[Bug 707127] New: xfce4-power-manager segfaults after suspend / resume
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c0 Summary: xfce4-power-manager segfaults after suspend / resume Classification: openSUSE Product: openSUSE 12.1 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Xfce AssignedTo: bnc-team-xfce@forge.provo.novell.com ReportedBy: seife@novell.slipkontur.de QAContact: qa@suse.de Found By: Third Party Developer/Partner Blocker: --- recently, I noticed that very often (but not always) after a suspend / resume cycle, the xfce4-power-manager was gone. Today, I started it from GDB in order to get some information... (gdb) bt #0 0x000000000040e72f in xfpm_battery_get_message_from_battery_state (battery=0x69acf0) at xfpm-battery.c:204 #1 xfpm_battery_notify (battery=0x69acf0) at xfpm-battery.c:339 #2 0x000000000040effc in xfpm_battery_notify_idle (data=0x69acf0) at xfpm-battery.c:361 #3 0x00007ffff5c6d8ad in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #4 0x00007ffff5c6e0a8 in ?? () from /usr/lib64/libglib-2.0.so.0 #5 0x00007ffff5c6e5e2 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0 #6 0x00007ffff76cf167 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0 #7 0x0000000000409009 in xfpm_start (bus=<optimized out>, client_id=0x0, dump=<optimized out>) at xfpm-main.c:235 #8 0x0000000000409623 in main (argc=1, argv=0x7fffffffdd68) at xfpm-main.c:423 (gdb) bt full #0 0x000000000040e72f in xfpm_battery_get_message_from_battery_state (battery=0x69acf0) at xfpm-battery.c:204 msg = 0x0 #1 xfpm_battery_notify (battery=0x69acf0) at xfpm-battery.c:339 message = 0x0 #2 0x000000000040effc in xfpm_battery_notify_idle (data=0x69acf0) at xfpm-battery.c:361 battery = <optimized out> #3 0x00007ffff5c6d8ad in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 No symbol table info available. #4 0x00007ffff5c6e0a8 in ?? () from /usr/lib64/libglib-2.0.so.0 No symbol table info available. #5 0x00007ffff5c6e5e2 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0 No symbol table info available. #6 0x00007ffff76cf167 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #7 0x0000000000409009 in xfpm_start (bus=<optimized out>, client_id=0x0, dump=<optimized out>) at xfpm-main.c:235 manager = 0x66b860 error = 0x0 __func__ = "xfpm_start" #8 0x0000000000409623 in main (argc=1, argv=0x7fffffffdd68) at xfpm-main.c:423 bus = 0x667c78 error = 0x0 proxy = <optimized out> run = 0 quit = 0 config = 0 version = 0 reload = 0 no_daemon = 1 debug = 0 dump = 0 client_id = 0x0 option_entries = {{long_name = 0x41aee6 "run", short_name = 114 'r', flags = 1, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffffffdc50, description = 0x0, arg_description = 0x0}, {long_name = 0x41aeea "no-daemon", short_name = 0 '\000', flags = 2, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffffffdc64, description = 0x41aef4 "Do not daemonize", arg_description = 0x0}, {long_name = 0x41af05 "debug", short_name = 0 '\000', flags = 2, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffffffdc68, description = 0x41af0b "Enable debugging", arg_description = 0x0}, {long_name = 0x41af1c "dump", short_name = 0 '\000', flags = 2, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffffffdc6c, description = 0x41af21 "Dump all information", arg_description = 0x0}, {long_name = 0x41b574 "restart", short_name = 0 '\000', flags = 2, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffffffdc60, description = 0x41b1d0 "Restart the running instance of Xfce power manager", arg_description = 0x0}, {long_name = 0x41af36 "customize", short_name = 99 'c', flags = 2, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffffffdc58, description = 0x41af40 "Show the configuration dialog", arg_description = 0x0}, {long_name = 0x41bffe "quit", short_name = 113 'q', flags = 2, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffffffdc54, description = 0x41b208 "Quit any running xfce power manager", arg_description = 0x0}, {long_name = 0x41af5e "version", short_name = 86 'V', flags = 2, arg = G_OPTION_ARG_NONE, arg_data = 0x7fffffffdc5c, description = 0x41af66 "Version information", arg_description = 0x0}, {long_name = 0x41af7a "sm-client-id", short_name = 0 '\000', flags = 1, arg = G_OPTION_ARG_STRING, arg_data = 0x7fffffffdc38, description = 0x0, arg_description = 0x0}, {long_name = 0x0, short_name = 0 '\000', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}} (gdb) Hope this helps :-) I also have a core file available, but it is ~50MB compressed, so I'd only upload it if it will be of use for someone. This is with FACTORY, last change in xfce4-power-manager was quite some time ago: seife@susi:~> rpm -qa --last |grep xfce4-power-manager xfce4-power-manager-debuginfo-1.0.10-13.1 Mi 20 Jul 2011 08:19:37 CEST xfce4-power-manager-1.0.10-13.1 Mi 18 Mai 2011 13:20:57 CEST It definitely started failing only recently (maybe a week ago?), so I guess the change in something else (libnotify?) triggered this problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c1 --- Comment #1 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-07-20 22:14:38 CEST --- Short investigation. This is the crashing code (xfpm-battery.c:204): 198 static gchar * 199 xfpm_battery_get_message_from_battery_state (XfpmBattery *battery) 200 { 201 gchar *msg = NULL; 202 203 204 if (battery->priv->type == XFPM_DEVICE_TYPE_BATTERY || battery->priv->type == XFPM_DEVICE_TYPE_UPS) 205 { 206 switch (battery->priv->state) 207 { Ok. gdb: (gdb) print battery $1 = 0x69acf0 <---ok (gdb) print battery->priv $2 = (XfpmBatteryPrivate *) 0xaaaaaaaaaaaaaaaa <--- looks bogus (gdb) print battery->priv->type Cannot access memory at address 0xaaaaaaaaaaaaaae2 (gdb) print battery->parent $5 = {parent_instance = {g_type_instance = {g_class = 0x69add0}, ref_count = 0, qdata = 0xaaaaaaaaaaaaaaaa}, priv = 0xaaaaaaaaaaaaaaaa} (gdb) print battery->priv $6 = (XfpmBatteryPrivate *) 0xaaaaaaaaaaaaaaaa I had suspected a missing null-pointer test, but unfortunately it doesn't look so easy. I have no idea where this 0xaaaaaa... comes from. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c2 Guido Berhörster <gber@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |seife@novell.slipkontur.de --- Comment #2 from Guido Berhörster <gber@opensuse.org> 2011-07-23 15:09:26 UTC --- That looks like a difficult one, have you checked whether it always crashes in the same place, ie. whether always the same pointer gets corrupted? Essentially there have been no code changes since May which indeed make the dependent libraries suspicious. Unfortunately I currently don't have hardware surviving suspend/hibernate to reproduce this myself. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c3 Stefan Seyfried <seife@novell.slipkontur.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Major |Normal --- Comment #3 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-07-24 17:32:13 CEST --- Hi Guido, an update on the state of this bug: * the suspend/resume might be a red herring it's just that I noticed that it was gone some time after a suspend and thought it might be related, but it does not have to * it did not crash on me for the last few days. Maybe it really was a strange inconsistency of other packages. I have it running under gdb now all the time, so if it crashes again, I can generate a core and a backtrace. Resetting the importance field to normal since it more and more feels like some transient failure. I'll keep an eye on this and if it does not reoccur, will close the in a few weeks. If it is more convenient for you / xfce4-maintainers, we can also reassign the bug to me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c4 Stefan Seyfried <seife@novell.slipkontur.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|seife@novell.slipkontur.de | --- Comment #4 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-07-25 08:33:43 CEST --- I should not have written that. Today it crashed, apparently during suspend or immediately after resume. (I'm triggering suspend via xfce4-power-manager with qdbus org.freedesktop.PowerManagement \ /org/freedesktop/PowerManagement \ org.freedesktop.PowerManagement.Suspend The crash is exactly the same: battery->priv is 0xaaaaaaaaaaaaaaaa. I also tried to trigger the crash by repeatedly unplugging and replugging the battery and the AC adapter, but that did not trigger it (my guess was, that it was related to "virtual unplugging" of devices during suspend and the notifications possibly associated with that). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c5 --- Comment #5 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-07-25 10:24:30 CEST --- I asked on the factory list and got answers from coolo and Marcus Meissner: --- On Mon, Jul 25, 2011 at 10:03:09AM +0200, Stephan Kulow wrote:
Am Montag, 25. Juli 2011 schrieb Stefan Seyfried:
My question is: does this 0xaaaaaaaaaaaaaaaa ring a bell for somebody? Is this some magic value or does libnotify use this for something?
Yes, that's the magic value of $MALLOC_PERTURB_ in factory. This is what glibc sets freed memory to. So someone freed your battery's priv, but it still has a pointer to it.
Actually someone freed "battery", so battery->priv is 0xaaaaaaaaaaaaaaaaaa. ;) Ciao, Marcus --- So it's clear where this 0xaa comes from. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c6 --- Comment #6 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-07-28 19:38:18 CEST --- on the list it was mentioned that 0xaa is not freeed but uninitialized memory. Valgrind was unfortunately not too helpful: ==12559== Memcheck, a memory error detector ==12559== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==12559== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info ==12559== Command: xfce4-power-manager --no-daemon ==12559== (xfce4-power-manager:12559): xfce4-power-manager-WARNING **: could not map keysym 1008ffa8 to keycode ** (xfce4-power-manager:12559): DEBUG: Brightness controlled by xrandr, min_level=0 max_level=15 [... much later...] (xfce4-power-manager:12559): GLib-GObject-WARNING **: invalid uninstantiatable type `<invalid>' in cast to `XfpmBattery' ==12559== Invalid read of size 4 ==12559== at 0x40E72F: xfpm_battery_notify (xfpm-battery.c:204) ==12559== by 0x40EFFB: xfpm_battery_notify_idle (xfpm-battery.c:361) ==12559== by 0x6D3A9DC: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.2912.0) ==12559== by 0x6D3B1D7: ??? (in /usr/lib64/libglib-2.0.so.0.2912.0) ==12559== by 0x6D3B711: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.2912.0) ==12559== by 0x5180166: gtk_main (in /usr/lib64/libgtk-x11-2.0.so.0.2400.5) ==12559== by 0x409008: xfpm_start (xfpm-main.c:235) ==12559== by 0x409622: main (xfpm-main.c:423) ==12559== Address 0xaaaaaaaaaaaaaae2 is not stack'd, malloc'd or (recently) free'd ==12559== ==12559== ==12559== Process terminating with default action of signal 11 (SIGSEGV) ==12559== General Protection Fault ==12559== at 0x40E72F: xfpm_battery_notify (xfpm-battery.c:204) ==12559== by 0x40EFFB: xfpm_battery_notify_idle (xfpm-battery.c:361) ==12559== by 0x6D3A9DC: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.2912.0) ==12559== by 0x6D3B1D7: ??? (in /usr/lib64/libglib-2.0.so.0.2912.0) ==12559== by 0x6D3B711: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.2912.0) ==12559== by 0x5180166: gtk_main (in /usr/lib64/libgtk-x11-2.0.so.0.2400.5) ==12559== by 0x409008: xfpm_start (xfpm-main.c:235) ==12559== by 0x409622: main (xfpm-main.c:423) ==12559== ==12559== HEAP SUMMARY: ==12559== in use at exit: 1,338,748 bytes in 11,875 blocks ==12559== total heap usage: 1,580,287 allocs, 1,568,412 frees, 368,416,522 bytes allocated ==12559== [... possible loss records, lots of them ] ==12559== ==12559== LEAK SUMMARY: ==12559== definitely lost: 295 bytes in 7 blocks ==12559== indirectly lost: 0 bytes in 0 blocks ==12559== possibly lost: 653,488 bytes in 5,780 blocks ==12559== still reachable: 684,965 bytes in 6,088 blocks ==12559== suppressed: 0 bytes in 0 blocks ==12559== Reachable blocks (those to which a pointer was found) are not shown. ==12559== To see them, rerun with: --leak-check=full --show-reachable=yes ==12559== ==12559== For counts of detected and suppressed errors, rerun with: -v ==12559== ERROR SUMMARY: 566 errors from 566 contexts (suppressed: 6 from 6) (i removed thousands of lines for possibly lost memory - we don't care for that now ;-) and all the forked children) This output seems to hing that glib already knows that something is wrong: (xfce4-power-manager:12559): GLib-GObject-WARNING **: invalid uninstantiatable type `<invalid>' in cast to `XfpmBattery' -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c7 --- Comment #7 from Guido Berhörster <gber@opensuse.org> 2011-07-28 19:13:51 UTC --- Maybe the upstream author can make something out of that. Would you mind opening a bug on http://bugzilla.xfce.org/ with both stacktrace and valgrind output included? If you prefer I can take care of that as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c8 Stefan Seyfried <seife@novell.slipkontur.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugzilla.xfce.org/s | |how_bug.cgi?id=7851 --- Comment #8 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-07-29 09:52:53 CEST --- Done, filed as https://bugzilla.xfce.org/show_bug.cgi?id=7851 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c Stefan Seyfried <seife@novell.slipkontur.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugzilla.xfce.org/s | |how_bug.cgi?id=7264 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c9 Takashi Iwai <tiwai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |tiwai@suse.com InfoProvider| |seife@novell.slipkontur.de --- Comment #9 from Takashi Iwai <tiwai@suse.com> 2011-10-21 09:31:25 UTC --- Does the package in OBS home:tiwai:branches:X11:xfce/xfce-power-manager repo work? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c10 --- Comment #10 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-10-23 20:23:12 CEST --- I'm trying right now (will take a few days as it did not always crash, but very often). Takashi, the OBS link is broken right now, i had to use osc getbinaries to get your version as the "upstream" version has changed. This was no problem though. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c11 --- Comment #11 from Takashi Iwai <tiwai@suse.com> 2011-10-23 20:23:15 UTC --- OK, the repo is now repaired. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c12 Stefan Seyfried <seife@novell.slipkontur.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|seife@novell.slipkontur.de | --- Comment #12 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-10-23 22:58:23 CEST --- The version before the repo repair has survived about 10 suspend / resume cycles which is looking good. Guido, this seems to be an improvement. I'll continue testing in daily use now and will report back in a few days. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c13 --- Comment #13 from Guido Berhörster <gber@opensuse.org> 2011-10-24 07:47:43 UTC --- OK, I've tested it myself and added it to the main package now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c14 --- Comment #14 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-10-24 10:00:21 CEST --- This is an autogenerated message for OBS integration: This bug (707127) was mentioned in https://build.opensuse.org/request/show/89115 Factory / xfce4-power-manager -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c15 Guido Berhörster <gber@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |gber@opensuse.org Resolution| |FIXED --- Comment #15 from Guido Berhörster <gber@opensuse.org> 2011-11-09 09:57:12 UTC --- Fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=707127 https://bugzilla.novell.com/show_bug.cgi?id=707127#c16 --- Comment #16 from Stefan Seyfried <seife@novell.slipkontur.de> 2011-11-09 11:53:27 CET --- Yes, thanks. Really appreciated. Also thanks Takashi, you never fail to amaze me :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com