalarm.c:291) ==12033== by 0x413AC1: on_timer_source_ready (goaalarm.c:374) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846298 is 56 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== ==12033== Invalid read of size 8 ==12033== at 0x3B35230FD0: g_type_check_instance_cast (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x4135E0: fire_alarm (goaalarm.c:270) ==12033== by 0x413AC1: on_timer_source_ready (goaalarm.c:374) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846260 is 0 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== (goa-daemon:12033): GLib-GObject-WARNING **: invalid unclassed pointer in cast to `GObject' ==12033== Invalid read of size 8 ==12033== at 0x3B3523147D: g_type_check_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x3B3522796D: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x3B35228A71: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x413AC1: on_timer_source_ready (goaalarm.c:374) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846260 is 0 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== (goa-daemon:12033): GLib-GObject-WARNING **: instance with invalid (NULL) class pointer (goa-daemon:12033): GLib-GObject-CRITICAL **: g_signal_emit_valist: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed ==12033== Invalid read of size 8 ==12033== at 0x413AC2: on_timer_source_ready (goaalarm.c:377) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846278 is 24 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== ==12033== Invalid read of size 8 ==12033== at 0x3B34687490: g_rec_mutex_unlock (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x413ACE: on_timer_source_ready (goaalarm.c:377) ==12033== by 0x3B34647F45: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x88462b0 is 80 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== ==12033== Invalid read of size 8 ==12033== at 0x413250: clear_timer_source_pointer (goaalarm.c:384) ==12033== by 0x3B34645037: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648051: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x8846278 is 24 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so) ==12033== ==12033== Invalid write of size 8 ==12033== at 0x413254: clear_timer_source_pointer (goaalarm.c:384) ==12033== by 0x3B34645037: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648051: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648297: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34648699: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x408631: main (main.c:135) ==12033== Address 0x88462c8 is 104 bytes inside a block of size 120 free'd ==12033== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12033== by 0x3B3464DAEE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B34663BAA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3522FE68: g_type_free_instance (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x40F7C6: goa_kerberos_identity_dispose (goakerberosidentity.c:123) ==12033== by 0x3B35214337: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3600.1) ==12033== by 0x411DEB: on_job_scheduled (goakerberosidentitymanager.c:558) ==12033== by 0x3B35A59665: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B35A77F04: ??? (in /usr/lib64/libgio-2.0.so.0.3600.1) ==12033== by 0x3B3466CC85: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B3466C2C4: ??? (in /usr/lib64/libglib-2.0.so.0.3600.1) ==12033== by 0x3B32607C52: start_thread (in /usr/lib64/libpthread-2.17.so)
Is it possible to have a backtrace?
I don't have a backtrace of the crash, by the time it crashes it's already been doing too many invalid memory accesses to be useful anyway.
After leaving it running overnight: Program terminated with signal 11, Segmentation fault.
+ Trace 232037
Thread 1 (Thread 0x7f3b09c95700 (LWP 2090))
https://bugzilla.redhat.com/show_bug.cgi?id=878735 https://bugzilla.redhat.com/show_bug.cgi?id=903024 Specifically, the repro is https://bugzilla.redhat.com/show_bug.cgi?id=878735#c13
AFAICT the crash happens due to on_object_manager_ensured_for_look_up() not finding the expected identity (because it has been destroyed), and returning NULL result without error, while ensure_credentials_sync() only checks for error, and hits the NULL when retrieving identity from the operation_result.
For what it is worth, the reproducer for me was https://bugzilla.redhat.com/show_bug.cgi?id=878735#c12
Created attachment 253425 [details] [review] kerberos: Don't crash when an identity could not be looked up
Review of attachment 253425 [details] [review]: ::: src/goabackend/goakerberosprovider.c @@ +642,3 @@ + if (!found) + g_simple_async_result_set_error (operation_result, GOA_ERROR, GOA_ERROR_FAILED, "Failed to find an identity"); + makes sense. ::: src/goaidentity/goakerberosidentity.c @@ +536,2 @@ request = g_slice_new0 (NotifyRequest); + request->self = g_object_ref (self); less sure about this part. there's already a weak reference in place in dispose: if (self->priv->expiration_time_idle_id != 0) g_source_remove (self->priv->expiration_time_idle_id); Did you need this for things to work?
(In reply to comment #8) > Review of attachment 253425 [details] [review]: > ::: src/goaidentity/goakerberosidentity.c > @@ +536,2 @@ > request = g_slice_new0 (NotifyRequest); > + request->self = g_object_ref (self); > > less sure about this part. there's already a weak reference in place in > dispose: > > if (self->priv->expiration_time_idle_id != 0) > g_source_remove (self->priv->expiration_time_idle_id); > > Did you need this for things to work? After I added the previous chunk that sets an error, I got a segmentation fault caused by trying to access a finalized object: Program received signal SIGSEGV, Segmentation fault. g_type_check_instance_cast (type_instance=0x7fffe0002870, iface_type=iface_type@entry=80) at gtype.c:4008 4008 node = lookup_type_node_I (type_instance->g_class->g_type);
+ Trace 232433
Thread 1 (Thread 0x7ffff7ac6a40 (LWP 13540))
You can reproduce in the same way as this bug. Flip the "Network Services" switch on and off, and you should be able to get it to crash in a few attempts.
Debarshi noticed on IRC that while we check the expiration_time_idle_id in dispose we don't check the others that also go through the queue notify path.
so we talked it over and the concensus is we'll drop the check from dispose and move to a hard ref as proposed in attachment 253425 [details] [review]. This makes it more resiliant in the chance an identity gets disposed in a non main thread.
Created attachment 253513 [details] [review] kerberos: Don't crash when an identity could not be looked up
Review of attachment 253513 [details] [review]: +
Comment on attachment 253513 [details] [review] kerberos: Don't crash when an identity could not be looked up Thanks for the review!
Well, the patch fixes the segfault but it doesn't make the thing work. That is, flipping the on/off switch back and forth in the "online accounts" tab of the control center works as expected. However, goa-daemon doesn't - create the tgt on start if it didn't exist - re-create the tgt if was kdestroy-ed while it was running - refresh the tgt on expiry The relevant log messages are: 11:07:47.348:[24545]:[DEBUG]: GoaKerberosIdentityManager: Refreshing identities [goakerberosidentitymanager.c:528, refresh_identities()] 11:07:47.348:[24545]:[DEBUG]: GoaKerberosIdentityManager: Waiting for next operation [goakerberosidentitymanager.c:1047, on_job_scheduled()] 11:07:47.349:[24545]:[DEBUG]: GoaKerberosIdentityManager: Listing identities [goakerberosidentitymanager.c:604, list_identities()] 11:07:47.349:[24545]:[DEBUG]: GoaKerberosIdentityManager: Blocking until identities list processed [goakerberosidentitymanager.c:1011, on_job_scheduled()] 11:07:47.349:[24545]:[DEBUG]: GoaKerberosIdentityManager: Continuing [goakerberosidentitymanager.c:1015, on_job_scheduled()] 11:07:47.349:[24545]:[DEBUG]: GoaKerberosIdentityManager: Waiting for next operation [goakerberosidentitymanager.c:1047, on_job_scheduled()] 11:07:47.352:[24540]:[DEBUG]: GoaIdentityService: could not ensure credentials for account ***@***.COM: GDBus.Error:org.freedesktop.Goa.Error.Failed: Failed to find an identity [goaidentityservice.c:254, on_credentials_ensured()] 11:07:47.368:[24544]:[DEBUG]: Retreived keyring credentials for id: account_1372668879 [goautils.c:218, goa_utils_lookup_credentials_sync()] So the fix is incomplete. I'd like to reopen the bug but I don't have the rights to do so.
Roman, it's not supposed to recreate the tgt if it's kdestroyed (unless you manually resign back in) re the other issues, can you attach your ~/.config/goa-1.0/accounts.conf file?
(In reply to comment #16) > Roman, it's not supposed to recreate the tgt if it's kdestroyed Unless I'm misreading the code in goaidentity/goakerberosidentitymanager.c, it establishes an inotify watch on the kerberos credentials cache (provided it's of FILE: or DIR: type), and schedules a refresh on any change, including deletion. The logs from the goa-daemon also indicate that it notices the deletion and attempts to update the tgt, but fails, with the same diagnostics as if started anew with no tgt. > re the other issues, can you attach your ~/.config/goa-1.0/accounts.conf file? Sure, here you go: [Account account_1360330615] Provider=kerberos Identity=myuid@MY.CORP.COM PresentationIdentity=myuid@MY.CORP.COM Realm=MY.CORP.COM IsTemporary=false TicketingEnabled=true [Account account_1372668648] Provider=google ... irrelevant ... [Account account_1372668879] Provider=exchange ... irrelevant ... FWIW direct dbus call succeeds both to refresh the tgt and to create a new one if it was destroyed: # gdbus call --session --dest org.gnome.OnlineAccounts \ --object-path /org/gnome/OnlineAccounts/Accounts/account_1360330615 \ --method org.gnome.OnlineAccounts.Ticketing.GetTicket
Ray, does the information provided by Roman help ?
Hi Roman, it's confusing but there are two different "refresh" concepts in the code. The first (which happens whenever the credential cache is changed) is to resync gnome-online-accounts idea of identies with the credential cache. The other is to refresh the TGT of a particular identity. If a user runs kdestroy then they're explicitly trying to "sign out" basically, so we wouldn't "sign back in" automatically without additional user intervention. It should definitely be refreshing on expiry. There is a recent bug (bug 705395) that prevents that from working all of the time. I'm going to close this out, because the initial report is resolved. If you continue to have issues after bug 705395 is resolved, please file a new report, and we'll try to track it down!