colord crashed with SIGSEGV in cd_device_register_object()

Bug #1021374 reported by Sushant on 2012-07-05
This bug affects 244 people
Affects Status Importance Assigned to Milestone
Colord
Confirmed
Medium
colord (Debian)
Fix Released
Unknown
colord (Ubuntu)
Medium
Chris Halse Rogers
Precise
Undecided
Unassigned
Quantal
Medium
Chris Halse Rogers

Bug Description

crashes at startup

colord crashed with SIGSEGV in cd_device_register_object()

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: colord 0.1.21-1
ProcVersionSignature: Ubuntu 3.5.0-3.3-generic 3.5.0-rc5
Uname: Linux 3.5.0-3-generic x86_64
ApportVersion: 2.2.5-0ubuntu2
Architecture: amd64
CrashCounter: 1
Date: Thu Jul 5 09:30:50 2012
ExecutablePath: /usr/lib/x86_64-linux-gnu/colord/colord
ProcCmdline: /usr/lib/x86_64-linux-gnu/colord/colord
ProcEnviron:

SegvAnalysis:
 Segfault happened at: 0x40b1dd <cd_device_register_object+157>: mov 0x8(%rax),%rbx
 PC (0x0040b1dd) ok
 source "0x8(%rax)" (0x00000008) not located in a known VMA region (needed readable region)!
 destination "%rbx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: colord
StacktraceTop:
 cd_device_register_object ()
 ?? ()
 ?? ()
 ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
 g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
Title: colord crashed with SIGSEGV in cd_device_register_object()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

Download full text (14.7 KiB)

On Debian Sid/unstable with colord 0.1.21-1 installed the daemon segfaults with the backtrace pasted below [1].

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675852

Starting program: /usr/lib/x86_64-linux-gnu/colord/colord
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff4f46700 (LWP 6176)]
[New Thread 0x7ffff4745700 (LWP 6177)]
[Thread 0x7ffff4f46700 (LWP 6176) exited]
[New Thread 0x7ffff4f46700 (LWP 6329)]

Program received signal SIGSEGV, Segmentation fault.
cd_device_register_object (device=0x69b1b0, connection=0x670020, info=0x669650, error=0x7fffffffe328) at cd-device.c:1474
1474 g_set_error (error,
#0 cd_device_register_object (device=0x69b1b0, connection=0x670020, info=0x669650, error=0x7fffffffe328) at cd-device.c:1474
#1 0x000000000041738c in cd_main_device_register_on_bus (device=0x69b1b0, error=0x7fffffffe328) at cd-main.c:399
#2 0x000000000041869f in cd_main_daemon_method_call (connection_=0x670020, sender=0x7fffec004b30 ":1.158", object_path=0x7fffec006d10 "/org/freedesktop/ColorManager", interface_name=0x7fffec007820 "org.freedesktop.ColorManager", method_name=0x7fffec006ed0 "CreateDevice", parameters=0x7fffec016b20, invocation=invocation@entry=0x6a4c60, user_data=user_data@entry=0x0) at cd-main.c:1032
#3 0x00007ffff7027915 in call_in_idle_cb (user_data=0x6a4c60) at /tmp/buildd/glib2.0-2.32.3/./gio/gdbusconnection.c:4687
#4 0x00007ffff6660205 in g_main_dispatch (context=0x636de0) at /tmp/buildd/glib2.0-2.32.3/./glib/gmain.c:2539
#5 g_main_context_dispatch (context=context@entry=0x636de0) at /tmp/buildd/glib2.0-2.32.3/./glib/gmain.c:3075
#6 0x00007ffff6660538 in g_main_context_iterate (context=0x636de0, block=block@entry=1, dispatch=dispatch@entry=1, self=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at /tmp/buildd/glib2.0-2.32.3/./glib/gmain.c:3146
#7 0x00007ffff6660932 in g_main_loop_run (loop=0x6368b0) at /tmp/buildd/glib2.0-2.32.3/./glib/gmain.c:3340
#8 0x000000000041a25a in main (argc=1, argv=0x7fffffffe6c8) at cd-main.c:1964
#0 cd_device_register_object (device=0x69b1b0, connection=0x670020, info=0x669650, error=0x7fffffffe328) at cd-device.c:1474
        error_local = 0x0
        ret = 0
        interface_vtable = {method_call = 0x40b1a9 <cd_device_dbus_method_call>, get_property = 0x40bde9 <cd_device_dbus_get_property>, set_property = 0, padding = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
#1 0x000000000041738c in cd_main_device_register_on_bus (device=0x69b1b0, error=0x7fffffffe328) at cd-main.c:399
        ret = 0
#2 0x000000000041869f in cd_main_daemon_method_call (connection_=0x670020, sender=0x7fffec004b30 ":1.158", object_path=0x7fffec006d10 "/org/freedesktop/ColorManager", interface_name=0x7fffec007820 "org.freedesktop.ColorManager", method_name=0x7fffec006ed0 "CreateDevice", parameters=0x7fffec016b20, invocation=invocation@entry=0x6a4c60, user_data=user_data@entry=0x0) at cd-main.c:1032
        device = 0x69b1b0
        scope = CD_OBJECT_SCOPE_TEMP
        profile = 0x0
        prop_key = 0x6c28c0 "Kind"
        prop_value = 0x6c28c5 "display"
        register_on_bus = 1
        re...

It looks like g_dbus_connection_register_object() is returning 0 and not setting a GError... Do you have any critical warnings on the console when you run /usr/libexec/colord manually?

Download full text (3.6 KiB)

(In reply to comment #1)
> It looks like g_dbus_connection_register_object() is returning 0 and not
> setting a GError... Do you have any critical warnings on the console when you
> run /usr/libexec/colord manually?

I cannot see any critical messages when running it manually.

$ LANG=C sudo /usr/lib/i386-linux-gnu/colord/colord -v
14:18:26 Verbose debugging enabled (on console 1)
14:18:26 CdMappingDb: trying to open database '/var/lib/colord/mapping.db'
14:18:26 CdDeviceDb: trying to open database '/var/lib/colord/storage.db'
14:18:26 CdMain: acquired name: org.freedesktop.ColorManager
14:18:26 new profile (/usr/share/color/icc/pigment/CMY.icm) has no DICT tag
14:18:26 /usr/share/color/icc/pigment/CMY.icm has no profile-id nor FILE_checksum, falling back to slow MD5
14:18:26 CdProfileStore: parsed new profile '/usr/share/color/icc/pigment/CMY.icm'
14:18:26 CdProfileStore: emit added (and changed): /usr/share/color/icc/pigment/CMY.icm
14:18:27 CdMain: Adding profile /org/freedesktop/ColorManager/profiles/icc_781f6f71344167d3526631689139f109
14:18:27 CdMain: Emitting ProfileAdded(/org/freedesktop/ColorManager/profiles/icc_781f6f71344167d3526631689139f109)
14:18:27 new profile (/usr/share/color/icc/pigment/fogra27l.icm) has no DICT tag
14:18:27 /usr/share/color/icc/pigment/fogra27l.icm has no profile-id nor FILE_checksum, falling back to slow MD5
14:18:27 CdProfileStore: parsed new profile '/usr/share/color/icc/pigment/fogra27l.icm'
14:18:27 CdProfileStore: emit added (and changed): /usr/share/color/icc/pigment/fogra27l.icm
14:18:27 CdMain: Adding profile /org/freedesktop/ColorManager/profiles/icc_e729b445abc89051fe8ba7c6d8e9b127
14:18:27 CdMain: Emitting ProfileAdded(/org/freedesktop/ColorManager/profiles/icc_e729b445abc89051fe8ba7c6d8e9b127)
14:18:27 Adding metadata CMF_version=0.1.20
14:18:27 Adding metadata CMF_binary=../client/cd-create-profile
14:18:27 Adding metadata CMF_product=colord
14:18:27 CdProfileStore: parsed new profile '/usr/share/color/icc/colord/crayons.icc'
14:18:27 CdProfileStore: emit added (and changed): /usr/share/color/icc/colord/crayons.icc
14:18:27 CdMain: Adding profile /org/freedesktop/ColorManager/profiles/icc_0f39f5fa24e4d40877f5e3041a8ce646
14:18:27 CdMain: Emitting ProfileAdded(/org/freedesktop/ColorManager/profiles/icc_0f39f5fa24e4d40877f5e3041a8ce646)
14:18:27 Adding metadata CMF_version=0.1.20
14:18:27 Adding metadata CMF_binary=../client/cd-create-profile
14:18:27 Adding metadata CMF_product=colord
14:18:27 CdProfileStore: parsed new profile '/usr/share/color/icc/colord/x11-colors.icc'
14:18:27 CdProfileStore: emit added (and changed): /usr/share/color/icc/colord/x11-colors.icc
14:18:27 CdMain: Adding profile /org/freedesktop/ColorManager/profiles/icc_bb61e89d71848368bd09d855b5ce4478
14:18:27 CdMain: Emitting ProfileAdded(/org/freedesktop/ColorManager/profiles/icc_bb61e89d71848368bd09d855b5ce4478)
14:18:27 CdProfileStore: failed to open: Error opening directory '/usr/local/share/color/icc': No such file or directory
14:18:27 CdProfileStore: failed to open: Error opening directory '/Library/ColorSync/Profiles/Displays': No such file or directory
14:18:27 CdProfileStore: failed to open: Error opening directory...

Read more...

Sushant (sushant25284) wrote :

StacktraceTop:
 cd_device_register_object (device=device@entry=0x11ce280, connection=<optimized out>, info=<optimized out>, error=0x7fffb0d87bb0) at cd-device.c:1474
 cd_main_device_register_on_bus (device=0x11ce280, error=<optimized out>) at cd-main.c:399
 cd_main_daemon_method_call (connection_=<optimized out>, sender=<optimized out>, object_path=<optimized out>, interface_name=interface_name@entry=0x7f1458005100 "org.freedesktop.ColorManager", method_name=method_name@entry=0x7f1458005090 "CreateDevice", parameters=<optimized out>, invocation=invocation@entry=0x7f1458004000, user_data=user_data@entry=0x0) at cd-main.c:1032
 call_in_idle_cb (user_data=<optimized out>) at /build/buildd/glib2.0-2.33.3/./gio/gdbusconnection.c:4737
 g_main_dispatch (context=0x117c5c0) at /build/buildd/glib2.0-2.33.3/./glib/gmain.c:2539

Changed in colord (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in colord (Ubuntu):
status: New → Confirmed
visibility: private → public
Jens Kehne (jkehne) wrote :

I believe the same thing just happened to me on precise

tags: added: precise
Rainer Rohde (rainer-rohde) wrote :

Happened to me shortly after logging in to Alpha 2 of 12.10.

tags: added: rls-q-incoming
tags: added: bugpattern-needed
tags: added: qa-manual-testing

We have the same on Ubuntu bugtracker. In moment 80 people have registered for beeing affected.

https://bugs.launchpad.net/ubuntu/+source/colord/+bug/1021374

Veresions, stacktraces and others can be found there.

Changed in colord (Ubuntu):
importance: Medium → High
Changed in colord:
importance: Unknown → Medium
status: Unknown → Confirmed
miked (miked11) wrote :
Nice Testhouse (testhouse) wrote :

Week 34- Same issue observed on ubuntu 12.10 Quantal with ppa:timo-jyrinki/prerelease

Changed in colord (Debian):
status: Unknown → Confirmed
Sebastien Bacher (seb128) wrote :

Hey Chris, could you look into that issue? It's affect lot of our users

Changed in colord (Ubuntu):
assignee: nobody → Chris Halse Rogers (raof)
tags: removed: rls-q-incoming
Chris Halse Rogers (raof) wrote :

Oh, would you look at that!

This is a combination of colord being insufficiently paranoid - it assumes that if g_dbus_connection_register_object returns 0 then it has set error, which is not true; there are a variety of ways that g_dbus_connection_register_object can return 0 without setting error (this is arguably a GDBus bug).

The particular way that's easy to hit is if you use a guest session; colord appends the user's name on to the object path of the xrandr device it tries to register. For most cases this is fine, but there are plenty of usernames that aren't valid in a DBus object path - our “guest-$RANDOM_CHARACERS” is one, as ‘-’ is not valid in an object path.

Changed in colord (Ubuntu Quantal):
status: Confirmed → Triaged
tags: added: i386
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in colord (Ubuntu Precise):
status: New → Confirmed
Didier Roche (didrocks) on 2012-09-13
Changed in colord (Ubuntu Quantal):
importance: High → Medium
milestone: none → ubuntu-12.10
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package colord - 0.1.21-1ubuntu1

---------------
colord (0.1.21-1ubuntu1) quantal; urgency=low

  * Parallel upload of 0.1.21-2 to quantal
  * debian/patches/also_sanitise_username_for_dbus.patch:
    - Sanitise username when used as a component of a DBus object path.
      Fixes crash in cd_device_register_object (Closes: 675852) (LP: #1021374)
  * debian/patches/fix_colord-sane_dbus_threading.patch:
    - Initialise libdbus threadsafety in colord-sane. (Probably) fixes multiple
      crashes from colord-sane in libdbus (LP: #844286). Plausibly fixes other
      bad colord-sane behaviour, such as 100% CPU usage (Closes: 668325)
  * debian/rules:
  * debian/control:
    - Add dh_autoreconf to pick up the build system changes from
      fix_colord-sane_dbus_threading.patch and add all the various
      build-depends required.
 -- Christopher James Halse Rogers <email address hidden> Wed, 12 Sep 2012 18:28:06 +1000

Changed in colord (Ubuntu Quantal):
status: Triaged → Fix Released
description: updated
Changed in colord (Ubuntu Precise):
status: Confirmed → Invalid
description: updated
Changed in colord (Debian):
status: Confirmed → Fix Released
sordna (sordna) wrote :
Download full text (29.3 KiB)

I just experienced this crash on my 64-bit Xubuntu 12.10 installation. colord version is 0.1.21-1ubuntu2
Crash report:

ProblemType: Crash
Architecture: amd64
Date: Wed Jan 16 14:29:28 2013
DistroRelease: Ubuntu 12.10
ExecutablePath: /usr/lib/x86_64-linux-gnu/colord/colord
ExecutableTimestamp: 1349864942
ProcCmdline: /usr/lib/x86_64-linux-gnu/colord/colord
ProcCwd: /
ProcEnviron:
ProcMaps:
 00400000-0041f000 r-xp 00000000 08:03 15255878 /usr/lib/x86_64-linux-gnu/colord/colord
 0061f000-00620000 r--p 0001f000 08:03 15255878 /usr/lib/x86_64-linux-gnu/colord/colord
 00620000-00621000 rw-p 00020000 08:03 15255878 /usr/lib/x86_64-linux-gnu/colord/colord
 00844000-008b1000 rw-p 00000000 00:00 0 [heap]
 7f130c000000-7f130c021000 rw-p 00000000 00:00 0
 7f130c021000-7f1310000000 ---p 00000000 00:00 0
 7f1310000000-7f1310022000 rw-p 00000000 00:00 0
 7f1310022000-7f1314000000 ---p 00000000 00:00 0
 7f1314000000-7f1314022000 rw-p 00000000 00:00 0
 7f1314022000-7f1318000000 ---p 00000000 00:00 0
 7f1318356000-7f1318357000 ---p 00000000 00:00 0
 7f1318357000-7f1318b57000 rw-p 00000000 00:00 0 [stack:1635]
 7f1318b57000-7f1318b63000 r-xp 00000000 08:03 12207776 /lib/x86_64-linux-gnu/libnss_files-2.15.so
 7f1318b63000-7f1318d62000 ---p 0000c000 08:03 12207776 /lib/x86_64-linux-gnu/libnss_files-2.15.so
 7f1318d62000-7f1318d63000 r--p 0000b000 08:03 12207776 /lib/x86_64-linux-gnu/libnss_files-2.15.so
 7f1318d63000-7f1318d64000 rw-p 0000c000 08:03 12207776 /lib/x86_64-linux-gnu/libnss_files-2.15.so
 7f1318d64000-7f1318d6e000 r-xp 00000000 08:03 12207772 /lib/x86_64-linux-gnu/libnss_nis-2.15.so
 7f1318d6e000-7f1318f6e000 ---p 0000a000 08:03 12207772 /lib/x86_64-linux-gnu/libnss_nis-2.15.so
 7f1318f6e000-7f1318f6f000 r--p 0000a000 08:03 12207772 /lib/x86_64-linux-gnu/libnss_nis-2.15.so
 7f1318f6f000-7f1318f70000 rw-p 0000b000 08:03 12207772 /lib/x86_64-linux-gnu/libnss_nis-2.15.so
 7f1318f70000-7f1318f87000 r-xp 00000000 08:03 12207788 /lib/x86_64-linux-gnu/libnsl-2.15.so
 7f1318f87000-7f1319186000 ---p 00017000 08:03 12207788 /lib/x86_64-linux-gnu/libnsl-2.15.so
 7f1319186000-7f1319187000 r--p 00016000 08:03 12207788 /lib/x86_64-linux-gnu/libnsl-2.15.so
 7f1319187000-7f1319188000 rw-p 00017000 08:03 12207788 /lib/x86_64-linux-gnu/libnsl-2.15.so
 7f1319188000-7f131918a000 rw-p 00000000 00:00 0
 7f131918a000-7f1319192000 r-xp 00000000 08:03 12207777 /lib/x86_64-linux-gnu/libnss_compat-2.15.so
 7f1319192000-7f1319391000 ---p 00008000 08:03 12207777 /lib/x86_64-linux-gnu/libnss_compat-2.15.so
 7f1319391000-7f1319392000 r--p 00007000 08:03 12207777 /lib/x86_64-linux-gnu/libnss_compat-2.15.so
 7f1319392000-7f1319393000 rw-p 00008000 08:03 12207777 /lib/x86_64-linux-gnu/libnss_compat-2.15.so
 7f1319393000-7f1319394000 ---p 00000000 00:00 0
 7...

I received the same error today on Ubuntu 12.04 LTS 64-bit 3.8.0-34-generic. Not happy. Crashed my whole system while in the middle of something...

To post a comment you must log in.