colord crashed with SIGSEGV in dbus_message_get_reply_serial()

Bug #844286 reported by Timo Kyyrö on 2011-09-07
This bug affects 542 people
Affects Status Importance Assigned to Milestone
colord-gtk (Ubuntu)
Medium
Chris Halse Rogers
Precise
Undecided
Chris Halse Rogers
Quantal
Medium
Chris Halse Rogers

Bug Description

[Impact]
This causes frequent crashes of the colord daemon for some users. For most users, the visible result of this will be an apport popup. For users who have calibrated their monitors, this will unset the calibration, causing the screen colours to change.

[Test Case]
I'm not able to reproduce this myself. However, this crash (and crashes like it) are pretty much *all* of the colord crash reports for 0.1.16-2 on errors.ubuntu.com.

This should cook in -proposed until we're reasonably certain that these crashes no longer show up there.

[Regression Potential]
Low. The upload adds a single call to dbus_threads_init_default() at the start of main. Given that colord is currently using libdbus without threadsafe support, enabling threadsafe support is unlikely to break anything.

There is no explicit synchronisation between the dbus-using threads, so deadlocks are unlikely.

The colord daemon is run as an unprivileged user, so even in the incredibly unlikely event that this opens a security hole it's a limited threat.

[Development release]
This code is split out of the colord daemon in the development release; the same fix applies to colord-sane, however, and will be uploaded shortly.

[Original report]
crashes at startup

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: colord 0.1.11-1ubuntu2
ProcVersionSignature: Ubuntu 3.0.0-10.16-generic 3.0.4
Uname: Linux 3.0.0-10-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Wed Sep 7 14:06:00 2011
ExecutablePath: /usr/lib/x86_64-linux-gnu/colord/colord
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha amd64 (20110829.2)
ProcCmdline: /usr/lib/x86_64-linux-gnu/colord/colord
ProcEnviron:

SegvAnalysis:
 Segfault happened at: 0x7f15e33888a5: mov (%r12,%rdx,1),%edx
 PC (0x7f15e33888a5) ok
 source "(%r12,%rdx,1)" (0x0000017a) not located in a known VMA region (needed readable region)!
 destination "%edx" ok
 Stack memory exhausted (SP below stack segment)
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: colord
StacktraceTop:
 ?? () from /lib/x86_64-linux-gnu/libdbus-1.so.3
 ?? () from /lib/x86_64-linux-gnu/libdbus-1.so.3
 dbus_message_get_reply_serial () from /lib/x86_64-linux-gnu/libdbus-1.so.3
 ?? () from /lib/x86_64-linux-gnu/libdbus-1.so.3
 ?? () from /lib/x86_64-linux-gnu/libdbus-1.so.3
Title: colord crashed with SIGSEGV in dbus_message_get_reply_serial()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: scanner

Timo Kyyrö (timo-kyyro) wrote :

StacktraceTop:
 _dbus_marshal_read_basic (str=0xa8e068, pos=0, type=117, value=0x7f15d4817b3c, byte_order=232, new_pos=0x0) at ../../dbus/dbus-marshal-basic.c:549
 _dbus_header_get_field_basic (header=0xa8e068, field=<optimized out>, type=<optimized out>, value=<optimized out>) at ../../dbus/dbus-marshal-header.c:1342
 dbus_message_get_reply_serial (message=<optimized out>) at ../../dbus/dbus-message.c:1031
 _dbus_connection_queue_received_message_link (connection=0xa8e210, link=0xa91138) at ../../dbus/dbus-connection.c:487
 _dbus_transport_queue_messages (transport=0xa8db20) at ../../dbus/dbus-transport.c:1148

Changed in colord (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Changed in colord (Ubuntu):
status: New → Confirmed
tags: added: bugpattern-needed
visibility: private → public

Just got this crash as well, though I actually didn't notice it until I had finished browsing some stuff with Firefox, then minimized it to see the crash window.

Timo Witte (spacefish) wrote :

I think this is a problem with precise in common. I get DBus Errors all the time with apt (missing reply and so on).
I suspect a wrong apparmor rule, but can´t tell.
This bug only happens on my machine which was updated from oneiric, on a fresh precise install there was no problem at all!

J Cord (j7cord) wrote :

Ubuntu 12.04 Precise colord crashed was using terminal to run update.
libllvm2.9 update is the only update not applied at time of crash. Other than the one lib all other updates current at time of crash.

Barry Drake (b-drake) wrote :

12.04 Precise - this mornings updates. Opened Thunderbird after re-boot following updates.

Barry Drake (b-drake) wrote :

I see I already reported this. Sorry - hadn't realised it was the same one. Again, bug occurred after opening Thunderbird.

David (daharper) wrote :

Bug occurred whilst trying to copy some files from a USB drive to a desktop folder.

Jane Atkinson (irihapeti) wrote :

Had done some updates and tried to log out to check that lightdm was working with gnome-fallback again. Everything locked up and I needed to reboot from tty2.

Christopher Armstrong (radix) wrote :

I installed precise beta 1 from alternative CD, then updated, and got this crash shortly after my next reboot and login.

psypher (psypher246) wrote :

This happened after I tried alt-f2 and ran unity (to restart my crashed systray)
Did not fix systray, end error popped up

Gary Johnson (techgeekjr) wrote :

This happened after doing updates for today. I rebooted after the updates where installed and received this error upon logging into ubuntu.

Hanine HAMZIOUI (hanynowsky) wrote :

same thing as @gary Johnson on precise

Ubuntu 12.04 preview, same as comment #14 -- the crash happened after updating and about 1 min after rebooting with only firefox open.

Andy S (andy-speed) wrote :

Confirmed as affecting 12.04 after this mornings updates.

Barry Drake (b-drake) wrote :

Crash ocurred today immediately after crash of colord. Only went to Unity 2d because 3d is currently a problem.

tags: added: precise
Korny.Brot (pascua) wrote :

Happens after I tried to install/activate flgrlx.

Using daily build 2012-04-07, i386, booted, did nothing on the desktop, happened perhaps a minute later.

Stephan Springer (geryon) wrote :

Got this apport popup today after upgrading my Precise installation and rebooting.

William H Ashton (washton) wrote :

After update it is only stable in Unity 2d though crash of colord still occured while in 2D. I had intermittent use of the keyboard as well in 3D. Removed AWN and screenapplets as well as removing ATI driver and still crashes in 3D. Reinstalled ATI driver and only functions in 2D.

Simon Feltman (s-feltman) wrote :

Happened when running Update Manager right after Ubuntu Software Center in precise.

Sasa Paporovic (melchiaros) wrote :

Happends just after startup and starting firefox on precise.

maurizio de santis (izietto) wrote :

Happened during a aptitude upgrade

Mazen Mardini (blastic-fire) wrote :

Happens on startup. Almost clean install, did a few changes:

- Fixed grub using boot-repair with standard settings.
- Renistalled graphics drivers (http://askubuntu.com/questions/74171/is-my-ati-graphics-card-supported-in-ubuntu).

David Burke (bufke) wrote :

Happens every time to me when I disconnect wifi and reconnect using network manager from the indicator-complete gnome-panel applet. Also all operations on network-manager are very slow (about 20 seconds to disconnect from wifi). Initial connection seems fine though, I tested this by pinging the laptop on boot and wifi came right up.

+1 Happens soon after boot-up. System76 Serval Pro 7 OEM 64-bit 11.10 upgraded to 64-bit 12.04.

tags: added: quantal
tags: added: qa-manual-testing
userdce (userdce) wrote :

in quantal
Appeared after starting laptop

tags: added: rls-q-incoming
Changed in colord (Ubuntu Quantal):
importance: Medium → High
matanya (matmo) wrote :

happened to me on precise.

Happening repeatedly on Ubuntu 12.04 LTS on Intel i5-2410M x86_64.

Michael (amemain) wrote :

Just started happening in the past two weeks. Not sure if an update provoked it or not.

12.04
Fresh Install
64bit

In the crash details it stated it was dup on bug # 902524

Sebastien Bacher (seb128) wrote :

Hey Chris, you are the closer from a colord maintainer in Ubuntu, could you check with upstream if that's a known issue?

Changed in colord (Ubuntu Quantal):
assignee: nobody → Chris Halse Rogers (raof)
Gabe Gorelick (gabegorelick) wrote :

A quick search the upstream bug tracker turns up nothing: https://bugs.freedesktop.org/buglist.cgi?quicksearch=dbus_message_get_reply_serial

tags: removed: rls-q-incoming
Chris Halse Rogers (raof) wrote :

This looks to be either an avahi bug, or an honest-to-goodness dbus bug. Or, possibly a libsane, bug; upstream doesn't have very many nice things to say about libsane, which is why it's in a separate colord-sane process in 0.1.21.

Nothing in colord directly calls any avahi functions; this hypothesis is borne out by the duplicates, none of which are against anything higher than colord 0.1.16.

Looking at the libsane code, I can't see anything obviously wrong with the way it's creating the avahi client; I'll move this to the avahi package.

affects: colord (Ubuntu Quantal) → avahi (Ubuntu Quantal)

Using Precise.

Just installed updates, rebooted.
Launched pidgin, thunderbird, and firefox before I noticed the crash. Can't say for certain whether it happened before or after launching those apps.

Crash report WAS submitted.

Chris Halse Rogers (raof) wrote :

OOOOOOH!

This could be a threading bug; colord uses g_dbus from glib, which is threadsafe by means of proxying everything to the main thread, but also links to libsane, which links to libavahi, which uses libdbus directly. What's more, avahi spawns a bunch of threads.

libdbus isn't threadsafe unless dbus_threads_init() is called, and nothing in this stack calls it.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in colord (Ubuntu Precise):
status: New → Confirmed
affects: avahi (Ubuntu Precise) → colord (Ubuntu Precise)
martijntje (martijntje) on 2012-09-12
Changed in colord (Ubuntu Precise):
status: New → Confirmed
description: updated
Didier Roche (didrocks) on 2012-09-13
Changed in colord (Ubuntu Quantal):
importance: High → Medium
milestone: none → ubuntu-12.10
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package colord - 0.1.21-1ubuntu1

---------------
colord (0.1.21-1ubuntu1) quantal; urgency=low

  * Parallel upload of 0.1.21-2 to quantal
  * debian/patches/also_sanitise_username_for_dbus.patch:
    - Sanitise username when used as a component of a DBus object path.
      Fixes crash in cd_device_register_object (Closes: 675852) (LP: #1021374)
  * debian/patches/fix_colord-sane_dbus_threading.patch:
    - Initialise libdbus threadsafety in colord-sane. (Probably) fixes multiple
      crashes from colord-sane in libdbus (LP: #844286). Plausibly fixes other
      bad colord-sane behaviour, such as 100% CPU usage (Closes: 668325)
  * debian/rules:
  * debian/control:
    - Add dh_autoreconf to pick up the build system changes from
      fix_colord-sane_dbus_threading.patch and add all the various
      build-depends required.
 -- Christopher James Halse Rogers <email address hidden> Wed, 12 Sep 2012 18:28:06 +1000

Changed in colord (Ubuntu Quantal):
status: Confirmed → Fix Released
Changed in colord (Ubuntu Precise):
assignee: nobody → Chris Halse Rogers (raof)
Chris Halse Rogers (raof) wrote :

Precise package is sitting in -unapproved, waiting for another SRU team member to review.

Hello Timo, or anyone else affected,

Accepted colord into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/colord/0.1.16-2ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in colord (Ubuntu Precise):
status: Confirmed → Fix Committed
tags: added: verification-needed
AZ (m-dev) wrote :

The packages in ubuntu proposed (https://launchpad.net/ubuntu/+source/colord/0.1.16-2ubuntu0.1) fix this issue for me.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package colord - 0.1.16-2ubuntu0.1

---------------
colord (0.1.16-2ubuntu0.1) precise-proposed; urgency=low

  * debian/patches/initialise_dbus_thread_support:
    - Initilise dbus' threadsafety support. colord uses libsane, which uses
      libavahi, which uses libdbus directly from multiple threads.
      Hopefully fixes colord crashes in libdbus. (LP: #844286)
  * debian/control:
  * debian/rules:
    - Add use dh_autoreconf to regenerate the autofoo for the patch and add
      the necessary build-dependencies.
 -- Christopher James Halse Rogers <email address hidden> Tue, 11 Sep 2012 13:18:39 +1000

Changed in colord (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

affects: colord (Ubuntu) → colord-gtk (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers