[Bug 214887] New: network triggered avahi/epiphany crash

https://bugzilla.novell.com/show_bug.cgi?id=214887 Summary: network triggered avahi/epiphany crash Product: SUSE Linux 10.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: sbrabec@novell.com QAContact: qa@suse.de CC: security-team@suse.de When using avahi-compat-mDSNResponder instead of mDSNResponder, epiphany crashes on start time after time from unspecified reason. I suspect, that the crash is related to avahi and caused by presence of certain local network device. I have no idea how to reproduce it, but on our intranet it happens several times in month. Adding security team to Cc:, because it has security implication (DoS), but up to 10.1, use of avahi compatibility layer is not a default, so I see no real problem here. Things may change in future products. Work-around: /etc/init.d/avahi-daemon stop Backtrace was generated from '/opt/gnome/bin/epiphany' Using host libthread_db library "/lib64/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 47871358862480 (LWP 3922)] [New Thread 1098918208 (LWP 4378)] [New Thread 1090525504 (LWP 4376)] [New Thread 1082132800 (LWP 4055)] 0x00002b89e611ed3f in __libc_waitpid (pid=4392, stat_loc=0x7fffc751593c, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 41 int result = INLINE_SYSCALL (wait4, 4, pid, stat_loc, options, NULL); #0 0x00002b89e611ed3f in __libc_waitpid (pid=4392, stat_loc=0x7fffc751593c, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 #1 0x00002b89e400cdc7 in libgnomeui_segv_handle (signum=6) at gnome-ui-init.c:749 #2 0x00002b89e36c9603 in nsProfileLock::FatalSignalHandler (signo=6) at nsProfileLock.cpp:210 #3 <signal handler called> #4 0x00002b89e9161aa5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #5 0x00002b89e9162e60 in *__GI_abort () at abort.c:88 #6 0x00002b89e915b246 in *__GI___assert_fail ( assertion=0x2b89e55aab44 "__ret == 0", file=0x2b89e55aaae2 "compat.c", line=348, function=0x2b89e55aaab5 "sdref_free") at assert.c:78 #7 0x00002b89e55a8942 in sdref_unref (sdref=0x1773870) at compat.c:348 #8 0x00002b89e55a96bb in DNSServiceProcessResult (sdref=0x1773870) at compat.c:420 #9 0x00002b89e4b6048c in bonjour_input (io_channel=<value optimized out>, cond=3922, callback_data=0x6) at gnome-vfs-dns-sd.c:794 #10 0x00002b89e8e752ba in g_main_context_dispatch () from /opt/gnome/lib64/libglib-2.0.so.0 #11 0x00002b89e8e78345 in g_main_context_check () from /opt/gnome/lib64/libglib-2.0.so.0 #12 0x00002b89e8e78655 in g_main_loop_run () from /opt/gnome/lib64/libglib-2.0.so.0 #13 0x00002b89e6dc81c3 in gtk_main () from /opt/gnome/lib64/libgtk-x11-2.0.so.0 #14 0x0000000000437eb6 in main (argc=<value optimized out>, argv=<value optimized out>) at ephy-main.c:312 Thread 4 (Thread 1082132800 (LWP 4055)): #0 0x00002b89e91e9116 in *__GI___poll (fds=0x407ffeb0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 oldtype = 0 result = <value optimized out> #1 0x00002b89e3b3243d in PR_Poll (pds=0x716ae8, npds=1, timeout=4294967295) at ptio.c:3877 in_flags_read = 1 in_flags_write = 0 out_flags_read = 0 out_flags_write = 0 stack_syspoll = {{fd = 20, events = 1, revents = 0}, {fd = -435036455, events = 11145, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 5, events = 0, revents = 0}, {fd = 20349584, events = 0, revents = 0}, { fd = 20647600, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 20350424, events = 0, revents = 0}, {fd = 20350480, events = 0, revents = 0}, {fd = -316626195, events = 11145, revents = 0}, { fd = 20350416, events = 0, revents = 0}, {fd = -316644893, events = 11145, revents = 0}, {fd = 112, events = 0, revents = 0}, {fd = 15973472, events = 0, revents = 0}, {fd = 19627936, events = 0, revents = 0}, { fd = 20349584, events = 0, revents = 0}, {fd = -5998, events = 0, revents = 0}, {fd = 19630000, events = 0, revents = 0}, {fd = 19628008, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 16, events = 0, revents = 0}, {fd = 9, events = 0, revents = 0}, {fd = 24, events = 0, revents = 0}, {fd = -373852214, events = 11145, revents = 0}, { fd = 20349584, events = 0, revents = 0}, {fd = -374908279, events = 11145, revents = 0}, {fd = 20349584, events = 0, revents = 0}, {fd = -374941240, events = 11145, revents = 0}, {fd = -1, events = 0, revents = 0}, { fd = 1082130416, events = 0, revents = 0}, {fd = -374908300, events = 11145, revents = 0}, {fd = 19630048, events = 0, revents = 0}, { fd = 1082130464, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 19627992, events = 0, revents = 0}, {fd = 19820704, events = 0, revents = 0}, {fd = 19627992, events = 0, revents = 0}, { fd = -361945248, events = 11145, revents = 0}, {fd = 1, events = 0, revents = 0}, {fd = -374907926, events = 11145, revents = 0}, { fd = -373852226, events = 11145, revents = 0}, {fd = -373857914, events = 11145, revents = 0}, {fd = 19627992, events = 0, revents = 0}, { fd = 18079824, events = 0, revents = 0}, {fd = 18079824, events = 0, revents = 0}, {fd = -373852494, events = 11145, revents = 0}, { fd = -363380016, events = 11145, revents = 0}, {fd = 19820856, events = 0, revents = 0}, {fd = 25, events = 1, revents = 0}, {fd = -373862488, events = 11145, revents = 0}, {fd = 1161765390, events = 0, revents = 0}, { fd = 18079824, events = 0, revents = 0}, {fd = 15972608, events = 0, revents = 0}, {fd = -373863801, events = 11145, revents = 0}, { fd = 18079824, events = 0, revents = 0}, {fd = -373852239, events = 11145, revents = 0}, {fd = -363380016, events = 11145, revents = 0}, { fd = 19820856, events = 0, revents = 0}, {fd = 25, events = 1, revents = 0}, {fd = -373862211, events = 11145, revents = 0}, { fd = 19627936, events = 0, revents = 0}, {fd = -373851016, events = 11145, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = -1355808736, events = 10922, revents = 0}} syspoll = (struct pollfd *) 0x407ffeb0 index = 0 msecs = -1 #2 0x00002b89e9b3e276 in nsSocketTransportService::Poll ( this=<value optimized out>, interval=0x40800144) at nsSocketTransportService2.cpp:359 pollList = (PRPollDesc *) 0x716ae8 pollCount = 1 pollTimeout = 4294967295 ts = 2124220874 rv = <value optimized out> #3 0x00002b89e9b3e497 in nsSocketTransportService::Run (this=0x716130) at nsSocketTransportService2.cpp:568 pollInterval = 0 n = <value optimized out> i = -1 count = <value optimized out> active = 1 #4 0x00002b89e9aa37b1 in nsThread::Main (arg=0x853190) at nsThread.cpp:118 self = <value optimized out> #5 0x00002b89e3b360bd in _pt_root (arg=<value optimized out>) at ptthread.c:220 thred = (PRThread *) 0x7170d0 #6 0x00002b89e6118193 in start_thread (arg=<value optimized out>) at pthread_create.c:306 __res = <value optimized out> pd = (struct pthread *) 0x40800940 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1082132800, -69242350493913400, 47871270420736, 140736537376288, 3, 1082134528, -69242351559266552, -69194486941208684}, mask_was_saved = 0}}, priv = { pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 robust = <value optimized out> #7 0x00002b89e91f145d in clone () from /lib64/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = { mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = ( const void *) 0x2b89e9223480 #8 0x0000000000000000 in ?? () No symbol table info available. Thread 3 (Thread 1090525504 (LWP 4376)): #0 0x00002b89e611df4b in __read_nocancel () from /lib64/libpthread.so.0 No symbol table info available. #1 0x00002b89e55a79f7 in read_command (fd=22) at /usr/include/bits/unistd.h:35 r = <value optimized out> command = <value optimized out> __PRETTY_FUNCTION__ = "read_command" #2 0x00002b89e55a7abc in thread_func (data=<value optimized out>) at compat.c:226 command = 0 '\0' sdref = (DNSServiceRef) 0xc0bdd0 mask = {__val = {18446744067267100671, 18446744073709551615 }} __PRETTY_FUNCTION__ = "thread_func" #3 0x00002b89e6118193 in start_thread (arg=<value optimized out>) at pthread_create.c:306 __res = <value optimized out> pd = (struct pthread *) 0x41001940 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1090525504, -69242350493913400, 47871270420736, 47871270454080, 3, 1090527232, -69242351584428280, -69194486941208684}, mask_was_saved = 0}}, priv = { pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 robust = <value optimized out> #4 0x00002b89e91f145d in clone () from /lib64/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = { mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = ( const void *) 0x2b89e9223480 #5 0x0000000000000000 in ?? () No symbol table info available. Thread 2 (Thread 1098918208 (LWP 4378)): #0 0x00002b89e611b9e7 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 No symbol table info available. #1 0x00002b89e3b2ff18 in pt_TimedWait (cv=0x69dea8, ml=0x69ebe0, timeout=224) at ptsynch.c:280 rv = <value optimized out> now = {tv_sec = 1161765391, tv_usec = 338747} tmo = {tv_sec = 1161766279, tv_nsec = 562747000} ticks = <value optimized out> #2 0x00002b89e3b30b0a in PR_WaitCondVar (cvar=0x69dea0, timeout=888224) at ptsynch.c:407 rv = <value optimized out> thred = (PRThread *) 0x1288ca0 #3 0x00002b89e9aa50ce in TimerThread::Run (this=0x69eaf0) at TimerThread.cpp:318 waitFor = 3 lock = {<nsAutoLockBase> = {<No data fields>}, mLock = 0x69ebe0, mLocked = 1} #4 0x00002b89e9aa37b1 in nsThread::Main (arg=0x1288bb0) at nsThread.cpp:118 self = <value optimized out> #5 0x00002b89e3b360bd in _pt_root (arg=<value optimized out>) at ptthread.c:220 thred = (PRThread *) 0x1288ca0 #6 0x00002b89e6118193 in start_thread (arg=<value optimized out>) at pthread_create.c:306 __res = <value optimized out> pd = (struct pthread *) 0x41802940 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1098918208, -69242350493913400, 47871270420736, 140736537368768, 3, 1098919936, -69242351576051960, -69194486941208684}, mask_was_saved = 0}}, priv = { pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 robust = <value optimized out> #7 0x00002b89e91f145d in clone () from /lib64/libc.so.6 fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = { mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, fs_passno = 0}} __elf_set___libc_subfreeres_element_fstab_free__ = ( const void *) 0x2b89e9223480 #8 0x0000000000000000 in ?? () No symbol table info available. Thread 1 (Thread 47871358862480 (LWP 3922)): #0 0x00002b89e611ed3f in __libc_waitpid (pid=4392, stat_loc=0x7fffc751593c, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 oldtype = 1 result = <value optimized out> #1 0x00002b89e400cdc7 in libgnomeui_segv_handle (signum=6) at gnome-ui-init.c:749 estatus = 11145 sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {1193208, 140736537394493, 47871258438468, 348, 47871258438370, 47871225946112, 47871224828133, 47867410513921, 0, 47867410513921, 0, 47871320918776, 10622208, 6, 47871224849730, 0}}, sa_flags = -382346880, sa_restorer = 0x6} pid = -512 in_segv = 1 #2 0x00002b89e36c9603 in nsProfileLock::FatalSignalHandler (signo=6) at nsProfileLock.cpp:210 oldact = (sigaction *) 0x7fffc751593c #3 <signal handler called> No symbol table info available. #4 0x00002b89e9161aa5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 pid = <value optimized out> selftid = <value optimized out> #5 0x00002b89e9162e60 in *__GI_abort () at abort.c:88 act = {__sigaction_handler = { sa_handler = 0x2b89e9238751 <_libc_intl_domainname>, sa_sigaction = 0x2b89e9238751 <_libc_intl_domainname>}, sa_mask = { __val = {47871321941135, 47871323129952, 47871258438468, 140736537386640, 47871258438370, 140736537386880, 47871321237184, 206158430232, 140736537386896, 140736537386672, 47871321162296, 206158430256, 140736537386920, 18110832, 18644992, 96}}, sa_flags = 9344320, sa_restorer = 0x7fffc7517d3d} sigs = {__val = {32, 0 }} #6 0x00002b89e915b246 in *__GI___assert_fail ( assertion=0x2b89e55aab44 "__ret == 0", file=0x2b89e55aaae2 "compat.c", line=348, function=0x2b89e55aaab5 "sdref_free") at assert.c:78 buf = 0x1145970 "ÀÚ5é\211+" errstr = "Unexpected error.\n" #7 0x00002b89e55a8942 in sdref_unref (sdref=0x1773870) at compat.c:348 __ret = <value optimized out> __PRETTY_FUNCTION__ = "sdref_unref" #8 0x00002b89e55a96bb in DNSServiceProcessResult (sdref=0x1773870) at compat.c:420 __ret = <value optimized out> ret = 0 __PRETTY_FUNCTION__ = "DNSServiceProcessResult" #9 0x00002b89e4b6048c in bonjour_input (io_channel=<value optimized out>, cond=3922, callback_data=0x6) at gnome-vfs-dns-sd.c:794 No locals. #10 0x00002b89e8e752ba in g_main_context_dispatch () from /opt/gnome/lib64/libglib-2.0.so.0 No symbol table info available. #11 0x00002b89e8e78345 in g_main_context_check () from /opt/gnome/lib64/libglib-2.0.so.0 No symbol table info available. #12 0x00002b89e8e78655 in g_main_loop_run () from /opt/gnome/lib64/libglib-2.0.so.0 No symbol table info available. #13 0x00002b89e6dc81c3 in gtk_main () from /opt/gnome/lib64/libgtk-x11-2.0.so.0 No symbol table info available. #14 0x0000000000437eb6 in main (argc=<value optimized out>, argv=<value optimized out>) at ephy-main.c:312 context = (poptContext) 0x627570 context_as_value = {g_type = 68, data = {{v_int = 6452592, v_uint = 6452592, v_long = 6452592, v_ulong = 6452592, v_int64 = 6452592, v_uint64 = 6452592, v_float = 9.04200726e-39, v_double = 3.1880040338300607e-317, v_pointer = 0x627570}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} program = <value optimized out> startup_flags = EPHY_SHELL_STARTUP_SESSION args = (const char **) 0x0 string_arg = 0x62cab0 "/home/sbrabec/.gnome2/epiphany/session_gnome-vHtiP8.xml" user_time = 45963 new_instance = <value optimized out> err = (GError *) 0x0 __PRETTY_FUNCTION__ = "main" 0x00002b89e611ed3f 41 int result = INLINE_SYSCALL (wait4, 4, pid, stat_loc, options, NULL); -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.