[6941] in testers
gnome-panel crash at logout
daemon@ATHENA.MIT.EDU (Robert A Basch)
Wed May 4 15:33:35 2005
Message-Id: <200505041933.j44JXNKe028530@anhedonia.mit.edu>
To: testers@MIT.EDU
Date: Wed, 04 May 2005 15:33:23 -0400
From: Robert A Basch <rbasch@MIT.EDU>
On 9.4.2 Linux, gnome-panel crashed when I logged out, displaying the
gnome_segv dialog. The crash occurred during the ORBit shutdown, in
ORBit_adaptor_find(), third/ORBit2/src/orb/poa/orbit-adaptor.c:164,
after it finds a null adaptor pointer in the orb->adaptors array:
(gdb) where
#0 0x004957a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1 0x0058a3e3 in __waitpid_nocancel () from /lib/tls/libpthread.so.0
#2 0x00da9ab9 in libgnomeui_segv_handle (signum=11) at gnome-ui-init.c:741
#3 <signal handler called>
#4 0x0055dd7c in ORBit_adaptor_find (orb=0x97d1298, objkey=0x97d8ba8) at orbit-adaptor.c:164
#5 0x0055df0d in ORBit_handle_request (orb=0x97d1298, recv_buffer=0x97d8b90) at orbit-adaptor.c:221
#6 0x00542734 in giop_connection_handle_input (lcnx=0x9974280) at giop-recv-buffer.c:1282
#7 0x00565304 in link_connection_io_handler (gioc=0x0, condition=G_IO_IN, data=0x9974280) at linc-connection.c:1353
#8 0x0056737e in link_source_dispatch (source=0x9977940, callback=0x5652a1 <link_connection_io_handler>, user_data=0x9974280) at linc-source.c:149
#9 0x00a7b3b8 in g_main_dispatch (context=0x97cfa18) at gmain.c:1942
#10 0x00a7c7ce in g_main_context_dispatch (context=0x97cfa18) at gmain.c:2492
#11 0x00a7cd00 in g_main_context_iterate (context=0x97cfa18, block=1, dispatch=1, self=0x97af338) at gmain.c:2573
#12 0x00a7cf2a in g_main_context_iteration (context=0x97cfa18, may_block=1) at gmain.c:2632
#13 0x00563133 in link_main_iteration (block_for_reply=1) at linc.c:254
#14 0x00541834 in giop_recv_buffer_get (ent=0xbff86590) at giop-recv-buffer.c:718
#15 0x00545a6e in ORBit_small_invoke_stub (obj=0x9915710, m_data=0xf67720, ret=0x0, args=0x0, ctx=0x0, ev=0xbff86700) at orbit-small.c:657
#16 0x005458cc in ORBit_small_invoke_stub_n (object=0x9915710, methods=0x80c414c, index=1, ret=0x0, args=0x0, ctx=0x0, ev=0xbff86700) at orbit-small.c:575
#17 0x0055ca2e in ORBit_c_stub_invoke (obj=0x9915710, methods=0x80c414c, method_index=1, ret=0x0, args=0x0, ctx=0x0, ev=0xbff86700, class_id=1, method_offset=8, skel_impl=0x805c6dc) at poa.c:2640
#18 0x00f5cb68 in Bonobo_Unknown_unref (_obj=0x9915710, ev=0xbff86700) at Bonobo_Unknown-stubs.c:15
#19 0x0040ffe3 in bonobo_object_release_unref (object=0x9915710, opt_ev=0xbff86700) at bonobo-object.c:574
#20 0x001ad7ab in bonobo_control_frame_bind_to_control (frame=0x99156c0, control=0x0, opt_ev=0x0) at bonobo-control-frame.c:792
#21 0x001abf5e in control_connection_died_cb (connection=0x9903cc0, user_data=0x99156c0) at bonobo-control-frame.c:73
#22 0x00563afc in link_connection_emit_broken (cnx=0x9903cc0, callbacks=0x98d6490) at linc-connection.c:140
#23 0x00563d2e in dispatch_callbacks_drop_lock (cnx=0x9903cc0) at linc-connection.c:229
#24 0x00563e98 in link_connection_state_changed_T_R (cnx=0x9903cc0, status=LINK_DISCONNECTED) at linc-connection.c:307
#25 0x005648c5 in link_connection_state_changed (cnx=0x9903cc0, status=LINK_DISCONNECTED) at linc-connection.c:754
#26 0x00565476 in link_connection_exec_disconnect (cmd=0x991bdb0, immediate=1) at linc-connection.c:1425
#27 0x00563643 in link_dispatch_command (data=0x991bdb0, immediate=1) at linc.c:468
#28 0x00562eaf in link_exec_command (cmd=0x991bdb0) at linc.c:122
#29 0x005654e9 in link_connection_disconnect (cnx=0x9903cc0) at linc-connection.c:1440
#30 0x0053cf26 in giop_connection_close (cnx=0x9903cc0) at giop-connection.c:55
#31 0x0053cf60 in giop_connection_dispose (obj=0x9903cc0) at giop-connection.c:65
#32 0x005c78ea in g_object_run_dispose (object=0x9903cc0) at gobject.c:602
#33 0x00565729 in link_connections_close () at linc-connection.c:1533
#34 0x0053eae8 in giop_shutdown () at giop.c:661
#35 0x0054452a in CORBA_ORB_shutdown (orb=0x97d1298, wait_for_completion=1 '\001', ev=0xbff86a00) at corba-orb.c:1152
#36 0x00544589 in CORBA_ORB_destroy (orb=0x97d1298, ev=0xbff86a00) at corba-orb.c:1171
#37 0x00542ee0 in shutdown_orb () at corba-orb.c:263
#38 0x096535d7 in exit () from /lib/tls/libc.so.6
#39 0x004fcd3e in gdk_x_io_error (display=0x97bd518) at gdkmain-x11.c:588
#40 0x002d3dc7 in _XIOError () from /usr/X11R6/lib/libX11.so.6
#41 0x002d5415 in _XError () from /usr/X11R6/lib/libX11.so.6
#42 0x002d547b in _XReply () from /usr/X11R6/lib/libX11.so.6
#43 0x002bd9f4 in XGetSelectionOwner () from /usr/X11R6/lib/libX11.so.6
#44 0x0050e513 in check_manager_window (client=0x97c5708) at xsettings-client.c:430
#45 0x0050e915 in _gdk_xsettings_client_process_event (client=0x97c5708, xev=0xbff86d80) at xsettings-client.c:567
#46 0x004f1a95 in gdk_xsettings_client_event_filter (xevent=0xbff86d80, event=0x98d4ed8, data=0x97c48a8) at gdkevents-x11.c:2841
#47 0x004edf2b in gdk_event_apply_filters (xevent=0xbff86d80, event=0x98d4ed8, filters=0x97af590) at gdkevents-x11.c:319
#48 0x004eee04 in gdk_event_translate (display=0x97c4460, event=0x98d4ed8, xevent=0xbff86d80, return_exposes=0) at gdkevents-x11.c:946
#49 0x004f08f3 in _gdk_events_queue (display=0x97c4460) at gdkevents-x11.c:2097
#50 0x004f0ab4 in gdk_event_dispatch (source=0x97cf4f8, callback=0, user_data=0x0) at gdkevents-x11.c:2157
#51 0x00a7b3b8 in g_main_dispatch (context=0x97cf540) at gmain.c:1942
#52 0x00a7c7ce in g_main_context_dispatch (context=0x97cf540) at gmain.c:2492
#53 0x00a7cd00 in g_main_context_iterate (context=0x97cf540, block=1, dispatch=1, self=0x97af338) at gmain.c:2573
#54 0x00a7d552 in g_main_loop_run (loop=0x98d9368) at gmain.c:2777
#55 0x010ca8f8 in gtk_main () at gtkmain.c:1173
#56 0x08064476 in main (argc=1, argv=0xbff870c4) at main.c:96
(gdb) up 4
#4 0x0055dd7c in ORBit_adaptor_find (orb=0x97d1298, objkey=0x97d8ba8) at orbit-adaptor.c:164
164 if (memcmp (objkey->_buffer,
(gdb) l
159
160 LINK_MUTEX_LOCK (ORBit_RootObject_lifecycle_lock);
161 {
162 adaptor = g_ptr_array_index (orb->adaptors, adaptorId);
163
164 if (memcmp (objkey->_buffer,
165 adaptor->adaptor_key._buffer,
166 ORBIT_ADAPTOR_PREFIX_LEN))
167 adaptor = NULL;
168 else
(gdb) p *objkey
$24 = {_maximum = 0, _length = 28, _buffer = 0x991b2fc "", _release = 0 '\0'}
(gdb) p adaptor
$25 = 0x0
(gdb) p adaptorId
$26 = 0
(gdb) p *orb->adaptors
$27 = {pdata = 0x97d1400, len = 1}
(gdb) p *orb->adaptors->pdata
$28 = 0x0
I suppose we can add a null pointer check before the memcmp(), though
that may just mask a more serious problem.
Bob
