GNOME Bugzilla – Bug 652509
nm-applet crashed with SIGSEGV in g_hash_table_foreach()
Last modified: 2011-06-20 12:51:25 UTC
Open bug in launchpad.net: https://bugs.launchpad.net/bugs/796846 "Change of network WiFi and Crash."
+ Trace 227466
Add symbol for libdbusmenu-glib.so.3, generate new Stacktrace: #0 g_hash_table_foreach (hash_table=0x0, func=0x7f7fd02a7910 t<hashtable_foreach_with_values>, user_data=0x7fff946ba470) at /build/buildd/glib2.0-2.29.6/./glib/ghash.c:1343 i = <value optimized out> version = <value optimized out> __PRETTY_FUNCTION__ = "g_hash_table_foreach" #1 0x00007f7fd02a7d7e in hashtable_iterator (hash_type=140186658999296, instance=0x0, iterator=0x7f7fd02a3ea0 <marshal_map_entry>, user_data=0x7fff946ba510) at dbus-gvalue-utils.c:608 data = {func = 0x7f7fd02a3ea0 <marshal_map_entry>, key_type = 64, value_type = 140186658844144, data = 0x7fff946ba510} key_gtype = 64 value_gtype = <value optimized out> #2 0x00007f7fd02a3192 in marshal_map (iter=0x7fff946ba570, value=0x7f7fc00a6740) at dbus-gvalue.c:1716 gtype = <value optimized out> arr_iter = {dummy1 = 0x7f7fc009c1e0, dummy2 = 0x7f7f01e00000, dummy3 = 221548, dummy4 = 0, dummy5 = -1073578272, dummy6 = 32639, dummy7 = 1, dummy8 = 0, dummy9 = -1073102288, dummy10 = 32639, dummy11 = 8, pad1 = 8, pad2 = 0, pad3 = 0xa585d0} hashdata = {entry_sig = 0x7f7fc002a4e0 "sa{sv}", iter = 0x7fff946ba4c0, err = 0} key_sig = <value optimized out> value_sig = 0x7f7fc004ed60 "{sa{sv}}" key_type = <value optimized out> value_type = <value optimized out> entry_sig = 0x7f7fc002a4e0 "sa{sv}" array_sig = 0x7f7fc004ed60 "{sa{sv}}" #3 0x00007f7fd029cc15 in dbus_g_proxy_marshal_args_to_message (proxy=<value optimized out>, method=0x7f7fd07236f3 "AddAndActivateConnection", args=0xa79b00) at dbus-gproxy.c:2244 gvalue = 0x7f7fc00a6740 message = 0x7f7fc009c1e0 msgiter = {dummy1 = 0x7f7fc009c1e0, dummy2 = 0x7f7f01e00000, dummy3 = 131180, dummy4 = 0, dummy5 = -1073578272, dummy6 = 32639, dummy7 = 9, dummy8 = 0, dummy9 = -1073102288, dummy10 = 32639, dummy11 = 0, pad1 = 0, pad2 = 10553680, pad3 = 0xa585d0} i = <value optimized out> priv = <value optimized out> #4 0x00007f7fd029ccc1 in dbus_g_proxy_begin_call_internal (proxy=0xa585d0, method=0x7f7fd07236f3 "AddAndActivateConnection", notify=0x7f7fd070a8d0, user_data=0x7f7fc0059f10, destroy=0x7f7fd070a8c0, args=<value optimized out>, timeout=-1) at dbus-gproxy.c:2277 message = <value optimized out> pending = 0x0 closure = <value optimized out> call_id = <value optimized out> priv = 0xa585f0 #5 0x00007f7fd029f6c2 in dbus_g_proxy_begin_call (proxy=0xa585d0, method=0x7f7fd07236f3 "AddAndActivateConnection", notify=0x7f7fd070a8d0, user_data=0x7f7fc0059f10, destroy=0x7f7fd070a8c0, first_arg_type=<value optimized out>) at dbus-gproxy.c:2531 call_id = <value optimized out> args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7fff946ba820, reg_save_area = 0x7fff946ba700}} arg_values = 0xa79b00 priv = 0xa585f0 __PRETTY_FUNCTION__ = "dbus_g_proxy_begin_call" #6 0x00007f7fd070c6e9 in nm_client_add_and_activate_connection () from /usr/lib/libnm-glib.so.4 No symbol table info available. #7 0x0000000000417cdd in applet_menu_item_activate_helper_new_connection (connection=<value optimized out>, auto_created=<value optimized out>, canceled=<value optimized out>, user_data=0x7f7fc00a5020) at applet.c:525 info = 0x7f7fc00a5020 #8 0x000000000042b319 in wireless_new_auto_connection (device=<value optimized out>, dclass_data=<value optimized out>, callback=<value optimized out>, callback_data=<value optimized out>) at applet-device-wifi.c:539 info = <value optimized out> #9 0x0000000000418a02 in applet_menu_item_activate_helper (device=0xa74090, connection=<value optimized out>, specific_object=<value optimized out>, applet=0xa12000, dclass_data=0x7f7fc002d980) at applet.c:604 info = 0x7f7fc00a5020 dclass = 0x7f7fc000adf0 __PRETTY_FUNCTION__ = "applet_menu_item_activate_helper" #10 0x00007f7fcfbe8da4 in g_closure_invoke (closure=0x7f7fc0166bd0, return_value=0x0, n_param_values=1, param_values=0x7f7fc0054360, invocation_hint=<value optimized out>) at /build/buildd/glib2.0-2.29.6/./gobject/gclosure.c:771 marshal = 0x7f7fcfc04cf0 <g_cclosure_marshal_VOID__VOID> marshal_data = <value optimized out> in_marshal = <value optimized out> __PRETTY_FUNCTION__ = "g_closure_invoke" #11 0x00007f7fcfbfaccb in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0xa2cd20, emission_return=0x0, instance_and_params=0x7f7fc0054360) at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c:3256 tmp = <value optimized out> handler = 0x7f7fc008d670 accumulator = 0x0 emission = {next = 0x7fff946bae10, instance = 0xa2cd20, ihint = {signal_id = 97, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4} class_closure = 0x9f3320 hlist = 0x7f7fcfe36d70 handler_list = 0x7f7fc008d670 return_accu = 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 97 max_sequential_handler_number = 842 return_value_altered = 1 #12 0x00007f7fcfc042d7 in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=0x7fff946babe8) at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c:2987 instance_and_params = 0x7f7fc0054360 signal_return_type = 4 param_values = 0x7f7fc0054378 node = 0x9f3800 i = <value optimized out> n_params = 0 __PRETTY_FUNCTION__ = "g_signal_emit_valist" #13 0x00007f7fcfc044a2 in g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>) at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c:3044 var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff946bacc0, reg_save_area = 0x7fff946bac00}} #14 0x00007f7fcebcebc8 in ?? () from /usr/lib/libdbusmenu-gtk3.so.3 No symbol table info available. #15 0x00007f7fcfbe8da4 in g_closure_invoke (closure=0x7f7fc0175d30, return_value=0x0, n_param_values=2, param_values=0xaa7c70, invocation_hint=<value optimized out>) at /build/buildd/glib2.0-2.29.6/./gobject/gclosure.c:771 marshal = 0x412cc0 <g_cclosure_marshal_VOID__UINT@plt> marshal_data = <value optimized out> in_marshal = <value optimized out> __PRETTY_FUNCTION__ = "g_closure_invoke" #16 0x00007f7fcfbfaccb in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0xa730c0, emission_return=0x0, instance_and_params=0xaa7c70) at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c:3256 tmp = <value optimized out> handler = 0xa822d0 accumulator = 0x0 emission = {next = 0x0, instance = 0xa730c0, ihint = {signal_id = 188, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4} class_closure = 0xa6c210 hlist = 0x7f7fcfe36d70 handler_list = 0xa822d0 return_accu = 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 188 max_sequential_handler_number = 842 return_value_altered = 0 #17 0x00007f7fcfc042d7 in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=0x7fff946bb008) at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c:2987 instance_and_params = 0xaa7c70 signal_return_type = 4 param_values = 0xaa7c88 node = 0xa5d650 i = <value optimized out> n_params = 1 __PRETTY_FUNCTION__ = "g_signal_emit_valist" #18 0x00007f7fcfc044a2 in g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>) at /build/buildd/glib2.0-2.29.6/./gobject/gsignal.c:3044 var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fff946bb0e0, reg_save_area = 0x7fff946bb020}} #19 0x00007f7fce9b2c15 in dbusmenu_menuitem_handle_event (mi=0xa730c0, name=0x7f7fc0095b20 "clicked", variant=0x7f7fc007f260, timestamp=22961008) at /build/buildd/libdbusmenu-0.4.3/./libdbusmenu-glib/menuitem.c:1708 __PRETTY_FUNCTION__ = "dbusmenu_menuitem_handle_event" class = 0xa5d510 handled = 0 #20 0x00007f7fce9b41c7 in event_local_handler (user_data=0x7f7fc0081640) at /build/buildd/libdbusmenu-0.4.3/./libdbusmenu-glib/server.c:1500 data = 0x7f7fc0081640 #21 0x00007f7fcf71103b in g_timeout_dispatch (source=0x7f7fc0088f20, callback=<value optimized out>, user_data=<value optimized out>) at /build/buildd/glib2.0-2.29.6/./glib/gmain.c:3955 timeout_source = 0x7f7fc0088f20 again = <value optimized out> #22 0x00007f7fcf70f85d in g_main_dispatch (context=0x9a6a90) at /build/buildd/glib2.0-2.29.6/./glib/gmain.c:2477 dispatch = 0x7f7fcf711020 <g_timeout_dispatch> was_in_call = 0 user_data = 0x7f7fc0081640 callback = 0x7f7fce9b41b0 <event_local_handler> cb_funcs = 0x7f7fcf9b8650 cb_data = 0x7f7fc00b1e70 current_source_link = {data = 0x7f7fc0088f20, next = 0x0} need_destroy = <value optimized out> source = 0x7f7fc0088f20 current = 0x9e3ca0 i = <value optimized out> #23 g_main_context_dispatch (context=0x9a6a90) at /build/buildd/glib2.0-2.29.6/./glib/gmain.c:3050 No locales. #24 0x00007f7fcf710058 in g_main_context_iterate (context=0x9a6a90, block=<value optimized out>, dispatch=1, self=<value optimized out>) at /build/buildd/glib2.0-2.29.6/./glib/gmain.c:3128 max_priority = 0 timeout = 0 some_ready = 1 nfds = 9 allocated_nfds = <value optimized out> fds = <value optimized out> #25 0x00007f7fcf710592 in g_main_loop_run (loop=0xa0fee0) at /build/buildd/glib2.0-2.29.6/./glib/gmain.c:3336 __PRETTY_FUNCTION__ = "g_main_loop_run" #26 0x0000000000415d97 in main (argc=1, argv=0x7fff946bb3b8) at main.c:106 applet = 0xa12000 i = <value optimized out>
This happens when using glib 2.29.6 specifically, and isn't reproducible if you revert to glib 2.29.4; so I'd say it's more likely an issue in glib (or caused by changes at the glib level, like the new checks for uses of g_hash_table_foreach to not add/remove items in the hash table), but I couldn't say for sure. In other words, this may be a duplicate of bug 652512.
Valgrind log for the crash, *without* the appindicator patch to rule out that part. ;) http://people.ubuntu.com/~mathieu-tl/nmapplet.log And here's another copy of the trace, again without the appindicator patch: http://people.ubuntu.com/~mathieu-tl/nmapplet.trace
*** This bug has been marked as a duplicate of bug 652512 ***