Ubuntu
systemd package

systemctl assert failure: *** Error in `systemctl': double free or corruption (fasttop): 0x00007fa04bf00910 ***

Bug #1426588 reported by Anders Kaseorg
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
systemd
Won't Fix
Medium
systemd (Debian)
Fix Released
Unknown
systemd (Ubuntu)
Fix Released
Medium
Martin Pitt
Vivid
Fix Released
Medium
Martin Pitt

Bug Description

root@file-control:~# systemctl disable vmware-USBArbitrator
Synchronizing state for vmware-USBArbitrator.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d vmware-USBArbitrator defaults
insserv: Service localfs has to be enabled to start service vmware-USBArbitrator
insserv: exiting now!
update-rc.d: error: insserv rejected the script header
*** Error in `systemctl': double free or corruption (fasttop): 0x00007f4ad5bff910 ***
Aborted (core dumped)

SRU TEST CASE
=============
- Create a file /etc/init.d/broken with

#!/bin/sh
### BEGIN INIT INFO
# Provides: unknownservice
# Required-Start: localfs
# Required-Stop: localfs
# Default-Start: 2 3 4
# Default-Stop: 0 6
# Short-Description: unknown service
### END INIT INFO
true

- Make it executable: sudo chmod 755 /etc/init.d/broken
- Run "sudo systemctl enable broken.service". This will show the double-free corruption. Notice that the "insserv: Service localfs has to be enabled to start service unknownservice" is an honest error message which must stay, as the init.d script is broken (it meant to say "$local_fs" presumably).

ProblemType: Crash
DistroRelease: Ubuntu 15.04
Package: systemd 219-4ubuntu1
Uname: Linux 4.0.0-040000rc1-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.16.1-0ubuntu2
Architecture: amd64
AssertionMessage: *** Error in `systemctl': double free or corruption (fasttop): 0x00007fa04bf00910 ***
Date: Fri Feb 27 18:12:48 2015
ExecutablePath: /bin/systemctl
InstallationDate: Installed on 2014-08-22 (189 days ago)
InstallationMedia: Ubuntu-GNOME 14.10 "Utopic Unicorn" - Alpha amd64 (20140730)
MachineType: LENOVO 20349
ProcCmdline: systemctl disable vmware-USBArbitrator
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-4.0.0-040000rc1-generic root=/dev/mapper/fcntl-ubuntu ro rootflags=subvol=@ quiet splash init=/lib/systemd/systemd vt.handoff=7
Signal: 6
SourcePackage: systemd
StacktraceTop:
 __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7fa049a247a0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
 malloc_printerr (ptr=<optimized out>, str=0x7fa049a24968 "double free or corruption (fasttop)", action=1) at malloc.c:4996
 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
 ?? ()
 ?? ()
Title: systemctl assert failure: *** Error in `systemctl': double free or corruption (fasttop): 0x00007fa04bf00910 ***
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: sbuild
dmi.bios.date: 08/18/2014
dmi.bios.vendor: LENOVO
dmi.bios.version: 9ECN31WW(V1.14)
dmi.board.asset.tag: 31900058Std
dmi.board.name: Lenovo Y50-70 Touch
dmi.board.vendor: LENOVO
dmi.board.version: 31900058Std
dmi.chassis.asset.tag: 31900058Std
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo Y50-70 Touch
dmi.modalias: dmi:bvnLENOVO:bvr9ECN31WW(V1.14):bd08/18/2014:svnLENOVO:pn20349:pvrLenovoY50-70Touch:rvnLENOVO:rnLenovoY50-70Touch:rvr31900058Std:cvnLENOVO:ct10:cvrLenovoY50-70Touch:
dmi.product.name: 20349
dmi.product.version: Lenovo Y50-70 Touch
dmi.sys.vendor: LENOVO

See original description
Revision history for this message
Anders Kaseorg (andersk) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7fa049a247a0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
 malloc_printerr (ptr=<optimized out>, str=0x7fa049a24968 "double free or corruption (fasttop)", action=1) at malloc.c:4996
 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
 freep () at ../src/shared/util.h:673
 enable_sysv_units.lto_priv.393 (verb=0x6a19 <error: Cannot access memory at address 0x6a19>, args=0x7fa04bf00980) at ../src/systemctl/systemctl.c:5141

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in systemd (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Anders Kaseorg (andersk)
information type: Private → Public
Revision history for this message
In , Cristian Aravena Romero (caravena) wrote :
Download full text (13.1 KiB)

Open bug in launchpad.net
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1426588

Package: systemd 219-4ubuntu1

"root@file-control:~# systemctl disable vmware-USBArbitrator
Synchronizing state for vmware-USBArbitrator.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d vmware-USBArbitrator defaults
insserv: Service localfs has to be enabled to start service vmware-USBArbitrator
insserv: exiting now!
update-rc.d: error: insserv rejected the script header
*** Error in `systemctl': double free or corruption (fasttop): 0x00007f4ad5bff910 ***
Aborted (core dumped)"

Backtrace:
#0 0x00007fa0498d9e37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
        resultvar = 0
        pid = 27161
        selftid = 27161
#1 0x00007fa0498db528 in __GI_abort () at abort.c:89
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x7ffdd4fcac60, sa_sigaction = 0x7ffdd4fcac60}, sa_mask = {__val = {25, 2, 32, 0, 140326405660588, 207000974387, 356482285568, 377957122134, 140326409213792, 4112, 0, 140326445517520, 140326445517328, 140326445517520, 140326405815688, 140728176781600}}, sa_flags = 4096, sa_restorer = 0xffff80022b0356b1}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007fa04991b7a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7fa049a247a0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
        ap = {{gp_offset = 40, fp_offset = 32672, overflow_arg_area = 0x7ffdd4fcab60, reg_save_area = 0x7ffdd4fcaaf0}}
        fd = 4
        on_2 = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
        written = <optimized out>
#3 0x00007fa049922db6 in malloc_printerr (ptr=<optimized out>, str=0x7fa049a24968 "double free or corruption (fasttop)", action=1) at malloc.c:4996
        buf = "00007fa04bf00910"
        cp = <optimized out>
#4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
        size = <optimized out>
        fb = <optimized out>
        nextchunk = <optimized out>
        nextsize = <optimized out>
        nextinuse = <optimized out>
        prevsize = <optimized out>
        bck = <optimized out>
        fwd = <optimized out>
        errstr = <optimized out>
        locked = <optimized out>
#5 0x00007fa04a0c1730 in freep () at ../src/shared/util.h:673
No locals.
#6 enable_sysv_units.lto_priv.393 (verb=0x6a19 <error: Cannot access memory at address 0x6a19>, args=0x7fa04bf00980) at ../src/systemctl/systemctl.c:5141
        p = 0x7fa04bf00be0 "/etc/init.d/vmware-USBArbitrator"
        status = {si_signo = 17, si_errno = 0, si_code = 1, _sifields = {_pad = {27162, 0, 1, 0 <repeats 25 times>}, _kill = {si_pid = 27162, si_uid = 0}, _timer = {si_tid = 27162, si_overrun = 0, si_sigval = {sival_int = 1, sival_ptr = 0x1}}, _rt = {si_pid = 27162, si_uid = 0, si_sigval = {sival_int = 1, sival_ptr = 0x1}}, _sigchld = {si_pid = 27162, si_uid = 0, si_status = 1, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x6a1a, si_addr_lsb = 1}, _sigpoll = {si_band = 27162, si_fd = 1}, _sigsys = {_call_addr = 0x6a1a, _syscall = 1, _arch = ...

Bug Watch Updater (bug-watch-updater)
Changed in systemd:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
In , Zbigniew Jędrzejewski-Szmek (zbyszek-in) wrote :

This seems to be Debian/Ubuntu specific patch to support update-rc.d.

Bug Watch Updater (bug-watch-updater)
Changed in systemd:
status: Confirmed → Won't Fix
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

Fixed in http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=experimental&id=172c0162fb6

Changed in systemd (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
status: Confirmed → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Anders, would you mind attaching your /etc/init.d/vmware-USBArbitrator ? I'd like to actually reproduce this crash, so that I can write an SRU test case and fix this in vivid-updates.

Revision history for this message
Anders Kaseorg (andersk) wrote :

Sure, here it is.

Martin Pitt (pitti)
description: updated
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Anders, or anyone else affected,

Accepted systemd into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/219-7ubuntu4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Revision history for this message
Martin Pitt (pitti) wrote :

I ran the test case with the package from vivid-proposed, and confirm that systemctl now stops crashing.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 219-7ubuntu4

---------------
systemd (219-7ubuntu4) vivid; urgency=medium

  * hwdb: Fix wireless switch on Dell Latitude (LP: #1441849)
  * Fix assertion crash when reading a service file with missing ' and
    trailing space. (LP: #1447243)
  * Fix double free crash in "systemctl enable" when calling update-rc.d and
    the latter fails. (LP: #1426588)
 -- Martin Pitt <email address hidden> Thu, 23 Apr 2015 11:14:16 +0100

Changed in systemd (Ubuntu Vivid):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for systemd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Bug Watch Updater (bug-watch-updater)
Changed in systemd (Debian):
status: Unknown → Incomplete
Bug Watch Updater (bug-watch-updater)
Changed in systemd (Debian):
status: Incomplete → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in systemd (Debian):
status: Confirmed → Fix Released
Revision history for this message
Abteen (ab-sh16) wrote :

I'm not already done!!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.