I've reproduced the gnucash crash. The actual crash stack trace is (using 2.15~pre6-0ubuntu2): #0 do_lookup_x (new_hash=2334765441, old_hash=, result=0x7fffffffdb60, scope=, i=0, flags=2, skip=0x0, undef_map=0x7ffff7ff8000) at dl-lookup.c:98 #1 0x00007ffff7de44e3 in _dl_lookup_symbol_x (undef_name=0x7ffff272e0c0 "g_module_check_init", undef_map=0x7ffff7ff8000, ref=0x7fffffffdc80, symbol_scope=0x7ffff7ff8388, version=0x0, type_class=0, flags=2, skip_map=0x0) at dl-lookup.c:739 #2 0x00007ffff57a041a in do_sym (handle=, name=0x7ffff272e0c0 "g_module_check_init", who=, vers=, flags=2) at dl-sym.c:178 #3 0x00007fffeace7044 in dlsym_doit (a=0x7fffffffde50) at dlsym.c:51 #4 0x00007ffff7de90f6 in _dl_catch_error (objname=0x611410, errstring=0x611418, mallocedp=0x611408, operate=0x7fffeace7030 , args=0x7fffffffde50) at dl-error.c:178 #5 0x00007fffeace752f in _dlerror_run (operate=0x7fffeace7030 , args=0x7fffffffde50) at dlerror.c:164 #6 0x00007fffeace709a in __dlsym (handle=, name=) at dlsym.c:71 #7 0x00007ffff272d3f0 in g_module_symbol () from /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 #8 0x00007ffff272d8aa in g_module_open () from /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 #9 0x00007ffff70de17e in ?? () from /usr/lib/gnucash/libgnc-module.so.0 #10 0x00007ffff70de468 in gnc_module_load () from /usr/lib/gnucash/libgnc-module.so.0 #11 0x0000000000405cd5 in _start () The problem appears to be that the map->l_local_scope in frame #2 is corrupt: (gdb) p map.l_name $16 = 0x7ffff7ffafa8 "/usr/lib/gnucash/gnucash/libgncmod-app-utils.so" (gdb) p map.l_local_scope $17 = {0x7ffff7ff82b8, 0x0} (gdb) p map.l_local_scope[0] $18 = (struct r_scope_elem *) 0x7ffff7ff82b8 (gdb) p map.l_local_scope[0][0] $19 = {r_list = 0x63bb48, r_nlist = 56} (gdb) p map.l_local_scope[0][0].r_list[0] $20 = (struct link_map *) 0x51 Back in frame #0: (gdb) x/i $pc => 0x7ffff7de3b32 : mov 0x28(%rax),%rsi (gdb) p/x $rax $21 = 0x51 The value 0x51 is written into 0x63bb48 here: Hardware watchpoint 1: *(int**)0x0063bb48 Old value = (int *) 0x301 New value = (int *) 0x51 _int_malloc (av=0x7ffff5a27720, bytes=64) at malloc.c:3586 3586 in malloc.c (gdb) bt #0 _int_malloc (av=0x7ffff5a27720, bytes=64) at malloc.c:3586 #1 0x00007ffff56f3495 in __libc_calloc (n=, elem_size=) at malloc.c:3274 #2 0x00007ffff5c983e1 in g_malloc0 () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #3 0x00007ffff2e74bd6 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #4 0x00007ffff2e790b2 in g_type_register_static () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #5 0x00007ffff2e5bd7b in g_flags_register_static () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #6 0x00007ffff3ecadf3 in gnome_date_edit_flags_get_type () from /usr/lib/libgnomeui-2.so.0 #7 0x00007ffff3eff365 in gnome_type_init () from /usr/lib/libgnomeui-2.so.0 #8 0x00007ffff3ed84eb in ?? () from /usr/lib/libgnomeui-2.so.0 #9 0x00007ffff678683e in gnome_program_preinit () from /usr/lib/libgnome-2.so.0 #10 0x00007ffff678751e in ?? () from /usr/lib/libgnome-2.so.0 #11 0x00007ffff678779d in gnome_program_initv () from /usr/lib/libgnome-2.so.0 #12 0x00007ffff678788f in gnome_program_init () from /usr/lib/libgnome-2.so.0 #13 0x00007ffff78cba16 in gnc_gnome_init () from /usr/lib/gnucash/gnucash/libgncmod-gnome-utils.so #14 0x00000000004064a3 in main () So it's pretty clear that map.l_local_scope[0][0].r_list is dangling.