plymouthd crashed with SIGSEGV in script_obj_deref_direct()

Bug #733453 reported by causeitsme on 2011-03-11
This bug affects 210 people
Affects Status Importance Assigned to Milestone
plymouth (Ubuntu)

Bug Description

Binary package hint: plymouth

Never had this bug until 11.04 alpha so, I don't think it's related to the 4 other bugs listed.

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: plymouth 0.8.2-2ubuntu17
ProcVersionSignature: Ubuntu 2.6.32-25.45-generic
Uname: Linux 2.6.32-25-generic x86_64
Architecture: amd64
CrashCounter: 1
Date: Fri Mar 11 13:56:40 2011
DefaultPlymouth: /lib/plymouth/themes/ubuntu-logo/ubuntu-logo.plymouth
ExecutablePath: /sbin/plymouthd
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100427.1)
 Socket 0:
   no product info available
 Socket 0:
   no card
ProcCmdline: /sbin/plymouthd --mode=boot --attach-to-session
ProcEnviron: PATH=(custom, no user)
 0 VGA16 VGA
 1 radeondrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.32-25-generic root=UUID=fc67adba-b727-4218-8c1d-5798ca183c73 ro quiet splash
 Segfault happened at: 0x7fd33952afe0 <script_obj_deref_direct>: cmpl $0x1,(%rdi)
 PC (0x7fd33952afe0) ok
 source "$0x1" ok
 destination "(%rdi)" (0x726f207465792079) not located in a known VMA region (needed writable region)!
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: plymouth
 script_obj_deref_direct () from /lib/plymouth/
 script_obj_as_custom () from /lib/plymouth/
 script_execute_object () from /lib/plymouth/
 script_lib_plymouth_on_message () from /lib/plymouth/
 ?? () from /lib/plymouth/
TextPlymouth: /lib/plymouth/themes/ubuntu-text/ubuntu-text.plymouth
Title: plymouthd crashed with SIGSEGV in script_obj_deref_direct()
UpgradeStatus: Upgraded to natty on 2011-03-10 (0 days ago)
UserGroups: 10/15/2007
dmi.bios.vendor: Acer
dmi.bios.version: V3.10A Navarro
dmi.board.vendor: Acer
dmi.board.version: N/A
dmi.chassis.type: 10
dmi.chassis.vendor: Acer
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnAcer:bvrV3.10A:bd10/15/2007:svn:pn:pvrV3.10A:rvnAcer:rnNavarro:rvrN/A:cvnAcer:ct10:cvrN/A:
dmi.product.version: V3.10A

causeitsme (bobbystanley) wrote :

 script_obj_deref_direct (obj=0x726f207465792079) at ./script-object.c:132
 script_obj_as_custom (obj=<value optimized out>, user_func=0x7fd33952aab0 <script_obj_execute>, user_data=0x7fffc65e7270) at ./script-object.c:237
 script_execute_object_with_parlist (state=0x8e6740, function=0x726f207465792079, this=0x0, first_arg=0x9ad6f0) at ./script-execute.c:286
 script_execute_object (state=0x8e6740, function=0x726f207465792079, this=0x0, first_arg=0x9ad6f0) at ./script-execute.c:667
 script_lib_plymouth_on_message (state=0x8e6740, data=0x9369d0, message=<value optimized out>) at ./script-lib-plymouth.c:302

Changed in plymouth (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Changed in plymouth (Ubuntu):
status: New → Confirmed
tags: added: bugpattern-needed
Steve Langasek (vorlon) on 2011-09-30
Changed in plymouth (Ubuntu):
importance: Medium → High
Steve Langasek (vorlon) on 2012-04-18
visibility: private → public
bob lourie (lourie) wrote :

Have reported this previously. Occurred during update via synaptic - first task on startup

Steve Langasek (vorlon) wrote :

#3 script_execute_object (state=0x8e6740, function=0x726f207465792079, this=0x0, first_arg=0x9ad6f0) at ./script-execute.c:667
        args = {{gp_offset = 40, fp_offset = 0, overflow_arg_area = 0x7fffc65e7320, reg_save_area = 0x7fffc65e72c0}}
        arg = <value optimized out>
        parameter_data = 0x8e2fc0

This shows memory corruption. The function argument here is "y yet or" in little-endian, which is a substring of the displayed message:

#5 0x00007fd339527465 in display_message (plugin=0x8e7320, message=0x9369d0 "The disk drive for UUID=c8f4e850-9317-4950-82f2-a79cffcedf1c is not ready yet or not present") at ./plugin.c:466

So it's some kind of buffer overflow.

tags: added: precise
Tomé (mauricio.tome) wrote :

Any news on this bug? I'm having the same problem with Quantal Alpha. BTW, I'm sending plymouth-debug.log as Steve asked on the duplicate bug #985230.

My initial crash report was marked as duplicate, but since it may provide additional info, here it goes:

Steve Langasek (vorlon) wrote :

sorry, no news. We know there's memory corruption, but haven't been able to pin down why.

walterclozet (walterclozet-u) wrote :

this bug exists in 14.04 too.

Pierre (ygogbe) on 2015-03-11
Changed in plymouth (Ubuntu):
status: Confirmed → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers