GNOME Bugzilla – Bug 673007
[power]: gnome-settings-daemon crashed with SIGSEGV in engine_update_composite_device()
Last modified: 2012-04-10 10:49:25 UTC
Gnome-settings-daemon crashes. Happens while in a live session. Easily reproducible. Boot a live session and choose to install ubuntu. Wait a few seconds and the message will come up. Launchpad Link: https://bugs.launchpad.net/ubuntu/+source/gnome-settings-daemon/+bug/965487
Stacktrace and other relevant files can be found in the launchpad report.
Please attach all relevant files here.
Created attachment 210815 [details] Dependencies
Created attachment 210816 [details] Disassembly
Created attachment 210817 [details] ProcMaps
Created attachment 210818 [details] ProcStatus
Created attachment 210819 [details] Registers
Created attachment 210820 [details] SegvAnalysis
Created attachment 210821 [details] Stacktrace
Created attachment 210822 [details] XsessionErrors
The stacktrace is missing debug information symbols. Please check http://live.gnome.org/GettingTraces to get those debuginfo symbols available.
I am having some trouble with the symbols. This problem occurs within a live CD environment. If I install the debug symbols and then reboot, they are no longer there. I have tried the debug symbols from inside a live session anyway (no reboot), but they are not producing any more output than what was produced in the original report. The problem does not occur from inside a fully installed system. Where should i go from here?
Asking your distribution? I have no idea about Ubuntu's live disks. Fedora's can have persistent storage bolted on, so one would just install the debuginfo packages on the USB key and reproduce the problem.
Created attachment 210911 [details] Stacktrace I managed to pull a better stacktrace from the crash.
the bug is getting quite some duplicates it seems to happen mostly on liveCD, could be due to the slowness or because the installer inhibit suspend etc the code hitting the issue is " /* update the composite device */ array = manager->priv->devices_array; -> for (i=0;i<array->len;i++) {" so somehow "array" is invalid there and trying to access len must hit the bug
https://bugs.launchpad.net/ubuntu/+source/gnome-settings-daemon/+bug/969535 seems a similar issue in engine_get_icon_priv() "#0 engine_get_icon_priv (manager=0xdfb080, device_kind=UP_DEVICE_KIND_BATTERY, warning=WARNING_CRITICAL, use_state=0) at gsd-power-manager.c:596 i = 0 array = 0x0 device = <optimized out> warning_temp = <optimized out> kind = 32545 state = 3489716016 is_present = 32545
+ Trace 230006
Here's what it looks like to me. I haven't hit the crash myself, but I can see how we would. The crash is happening because engine_device_changed_cb() is getting called after the manager is 'stopped' (during which, devices_array is set to NULL). So why is it getting called? Normally it wouldn't, since the stop() function unrefs its UpClient which would disconnect all signals if the manager held the only reference to it. But UpClients are ref-counted singletons. And both the 'updates' and 'xrandr' plugins also use UpClients. So when a manager is stopped, it may not be actually finalizing its own UpClient and thus not disconnecting its signals. So a simple fix is to add an explicit g_signal_handlers_disconnect_by_data (to all three plugins). Patch coming.
Created attachment 211657 [details] [review] Proposed patch
Review of attachment 211657 [details] [review]: Looks right to me.
Review of attachment 211657 [details] [review]: Looks great, thanks for finding the root cause.