** Description changed:
+ SRU testcase
+
+ TO BE TESTED BY THE REPORTER(dev)
+
I have a branch that adds a very nice feature to autopilot. A side
effect of this feature is that we send more requests to the unity Debug
DBus interface.
When I run autopilot against unity trunk with my autopilot feature
enabled, unity crashes. I'm unable to get apport to report the bug, so
this information is all collected manually from gdb. Gdb breaks with
this message:
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39
-
The backtrace is:
#0 __strlen_sse2_pminub () at
../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39
#1 0x00007ffff1bdd5e8 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#2 0x00007ffff1bdd71f in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#3 0x00007ffff1bddcee in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#4 0x00007ffff1be110c in g_dbus_message_to_blob () from
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#5 0x00007ffff1bd6292 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#6 0x00007ffff1bd76dd in g_dbus_connection_send_message_with_reply () from
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#7 0x00007ffff1bd90cc in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#8 0x00007ffff1be68c9 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#9 0x00007ffff1be8204 in g_dbus_proxy_call () from
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#10 0x00007fffe03ea7f7 in unity::glib::DBusProxy::Impl::Call (this=0x159f030,
method_name=..., parameters=0x7fffcc3cf590, callback=..., cancellable=0x0,
flags=G_DBUS_CALL_FLAGS_NONE, timeout_msec=-1)
- at /home/thomi/code/canonical/unity/trunk/UnityCore/GLibDBusProxy.cpp:261
+ at /home/thomi/code/canonical/unity/trunk/UnityCore/GLibDBusProxy.cpp:261
#11 0x00007fffe03eae74 in unity::glib::DBusProxy::Call (this=0x159efc0,
method_name=..., parameters=0x7fffcc3cf590, callback=..., cancellable=0x0,
flags=G_DBUS_CALL_FLAGS_NONE, timeout_msec=-1)
- at /home/thomi/code/canonical/unity/trunk/UnityCore/GLibDBusProxy.cpp:319
+ at /home/thomi/code/canonical/unity/trunk/UnityCore/GLibDBusProxy.cpp:319
#12 0x00007fffe03c7bd6 in
unity::indicator::DBusIndicators::Impl::RequestSyncIndicator (this=0x159efa0,
name=...) at
/home/thomi/code/canonical/unity/trunk/UnityCore/DBusIndicators.cpp:232
#13 0x00007fffe03c76c3 in unity::indicator::DBusIndicators::Impl::OnReSync
(this=0x159efa0, parameters=0x7fffcc7150a0) at
/home/thomi/code/canonical/unity/trunk/UnityCore/DBusIndicators.cpp:186
#14 0x00007fffe03d0203 in sigc::bound_mem_functor1<void,
unity::indicator::DBusIndicators::Impl, _GVariant*>::operator()
(this=0x8f701d8, _A_a1=@0x7fffffffd6c8: 0x7fffcc7150a0)
- at /usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:1851
- #15 0x00007fffe03cf60d in
sigc::adaptor_functor<sigc::bound_mem_functor1<void,
unity::indicator::DBusIndicators::Impl, _GVariant*> >::operator()<_GVariant*
const&> (this=0x8f701d0,
- _A_arg1=@0x7fffffffd6c8: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/adaptors/adaptor_trait.h:84
- #16 0x00007fffe03cdc24 in
sigc::internal::slot_call1<sigc::bound_mem_functor1<void,
unity::indicator::DBusIndicators::Impl, _GVariant*>, void, _GVariant*>::call_it
(rep=0x8f701a0,
- a_1=@0x7fffffffd6c8: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/functors/slot.h:137
+ at /usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:1851
+ #15 0x00007fffe03cf60d in
sigc::adaptor_functor<sigc::bound_mem_functor1<void,
unity::indicator::DBusIndicators::Impl, _GVariant*> >::operator()<_GVariant*
const&> (this=0x8f701d0,
+ _A_arg1=@0x7fffffffd6c8: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/adaptors/adaptor_trait.h:84
+ #16 0x00007fffe03cdc24 in
sigc::internal::slot_call1<sigc::bound_mem_functor1<void,
unity::indicator::DBusIndicators::Impl, _GVariant*>, void, _GVariant*>::call_it
(rep=0x8f701a0,
+ a_1=@0x7fffffffd6c8: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/functors/slot.h:137
#17 0x00007fffe332e39b in sigc::slot1<void, _GVariant*>::operator()
(this=0x7fffffffd800, _A_a1=@0x7fffffffd6c8: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/functors/slot.h:515
#18 0x00007fffe03ea5eb in unity::glib::DBusProxy::Impl::OnProxySignal
(this=0x159f030, proxy=0x256fa60, sender_name=0x9120de0 ":1.68",
signal_name=0xb08cf00 "ReSync", parameters=0x7fffcc7150a0)
- at /home/thomi/code/canonical/unity/trunk/UnityCore/GLibDBusProxy.cpp:237
- #19 0x00007fffe03ef8b8 in sigc::bound_mem_functor4<void,
unity::glib::DBusProxy::Impl, _GDBusProxy*, char*, char*,
_GVariant*>::operator() (this=0x124ea58, _A_a1=@0x7fffffffd9b8: 0x256fa60,
- _A_a2=@0x7fffffffd9b0: 0x9120de0 ":1.68", _A_a3=@0x7fffffffd9a8:
0xb08cf00 "ReSync", _A_a4=@0x7fffffffd9a0: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:2055
- #20 0x00007fffe03ef1bf in
sigc::adaptor_functor<sigc::bound_mem_functor4<void,
unity::glib::DBusProxy::Impl, _GDBusProxy*, char*, char*, _GVariant*>
>::operator()<_GDBusProxy* const&, char* const&, char* const&, _GVariant*
const&> (this=0x124ea50, _A_arg1=@0x7fffffffd9b8: 0x256fa60,
_A_arg2=@0x7fffffffd9b0: 0x9120de0 ":1.68", _A_arg3=@0x7fffffffd9a8: 0xb08cf00
"ReSync",
- _A_arg4=@0x7fffffffd9a0: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/adaptors/adaptor_trait.h:144
+ at /home/thomi/code/canonical/unity/trunk/UnityCore/GLibDBusProxy.cpp:237
+ #19 0x00007fffe03ef8b8 in sigc::bound_mem_functor4<void,
unity::glib::DBusProxy::Impl, _GDBusProxy*, char*, char*,
_GVariant*>::operator() (this=0x124ea58, _A_a1=@0x7fffffffd9b8: 0x256fa60,
+ _A_a2=@0x7fffffffd9b0: 0x9120de0 ":1.68", _A_a3=@0x7fffffffd9a8:
0xb08cf00 "ReSync", _A_a4=@0x7fffffffd9a0: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:2055
+ #20 0x00007fffe03ef1bf in
sigc::adaptor_functor<sigc::bound_mem_functor4<void,
unity::glib::DBusProxy::Impl, _GDBusProxy*, char*, char*, _GVariant*>
>::operator()<_GDBusProxy* const&, char* const&, char* const&, _GVariant*
const&> (this=0x124ea50, _A_arg1=@0x7fffffffd9b8: 0x256fa60,
_A_arg2=@0x7fffffffd9b0: 0x9120de0 ":1.68", _A_arg3=@0x7fffffffd9a8: 0xb08cf00
"ReSync",
+ _A_arg4=@0x7fffffffd9a0: 0x7fffcc7150a0) at
/usr/include/sigc++-2.0/sigc++/adaptors/adaptor_trait.h:144
#21 0x00007fffe03ee1c4 in
sigc::internal::slot_call4<sigc::bound_mem_functor4<void,
unity::glib::DBusProxy::Impl, _GDBusProxy*, char*, char*, _GVariant*>, void,
_GDBusProxy*, char*, char*, _GVariant*>::call_it (rep=0x124ea20,
a_1=@0x7fffffffd9b8: 0x256fa60, a_2=@0x7fffffffd9b0: 0x9120de0 ":1.68",
a_3=@0x7fffffffd9a8: 0xb08cf00 "ReSync", a_4=@0x7fffffffd9a0: 0x7fffcc7150a0)
- at /usr/include/sigc++-2.0/sigc++/functors/slot.h:251
- #22 0x00007fffe03eccf6 in sigc::slot4<void, _GDBusProxy*, char*, char*,
_GVariant*>::operator() (this=0x159f098, _A_a1=@0x7fffffffd9b8: 0x256fa60,
_A_a2=@0x7fffffffd9b0: 0x9120de0 ":1.68",
- _A_a3=@0x7fffffffd9a8: 0xb08cf00 "ReSync", _A_a4=@0x7fffffffd9a0:
0x7fffcc7150a0) at /usr/include/sigc++-2.0/sigc++/functors/slot.h:758
- #23 0x00007fffe03ec079 in unity::glib::Signal3<void, _GDBusProxy*, char*,
char*, _GVariant*>::Callback (object=0x256fa60, data1=0x9120de0 ":1.68",
data2=0xb08cf00 "ReSync", data3=0x7fffcc7150a0,
- self=0x159f078) at
/home/thomi/code/canonical/unity/trunk/UnityCore/GLibSignal-inl.h:120
+ at /usr/include/sigc++-2.0/sigc++/functors/slot.h:251
+ #22 0x00007fffe03eccf6 in sigc::slot4<void, _GDBusProxy*, char*, char*,
_GVariant*>::operator() (this=0x159f098, _A_a1=@0x7fffffffd9b8: 0x256fa60,
_A_a2=@0x7fffffffd9b0: 0x9120de0 ":1.68",
+ _A_a3=@0x7fffffffd9a8: 0xb08cf00 "ReSync", _A_a4=@0x7fffffffd9a0:
0x7fffcc7150a0) at /usr/include/sigc++-2.0/sigc++/functors/slot.h:758
+ #23 0x00007fffe03ec079 in unity::glib::Signal3<void, _GDBusProxy*, char*,
char*, _GVariant*>::Callback (object=0x256fa60, data1=0x9120de0 ":1.68",
data2=0xb08cf00 "ReSync", data3=0x7fffcc7150a0,
+ self=0x159f078) at
/home/thomi/code/canonical/unity/trunk/UnityCore/GLibSignal-inl.h:120
#24 0x00007ffff3b81a14 in ffi_call_unix64 () from
/usr/lib/x86_64-linux-gnu/libffi.so.6
#25 0x00007ffff3b81435 in ffi_call () from
/usr/lib/x86_64-linux-gnu/libffi.so.6
#26 0x00007ffff4bef4eb in g_cclosure_marshal_generic () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#27 0x00007ffff4beec82 in g_closure_invoke () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#28 0x00007ffff4bffd51 in ?? () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#29 0x00007ffff4c08079 in g_signal_emit_valist () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#30 0x00007ffff4c08222 in g_signal_emit () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#31 0x00007ffff1be4c14 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#32 0x00007ffff1bd4645 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#33 0x00007ffff5ba9c9a in g_main_context_dispatch () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#34 0x00007ffff5baa060 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#35 0x00007ffff5baa45a in g_main_loop_run () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#36 0x00000000004029ae in main ()
The interesting part starts at frame 10. The crash is on line 261, the
code around that line looks like this:
247 if (proxy_)
248 {
249 CallData* data = new CallData();
250 data->callback = callback;
251 data->impl = this;
252 data->method_name = method_name;
- 253
+ 253
254 g_dbus_proxy_call(proxy_,
255 method_name.c_str(),
256 parameters,
257 flags,
258 timeout_msec,
259 cancellable != NULL ? cancellable : cancellable_,
260 DBusProxy::Impl::OnCallCallback,
261 data);
262 }
-
The arguments look like this:
(gdb) print method_name.c_str()
$1 = 0x2aad5d8 "SyncOne"
(gdb) print flags
$2 = G_DBUS_CALL_FLAGS_NONE
(gdb) print timeout_msec
$3 = -1
(gdb) print cancellable
$4 = (GCancellable *) 0x0
(gdb) print cancellable_
$5 = {object_ = 0xf54b30}
(gdb) print callback
$6 = {<sigc::slot1<void, _GVariant*>> = {<sigc::slot_base> =
{<sigc::functor_base> = {<No data fields>}, rep_ = 0x297f7a0, blocked_ =
false}, <No data fields>}, <No data fields>}
-
The parameters argument looks a little suspicous to me:
(gdb) print parameters
$7 = (GVariant *) 0x7fffcc3cf590
(gdb) print g_variant_get_type_string(parameters)
$8 = -872203104
(gdb) print (const char*) g_variant_get_type_string(parameters)
$9 = 0xffffffffcc033ca0 <Address 0xffffffffcc033ca0 out of bounds>
-
- The type string should return "(s)". Looking up the stack to the place where
'parameters' was created (frame 12 - frame 11 is just the public method calling
into the impl class):
+ The type string should return "(s)". Looking up the stack to the place
+ where 'parameters' was created (frame 12 - frame 11 is just the public
+ method calling into the impl class):
228 void DBusIndicators::Impl::RequestSyncIndicator(std::string const& name)
229 {
230 GVariant* parameter = g_variant_new("(s)", name.c_str());
- 231
+ 231
232 gproxy_.Call("SyncOne", parameter, sigc::mem_fun(this,
&DBusIndicators::Impl::Sync));
233 }
At this point, name seems to be valid:
(gdb) print name.c_str()
$10 = 0x5721d58 "libapplication.so"
...but the parameter still doesn't want to give us a valid type string:
(gdb) print (const char*) g_variant_get_type_string(parameter)
$11 = 0xffffffffcc033ca0 <Address 0xffffffffcc033ca0 out of bounds>
** Changed in: unity (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979429
Title:
Unity crashes with SIGSEGV when hitting debug DBus interface hard
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity/+bug/979429/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
