Insufficient thread safety around GDBusObjectManagerClient
@mcrha
Submitted by Milan Crha Link to original bug (#776267)
Description
This is reported downstream as: https://bugzilla.redhat.com/show_bug.cgi?id=1405637
Reading the backtrace there, it seems to me that the main thread is processing a D-Bus signal, while another thread is unreferencing the last reference to that same GDBusObjectManagerClient instance.
I would suggest two things: a) the signal handler should reference the object manager for thread safety b) the signal handler is disconnected early in the dispose(), instead of in the finalize(); this might make it ignore the signals early enough
Below is the relevant part of the backtrace. Ignore thread numbers, this is from an ABRT bug report, where 'Thread 1' usually means the crashing thread, not the main thread.
Thread 5 (Thread 0x7fcdc4915440 (LWP 1936)):
#0 0x00007fcdb7bee56c in g_variant_type_get_string_length (type=0x7fcdb7c51041) at gvarianttype.c:387
type_string = 0x7fcdb7c51041 "v"
brackets = 0
index = 0
#1 0x00007fcdb7beeafa in g_variant_type_is_subtype_of (type=<optimized out>, supertype=supertype@entry=0x7fcdb7c51041) at gvarianttype.c:801
supertype_string = 0x7fcdb7c51041 "v"
supertype_end = <optimized out>
type_string = 0x7fcdb7c51ec8 <g_variant_type_info_basic_chars+40> "v"
__func__ = "g_variant_type_is_subtype_of"
#2 0x00007fcdb7be0835 in g_variant_is_of_type (value=value@entry=0x5566fecfc100, type=type@entry=0x7fcdb7c51041) at gvariant.c:2107
No locals.
#3 0x00007fcdb7be0d30 in g_variant_get_variant (value=0x5566fecfc100) at gvariant.c:741
_g_boolean_var_ = <optimized out>
#4 0x00007fcdb7be48f4 in g_variant_valist_get_nnp (value=0x5566fecfc100, str=0x7ffffb261048) at gvariant.c:4881
No locals.
#5 g_variant_valist_get_leaf (app=0x7fcdb81efa3a, free=0, value=0x5566fecfc100, str=0x7ffffb261048) at gvariant.c:4998
ptr = 0x7ffffb2611a8
#6 g_variant_valist_get (str=str@entry=0x7ffffb261048, value=<optimized out>, value@entry=0x5566fecfc100, free=free@entry=0, app=app@entry=0x7ffffb261050) at gvariant.c:5179
__func__ = "g_variant_valist_get"
#7 0x00007fcdb7be4773 in g_variant_valist_get (str=str@entry=0x7ffffb261048, value=<optimized out>, value@entry=0x5566fecfd060, free=free@entry=0, app=app@entry=0x7ffffb261050) at gvariant.c:5214
child = 0x5566fecfc100
index = 2
__func__ = "g_variant_valist_get"
#8 0x00007fcdb7be5c40 in g_variant_iter_next (iter=iter@entry=0x7ffffb261230, format_string=<optimized out>, format_string@entry=0x7fcdb81efa37 "{&sv}") at gvariant.c:5614
ap = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7ffffb261130, reg_save_area = 0x7ffffb261070}}
value = 0x5566fecfd060
__func__ = "g_variant_iter_next"
#9 0x00007fcdb819a8f7 in add_interfaces (manager=manager@entry=0x5566fec5faf0, object_path=0x5566fece87c0 "/org/gnome/OnlineAccounts/Accounts/account_1481720175_0", ifaces_and_properties=<optimized out>, name_owner=0x7fcd80005840 "0\211") at gdbusobjectmanagerclient.c:1525
property_iter = {x = {93900850046976, 21, 18, 0, 93900849412848, 0, 140737406964732, 3579507750, 140737406964832, 140521517752572, 93900849731376, 140737406964576, 140737406964816, 8, 5, 140521517754042}}
property_name = 0x5566fece8a80 "FilesDisabled"
property_value = 0x0
error = 0x0
interface_proxy_type = <optimized out>
op = 0x7fcd800050c0
added = 0
iter = {x = {93900850047312, 2, 0, 0, 140737406964832, 140521527727760, 93900850048128, 3579507750, 140521534120915, 93900850048096, 0, 140521527728416, 206158430240, 140737406964480, 140737406964272, 3618002916723580928}}
interface_name = 0x5566fece87f8 "org.gnome.OnlineAccounts.Account"
properties = 0x5566fecfa800
interface_added_signals = 0x0
l = <optimized out>
interface_proxy = 0x5566febdeb60
__func__ = "add_interfaces"
#10 0x00007fcdb819b32b in on_control_proxy_g_signal (proxy=<optimized out>, sender_name=<optimized out>, signal_name=0x5566fec9f770 "InterfacesAdded", parameters=0x5566fecfac60, user_data=0x5566fec5faf0) at gdbusobjectmanagerclient.c:1672
ifaces_and_properties = 0x5566fecfa950
manager = 0x5566fec5faf0
object_path = 0x5566fece87c0 "/org/gnome/OnlineAccounts/Accounts/account_1481720175_0"
#11 0x00007fcdb7262c58 in ffi_call_unix64 () at ../src/x86/unix64.S:76
No locals.
#12 0x00007fcdb72626ba in ffi_call (cif=cif@entry=0x7ffffb261570, fn=fn@entry=0x7fcdb819b160 <on_control_proxy_g_signal>, rvalue=<optimized out>, avalue=avalue@entry=0x7ffffb261460) at ../src/x86/ffi64.c:525
classes = {X86_64_INTEGER_CLASS, 21862, 4213577072, 32767}
stack = <optimized out>
argp = 0x7ffffb261360 ""
arg_types = <optimized out>
gprcount = 5
ssecount = <optimized out>
ngpr = 1
nsse = 0
i = <optimized out>
avn = <optimized out>
ret_in_memory = <optimized out>
reg_args = <optimized out>
#13 0x00007fcdb7e83c1e in g_cclosure_marshal_generic (closure=0x7fcd80006220, return_gvalue=0x0, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>, marshal_data=<optimized out>) at gclosure.c:1490
rtype = <optimized out>
rvalue = 0x7ffffb2614e0
n_args = 5
atypes = <optimized out>
args = <optimized out>
i = <optimized out>
cif = {abi = FFI_UNIX64, nargs = 5, arg_types = 0x7ffffb2614a0, rtype = 0x7fcdb7263040 <ffi_type_void>, bytes = 0, flags = 0}
cc = 0x7fcd80006220
enum_tmpval = <optimized out>
tmpval_used = 0
#14 0x00007fcdb7e833e5 in g_closure_invoke (closure=0x7fcd80006220, return_value=return_value@entry=0x0, n_param_values=4, param_values=param_values@entry=0x7ffffb261790, invocation_hint=invocation_hint@entry=0x7ffffb261710) at gclosure.c:804
marshal = <optimized out>
marshal_data = <optimized out>
in_marshal = 0
real_closure = 0x7fcd80006200
__func__ = "g_closure_invoke"
#15 0x00007fcdb7e95432 in signal_emit_unlocked_R (node=node@entry=0x5566febdd2c0, detail=detail@entry=0, instance=instance@entry=0x7fcd8c014780, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffffb261790) at gsignal.c:3635
tmp = <optimized out>
handler = 0x7fcd94003900
accumulator = 0x0
emission = {next = 0x7ffffb261fe0, instance = 0x7fcd8c014780, ihint = {signal_id = 27, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
class_closure = 0x5566febdd290
handler_list = 0x7fcd94003900
return_accu = 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 27
max_sequential_handler_number = 575
return_value_altered = 0
#16 0x00007fcdb7e9e05f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffffb261990) at gsignal.c:3391
instance_and_params = 0x7ffffb261790
signal_return_type = <optimized out>
param_values = 0x7ffffb2617a8
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#17 0x00007fcdb7e9e43f in g_signal_emit (instance=instance@entry=0x7fcd8c014780, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
var_args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffffb261a70, reg_save_area = 0x7ffffb2619b0}}
#18 0x00007fcdb818be8c in on_signal_received (connection=<optimized out>, sender_name=0x7fcd9400d4b0 ":1.28", object_path=<optimized out>, interface_name=<optimized out>, signal_name=0x7fcd9400ab50 "InterfacesAdded", parameters=0x5566fecfac60, user_data=0x7fcd80001160) at gdbusproxy.c:917
data = 0x7fcd80001160
proxy = 0x7fcd8c014780
#19 0x00007fcdb817b984 in emit_signal_instance_in_idle_cb (data=data@entry=0x7fcd94005520) at gdbusconnection.c:3705
signal_instance = 0x7fcd94005520
parameters = 0x5566fecfac60
has_subscription = 1
#20 0x00007fcdb7ba78e7 in g_idle_dispatch (source=0x7fcd94005570, callback=0x7fcdb817b910 <emit_signal_instance_in_idle_cb>, user_data=0x7fcd94005520) at gmain.c:5545
again = <optimized out>
#21 0x00007fcdb7baae42 in g_main_dispatch (context=0x5566febcc800) at gmain.c:3203
dispatch = 0x7fcdb7ba78d0 <g_idle_dispatch>
prev_source = 0x0
was_in_call = 0
user_data = 0x7fcd94005520
callback = 0x7fcdb817b910 <emit_signal_instance_in_idle_cb>
cb_funcs = 0x7fcdb7e72280 <g_source_callback_funcs>
cb_data = 0x7fcd9400c480
need_destroy = <optimized out>
source = 0x7fcd94005570
current = 0x5566febdcf90
i = 3
#22 g_main_context_dispatch (context=context@entry=0x5566febcc800) at gmain.c:3856
No locals.
#23 0x00007fcdb7bab1c0 in g_main_context_iterate (context=0x5566febcc800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3929
max_priority = 2147483647
timeout = 5194
some_ready = 1
nfds = 2
allocated_nfds = 2
fds = <optimized out>
#24 0x00007fcdb7bab4e2 in g_main_loop_run (loop=0x5566febb7990) at gmain.c:4125
__func__ = "g_main_loop_run"
#25 0x00007fcdc45b42d2 in dbus_server_run_server (server=0x7fcd9c00e660) at e-dbus-server.c:245
class = 0x5566febd0aa0
#26 0x00007fcdb7262c58 in ffi_call_unix64 () at ../src/x86/unix64.S:76
No locals.
#27 0x00007fcdb72626ba in ffi_call (cif=cif@entry=0x7ffffb261e40, fn=fn@entry=0x7fcdc45b4270 <dbus_server_run_server>, rvalue=<optimized out>, avalue=avalue@entry=0x7ffffb261d50) at ../src/x86/ffi64.c:525
classes = {X86_64_INTEGER_CLASS, X86_64_NO_CLASS, 4213579328, 32767}
stack = <optimized out>
argp = 0x7ffffb261c40 "\n"
arg_types = <optimized out>
gprcount = 2
ssecount = <optimized out>
ngpr = 1
nsse = 0
i = <optimized out>
avn = <optimized out>
ret_in_memory = <optimized out>
reg_args = <optimized out>
#28 0x00007fcdb7e840fa in g_cclosure_marshal_generic_va (closure=0x5566febcb7a0, return_value=0x7ffffb262030, instance=<optimized out>, args_list=<optimized out>, marshal_data=<optimized out>, n_params=0, param_types=0x0) at gclosure.c:1604
rtype = 0x7fcdb7262f80 <ffi_type_sint32>
rvalue = 0x7ffffb261d90
n_args = 2
atypes = 0x7ffffb261d70
args = 0x7ffffb261d50
storage = 0x7ffffb261d40
i = <optimized out>
cif = {abi = FFI_UNIX64, nargs = 2, arg_types = 0x7ffffb261d70, rtype = 0x7fcdb7262f80 <ffi_type_sint32>, bytes = 0, flags = 10}
cc = 0x5566febcb7a0
enum_tmpval = <optimized out>
tmpval_used = 1
args_copy = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7ffffb2621c0, reg_save_area = 0x7ffffb262100}}
#29 0x00007fcdb7e83614 in _g_closure_invoke_va (closure=closure@entry=0x5566febcb7a0, return_value=return_value@entry=0x7ffffb262030, instance=instance@entry=0x7fcd9c00e660, args=args@entry=0x7ffffb2620e0, n_params=<optimized out>, param_types=0x0) at gclosure.c:867
marshal = <optimized out>
marshal_data = <optimized out>
in_marshal = 0
real_closure = 0x5566febcb780
__func__ = "_g_closure_invoke_va"
#30 0x00007fcdb7e9ddd9 in g_signal_emit_valist (instance=0x7fcd9c00e660, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffffb2620e0) at gsignal.c:3300
return_accu = 0x7ffffb262030
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission = {next = 0x0, instance = 0x7fcd9c00e660, ihint = {signal_id = 12, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 93900848799776}
signal_id = <optimized out>
instance_type = 93900848799776
emission_return = {g_type = 93900848801440, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
rtype = 93900848801440
static_scope = 0
fastpath_handler = <optimized out>
closure = <optimized out>
run_type = <optimized out>
l = <optimized out>
fastpath = <optimized out>
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#31 0x00007fcdb7e9e43f in g_signal_emit (instance=instance@entry=0x7fcd9c00e660, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7ffffb2621c0, reg_save_area = 0x7ffffb262100}}
#32 0x00007fcdc45b461c in e_dbus_server_run (server=0x7fcd9c00e660, wait_for_client=0) at e-dbus-server.c:439
exit_code = (E_DBUS_SERVER_EXIT_RELOAD | unknown: 21860)
__func__ = "e_dbus_server_run"
#33 0x00005566fe1b2e34 in main (argc=<optimized out>, argv=<optimized out>) at evolution-source-registry.c:230
context = <optimized out>
server = 0x7fcd9c00e660
exit_code = <optimized out>
settings = <optimized out>
error = 0x0
Thread 1 (Thread 0x7fcd85ffa700 (LWP 1994)):
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
set = {__val = {0, 140521530540512, 140520793917312, 565, 565, 140521527416392, 565, 565, 140520928065792, 6442468352, 93900849412848, 140520793917312, 565, 140521530540512, 140520793917312, 140520928065792}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007fcdbd67a52a in __GI_abort () at abort.c:89
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x7fcdb7c52b00, sa_sigaction = 0x7fcdb7c52b00}, sa_mask = {__val = {56, 3432, 140521622987720, 56, 140520592529472, 1, 140521626420480, 56, 140521528175360, 56, 1, 140521626403776, 140521622940683, 93900849412848, 93900849412848, 1}}, sa_flags = -20579584, sa_restorer = 0x5566fec5faf0}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fcdb7bf07af in g_mutex_clear (mutex=<optimized out>) at gthread-posix.c:1300
mutex = <optimized out>
#3 0x00007fcdb819bf04 in g_dbus_object_manager_client_finalize (object=0x5566fec5faf0) at gdbusobjectmanagerclient.c:215
manager = 0x5566fec5faf0
#4 0x00007fcdb7e88117 in g_object_unref (_object=0x5566fec5faf0) at gobject.c:3185
weak_locations = <optimized out>
old_ref = <optimized out>
object = 0x5566fec5faf0
object = 0x5566fec5faf0
#5 0x00007fcda083a67f in goa_client_finalize (object=0x5566febe1070) at goaclient.c:122
self = 0x5566febe1070
#6 0x00007fcdb7e88117 in g_object_unref (_object=0x5566febe1070) at gobject.c:3185
weak_locations = <optimized out>
old_ref = <optimized out>
object = 0x5566febe1070
object = 0x5566febe1070
#7 0x00007fcd9108cb11 in e_goa_password_based_lookup_sync (provider_impl=<optimized out>, source=0x5566fec13590, cancellable=0x7fcd9400f990, out_credentials=0x7fcd8c01a068, error=0x7fcd85ff9b20) at e-goa-password-based.c:265
_pp = <synthetic pointer>
_p = 0x5566febe1070
goa_client = 0x0
goa_object = 0x7fcd80005020
goa_account = 0x7fcd800068b0
goa_password_based = 0x0
password = 0x0
use_imap_password = <optimized out>
use_smtp_password = <optimized out>
success = 1
__func__ = "e_goa_password_based_lookup_sync"
#8 0x00007fcdc434b59f in e_source_credentials_provider_lookup_sync (provider=<optimized out>, source=0x5566fec13590, cancellable=0x7fcd9400f990, out_credentials=0x7fcd8c01a068, error=error@entry=0x7fcd85ff9b20) at e-source-credentials-provider.c:632
provider_impl = 0x5566febf1150
cred_source = 0x0
success = <optimized out>
__func__ = "e_source_credentials_provider_lookup_sync"
#9 0x00007fcdc434b668 in source_credentials_provider_lookup_thread (task=0x5566febe0dc0, source_object=<optimized out>, task_data=<optimized out>, cancellable=<optimized out>) at e-source-credentials-provider.c:651
provider = <optimized out>
async_context = <optimized out>
success = <optimized out>
local_error = 0x0
#10 0x00007fcdb814f1ad in g_task_thread_pool_thread (thread_data=0x5566febe0dc0, pool_data=<optimized out>) at gtask.c:1304
task = 0x5566febe0dc0
#11 0x00007fcdb7bd34fe in g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:307
pool = 0x7fcd9c012500
#12 0x00007fcdb7bd2b03 in g_thread_proxy (data=0x5566febcea30) at gthread.c:784
thread = 0x5566febcea30
__func__ = "g_thread_proxy"
#13 0x00007fcdbba476ca in start_thread (arg=0x7fcd85ffa700) at pthread_create.c:333
__res = <optimized out>
pd = 0x7fcd85ffa700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140520693147392, -2313853946175839012, 0, 140521173772175, 140520693148096, 140520693147392, 2339762836953998556, 2339898528758211804}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#14 0x00007fcdbd74af6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
No locals.
Version: 2.50.x