Bugzilla – Bug 114710
Stock ticker applet crashes when configuring the preferences.
Last modified: 2008-05-22 18:19:02 UTC
I added the stock ticker applet to the gnome panel. When I go into configure the preferences it will crash at random times.
Created attachment 48465 [details] stack trace of crash
Can you give me any more details about what things you are configuring when it crashes?
First time that it crashed I simply removed the default listed stocks. If you give that a try I bet it will crash right away.
I could replicate this with the current package, but not with the display bug fixed package. I'll contact you to try.
Created attachment 48643 [details] back trace I reinstalled the gnome-applets from beta4 and was able to get a back trace with the debuginfo package
Worth noting that both Joe and I can replicate this only on SMP machines. Mine is x86_64 and his is x86.
Ooooh, excellent. That's my patch for bug #94400, which has not been tested on SMP. It looks like _gnome_vfs_get_current_context() needs to lock the job, as it accesses job->op and that's a resource that needs the lock to be held.
The crash happens here: #7 0x402b3283 in _gnome_vfs_get_current_context (context=0x41316da0) at gnome-vfs-job.c:1922 1922 *context = job->op->context; (gdb) disassemble Dump of assembler code for function _gnome_vfs_get_current_context: 0x402b3250 <_gnome_vfs_get_current_context+0>: push %ebp 0x402b3251 <_gnome_vfs_get_current_context+1>: mov %esp,%ebp 0x402b3253 <_gnome_vfs_get_current_context+3>: sub $0x18,%esp 0x402b3256 <_gnome_vfs_get_current_context+6>: mov %esi,0xfffffffc(%ebp) 0x402b3259 <_gnome_vfs_get_current_context+9>: mov 0x8(%ebp),%esi 0x402b325c <_gnome_vfs_get_current_context+12>: mov %ebx,0xfffffff8(%ebp) 0x402b325f <_gnome_vfs_get_current_context+15>: call 0x4029fc25 <__i686.get_pc_thunk.bx> 0x402b3264 <_gnome_vfs_get_current_context+20>: add $0x322c0,%ebx 0x402b326a <_gnome_vfs_get_current_context+26>: test %esi,%esi 0x402b326c <_gnome_vfs_get_current_context+28>: je 0x402b32a2 <_gnome_vfs_get_current_context+82> 0x402b326e <_gnome_vfs_get_current_context+30>: lea 0x3520(%ebx),%eax 0x402b3274 <_gnome_vfs_get_current_context+36>: mov %eax,(%esp) 0x402b3277 <_gnome_vfs_get_current_context+39>: call 0x4029eb48 <_init+7224> 0x402b327c <_gnome_vfs_get_current_context+44>: test %eax,%eax 0x402b327e <_gnome_vfs_get_current_context+46>: je 0x402b3292 <_gnome_vfs_get_current_context+66> 0x402b3280 <_gnome_vfs_get_current_context+48>: mov 0xc(%eax),%eax 0x402b3283 <_gnome_vfs_get_current_context+51>: mov 0x30(%eax),%eax 0x402b3286 <_gnome_vfs_get_current_context+54>: mov %eax,(%esi) 0x402b3288 <_gnome_vfs_get_current_context+56>: mov 0xfffffff8(%ebp),%ebx ---Type <return> to continue, or q <return> to quit--- 0x402b328b <_gnome_vfs_get_current_context+59>: mov 0xfffffffc(%ebp),%esi 0x402b328e <_gnome_vfs_get_current_context+62>: mov %ebp,%esp 0x402b3290 <_gnome_vfs_get_current_context+64>: pop %ebp 0x402b3291 <_gnome_vfs_get_current_context+65>: ret 0x402b3292 <_gnome_vfs_get_current_context+66>: movl $0x0,(%esi) 0x402b32 (14:43:25) Federico: great (14:43:29) Federico: now, "p $pc" (14:43:54) Joe Harmon: $1 = (void *) 0x402b3283 (14:45:46) Federico: now, "info registers" (14:46:04) Joe Harmon: (gdb) info registers eax 0x0 0 ecx 0x6 6 edx 0x40b9cf59 1085919065 ebx 0x402e5524 1076778276 esp 0x41316d70 0x41316d70 ebp 0x41316d88 0x41316d88 esi 0x41316da0 1093758368 edi 0x2000 8192 eip 0x402b3283 0x402b3283 eflags 0x293 659 cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0xc010007b -1072693125 fs 0x0 0 gs 0x33 51 Note that eax=0, and we crash in "mov 0x30(%eax),%eax". This is dereferencing job->op to extract the job->op->context (op is null; we loaded it in eax in the instruction before that). Note to self: Does that function need to acquire the job->job_lock? If we are in the worker thread, we acquired that lock in thread_routine(), right?
Is this fixed?
Andreas: I'm working on it. I did an audit of the gnome-vfs cancelation code on Friday, and today I'm making the necessary fixes.
Created attachment 48847 [details] gnome-vfs2-94400-cancelation-rewrite-suse10.diff I'll use this patch. This is an updated version of the patch for #94400, that has some additional threading fixes.
Created attachment 48851 [details] gnome-vfs2-2.12.0-4.x86_64.rpm
Created attachment 48852 [details] gnome-vfs2-devel-2.12.0-4.x86_64.rpm
Created attachment 48853 [details] gnome-vfs2-doc-2.12.0-4.x86_64.rpm
JP confirmed that the packages above work for him. I just submitted a new gnome-vfs2 package to autobuild. The fix will be available in gnome-vfs2-2.12.0-4 or later.