After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 700332 - Crash in end_gnutls_io after suspending system
Crash in end_gnutls_io after suspending system
Status: RESOLVED INCOMPLETE
Product: glib
Classification: Platform
Component: network
2.32.x
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks:
 
 
Reported: 2013-05-14 19:07 UTC by Jim Nelson
Modified: 2018-03-21 00:02 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
gdb output (42.95 KB, text/plain)
2013-05-31 19:30 UTC, Jim Nelson 		Details

Description Jim Nelson 2013-05-14 19:07:16 UTC 
A user at Launchpad has reported a Geary crasher which is occuring inside of GIO 2.32.3, specifically the TLS layer:

https://bugs.launchpad.net/geary/+bug/1178102

The stack trace:

0xa8becdf5 in end_gnutls_io (error=0x9d4ff09c, status=-52, gnutls=0x897de90)
    at gtlsconnection-gnutls.c:491
491	gtlsconnection-gnutls.c: No existe el archivo o el directorio.
(gdb) bt

+ Trace 231945

  • #0 end_gnutls_io
    at gtlsconnection-gnutls.c line 491
  • #1 end_gnutls_io
    at gtlsconnection-gnutls.c line 457
  • #2 g_tls_connection_gnutls_read
    at gtlsconnection-gnutls.c line 1027
  • #3 g_tls_input_stream_gnutls_read
    at gtlsinputstream-gnutls.c line 65
  • #4 g_input_stream_read
    at /build/buildd/glib2.0-2.32.3/./gio/ginputstream.c line 204
  • #5 fill_input_buffer
    at /build/buildd/glib2.0-2.32.3/./gio/gconverterinputstream.c line 335
  • #6 g_converter_input_stream_read
    at /build/buildd/glib2.0-2.32.3/./gio/gconverterinputstream.c line 392
  • #7 read_async_thread
    at /build/buildd/glib2.0-2.32.3/./gio/ginputstream.c line 943
  • #8 run_in_thread
    at /build/buildd/glib2.0-2.32.3/./gio/gsimpleasyncresult.c line 861
  • #9 io_job_thread
    at /build/buildd/glib2.0-2.32.3/./gio/gioscheduler.c line 177
  • #10 g_thread_pool_thread_proxy
    at /build/buildd/glib2.0-2.32.3/./glib/gthreadpool.c line 309
  • #11 g_thread_proxy
    at /build/buildd/glib2.0-2.32.3/./glib/gthread.c line 801
  • #12 start_thread
    from /lib/i386-linux-gnu/libpthread.so.0
  • #13 clone
    from /lib/i386-linux-gnu/libc.so.6 

This appears to be the offending line (gtlsconnection-gnutls.c:491)

  G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);

Note that the TLS connections are issuing BAD_IDENTITY warnings when connecting; no idea if that's relevant here.

It looks like the user can reproduce this quite easily with Geary.
Comment 1 Dan Winship 2013-05-25 13:58:55 UTC 
> This appears to be the offending line (gtlsconnection-gnutls.c:491)
> 
>   G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);

Yes, and there's not really any plausible reason it would crash on that line... if "gnutls" is bad, then it should have crashed sooner, and if it's not, then it shouldn't have crashed at all...

The stack trace also looks weird: note that frames 0 and 1 are both in end_gnutls_io(). So maybe some sort of stack corruption? Running it under valgrind might be useful.
Comment 2 Jim Nelson 2013-05-29 01:08:25 UTC 
Is it possible it's a threading or concurrency issue?  The key point is that the user is suspending the system while Geary is running.  I wonder if a background thread is closing or cleaning up the connection when this method is running.  It would be a tight timing hole, but if the system is just waking up, then the network stack would undoubtedly be cleaning up dead connections as everything comes back to life.
Comment 3 Dan Winship 2013-05-30 12:09:13 UTC 
(In reply to comment #2)
> Is it possible it's a threading or concurrency issue?

in that case, a gdb "thread apply all bt" would be useful.

But yeah, the fact that the crash occurs inside a gio op that has been pushed off to another thread is definitely suspicious.
Comment 4 Jim Nelson 2013-05-31 19:30:22 UTC 
Created attachment 245778 [details]
gdb output
Comment 5 Jim Nelson 2013-05-31 19:30:44 UTC 
I've attached the gdb output.  Apparently the user can reproduce this quite easily.
Comment 6 Michael Catanzaro 2018-02-09 22:17:52 UTC 
(In reply to Dan Winship from comment #1)
> > This appears to be the offending line (gtlsconnection-gnutls.c:491)
> > 
> >   G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->failed (gnutls);
> 
> Yes, and there's not really any plausible reason it would crash on that
> line... if "gnutls" is bad, then it should have crashed sooner, and if it's
> not, then it shouldn't have crashed at all...
> 
> The stack trace also looks weird: note that frames 0 and 1 are both in
> end_gnutls_io(). So maybe some sort of stack corruption? Running it under
> valgrind might be useful.

Yeah, for this one the stack trace doesn't seem actionable. We'll need to catch this one in valgrind/asan/tsan. I'm not expecting a response, since this bug is old and there's a layer of indirection here, but I'll set it to NEEDINFO anyway in case it's still reproducible and you are able to get diagnostics.
Comment 7 Michael Catanzaro 2018-03-21 00:02:46 UTC 
Closing this bug report as no further information has been provided. Please feel free to reopen this bug report if you can provide the information that was asked for in a previous comment.
Thanks!