Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1195898 - [abrt] mate-power-manager: up_device_get_object_path(): mate-power-statistics killed by SIGSEGV
Summary: [abrt] mate-power-manager: up_device_get_object_path(): mate-power-statistics...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: mate-power-manager
Version: 21
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Wolfgang Ulbrich
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:55469faf970d527a45b1cef43c2...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-24 20:05 UTC by skalaren_alpinist
Modified: 2015-12-02 17:31 UTC (History)
7 users (show)

Fixed In Version: mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-02 09:25:04 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: backtrace (32.46 KB, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: cgroup (190 bytes, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: core_backtrace (14.42 KB, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: dso_list (7.64 KB, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: environ (2.18 KB, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: exploitable (82 bytes, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: limits (1.29 KB, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: maps (41.90 KB, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: open_fds (1.08 KB, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: proc_pid_status (943 bytes, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: var_log_messages (29 bytes, text/plain)
2015-02-24 20:05 UTC, skalaren_alpinist 		no flags Details
File: backtrace (28.58 KB, text/plain)
2015-03-04 18:01 UTC, Wilhelm.Buchmueller 		no flags Details
Full backtrace of the crash with mate-power-manager-1.8.1-3 and upower-0.99.2-2 (15.57 KB, text/plain)
2015-03-06 22:40 UTC, skalaren_alpinist 		no flags Details
Backtrace with mate-power-manager-1.8.1-4 and upower-0.99.2-2. Mouse battery only. (15.61 KB, text/plain)
2015-03-13 13:42 UTC, skalaren_alpinist 		no flags Details
Backtrace with mate-power-manager-1.8.2. (13.98 KB, text/plain)
2015-03-22 12:15 UTC, skalaren_alpinist 		no flags Details
View All

Description skalaren_alpinist 2015-02-24 20:05:19 UTC 
Description of problem:
1. Attach a wireless mouse to your laptop (mine is Logitech M235).
2. Start mate-power-statistics. It will show info about both the laptop battery power level, and for the mouse battery power level as well.
3. Unplug the mouse wireless dongle.
4. mate-power-statistics crashes.

Version-Release number of selected component:
mate-power-manager-1.8.1-2.fc21

Additional info:
reporter:       libreport-2.3.0
backtrace_rating: 3
cmdline:        /usr/bin/mate-power-statistics
crash_function: up_device_get_object_path
executable:     /usr/bin/mate-power-statistics
kernel:         3.18.7-200.fc21.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 up_device_get_object_path at /lib64/libupower-glib.so.3
 #1 gpm_stats_device_removed_cb
 #2 g_cclosure_marshal_VOID__STRINGv at gmarshal.c:1004
 #3 _g_closure_invoke_va at gclosure.c:831
 #6 ffi_call_unix64 at /lib64/libffi.so.6
 #7 ffi_call at /lib64/libffi.so.6
 #8 g_cclosure_marshal_generic at gclosure.c:1448
 #11 g_signal_emitv at gsignal.c:3048
 #12 up_client_glue_proxy_g_signal at /lib64/libupower-glib.so.3
 #13 ffi_call_unix64 at /lib64/libffi.so.6
Comment 1 skalaren_alpinist 2015-02-24 20:05:22 UTC 
Created attachment 994813 [details]
File: backtrace
Comment 2 skalaren_alpinist 2015-02-24 20:05:24 UTC 
Created attachment 994814 [details]
File: cgroup
Comment 3 skalaren_alpinist 2015-02-24 20:05:25 UTC 
Created attachment 994815 [details]
File: core_backtrace
Comment 4 skalaren_alpinist 2015-02-24 20:05:27 UTC 
Created attachment 994816 [details]
File: dso_list
Comment 5 skalaren_alpinist 2015-02-24 20:05:28 UTC 
Created attachment 994817 [details]
File: environ
Comment 6 skalaren_alpinist 2015-02-24 20:05:30 UTC 
Created attachment 994818 [details]
File: exploitable
Comment 7 skalaren_alpinist 2015-02-24 20:05:31 UTC 
Created attachment 994819 [details]
File: limits
Comment 8 skalaren_alpinist 2015-02-24 20:05:33 UTC 
Created attachment 994820 [details]
File: maps
Comment 9 skalaren_alpinist 2015-02-24 20:05:35 UTC 
Created attachment 994821 [details]
File: open_fds
Comment 10 skalaren_alpinist 2015-02-24 20:05:36 UTC 
Created attachment 994822 [details]
File: proc_pid_status
Comment 11 skalaren_alpinist 2015-02-24 20:05:37 UTC 
Created attachment 994823 [details]
File: var_log_messages
Comment 12 Wolfgang Ulbrich 2015-03-03 02:44:27 UTC 
Sorry, i can't reproduce it because my mouse dongle isn't show in mate-power-statistics.
But i've linked your report to another upstream report which looks similar to me.
https://github.com/mate-desktop/mate-power-manager/issues/129
Comment 13 Wolfgang Ulbrich 2015-03-03 14:46:52 UTC 
Please can you test this fixed upower scratch build?
http://koji.fedoraproject.org/koji/taskinfo?taskID=9132203
Comment 14 skalaren_alpinist 2015-03-03 16:43:00 UTC 
No, it crashes much the same way. Here's the top of the backtrace from gdb:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff725b7d6 in up_device_get_object_path (device=0x7ea8f0) at up-device.c:179
179             g_return_val_if_fail (UP_IS_DEVICE (device), NULL);
(gdb) bt
#0  0x00007ffff725b7d6 in up_device_get_object_path (device=0x7ea8f0) at up-device.c:179
#1  0x0000000000406747 in gpm_stats_device_removed_cb ()

It seems like the same issue persists. Moreover, it now crashes if I click on the "Mouse battery" entry - when the dongle is in place. This worked before, but now it aborts with:

Program received signal SIGABRT, Aborted.
0x00007ffff3c038c7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
55        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x00007ffff3c038c7 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007ffff3c0552a in __GI_abort () at abort.c:89
#2  0x00007ffff451f9b5 in g_assertion_message (domain=domain@entry=0x0, file=file@entry=0x40f30c "gpm-upower.c", line=line@entry=656, func=func@entry=0x40fa20 "gpm_device_state_to_localised_string", message=message@entry=0x7d4770 "code should not be reached") at gtestutils.c:2291
#3  0x00007ffff451fa4a in g_assertion_message_expr (domain=0x0, file=0x40f30c "gpm-upower.c", line=656, func=0x40fa20 "gpm_device_state_to_localised_string", expr=<optimized out>) at gtestutils.c:2306
#4  0x000000000040dc19 in  ()
#5  0x0000000000407b4b in gpm_stats_update_info_page_details ()
#6  0x0000000000407fa5 in gpm_stats_update_info_data_page ()
Comment 15 skalaren_alpinist 2015-03-03 16:43:45 UTC 
How can I build these packages myself? I might be able to fix the issue and submit a patch.
Comment 16 Wolfgang Ulbrich 2015-03-03 17:21:37 UTC 
(In reply to skalaren_alpinist from comment #15)
> How can I build these packages myself? I might be able to fix the issue and
> submit a patch.

Thank you, this is simple.
1. install rpm-build
2. download latest m-p-m srpm from koji https://kojipkgs.fedoraproject.org//packages/mate-power-manager/1.8.1/2.fc21/src/mate-power-manager-1.8.1-2.fc21.src.rpm
3. rpm -ivh mate-power-manager-1.8.1-2.fc21.src.rpm
Now you will find all needed files in /home/user/rpmbuild
4. Edit the spec file and add a '+' after the line '%patch0 -p1 -b .dbus'
This will break/stop the build at that point!
5. Do rpmbuild -ba mate-power-manger.spec
6. After the build is stopped with the '+' you'll find an extract folder under /home/user/rpmbuild/BUILD.
This folder you can use to create a patch.
7. Add the patch to spec file and /home/user/rpmbuild/SOURCES
8. remove the '+' from spec file and start the build again.

This is the way how i create patches.

PS: Can you provide a stacktrace with 'thread apply all bt full' please?
see http://fedoraproject.org/wiki/StackTraces#gdb
Comment 17 Wolfgang Ulbrich 2015-03-04 13:02:32 UTC 
Your trace shows the crash in https://github.com/mate-desktop/mate-power-manager/blob/master/src/gpm-upower.c#L621
That means the "state" argument contains some unknown value.
we don't handle the first enum value, UNKNOWN: http://cgit.freedesktop.org/upower/tree/libupower-glib/up-types.h#n54
This sratch build has a patch to fix that.
Can you please try http://koji.fedoraproject.org/koji/taskinfo?taskID=9136883  ?
Comment 18 Wolfgang Ulbrich 2015-03-04 17:59:05 UTC 
^^^^
Comment 19 Wilhelm.Buchmueller 2015-03-04 18:01:43 UTC 
Another user experienced a similar problem:

Removin battery while running.

reporter:       libreport-2.3.0
backtrace_rating: 4
cmdline:        /usr/bin/mate-power-statistics --device /org/freedesktop/UPower/devices/battery_BAT0
crash_function: up_device_get_object_path
executable:     /usr/bin/mate-power-statistics
kernel:         3.18.7-200.fc21.i686+PAE
package:        mate-power-manager-1.8.1-2.fc21
reason:         mate-power-statistics killed by SIGSEGV
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 20 Wilhelm.Buchmueller 2015-03-04 18:01:46 UTC 
Created attachment 997992 [details]
File: backtrace
Comment 21 Wolfgang Ulbrich 2015-03-04 18:20:53 UTC 
Can you please test both linked scratch builds (upower + matepower-manager) ?
comment 13 and 17
Comment 22 skalaren_alpinist 2015-03-06 22:39:13 UTC 
(In reply to Wolfgang Ulbrich from comment #17)
> Your trace shows the crash in
> https://github.com/mate-desktop/mate-power-manager/blob/master/src/gpm-
> upower.c#L621
> That means the "state" argument contains some unknown value.
> we don't handle the first enum value, UNKNOWN:
> http://cgit.freedesktop.org/upower/tree/libupower-glib/up-types.h#n54
> This sratch build has a patch to fix that.
> Can you please try
> http://koji.fedoraproject.org/koji/taskinfo?taskID=9136883  ?

No, the crash persists. I'll attach a full backtrace, as instructed.
Comment 23 skalaren_alpinist 2015-03-06 22:40:30 UTC 
Created attachment 999016 [details]
Full backtrace of the crash with mate-power-manager-1.8.1-3 and upower-0.99.2-2
Comment 24 Wolfgang Ulbrich 2015-03-07 12:51:36 UTC 
Can you check if upower itself can monitor you mouse?
upower --monitor-detail
Here you see why upower scratch build is needed.
https://bugzilla.redhat.com/show_bug.cgi?id=1128390
Comment 25 Wolfgang Ulbrich 2015-03-10 10:41:56 UTC 
Uptream ask you to try your device with a PC if you got one, to be shure that the issue isn't caused by to have 2 batterys (Laptop + mouse).
Sorry, it's a bit hard to debug a issue if anyone has a wireless mouse with battery statisits support.
Comment 26 Wolfgang Ulbrich 2015-03-10 12:48:13 UTC 
...next round of testing.
Upstream has fixed a missing port to upower-0.99.
http://koji.fedoraproject.org/koji/taskinfo?taskID=9191968
Please test it together with upower-0.99.2-2.
Comment 27 skalaren_alpinist 2015-03-13 11:22:59 UTC 
Tested with the requested versions:

# rpm -qa | egrep 'upower|mate-power-manager'
mate-power-manager-debuginfo-1.8.1-4.fc21.x86_64
upower-0.99.2-2.fc21.x86_64
upower-debuginfo-0.99.2-2.fc21.x86_64
upower-devel-0.99.2-2.fc21.x86_64
mate-power-manager-1.8.1-4.fc21.x86_64

The problem persists, the same crash as before.

upower alone monitors the mouse dongle disconnect:

[vesko@tank ~]$ upower --monitor-detail
Monitoring activity from the power daemon. Press Ctrl+C to cancel.
[13:12:03.027]  device removed:   /org/freedesktop/UPower/devices/mouse_0003o046DoC52Fx0008

... snip
this is followed by 12 (!) messages about "device changed" about the laptop battery: /org/freedesktop/UPower/devices/battery_BAT0

All messages come within 8 milliseconds.

Reconnecting the dongle is also noted:

[13:18:06.479]  device added:     /org/freedesktop/UPower/devices/mouse_0003o046DoC52Fx000A
  native-path:          /sys/devices/pci0000:00/0000:00:14.0/usb1/1-6/1-6:1.1/0003:046D:C52F.000A
  vendor:               Logitech, Inc.
  model:                M315/M235
  serial:               F0C2F2D8
  power supply:         no
  updated:              Fri 13 Mar 2015 01:18:06 PM EET (0 seconds ago)
  has history:          yes
  has statistics:       no
  mouse
    present:             no
    rechargeable:        yes
    state:               unknown
    warning-level:       none
    percentage:          0%
    icon-name:          'battery-missing-symbolic'
  History (charge):
    1426245486  0.000   unknown
  History (rate):
    1426245486  0.000   unknown
Comment 28 skalaren_alpinist 2015-03-13 11:29:09 UTC 
(In reply to Wolfgang Ulbrich from comment #25)
> Uptream ask you to try your device with a PC if you got one, to be shure
> that the issue isn't caused by to have 2 batterys (Laptop + mouse).
> Sorry, it's a bit hard to debug a issue if anyone has a wireless mouse with
> battery statisits support.

I don't have a stand-alone PC with Fedora 21. To test your idea, here's what I did. I disconnected my laptop battery (the laptop is plugged to AC power), now mate-power-statistics DOESN'T crash. It shows the mouse battery entry in the list. When you remove the dongle, it disappears from the list, when you reconnect it, it reappears. All works as expected, so your insight is probably correct.

A possibly unrelated problem is that mate-power-statistics no longer shows the correct info about the mouse battery. It used to be show it at 90% charge, now it lists "unknown state" and "Percentage" is 0%.
Comment 29 skalaren_alpinist 2015-03-13 11:37:09 UTC 
Just after posting the previous comment, another crash in mate-power-statistics with the same setup (just mouse, laptop battery removed).

To inspect further, I ran in through valgrind:

[vesko@tank ~]$ valgrind mate-power-statistics
==3809== Memcheck, a memory error detector
==3809== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==3809== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==3809== Command: mate-power-statistics
==3809== 
==3809== Invalid read of size 4
==3809==    at 0x4067A0: gpm_stats_device_removed_cb (gpm-statistics.c:1275)
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==3809==    by 0x57AE28B: up_client_glue_proxy_g_signal (up-client-glue.c:1326)
==3809==  Address 0x19827d18 is 8 bytes inside a block of size 32 free'd
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3809==    by 0x84767FE: g_free (gmem.c:190)
==3809==    by 0x848DC43: g_slice_free1 (gslice.c:1112)
==3809==    by 0x84458A4: ptr_array_free (garray.c:1103)
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)
==3809== 
==3809== Invalid read of size 8
==3809==    at 0x4067C2: gpm_stats_device_removed_cb (gpm-statistics.c:1276)
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==3809==    by 0x57AE28B: up_client_glue_proxy_g_signal (up-client-glue.c:1326)
==3809==  Address 0x19827d10 is 0 bytes inside a block of size 32 free'd
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)                                                                                                                                                     
==3809==    by 0x84767FE: g_free (gmem.c:190)                                                                                                                                                                                                 
==3809==    by 0x848DC43: g_slice_free1 (gslice.c:1112)                                                                                                                                                                                       
==3809==    by 0x84458A4: ptr_array_free (garray.c:1103)                                                                                                                                                                                      
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)                                                                                                                                                                                         
==3809==                                                                                                                                                                                                                                      
==3809== Invalid read of size 8                                                                                                                                                                                                               
==3809==    at 0x4067C8: gpm_stats_device_removed_cb (gpm-statistics.c:1277)                                                                                                                                                                  
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)                                                                                                                                                                  
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)                                                                                                                                                                               
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)                                                                                                                                                                               
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)                                                                                                                                                                                      
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)                                                                                                                                                                     
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)                                                                                                                                                                            
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)                                                                                                                                                                        
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)                                                                                                                                                                                   
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)                                                                                                                                                                             
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)                                                                                                                                                                                     
==3809==    by 0x57AE28B: up_client_glue_proxy_g_signal (up-client-glue.c:1326)                                                                                                                                                               
==3809==  Address 0x19865810 is 0 bytes inside a block of size 128 free'd                                                                                                                                                                     
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)                                                                                                                                                     
==3809==    by 0x84767FE: g_free (gmem.c:190)
==3809==    by 0x84458CA: ptr_array_free (garray.c:1089)
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)
==3809== 
==3809== Invalid read of size 4
==3809==    at 0x4067BB: gpm_stats_device_removed_cb (gpm-statistics.c:1275)
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==3809==    by 0x57AE28B: up_client_glue_proxy_g_signal (up-client-glue.c:1326)
==3809==  Address 0x19827d18 is 8 bytes inside a block of size 32 free'd
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3809==    by 0x84767FE: g_free (gmem.c:190)
==3809==    by 0x848DC43: g_slice_free1 (gslice.c:1112)
==3809==    by 0x84458A4: ptr_array_free (garray.c:1103)
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)
==3809== 
==3809== Invalid read of size 4
==3809==    at 0x8445266: g_ptr_array_remove_index_fast (garray.c:1224)
==3809==    by 0x4067E9: gpm_stats_device_removed_cb (gpm-statistics.c:1278)
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==3809==  Address 0x19827d18 is 8 bytes inside a block of size 32 free'd
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3809==    by 0x84767FE: g_free (gmem.c:190)
==3809==    by 0x848DC43: g_slice_free1 (gslice.c:1112)
==3809==    by 0x84458A4: ptr_array_free (garray.c:1103)
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)
==3809== 
==3809== Invalid read of size 8
==3809==    at 0x8445270: g_ptr_array_remove_index_fast (garray.c:1226)
==3809==    by 0x4067E9: gpm_stats_device_removed_cb (gpm-statistics.c:1278)
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==3809==  Address 0x19827d10 is 0 bytes inside a block of size 32 free'd
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3809==    by 0x84767FE: g_free (gmem.c:190)
==3809==    by 0x848DC43: g_slice_free1 (gslice.c:1112)
==3809==    by 0x84458A4: ptr_array_free (garray.c:1103)
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)
==3809== 
==3809== Invalid read of size 8
==3809==    at 0x8445276: g_ptr_array_remove_index_fast (garray.c:1226)
==3809==    by 0x4067E9: gpm_stats_device_removed_cb (gpm-statistics.c:1278)
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==3809==  Address 0x19865818 is 8 bytes inside a block of size 128 free'd
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3809==    by 0x84767FE: g_free (gmem.c:190)
==3809==    by 0x84458CA: ptr_array_free (garray.c:1089)
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)
==3809== 
==3809== Invalid read of size 8
==3809==    at 0x844527A: g_ptr_array_remove_index_fast (garray.c:1228)
==3809==    by 0x4067E9: gpm_stats_device_removed_cb (gpm-statistics.c:1278)
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==3809==  Address 0x19827d28 is 24 bytes inside a block of size 32 free'd
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3809==    by 0x84767FE: g_free (gmem.c:190)
==3809==    by 0x848DC43: g_slice_free1 (gslice.c:1112)
==3809==    by 0x84458A4: ptr_array_free (garray.c:1103)
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)
==3809== 
==3809== Invalid write of size 4
==3809==    at 0x84452A7: g_ptr_array_remove_index_fast (garray.c:1234)
==3809==    by 0x4067E9: gpm_stats_device_removed_cb (gpm-statistics.c:1278)
==3809==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==3809==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==3809==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==3809==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==3809==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==3809==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==3809==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==3809==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==3809==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==3809==  Address 0x19827d18 is 8 bytes inside a block of size 32 free'd
==3809==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3809==    by 0x84767FE: g_free (gmem.c:190)
==3809==    by 0x848DC43: g_slice_free1 (gslice.c:1112)
==3809==    by 0x84458A4: ptr_array_free (garray.c:1103)
==3809==    by 0x4062CE: main (gpm-statistics.c:1877)

This probably explains the sporadic crashes.
The exact sequence of events are as follows:

1) Laptop battery removed, laptop on AC power, mouse dongle is inserted and mouse is turned on
2) mate-power-statistics is ran through valgrind, shown above
3) mate-power-statistics powers up, showing three entries: AC Power, Mouse, and Processor. Mouse has the correct icon and is shown at 90% charge
4) unplug the dongle. valgrind spits all these error messages. No crash, but probably because of luck.
5) reconnect the dongle. No further valgrind messages, Mouse reappears at the bottom of the list (so now the order is AC Power, Processor and Mouse). Mouse is shown with a red icon as if the battery is empty, and is shown at 0%.

Hope that helps.
Comment 30 Wolfgang Ulbrich 2015-03-13 12:30:16 UTC 
Summary:
If both batterys are use it crashes and stacktrace looks same like https://bugzilla.redhat.com/attachment.cgi?id=999016 , right?
If not can you provide a new one for this case please?

Only using mouse battery doesn't crash always, but power value is wrong after plugout/in the tongle.
Can you try to create a stacktrace for this case if it crashes please?
It's easier for upstream to work with a stacktrace.

Thank you
Comment 31 skalaren_alpinist 2015-03-13 13:42:22 UTC 
Created attachment 1001380 [details]
Backtrace with mate-power-manager-1.8.1-4 and upower-0.99.2-2. Mouse battery only.

The backtrace for a crash in mate-power-statistics with mouse battery only.

To clarify: the % of mouse battery is now garbled most of the time, even if when you first start mate-power-statistics. It displays it correctly only intermittently. It was reporting 90% all the time, before I applied the updates you gave here, so this is a regression.
Comment 32 Wolfgang Ulbrich 2015-03-16 12:43:37 UTC 
next round of testing
http://koji.fedoraproject.org/koji/taskinfo?taskID=9242287
Please test with upower-0.99.2-2 ?
Comment 33 leigh scott 2015-03-17 12:21:56 UTC 
(In reply to Wolfgang Ulbrich from comment #32)
> next round of testing
> http://koji.fedoraproject.org/koji/taskinfo?taskID=9242287
> Please test with upower-0.99.2-2 ?

Works for me with a M525
Comment 34 Wolfgang Ulbrich 2015-03-18 18:43:34 UTC 
Dear reporter, upstream did help you a lot and is waiting for confirmation.
Please test.
Comment 35 skalaren_alpinist 2015-03-20 12:09:57 UTC 
Sorry for the delay.
Yes, it works for me as well - no crashes reported :)

There's a message, however, when you run mate-power-statistics in gdb:

(mate-power-statistics:6637): libupower-glib-CRITICAL **: up_device_get_object_path: assertion 'UP_IS_DEVICE (device)' failed

this is printed to the console when I unplug the dongle. More specifically:

1. I start mate-power-statistics with the mouse dongle plugged in.
2. I unplug the dongle, mate-power-statistics correctly detects the mouse is gone, the item is removed from the list of devices. No message is printed to the console.
3. Plug in the dongle again; device reappears in mate-power-statistics, no message is printed.
4. When I unplug, the above assertion is printed once.
5. A next round of plug and unplug - the above assertion is printed twice
6. Next round of plug and unplug - the above assertion is printed 3 times (all appear simultaneously)
7. Next round - message appears 4 times.

This may hint to some resource leak.

Also, now my mouse is listed at 0% and "unknown state" all the time. I guess the mouse can't really report the battery level (which seems reasonable for an alkaline battery), so I guess the 90% report I was seeing previously was fabricated; However, what's the use of showing the mouse device if the battery charge and consumption rate is not known anyway?
Comment 36 Wolfgang Ulbrich 2015-03-20 13:28:05 UTC 
(In reply to skalaren_alpinist from comment #35)
> Sorry for the delay.
> Yes, it works for me as well - no crashes reported :)
Thanks for testing.
> 
> There's a message, however, when you run mate-power-statistics in gdb:
> 
> (mate-power-statistics:6637): libupower-glib-CRITICAL **:
> up_device_get_object_path: assertion 'UP_IS_DEVICE (device)' failed
> 
> this is printed to the console when I unplug the dongle. More specifically:
> 
> 1. I start mate-power-statistics with the mouse dongle plugged in.
> 2. I unplug the dongle, mate-power-statistics correctly detects the mouse is
> gone, the item is removed from the list of devices. No message is printed to
> the console.
> 3. Plug in the dongle again; device reappears in mate-power-statistics, no
> message is printed.
> 4. When I unplug, the above assertion is printed once.
> 5. A next round of plug and unplug - the above assertion is printed twice
> 6. Next round of plug and unplug - the above assertion is printed 3 times
> (all appear simultaneously)
> 7. Next round - message appears 4 times.
> 
> This may hint to some resource leak.
I noticed that glib-gio warnings too on my PC (without any batteries).
We think that those are low level warnings somewhere from glib/gtk.
You see that with gnome-power-statistis too.
On my laptop with only a general battery i don't see this warnings.
> 
> Also, now my mouse is listed at 0% and "unknown state" all the time. I guess
> the mouse can't really report the battery level (which seems reasonable for
> an alkaline battery), so I guess the 90% report I was seeing previously was
> fabricated;
This might be possible, i think your device was the fist device from logitech with stats support.
We have feedback from other guys with much modern logiteck devices, where a value is displayed.
> However, what's the use of showing the mouse device if the
> battery charge and consumption rate is not known anyway?
I think your device sends characteristics that is able to provide power stats.
But whithout having a technical paper about this function it's hard to say something.
Unfortunately, logitech provide any information about.
Comment 37 Fedora Update System 2015-03-20 13:36:24 UTC 
mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21
Comment 38 Fedora Update System 2015-03-21 05:03:19 UTC 
Package mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-4350/mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21
then log in and leave karma (feedback).
Comment 39 skalaren_alpinist 2015-03-22 12:14:01 UTC 
Sorry, the fix (1.8.1-5 and the 1.8.2-0) don't really fix my issue. I was wrong in comment #35, the package keeps crashing, however not every time. When testing in #35, I tried twice and it worked, so I assumed the problem was fixed.

Backtrace, generated from 1.8.2.0 is attached. Also, the following valgrind warnings appear:

===========================================================================

[vesko@tank ~]$ valgrind mate-power-statistics
==7547== Memcheck, a memory error detector
==7547== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==7547== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==7547== Command: mate-power-statistics
==7547== 
==7547== Invalid read of size 8
==7547==    at 0x57AC7CE: up_device_get_object_path (up-device.c:179)
==7547==    by 0x4067C0: ??? (in /usr/bin/mate-power-statistics)
==7547==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==7547==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==7547==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==7547==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)
==7547==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==7547==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==7547==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==7547==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==7547==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==7547==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==7547==  Address 0x1a44d5b0 is 32 bytes inside a block of size 72 free'd
==7547==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7547==    by 0x84767FE: g_free (gmem.c:190)
==7547==    by 0x848DC43: g_slice_free1 (gslice.c:1112)
==7547==    by 0x7DBCD31: g_type_free_instance (gtype.c:1929)
==7547==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==7547==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)
==7547==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)
==7547==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)
==7547==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)
==7547==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)
==7547==    by 0x57AE28B: up_client_glue_proxy_g_signal (up-client-glue.c:1326)
==7547==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)
==7547== 
==7547== Invalid read of size 8
==7547==    at 0x7DBD966: g_type_check_instance_is_a (gtype.c:3964)
==7547==    by 0x57AC7E5: up_device_get_object_path (up-device.c:179)
==7547==    by 0x4067C0: ??? (in /usr/bin/mate-power-statistics)
==7547==    by 0x7D9D9AF: g_cclosure_marshal_VOID__STRINGv (gmarshal.c:1004)
==7547==    by 0x7D9AF63: _g_closure_invoke_va (gclosure.c:831)
==7547==    by 0x7DB4B5F: g_signal_emit_valist (gsignal.c:3218)
==7547==    by 0x7DB53AE: g_signal_emit (gsignal.c:3365)                                                                                                                                                                                      
==7547==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)                                                                                                                                                                     
==7547==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)                                                                                                                                                                            
==7547==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)                                                                                                                                                                        
==7547==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)                                                                                                                                                                                   
==7547==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)                                                                                                                                                                             
==7547==  Address 0x1a44d5b0 is 32 bytes inside a block of size 72 free'd                                                                                                                                                                     
==7547==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)                                                                                                                                                     
==7547==    by 0x84767FE: g_free (gmem.c:190)                                                                                                                                                                                                 
==7547==    by 0x848DC43: g_slice_free1 (gslice.c:1112)                                                                                                                                                                                       
==7547==    by 0x7DBCD31: g_type_free_instance (gtype.c:1929)                                                                                                                                                                                 
==7547==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)                                                                                                                                                                     
==7547==    by 0xB6C2817: ffi_call (in /usr/lib64/libffi.so.6.0.2)                                                                                                                                                                            
==7547==    by 0x7D9B553: g_cclosure_marshal_generic (gclosure.c:1448)                                                                                                                                                                        
==7547==    by 0x7D9AD34: g_closure_invoke (gclosure.c:768)                                                                                                                                                                                   
==7547==    by 0x7DACA41: signal_emit_unlocked_R (gsignal.c:3553)                                                                                                                                                                             
==7547==    by 0x7DB4200: g_signal_emitv (gsignal.c:3048)                                                                                                                                                                                     
==7547==    by 0x57AE28B: up_client_glue_proxy_g_signal (up-client-glue.c:1326)                                                                                                                                                               
==7547==    by 0xB6C2DAF: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2)                                                                                                                                                                     
==7547==                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                              
(mate-power-statistics:7547): libupower-glib-CRITICAL **: up_device_get_object_path: assertion 'UP_IS_DEVICE (device)' failed

========================================================================

Sequence of events:

1. Start mate-power-statistics under valgrind
2. Unplug the dongle. Nothing happens
3. Plug the dongle. Nothing happens
4. Unplug the dongle. The above errors are printed.

I guess the issue persists in a more subtle form.

Without valgrind, the crash occurs after the 4th or 5th disconnect of the dongle. Under valgrind, it never crashes, but I guess it's a chance thing. Moreover, no further error messages are generated. I guess the same invalid memory access occurs deterministically.
Comment 40 skalaren_alpinist 2015-03-22 12:15:20 UTC 
Created attachment 1005041 [details]
Backtrace with mate-power-manager-1.8.2.
Comment 41 Wolfgang Ulbrich 2015-03-22 12:36:02 UTC 
(In reply to skalaren_alpinist from comment #40)
> Created attachment 1005041 [details]
> Backtrace with mate-power-manager-1.8.2.

Hmm, is this with fixed upower version?
http://koji.fedoraproject.org/koji/buildinfo?buildID=621503
Comment 42 skalaren_alpinist 2015-03-23 13:15:26 UTC 
Yes. I had it with upower-0.99.2-2, but upgrading to 0.99.2-4 didn't change a thing.
Comment 43 Fedora Update System 2015-03-30 07:03:34 UTC 
mate-power-manager-1.8.2-0.1.git20150319.dc4d2c3.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 44 Fedora Admin XMLRPC Client 2015-06-17 22:26:34 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 45 Fedora End Of Life 2015-11-04 11:24:54 UTC 
This message is a reminder that Fedora 21 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 21. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '21'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 21 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 46 Fedora End Of Life 2015-12-02 09:25:09 UTC 
Fedora 21 changed to end-of-life (EOL) status on 2015-12-01. Fedora 21 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Note You need to log in before you can comment on or make changes to this bug.