Ubuntu
libvirt package

libvirtd crashed with SIGSEGV in realloc()

Bug #746064 reported by Paolo
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libpciaccess (Ubuntu)
New
Undecided
Unassigned
libvirt (Ubuntu)
New
Medium
Unassigned

Bug Description

crash appear related of chrome use

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: libvirt-bin 0.8.8-1ubuntu5
ProcVersionSignature: Ubuntu 2.6.38-7.39-generic 2.6.38
Uname: Linux 2.6.38-7-generic i686
Architecture: i386
CrashCounter: 1
Date: Wed Mar 30 23:27:14 2011
ExecutablePath: /usr/sbin/libvirtd
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha i386 (20100324)
ProcAttrCurrent: /usr/sbin/libvirtd (enforce)
ProcCmdline: /usr/sbin/libvirtd -d
ProcEnviron: PATH=(custom, no user)
SegvAnalysis:
 Segfault happened at: 0xb2ee48: cmp 0xc(%eax),%edi
 PC (0x00b2ee48) ok
 source "0xc(%eax)" (0x0000000b) not located in a known VMA region (needed readable region)!
 destination "%edi" ok
 Stack memory exhausted (SP below stack segment)
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: libvirt
StacktraceTop:
 ?? () from /lib/i386-linux-gnu/libc.so.6
 realloc () from /lib/i386-linux-gnu/libc.so.6
 ?? () from /usr/lib/libpciaccess.so.0
 ?? () from /usr/lib/libpciaccess.so.0
 pci_get_strings () from /usr/lib/libpciaccess.so.0
Title: libvirtd crashed with SIGSEGV in realloc()
UpgradeStatus: Upgraded to natty on 2011-03-24 (5 days ago)
UserGroups:

Revision history for this message
Paolo (simonato-mail) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 _int_realloc (av=<value optimized out>, oldp=0x925a750, oldsize=68584, nb=68616) at malloc.c:5285
 __libc_realloc (oldmem=0x925a758, bytes=68608) at malloc.c:3821
 populate_vendor (vend=0x9214cf0, fill_device_data=1) at ../../src/common_device_name.c:269
 find_device_name (m=0xb78a6c74) at ../../src/common_device_name.c:334
 pci_get_strings (m=0xb78a6cf0, device_name=0xb78a6d10, vendor_name=0xb78a6d14, subdevice_name=0x0, subvendor_name=0x0) at ../../src/common_device_name.c:403

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in libvirt (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better.

Could you please attach the output of 'sudo lpci -v'? Also, if it happens again, please upload /var/log/boot.log.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

To be honest the stack trace in comment #2 doesn't make sense. at line 333-334, populate_vendor() is called if vend->num_devices == 1. But populate_vendor(), at top (lines 200-201) returns immediately if vend->num_devices != 0. And yet, we proceed to line 269, apparently trying to realloc vend->devices, which appears to be a bogus value.

So this looks like a nasty race condition or stack corruption.

Serge Hallyn (serge-hallyn)
visibility: private → public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.