I think I've worked out what is going on here (and which caused me to raise the erroneous bug 42285):
In ply_event_loop_process_pending_events(), ply_event_loop_handle_timeouts() is being called *after* epoll_wait(), but ply_event_loop_handle_timeouts() may free event sources. I can reliabily force plymouthd to SIGSEGV (in various parts of the code) by running the following: plymouth show-splash plymouth quit I'm seeing epoll_wait() return with a single valid fd event. ply_event_loop_handle_timeouts() then runs, and calls main.c:on_boot_splash_idle(). This causes the event source object referred to in the epoll_wait() event set to be freed and its reference count set to zero. After ply_event_loop_handle_timeouts() finishes, the now invalid source object pointed to by the epoll event data is referenced (it now has a reference_count of 1), and the invalid event is now processed with varying SIGSEGV scenarios ensuing. Currently ply_event_loop_process_pending_events() can be summarized as: 1. get events. 2. handle timeouts. 3. reference event sources. 4. process events. 5. unreference event sources. The attached patch changes this slightly to be effectively: 1. get events. 2. reference event sources. 3. handle timeouts. 4. process events. 5. unreference event sources. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/553745 Title: plymouthd crashed with SIGSEGV in ply_event_loop_process_pending_events() To manage notifications about this bug go to: https://bugs.launchpad.net/plymouth/+bug/553745/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
