console-kit-daemon crashed with SIGSEGV in vt_thread_start()

Bug #196724 reported by Vikrant on 2008-02-28
This bug affects 12 people
Affects Status Importance Assigned to Milestone
consolekit (Fedora)
Won't Fix
Unknown
consolekit (Ubuntu)
Medium
Unassigned
Nominated for Intrepid by James Westby
Hardy
Undecided
Unassigned

Bug Description

Binary package hint: consolekit

Reboot with Hardy updates on 29th Feb.

ProblemType: Crash
Architecture: i386
CrashCounter: 1
Date: Fri Feb 29 01:38:08 2008
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/sbin/console-kit-daemon
NonfreeKernelModules: cdrom
Package: consolekit 0.2.3-3ubuntu3
PackageArchitecture: i386
ProcCmdline: /usr/sbin/console-kit-daemon
ProcEnviron:

Signal: 11
SourcePackage: consolekit
StacktraceTop:
 ?? ()
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: console-kit-daemon crashed with SIGSEGV
Uname: Linux 2.6.24-10-generic i686
UserGroups:
SegvAnalysis:
 Segfault happened at: 0xb7dbc44e: call *0xc(%edx)
 PC (0xb7dbc44e) ok
 source "*0xc(%edx)" (0xc35d0851) not located in a known VMA region (needed readable region)!
SegvReason: reading unknown VMA

Related branches

Vikrant (vikrant82) wrote :

StacktraceTop:g_hash_table_remove_internal (hash_table=0xc35d0845, key=0x1, notify=1)
vt_thread_start (data=0x80673c8) at ck-vt-monitor.c:297
g_thread_create_proxy (data=0x806afd0) at /build/buildd/glib2.0-2.15.6/glib/gthread.c:635
start_thread () from /lib/tls/i686/cmov/libpthread.so.0
clone () from /lib/tls/i686/cmov/libc.so.6

Changed in consolekit:
importance: Undecided → Medium
Changed in consolekit:
status: New → Confirmed

I do not know how to recreate this bug, but it is fairly clear that the g_hash_table_lookup_node function called by g_hash_table_remove_internal has some serious issues with null pointers.

My debugger is pointing me to the line of code which says:

     while ((node = *node_ptr))

and when I ask it for the value of node_ptr it says it is 0x0. So clearly *node_ptr will have problems with that if true.

However, I cannot figure out how this is possible, hence I'm not sure how to recreate the bug. If someone can find steps for that to occur, then it would be very useful.

Austin Lund (austin-lund) wrote :

OK. So that pointer can never be null in this code. But It seems that the GHashTable structure somehow gets it's node array pointer nulled. I have hash_table->nodes == 0x0.

(gdb) print *hash_table
$8 = {size = 6403520, nnodes = 0, nodes = 0x0,
  hash_func = 0x405738 <g_direct_hash@plt>,
  key_equal_func = 0x404cd8 <g_direct_equal@plt>, ref_count = 0, version = 66,
  key_destroy_func = 0, value_destroy_func = 0}

Changed in consolekit:
status: Unknown → In Progress
Austin Lund (austin-lund) wrote :

Whatever is going on here, it is the same as what is happening in this bug:

http://bugzilla.gnome.org/show_bug.cgi?id=537665

James Westby (james-w) wrote :

Hi,

I am nominating this bug for Intrepid, as it has many duplicates (and
similar bugs elsewhere in the code), so it would be a good thing
to fix.

Thanks,

James

James Westby (james-w) wrote :

Hi,

Here is a debdiff with a patch plucked from 0.3 that fixes
this. As an extra bonus I picked up another patch as well.

Thanks,

James

Rampage (jilan-shah) wrote :

Thanks for the fix. Much appreciated. I guess it will be rolled out into the package in the next release?

On Thu, 2008-09-11 at 16:18 +0000, Rampage wrote:
> Thanks for the fix. Much appreciated. I guess it will be rolled out into
> the package in the next release?
>

Yes, I have requested sponsorship for the fixed package, so it should
hopefully be rolled out fairly soon.

I know this affects Hardy, but I don't know if the impact warrants
an SRU.

Thanks,

James

Thanks, looks good. Uploading in a moment.

Colin Watson (cjwatson) wrote :

On an SRU: I confess I haven't looked through all the duplicates. What's the real impact of this, beyond some crash reports? Does console-kit-daemon manage to respawn relatively cleanly, or does it need some kind of manual recovery?

Regardless, this should stew for a bit in Intrepid before we consider it for Hardy. James, if you feel it should go to Hardy and want to ensure it stays on a list, nominate it for that release.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package consolekit - 0.2.10-1ubuntu5

---------------
consolekit (0.2.10-1ubuntu5) intrepid; urgency=low

  * Patches pulled from Fedora that will are in 0.3:
    - Correctly shutdown event logger threads (LP: #196724)
    - Return PolicyKit results when the action is denied (LP: #268944)

 -- James Westby <email address hidden> Thu, 11 Sep 2008 12:09:17 +0100

Changed in consolekit:
status: Confirmed → Fix Released

On Mon, 2008-09-15 at 23:04 +0000, Colin Watson wrote:
> On an SRU: I confess I haven't looked through all the duplicates. What's
> the real impact of this, beyond some crash reports? Does console-kit-
> daemon manage to respawn relatively cleanly, or does it need some kind
> of manual recovery?

Yeah, I'm not sure. Most reports have just been "apport popped up and
asked me to report this," so it doesn't seem like it has caused too many
problems. I would wager that this has been the cause of most consolekit
crashes in the last couple of releases though, and it may be worth
fixing it regardless.

> Regardless, this should stew for a bit in Intrepid before we consider it
> for Hardy. James, if you feel it should go to Hardy and want to ensure
> it stays on a list, nominate it for that release.

I'll keep it on my list for now.

Thanks,

James

How sure are we that the fix worked? I just had a crash which looks like this. I'll go ahead and report the apport bug anyway.

On Tue, 2008-09-30 at 19:05 +0000, Iain Lane wrote:
> How sure are we that the fix worked? I just had a crash which looks like
> this. I'll go ahead and report the apport bug anyway.
>

This apparently only got some of the cases that I thought were fixed.

There are one or two open bugs on the package with similar stacktraces.
Please submit yours and we'll let apport do its thing.

Thanks,

James

Iain - Are you running Hardy or Intrepid? I think that this is only fixed in Intrepid at the moment.

On Tue, Sep 30, 2008 at 22:33, Chris Coulson
<email address hidden>wrote:

> Iain - Are you running Hardy or Intrepid?

I'm running Intrepid.

> I think that this is only
> fixed in Intrepid at the moment.
>

Ok. thank you!

Martin Pitt (pitti) wrote :

This should definitively get a hardy backport. (See also bug 184519 for another 27 duplicates). James, do you want to take care of this? Otherwise I'll find some time to do it.

Changed in consolekit:
status: New → Confirmed
Iain Lane (laney) wrote :

I'm running Intrepid, and was fully updated when I saw the crash. I don't know if it's sensible to update Hardy when the fix isn't definitely a fix...

Martin Pitt (pitti) on 2008-10-02
Changed in consolekit:
status: Fix Released → Confirmed
James Westby (james-w) wrote :

Hi Martin,

I would be happy to do this. You have set the status back to confirmed,
does that mean we should wait to see if it is not fixed?

Also, I'm not sure what the SRU test case would be for this.

Thanks,

James

Martin Pitt (pitti) wrote :

James, I set it back because there were followup reports which said that your recent backported patch didn't fix it in all cases. But nevertheless applying this particular patch would still be good, if it backports well.

Noea (krzysztof-czaderna) wrote :

Hi
the update seams to fix the problem , but still when i close console it's crash. The soun form amarok or rythm and system sounds are disabled , i must change the song then sound goes back .

regrads

tarabaz (tarabaz) wrote :

Hi.
Same in my case...

Tessa (unit3) wrote :

I'm seeing what I assume is this on an ubuntu-server I just upgraded to intrepid. I've got consolekit installed because it and dbus are now deps of avahi. In my logs, I'm getting a lot of the following:

Nov 5 10:25:02 mr-t kernel: [62153.137434] console-kit-dae[985]: segfault at 69e95d14 ip 433e658c sp b7a35320 error 4 in libglib-2.0.so.0.1800.2[433ba000+b5000]
Nov 5 11:10:01 mr-t kernel: [64853.368859] console-kit-dae[18326]: segfault at cb891aac ip 433e658c sp b79d8320 error 5 in libglib-2.0.so.0.1800.2[433ba000+b5000]
Nov 5 11:19:03 mr-t kernel: [65395.116961] console-kit-dae[19351]: segfault at 3c ip 433e658c sp b7b44320 error 4 in libglib-2.0.so.0.1800.2[433ba000+b5000]
Nov 5 11:20:01 mr-t kernel: [65453.460912] console-kit-dae[19461]: segfault at 54505c ip 433e658c sp b7aad320 error 4 in libglib-2.0.so.0.1800.2[433ba000+b5000]

DaMiEn667 (damien667) wrote :

I'm seeing a lot of that in dmesg too:
[ 25.332655] console-kit-dae[4782]: segfault at 64656470 ip b7ddd58c sp b7a48320 error 4 in libglib-2.0.so.0.1800.2[b7db1000+b5000]
[ 112.950999] console-kit-dae[5449]: segfault at d ip b7f6058c sp b7b87320 error 4 in libglib-2.0.so.0.1800.2[b7f34000+b5000]
[ 6311.489892] console-kit-dae[7788]: segfault at 7463657e ip b7f2b58c sp b7aee320 error 4 in libglib-2.0.so.0.1800.2[b7eff000+b5000]
[36352.127817] console-kit-dae[11500]: segfault at 71 ip b7e9c58c sp b7780320 error 4 in libglib-2.0.so.0.1800.2[b7e70000+b5000]
[54832.381933] console-kit-dae[13446]: segfault at 6964207e ip b7e5c58c sp b78da320 error 4 in libglib-2.0.so.0.1800.2[b7e30000+b5000]
[65406.220793] console-kit-dae[15168]: segfault at 6964207e ip b7f5158c sp b79cf320 error 4 in libglib-2.0.so.0.1800.2[b7f25000+b5000]
[77237.730050] console-kit-dae[17651]: segfault at 72452046 ip b7f7658c sp b7af3320 error 4 in libglib-2.0.so.0.1800.2[b7f4a000+b5000]

DJF5 (dennisdegreef) wrote :

I am not experiencing this on Ubuntu Server, I am using Ubuntu 8.10 Desktop
and have the same problems... Seems like a general ubuntu issue

On Tue, Nov 11, 2008 at 8:29 PM, DaMiEn667 <email address hidden> wrote:

> I'm seeing a lot of that in dmesg too:
> [ 25.332655] console-kit-dae[4782]: segfault at 64656470 ip b7ddd58c sp
> b7a48320 error 4 in libglib-2.0.so.0.1800.2[b7db1000+b5000]
> [ 112.950999] console-kit-dae[5449]: segfault at d ip b7f6058c sp b7b87320
> error 4 in libglib-2.0.so.0.1800.2[b7f34000+b5000]
> [ 6311.489892] console-kit-dae[7788]: segfault at 7463657e ip b7f2b58c sp
> b7aee320 error 4 in libglib-2.0.so.0.1800.2[b7eff000+b5000]
> [36352.127817] console-kit-dae[11500]: segfault at 71 ip b7e9c58c sp
> b7780320 error 4 in libglib-2.0.so.0.1800.2[b7e70000+b5000]
> [54832.381933] console-kit-dae[13446]: segfault at 6964207e ip b7e5c58c sp
> b78da320 error 4 in libglib-2.0.so.0.1800.2[b7e30000+b5000]
> [65406.220793] console-kit-dae[15168]: segfault at 6964207e ip b7f5158c sp
> b79cf320 error 4 in libglib-2.0.so.0.1800.2[b7f25000+b5000]
> [77237.730050] console-kit-dae[17651]: segfault at 72452046 ip b7f7658c sp
> b7af3320 error 4 in libglib-2.0.so.0.1800.2[b7f4a000+b5000]
>
> --
> console-kit-daemon crashed with SIGSEGV in vt_thread_start()
> https://bugs.launchpad.net/bugs/196724
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

Tessa (unit3) wrote :

DJF5: I believe that consolekit isn't needed on Server, so it doesn't get installed unless you're running avahi (of which it is a dep in intrepid, IIRC). If you install avahi on your 8.10 Server install, you'll likely see consolekit installed and start seeing these errors there too.

Zaca (zaca98) wrote :

I have Intrepid Server as well, and I was seen the

Dec 4 08:17:02 node006 kernel: [53912.342725] console-kit-dae[15142]: segfault at 1c8 ip 00007f055a08ee09 sp 0000000040f84090 error 4 in libglib-2.0.so.0.1800.2[7f055a062000+c3000]

messages in /var/log/messages and dmesg. I have a cluster in which each
node has the ubuntu server installed, and it was reproducible on all nodes.

Then, I have installed the "policykit" package in all nodes, and the errors
disapeared. I'm relativelly confident that installing this package solves this
issue, but it may have been a strange coincidence. I've installed it because I read somewhere that it should be installed in order to the console-kit work correctly.

If anyone knows a rational behing my observation, it would be interesting to know. If this makes no sense, sorry.

Martin Pitt (pitti) wrote :

Zaca, this is likely bug 275432. However, that didn't mention that CK would actually crash.

Tessa (unit3) wrote :

In any case, I've got policykit installed, and I see these console-kit-daemon crashes on about a tri-daily basis.

idumych (idumych) wrote :

It truely saddens me to see how far downhill ubuntu quality control
has gone. this was a huge known issue during alpha testing and it
STILL hasn't been fixed? Between this and the recently broken
atitvout I might need to do some distro shuffling :(

On 12/5/08, Graeme Humphries <email address hidden> wrote:
> In any case, I've got policykit installed, and I see these console-kit-
> daemon crashes on about a tri-daily basis.
>
> --
> console-kit-daemon crashed with SIGSEGV in vt_thread_start()
> https://bugs.launchpad.net/bugs/196724
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in "consolekit" source package in Ubuntu: Confirmed
> Status in consolekit in Ubuntu Hardy: Confirmed
> Status in "consolekit" source package in Fedora: In Progress
>
> Bug description:
> Binary package hint: consolekit
>
> Reboot with Hardy updates on 29th Feb.
>
> ProblemType: Crash
> Architecture: i386
> CrashCounter: 1
> Date: Fri Feb 29 01:38:08 2008
> DistroRelease: Ubuntu 8.04
> ExecutablePath: /usr/sbin/console-kit-daemon
> NonfreeKernelModules: cdrom
> Package: consolekit 0.2.3-3ubuntu3
> PackageArchitecture: i386
> ProcCmdline: /usr/sbin/console-kit-daemon
> ProcEnviron:
>
> Signal: 11
> SourcePackage: consolekit
> StacktraceTop:
> ?? ()
> ?? ()
> ?? ()
> ?? ()
> ?? ()
> Title: console-kit-daemon crashed with SIGSEGV
> Uname: Linux 2.6.24-10-generic i686
> UserGroups:
>

Changed in consolekit (Fedora):
status: In Progress → Won't Fix
Kees Cook (kees) on 2009-09-16
description: updated
NKJensen (nkj) wrote :

I've just seen the bug on a fully updated system running:

2.6.27-14-server #1 SMP Mon Aug 31 13:57:10 UTC 2009 i686 (Ubuntu-Server Intrepid)

Best regards, Niels Kristian Jensen

Steve Langasek (vorlon) wrote :

The fix for this is included upstream in lucid or later.

Changed in consolekit (Ubuntu):
status: Confirmed → Fix Released
Rolf Leggewie (r0lf) wrote :

Hardy has seen the end of its life and is no longer receiving any updates. Marking the Hardy task for this ticket as "Won't Fix".

Changed in consolekit (Ubuntu Hardy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.