Bug 747310 – Crash on session startup

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 747310 - Crash on session startup


Summary:	Crash on session startup


Status:	RESOLVED FIXED

Product:	gdm
Classification:	Core
Component:	general
Version:	3.16.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	GDM maintainers
QA Contact:	GDM maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-04-03 17:48 UTC by Vadim Rutkovsky
Modified:	2015-04-16 13:55 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Stacktrace (6.59 KB, text/x-log) 2015-04-03 17:48 UTC, Vadim Rutkovsky		Details
manager: Don't double-free x11_display_name (1.35 KB, patch) 2015-04-15 11:51 UTC, Jan Alexander Steffens (heftig)	committed	Details \| Review

Description Vadim Rutkovsky 2015-04-03 17:48:29 UTC

Created attachment 300903 [details]
Stacktrace

Crashes on Continuous at https://git.gnome.org/browse/gdm/commit/?id=1edb0e4ae897cb1c53af3f3b2b913d5baf731580

Comment 1 Vadim Rutkovsky 2015-04-03 17:50:13 UTC

Please revert https://git.gnome.org/browse/gnome-continuous/commit/?id=a1c4953699612fa4e22033306e34cae5241360eb after the issue is fixed

Comment 2 Jasper St. Pierre (not reading bugmail) 2015-04-03 17:59:06 UTC

segfaulting in malloc? sounds like memory corruption. can you get a valgrind trace?

Comment 3 Jan Alexander Steffens (heftig) 2015-04-15 10:30:58 UTC

+ Trace 234977

#0 _int_malloc
from /usr/lib/libc.so.6
#1 malloc
from /usr/lib/libc.so.6
#2 g_malloc
at gmem.c line 97
#3 g_memdup
at gstrfuncs.c line 384
#4 g_variant_type_new_tuple
at gvarianttype.c line 1112
#5 g_variant_make_tuple_type
at gvariant.c line 804
#6 g_variant_builder_end
at gvariant.c line 3603
#7 g_variant_valist_new
at gvariant.c line 5083
#8 g_variant_new_va
at gvariant.c line 5256
#9 g_variant_new
#10 invoke_get_property_in_idle_cb
at gdbusconnection.c line 4180
#11 g_main_dispatch
at gmain.c line 3122
#12 g_main_context_dispatch
at gmain.c line 3737
#13 g_main_context_iterate
at gmain.c line 3808
#14 g_main_loop_run
at gmain.c line 4002

Comment 4 Jan Alexander Steffens (heftig) 2015-04-15 11:29:18 UTC

Bisection points me to either e5a0e92f (manager: find session at registration time) or 507aefdf (manager: set display name on session object at registration time).

Comment 5 Jan Alexander Steffens (heftig) 2015-04-15 11:51:58 UTC

Created attachment 301619 [details] [review]
manager: Don't double-free x11_display_name

Found a double-free in the manager code.

Comment 6 Ray Strode [halfline] 2015-04-16 13:53:10 UTC

Review of attachment 301619 [details] [review]:

seems right to me.  I had a somewhat different fix for this in tree at one point before I pushed, I must have accidentally dropped it instead of squashing it or something.

Comment 7 Ray Strode [halfline] 2015-04-16 13:54:57 UTC

Attachment 301619 [details] pushed as fae288e - manager: Don't double-free x11_display_name