Thanks - in Ubuntu releases 18.04 onwards debug symbols are provided via the separate -dbgsyms packages which require extra configuration - https://wiki.ubuntu.com/DebuggingProgramCrash
TL;DR:
echo "deb http://ddebs.ubuntu.com $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list.d/ddebs.list
echo -e "deb http://ddebs.ubuntu.com $(lsb_release -cs)-updates main restricted universe multiverse\ndeb http://ddebs.ubuntu.com $(lsb_release -cs)-proposed main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list.d/ddebs.list
sudo apt install ubuntu-dbgsym-keyring
sudo apt update
sudo apt install systemd-dbgsym
gdb /sbin/init bug1886115.core
(gdb) bt
Which gives the following more complete stack trace (sadly a bunch of stuff has been optimised out, but also since this is crashing in freep() it seems that memory corruption has already occurred prior to this point and we don't have any info as to where this happened):
#0 0x00007f16807ba187 in kill () at ../sysdeps/unix/syscall-template.S:78
#1 0x0000563b957223b7 in crash (sig=11) at ../src/core/main.c:196
#2 <signal handler called>
#3 __GI___libc_free (mem=0x4a60d140dfd9a5) at malloc.c:3103
#4 0x0000563b9577c22e in freep () at ../src/basic/alloc-util.h:61
#5 unit_fail_if_noncanonical (u=<optimised out>, where=<optimised out>) at ../src/core/unit.c:4774
#6 0x0000563b957672d6 in mount_enter_mounting (m=0x563b9782dba0) at ../src/core/mount.c:946
#7 mount_start.lto_priv.216 (u=0x563b9782dba0) at ../src/core/mount.c:1092
#8 0x0000563b9576ba22 in unit_start (u=0x563b9782dba0) at ../src/core/unit.c:1861
#9 job_perform_on_unit.lto_priv.424 (j=0x7ffe78153248) at ../src/core/job.c:553
#10 0x0000563b9574f51a in job_run_and_invalidate (j=<optimised out>) at ../src/core/job.c:618
#11 manager_dispatch_run_queue.lto_priv.429 (source=<optimised out>, userdata=<optimised out>, userdata=<optimised out>) at ../src/core/manager.c:1830
#12 0x00007f16803a509a in source_dispatch (s=s@entry=0x563b9780e8c0) at ../src/libsystemd/sd-event/sd-event.c:2341
#13 0x00007f16803a53ea in sd_event_dispatch (e=<optimised out>, e@entry=0x563b9780e620) at ../src/libsystemd/sd-event/sd-event.c:2663
#14 0x00007f16803a5579 in sd_event_run (e=<optimised out>, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:2723
#15 0x0000563b9572a49d in manager_loop (m=0x563b97810d90) at ../src/core/manager.c:2541
#16 invoke_main_loop (m=0x563b97810d90, ret_reexecute=0x7ffe7815347a, ret_retval=<optimised out>, ret_shutdown_verb=<optimised out>, ret_fds=0x7ffe78153480, ret_switch_root_dir=0x7ffe781534a8, ret_switch_root_init=0x7ffe781534a0, ret_error_message=0x7ffe78153490)
at ../src/core/main.c:1778
#17 0x0000563b9571560c in main (argc=<optimised out>, argv=<optimised out>) at ../src/core/main.c:2561
What is really needed is to try and catch the memory corruption as it happens - I am not sure if it is possible to run systemd via valgrind but this could be one option.
Thanks - in Ubuntu releases 18.04 onwards debug symbols are provided via the separate -dbgsyms packages which require extra configuration - https:/ /wiki.ubuntu. com/DebuggingPr ogramCrash
TL;DR:
echo "deb http:// ddebs.ubuntu. com $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/ sources. list.d/ ddebs.list ddebs.ubuntu. com $(lsb_release -cs)-updates main restricted universe multiverse\ndeb http:// ddebs.ubuntu. com $(lsb_release -cs)-proposed main restricted universe multiverse" | sudo tee -a /etc/apt/ sources. list.d/ ddebs.list dbgsym- keyring
echo -e "deb http://
sudo apt install ubuntu-
sudo apt update
sudo apt install systemd-dbgsym
gdb /sbin/init bug1886115.core
(gdb) bt
Which gives the following more complete stack trace (sadly a bunch of stuff has been optimised out, but also since this is crashing in freep() it seems that memory corruption has already occurred prior to this point and we don't have any info as to where this happened):
#0 0x00007f16807ba187 in kill () at ../sysdeps/ unix/syscall- template. S:78 core/main. c:196 dfd9a5) at malloc.c:3103 basic/alloc- util.h: 61 if_noncanonical (u=<optimised out>, where=<optimised out>) at ../src/ core/unit. c:4774 mounting (m=0x563b9782dba0) at ../src/ core/mount. c:946 lto_priv. 216 (u=0x563b9782dba0) at ../src/ core/mount. c:1092 core/unit. c:1861 on_unit. lto_priv. 424 (j=0x7ffe78153248) at ../src/ core/job. c:553 and_invalidate (j=<optimised out>) at ../src/ core/job. c:618 dispatch_ run_queue. lto_priv. 429 (source=<optimised out>, userdata=<optimised out>, userdata=<optimised out>) at ../src/ core/manager. c:1830 0x563b9780e8c0) at ../src/ libsystemd/ sd-event/ sd-event. c:2341 0x563b9780e620) at ../src/ libsystemd/ sd-event/ sd-event. c:2663 184467440737095 51615) at ../src/ libsystemd/ sd-event/ sd-event. c:2723 core/manager. c:2541 0x7ffe7815347a, ret_retval= <optimised out>, ret_shutdown_ verb=<optimised out>, ret_fds= 0x7ffe78153480, ret_switch_ root_dir= 0x7ffe781534a8, ret_switch_ root_init= 0x7ffe781534a0, ret_error_ message= 0x7ffe78153490) core/main. c:1778 core/main. c:2561
#1 0x0000563b957223b7 in crash (sig=11) at ../src/
#2 <signal handler called>
#3 __GI___libc_free (mem=0x4a60d140
#4 0x0000563b9577c22e in freep () at ../src/
#5 unit_fail_
#6 0x0000563b957672d6 in mount_enter_
#7 mount_start.
#8 0x0000563b9576ba22 in unit_start (u=0x563b9782dba0) at ../src/
#9 job_perform_
#10 0x0000563b9574f51a in job_run_
#11 manager_
#12 0x00007f16803a509a in source_dispatch (s=s@entry=
#13 0x00007f16803a53ea in sd_event_dispatch (e=<optimised out>, e@entry=
#14 0x00007f16803a5579 in sd_event_run (e=<optimised out>, timeout=
#15 0x0000563b9572a49d in manager_loop (m=0x563b97810d90) at ../src/
#16 invoke_main_loop (m=0x563b97810d90, ret_reexecute=
at ../src/
#17 0x0000563b9571560c in main (argc=<optimised out>, argv=<optimised out>) at ../src/
What is really needed is to try and catch the memory corruption as it happens - I am not sure if it is possible to run systemd via valgrind but this could be one option.