[Bug 793678] Re: gnome-settings-daemon crashed with SIGSEGV in dlopen_doit()

Launchpad Bug Tracker 793678 at bugs.launchpad.net
Tue Nov 1 04:17:59 UTC 2011


[Expired for gnome-settings-daemon (Ubuntu) because there has been no
activity for 60 days.]

** Changed in: gnome-settings-daemon (Ubuntu)
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/793678

Title:
  gnome-settings-daemon crashed with SIGSEGV in dlopen_doit()

Status in “eglibc” package in Ubuntu:
  Expired
Status in “gnome-settings-daemon” package in Ubuntu:
  Expired

Bug description:
  Binary package hint: gnome-settings-daemon

  I've had gnome-settings-daemon crashing intermittently since Maverick, but after installing Natty I've found a way to crash it reproducibly.  Apport does not produce a complete stacktrace because of bug #793292, so here is the relevant part of the stack trace:
  #0  0x00007fa2ca2ef937 in elf_machine_rela (scope=0x1e31a90,
      reloc_mode=<value optimized out>, consider_profiling=0)
      at ../sysdeps/x86_64/dl-machine.h:295
  #1  elf_dynamic_do_rela (scope=0x1e31a90, reloc_mode=<value optimized out>,
      consider_profiling=0) at do-rel.h:120
  #2  _dl_relocate_object (scope=0x1e31a90, reloc_mode=<value optimized out>,
      consider_profiling=0) at dl-reloc.c:268
  #3  0x00007fa2ca2f6db6 in dl_open_worker (a=0x7fff3acb07f0) at dl-open.c:339
  #4  0x00007fa2ca2f2746 in _dl_catch_error (objname=0x7fff3acb0840,
      errstring=0x7fff3acb0838, mallocedp=0x7fff3acb084f,
      operate=0x7fa2ca2f6b30 <dl_open_worker>, args=0x7fff3acb07f0)
      at dl-error.c:178
  #5  0x00007fa2ca2f73fa in _dl_open (file=0x7fa2c823b410 "libXcursor.so.1",
      mode=-2147483647, caller_dlopen=0x7fa2c7f213c2, nsid=-2, argc=2,
      argv=<value optimized out>, env=0x7fff3acb1720) at dl-open.c:555
  #6  0x00007fa2c5c89f16 in dlopen_doit (a=0x7fff3acb0a10) at dlopen.c:67
  #7  0x00007fa2ca2f2746 in _dl_catch_error (objname=0x1da32e0,
      errstring=0x1da32e8, mallocedp=0x1da32d8,
      operate=0x7fa2c5c89eb0 <dlopen_doit>, args=0x7fff3acb0a10)
      at dl-error.c:178
  #8  0x00007fa2c5c8a52c in _dlerror_run (operate=0x7fa2c5c89eb0 <dlopen_doit>,
      args=0x7fff3acb0a10) at dlerror.c:164
  #9  0x00007fa2c5c89fc1 in __dlopen (file=<value optimized out>,
      mode=<value optimized out>) at dlopen.c:88

  The bad pointer seems to be supplied at frame #1, elf_dynamic_do_rela(), line 120 in file do-rel.h:
  	      elf_machine_rel (map, r, &symtab[ELFW(R_SYM) (r->r_info)],
  			       &map->l_versions[ndx],
  			       (void *) (l_addr + r->r_offset));

  map->l_versions is NULL, and ndx is 6, so the function is passed an invalid pointer with an address of 6 * sizeof(map->l_versions).  Since there is a null check in the function being called, one possible solution is that the fourth parameter could be
      map->l_versions ? &map->l_versions[ndx] : NULL
  but I'm not familiar enough with this code to know if that is the right thing to do.  I'm especially curious about whether it's valid in the first place for ndx to be nonzero if l_versions is NULL.

  Even though the library to be dlopened is libXcursor, the crash
  apparently happens while processing the link_map of libsndfile.  I've
  verified that there is only one libsndfile on my machine, and debsums
  indicates that all the files in the libsndfile1 are unaltered, so it
  doesn't seem to be due to corruption on my machine.

  ProblemType: Crash
  DistroRelease: Ubuntu 11.04
  Package: gnome-settings-daemon 2.32.1-0ubuntu13.1
  ProcVersionSignature: Ubuntu 2.6.38-8.42~ppa3-generic-tuxonice 2.6.38.2
  Uname: Linux 2.6.38-8-generic-tuxonice x86_64
  NonfreeKernelModules: nvidia
  Architecture: amd64
  CrashCounter: 1
  Date: Sat Jun  4 20:49:57 2011
  ExecutablePath: /usr/lib/gnome-settings-daemon/gnome-settings-daemon
  ProcCmdline: /usr/lib/gnome-settings-daemon/gnome-settings-daemon --gconf-prefix=/apps/gdm/simple-greeter/settings-manager-plugins
  ProcEnviron:
   LANG=en_US.UTF-8
   SHELL=/bin/false
   PATH=(custom, no user)
  SegvAnalysis:
   Segfault happened at: 0x7fbaf2ab9937:	mov    0x8(%r8),%edx
   PC (0x7fbaf2ab9937) ok
   source "0x8(%r8)" (0x00000068) not located in a known VMA region (needed readable region)!
   destination "%edx" ok
  SegvReason: reading NULL VMA
  Signal: 11
  SourcePackage: gnome-settings-daemon
  StacktraceTop:
   ?? () from /lib64/ld-linux-x86-64.so.2
   ?? () from /lib64/ld-linux-x86-64.so.2
   ?? () from /lib64/ld-linux-x86-64.so.2
   ?? () from /lib64/ld-linux-x86-64.so.2
   dlopen_doit (a=0x7fff6e91f090) at dlopen.c:67
  Title: gnome-settings-daemon crashed with SIGSEGV in dlopen_doit()
  UpgradeStatus: Upgraded to natty on 2011-06-04 (1 days ago)
  UserGroups:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/793678/+subscriptions




More information about the foundations-bugs mailing list