16105 – xfce4-session segfault on shutdown

xfce4-session segfault on shutdown

Status:

RESOLVED: FIXED

Priority:
Medium

Severity:
normal

Product:
Xfce4-session

Component:

General

Comments

Description Liam Shepherd 2019-10-30 23:15:40 CET

I think it might trigger as I don't have a screensaver (I use physlock as a locker) based on Thread 1 of the backtrace but I may be misreading it. The segfault happens consistently when I quit X to shutdown. Full trace below:

Core was generated by `xfce4-session'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  g_type_check_instance_cast (type_instance=0x55c4be2833a0, iface_type=80) at ../glib-2.60.6/gobject/gtype.c:4057
4057	../glib-2.60.6/gobject/gtype.c: No such file or directory.
[Current thread is 1 (Thread 0x7f566791b940 (LWP 2013))]
(gdb) thread apply all bt full

Thread 4 (Thread 0x7f5665e0e700 (LWP 2025)):
#0  0x00007f5669e0f633 in poll () at /lib64/libc.so.6
#1  0x00007f5669f7500e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x55c4be26f360, timeout=<optimized out>, context=0x55c4be270dc0) at ../glib-2.60.6/glib/gmain.c:4228
        ret = <optimized out>
        errsv = <optimized out>
        poll_func = 0x7f5669f61270 <g_poll>
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 1
        fds = 0x55c4be26f360
#2  0x00007f5669f7500e in g_main_context_iterate (context=context@entry=0x55c4be270dc0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib-2.60.6/glib/gmain.c:3922
        max_priority = 2147483647
        timeout = -1
        some_ready = <optimized out>
        nfds = 1
        allocated_nfds = 1
        fds = 0x55c4be26f360
#3  0x00007f5669f750dc in g_main_context_iteration (context=0x55c4be270dc0, may_block=may_block@entry=1) at ../glib-2.60.6/glib/gmain.c:3988
        retval = <optimized out>
#4  0x00007f5669f75121 in glib_worker_main (data=<optimized out>) at ../glib-2.60.6/glib/gmain.c:5868
#5  0x00007f5669f5104d in g_thread_proxy (data=0x55c4be0c6e80, data=<optimized out>) at ../glib-2.60.6/glib/gthread.c:805
        thread = 0x55c4be0c6e80
        __FUNCTION__ = "g_thread_proxy"
#6  0x00007f5669eed458 in start_thread () at /lib64/libpthread.so.0
#7  0x00007f5669e1b6ef in clone () at /lib64/libc.so.6

Thread 3 (Thread 0x7f566660f700 (LWP 2024)):
#0  0x00007f5669ef40fc in pthread_cond_wait@@GLIBC_2.3.2 () at /lib64/libpthread.so.0
#1  0x00007f5666a4be0b in  () at /usr/lib64/dri/i965_dri.so
#2  0x00007f5666a4ba37 in  () at /usr/lib64/dri/i965_dri.so
#3  0x00007f5669eed458 in start_thread () at /lib64/libpthread.so.0
#4  0x00007f5669e1b6ef in clone () at /lib64/libc.so.6

Thread 2 (Thread 0x7f56655ef700 (LWP 2026)):
#0  0x00007f566a054890 in param_spec_pool_equals (key_spec_1=0x55c4be26a940, key_spec_2=0x7f56655eea90) at ../glib-2.60.6/gobject/gparam.c:893
        key1 = 0x55c4be26a940 [GParamBoolean]
        key2 = 0x7f56655eea90
#1  0x00007f5669f85cbb in g_hash_table_lookup_node (hash_return=<synthetic pointer>, key=0x7f56655eea90, hash_table=0x55c4be0911e0 = {...}) at ../glib-2.60.6/glib/ghash.c:492
        node_key = <optimized out>
        node_hash = <optimized out>
        hash_value = 1062668395
        have_tombstone = 0
        step = 0
        node_index = 192
        first_tombstone = 0
        node_hash = 1062668395
        __FUNCTION__ = "g_hash_table_lookup"
#2  0x00007f5669f85cbb in g_hash_table_lookup (hash_table=0x55c4be0911e0 = {...}, key=0x7f56655eea90, hash_table=<optimized out>, key=<optimized out>) at ../glib-2.60.6/glib/ghash.c:1507
        node_hash = 1062668395
        __FUNCTION__ = "g_hash_table_lookup"
#3  0x00007f566a05a603 in param_spec_ht_lookup (walk_ancestors=1, owner_type=0x55c4be2709e0 [GTask], param_name=0x7f566a1b0d4a "completed", hash_table=0x55c4be0911e0 = {...}) at ../glib-2.60.6/gobject/gparam.c:1003
        key = {g_type_instance = {g_class = <error reading variable: Cannot access memory at address 0x30>}, name = 0x7f566a1b0d4a "completed", flags = -1103085360, value_type = 0x39, owner_type = 0x55c4be2709e0 [GTask], _nick = 0x0, _blurb = 0x0, qdata = 0x7f5669f9624f <g_datalist_id_dup_data+111>, ref_count = 3192655088, param_id = 21956}
        pspec = <optimized out>
        pspec = <optimized out>
        delim = <optimized out>
        __FUNCTION__ = "g_param_spec_pool_lookup"
#4  0x00007f566a05a603 in g_param_spec_pool_lookup (pool=0x55c4be0a31e0, param_name=0x7f566a1b0d4a "completed", owner_type=0x55c4be2709e0 [GTask], walk_ancestors=1) at ../glib-2.60.6/gobject/gparam.c:1076
        pspec = <optimized out>
        delim = <optimized out>
        __FUNCTION__ = "g_param_spec_pool_lookup"
#5  0x00007f566a061252 in g_object_notify (property_name=0x7f566a1b0d4a "completed", object=0x7f565c003bd0 [GTask]) at ../glib-2.60.6/gobject/gobject.c:1218
--Type <RET> for more, q to quit, c to continue without paging--c
        pspec = <optimized out>
        __FUNCTION__ = "g_object_notify"
#6  0x00007f566a061252 in g_object_notify (object=0x7f565c003bd0 [GTask], property_name=0x7f566a1b0d4a "completed", object=<optimized out>, property_name=<optimized out>) at ../glib-2.60.6/gobject/gobject.c:1203
        __FUNCTION__ = "g_object_notify"
#7  0x00007f566a142c09 in g_task_return_now (task=0x7f565c003bd0 [GTask]) at ../glib-2.60.6/gio/gtask.c:1215
#8  0x00007f566a142c29 in complete_in_idle_cb (task=0x7f565c003bd0) at ../glib-2.60.6/gio/gtask.c:1223
#9  0x00007f5669f7307f in g_main_dispatch (context=0x55c4be280cb0) at ../glib-2.60.6/glib/gmain.c:3189
        dispatch = 0x7f5669f6d910 <g_idle_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x7f565c003bd0
        callback = 0x7f566a142c20 <complete_in_idle_cb>
        cb_funcs = <optimized out>
        cb_data = 0x55c4be765ad0
        need_destroy = <optimized out>
        source = 0x7f565c00b390
        current = 0x7f565c002040
        i = 0
#10 0x00007f5669f7307f in g_main_context_dispatch (context=context@entry=0x55c4be280cb0) at ../glib-2.60.6/glib/gmain.c:3854
#11 0x00007f5669f75098 in g_main_context_iterate (context=0x55c4be280cb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib-2.60.6/glib/gmain.c:3927
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 3
        fds = 0x55c4be2826e0
#12 0x00007f5669f75fa2 in g_main_loop_run (loop=0x55c4be280da0) at ../glib-2.60.6/glib/gmain.c:4123
        __FUNCTION__ = "g_main_loop_run"
#13 0x00007f566a0e44d6 in gdbus_shared_thread_func (user_data=0x55c4be280c80) at ../glib-2.60.6/gio/gdbusprivate.c:275
        data = 0x55c4be280c80
#14 0x00007f5669f5104d in g_thread_proxy (data=0x55c4be0c6f20, data=<optimized out>) at ../glib-2.60.6/glib/gthread.c:805
        thread = 0x55c4be0c6f20
        __FUNCTION__ = "g_thread_proxy"
#15 0x00007f5669eed458 in start_thread () at /lib64/libpthread.so.0
#16 0x00007f5669e1b6ef in clone () at /lib64/libc.so.6

Thread 1 (Thread 0x7f566791b940 (LWP 2013)):
#0  0x00007f566a0403c0 in g_type_check_instance_cast (type_instance=0x55c4be2833a0, iface_type=0x50 [GObject]) at ../glib-2.60.6/gobject/gtype.c:4057
        node = <optimized out>
        iface = <optimized out>
        is_instantiatable = <optimized out>
        check = <optimized out>
#1  0x000055c4bd96b1a5 in xfsm_consolekit_proxy_free (consolekit=0x55c4be283f60 [XfsmConsolekit]) at xfsm-consolekit.c:158
#2  0x000055c4bd96ed2c in xfsm_consolekit_finalize (object=0x55c4be283f60 [XfsmConsolekit]) at xfsm-consolekit.c:142
#3  0x00007f566a05ff5d in g_object_unref (_object=<optimized out>) at ../glib-2.60.6/gobject/gobject.c:3346
        weak_locations = <optimized out>
        old_ref = <optimized out>
        object = 0x55c4be283f60 [XfsmConsolekit]
        __FUNCTION__ = "g_object_unref"
#4  0x00007f566a05ff5d in g_object_unref (_object=0x55c4be283f60, _object=<optimized out>) at ../glib-2.60.6/gobject/gobject.c:3238
        object = 0x55c4be283f60 [XfsmConsolekit]
        __FUNCTION__ = "g_object_unref"
#5  0x000055c4bd961ac2 in xfsm_shutdown_finalize (object=0x55c4be284350 [XfsmShutdown]) at xfsm-shutdown.c:149
        shutdown = 0x55c4be284350 [XfsmShutdown]
#6  0x00007f566a05ff5d in g_object_unref (_object=<optimized out>) at ../glib-2.60.6/gobject/gobject.c:3346
        weak_locations = <optimized out>
        old_ref = <optimized out>
        object = 0x55c4be284350 [XfsmShutdown]
        __FUNCTION__ = "g_object_unref"
#7  0x00007f566a05ff5d in g_object_unref (_object=0x55c4be284350, _object=<optimized out>) at ../glib-2.60.6/gobject/gobject.c:3238
        object = 0x55c4be284350 [XfsmShutdown]
        __FUNCTION__ = "g_object_unref"
#8  0x000055c4bd969eb2 in xfsm_manager_finalize (obj=0x55c4be237400 [XfsmManager]) at xfsm-manager.c:206
        manager = 0x55c4be237400 [XfsmManager]
#9  0x00007f566a05ff5d in g_object_unref (_object=<optimized out>) at ../glib-2.60.6/gobject/gobject.c:3346
        weak_locations = <optimized out>
        old_ref = <optimized out>
        object = 0x55c4be237400 [XfsmManager]
        __FUNCTION__ = "g_object_unref"
#10 0x00007f566a05ff5d in g_object_unref (_object=0x55c4be237400, _object=<optimized out>) at ../glib-2.60.6/gobject/gobject.c:3238
        object = 0x55c4be237400 [XfsmManager]
        __FUNCTION__ = "g_object_unref"
#11 0x00007f566a03fcd0 in g_value_unset (value=0x7ffea5964e20, value=<optimized out>) at ../glib-2.60.6/gobject/gvalue.c:275
        value_table = <optimized out>
        __FUNCTION__ = "g_value_unset"
#12 0x00007f566a04fd2d in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffea5964fd0) at ../glib-2.60.6/gobject/gsignal.c:3421
        instance_and_params = 0x7ffea5964e20
        signal_return_type = <optimized out>
        param_values = <optimized out>
        node = <optimized out>
        i = <optimized out>
        n_params = <optimized out>
        __FUNCTION__ = "g_signal_emit_valist"
#13 0x00007f566a050ea7 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ../glib-2.60.6/gobject/gsignal.c:3447
        var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7ffea59650b0, reg_save_area = 0x7ffea5964ff0}}
#14 0x000055c4bd976c17 in sm_close_connection (sms_conn=<optimized out>, client_data=0x55c4be29c4d0, num_reasons=0, reasons=0x7f565c00d0f0) at sm-layer.c:328
        client = 0x55c4be29c4d0 [XfsmClient]
        n = <optimized out>
        __func__ = "sm_close_connection"
#15 0x00007f566ad77c0a in _SmsProcessMessage () at /usr/lib64/libSM.so.6
#16 0x00007f566ad690c3 in IceProcessMessages () at /usr/lib64/libICE.so.6
#17 0x000055c4bd977981 in ice_process_messages (channel=<optimized out>, condition=<optimized out>, user_data=0x55c4be6685f0, user_data=<optimized out>, channel=<optimized out>, condition=<optimized out>) at ice-layer.c:111
        status = <optimized out>
        icdata = 0x55c4be6685f0
#18 0x00007f5669f7307f in g_main_dispatch (context=0x55c4be22d0f0) at ../glib-2.60.6/glib/gmain.c:3189
        dispatch = 0x7f5669f28d90 <g_io_unix_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x55c4be6685f0
        callback = 0x55c4bd977970 <ice_process_messages>
        cb_funcs = <optimized out>
        cb_data = 0x55c4be503020
        need_destroy = <optimized out>
        source = 0x55c4be431180
        current = 0x55c4be281520
        i = 0
#19 0x00007f5669f7307f in g_main_context_dispatch (context=context@entry=0x55c4be22d0f0) at ../glib-2.60.6/glib/gmain.c:3854
#20 0x00007f5669f75098 in g_main_context_iterate (context=0x55c4be22d0f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib-2.60.6/glib/gmain.c:3927
        max_priority = 2147483647
        timeout = 6994
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 11
        fds = 0x55c4be3dfea0
#21 0x00007f5669f75fa2 in g_main_loop_run (loop=0x55c4be286f50) at ../glib-2.60.6/glib/gmain.c:4123
        __FUNCTION__ = "g_main_loop_run"
#22 0x00007f566a6d83ed in gtk_main () at /usr/lib64/libgtk-3.so.0
#23 0x000055c4bd95e3e0 in main (argc=<optimized out>, argv=<optimized out>) at main.c:367

Comment 1 Simon Steinbeiss editbugs

2019-11-06 00:16:48 CET

I don't see the hint about the problem being your screenlocker at first glance, but if you reasonably believe that's it, why not try to disable the screenlocker to see if the issue prevails?

Comment 2 Liam Shepherd 2019-11-06 18:09:30 CET

I don't think it has anything to do with my locker per se, more the fact that I don't use a screensaver.

The reason I think it could be that is that the cores always mention this line in xfsm-consolekit.c:

g_object_unref (G_OBJECT (consolekit->screensaver));

Comment 3 Liam Shepherd 2019-11-06 19:01:17 CET

Created attachment 9189 
xfce4-session-4.14.0-stop_segfault_on_no_screensaver.patch

The attached patch seems to fix the issue for me.

Comment 4 Git Bot editbugs

2019-11-07 01:10:32 CET

Liam Shepherd referenced this bugreport in commit 4d7e2f2ed50b90840c57bbfd81a37318a29dfb97

Fix session crash at logout (Bug #16105)

https://git.xfce.org/xfce/xfce4-session/commit?id=4d7e2f2ed50b90840c57bbfd81a37318a29dfb97

Comment 5 Git Bot editbugs

2019-11-07 01:11:01 CET

Liam Shepherd referenced this bugreport in commit 943cbcae005a3f434dbaf35eddcd7fa5585777a9

Fix session crash at logout (Bug #16105)

https://git.xfce.org/xfce/xfce4-session/commit?id=943cbcae005a3f434dbaf35eddcd7fa5585777a9

Comment 6 Simon Steinbeiss editbugs

2019-11-07 01:11:45 CET

With your explanation and reading the code, this patch makes a lot of sense. I guess whoever wrote it must have presumed that there always is a screensaver object.

Bug #16105

Reported by:
Liam Shepherd

Reported on: 2019-10-30
Last modified on: 2019-11-07

People

Assignee:
Xfce Bug Triage

CC List:
2 users

Version

Version:
4.14.0

Target Milestone:
Xfce 4.14

Attachments

xfce4-session-4.14.0-stop_segfault_on_no_screensaver.patch (588 bytes, patch)
2019-11-06 19:01 CET , Liam Shepherd

no flags

Additional information