Ubuntu

[mouse]: gnome-settings-daemon SIGSEGV in gdk_device_manager_list_devices@plt()

Reported by jerrylamos on 2012-06-01
176
This bug affects 36 people
Affects Status Importance Assigned to Milestone
gnome-settings-daemon (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Quantal
High
Chris Coulson

Bug Description

[Impact]

One of the patch we ship is obviously buggy and lead to stack corruption issues which turned to segfault on quantal, it could lead to other weird bugs on precise

[Test Case]

None, the issue is an obvious code error which leads to invalid writes, that can turn to random effect depending of what got overwriten. Just test that the update works correctly.

[Regression Potential]

None, the patch is just increase by 1 the size of a table which was 1 element too short

jerrylamos (jerrylamos) wrote :
jerrylamos (jerrylamos) wrote :

Not a show stopper, I turn laptop screen off manually. Of course screen is at default 1024x768 instead of 1280x1024.
BTW, quantal boots on MAX BRIGHT (!) which I can turn down manually. I boot a lot during testing.

Jerry

Bryce Harrington (bryce) on 2012-06-05
affects: xorg (Ubuntu) → gnome-settings-daemon (Ubuntu)
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please try to obtain a backtrace following the instructions at http://wiki.ubuntu.com/DebuggingProgramCrash and upload the backtrace (as an attachment) to the bug report. This will greatly help us in tracking down your problem.

Changed in gnome-settings-daemon (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
summary: - quantal 1 June i386.iso external monitor
+ cannot set displays on dual monitor: No such interface
+ `org.gnome.SettingsDaemon.XRANDR_2

the log seems to indicator gnome-settings-daemon is segfaulting for you

jerrylamos (jerrylamos) wrote :

Sebastian, I'll give a go at the back trace instructions this afternoon.

Thanks, Jerry

jerrylamos (jerrylamos) wrote :

Sebastian, I tried the http://wiki.ubuntu.com/DebuggingProgramCrash looks way way out of date, the keys don't work, etc. I tried to do everything on the pages. At the end I got this;

jerry@Aspire-5253:~$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 428D7C01
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.ZQePwCdAd8 --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 428D7C01
gpg: requesting key 428D7C01 from hkp server keyserver.ubuntu.com
gpg: key 428D7C01: "Ubuntu Debug Symbol Archive Automatic Signing Key <email address hidden>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
jerry@Aspire-5253:~$ (gdb) backtrace full
bash: syntax error near unexpected token `backtrace'
jerry@Aspire-5253:~$ (gdb) info registers
bash: syntax error near unexpected token `info'
jerry@Aspire-5253:~$ (gdb) x/16i $pc
bash: syntax error near unexpected token `x/16i'
jerry@Aspire-5253:~$ (gdb) thread apply all backtrace
bash: syntax error near unexpected token `thread'
jerry@Aspire-5253:~$ (gdb) x/16i

The keys don't work. It asks for a "pid" for systems-settings-Displays lots of syntax errors in the http://wiki.ubuntu.com/DebuggingProgramCrash

I still get GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface `org.gnome.SettingsDaemon.XRANDR_2' on object at path /org/gnome/SettingsDaemon/XRANDR
after updating to 3.4.0-3.

C Schilder (cschilder) wrote :

Hi there,

Just ran gnome-settings-daemon --debug with strace on the background.
Maybe the info inside the .log is usable for the developers.

Cheers,
Cristian

Sebastien Bacher (seb128) wrote :

the (gdb) lines means command to type on the gdb prompt, not commands for the shell

jerrylamos (jerrylamos) wrote :

No idea if this makes sense, did
sudo gnome-settings-daemon --debug
then tried doing an apply in Displays, which got
_usr_lib_gnome-settings-daemon_gnome-settings-daemon.106.crash
See bug #1009683

I didn't find a strace-gnome-settings-daemon.log anywhere.

Jerry

Sebastien Bacher (seb128) wrote :

open a command line, type "gdb gnome-settings-daemon"

you get a "(gdb)" prompt, on it type:
"run --debug"

... you should get the segfault...

then on the (gdb) line type "backtrace"

Sebastien Bacher (seb128) wrote :

you might need to install the glib, gtk and gnome-settings-daemon debug symbols as well to have an useful stacktrace

jerrylamos (jerrylamos) wrote :

Thanks, Sebastian. I did the
gdb gnome-settings-daemon
bunch of lines
run --debug
Selected Displays, mirror images off, laptop off, apply
then got on terminal screen:

Program received signal SIGSEGV, Segmentation fault.
0xb2ae9f00 in gdk_device_manager_list_devices@plt ()
   from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
(gdb) backtrace
#0 0xb2ae9f00 in gdk_device_manager_list_devices@plt ()
   from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
#1 0xb2aecec5 in ?? () from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
#2 0xb786b570 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#3 0xb786da93 in g_main_context_dispatch ()
   from /lib/i386-linux-gnu/libglib-2.0.so.0
#4 0xb786de30 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5 0xb786e28b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
#6 0xb7c5b19d in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-3.so.0
#7 0x0804abc9 in main ()

Now where should the stacktrace appear?

I did find an strace with yesterday's date, see attachment

What is the cli code for glib, gtk, and gnome-settings-daemon debug symbols?

Thanks for looking at this bug.

Jerry

Sebastien Bacher (seb128) wrote :

is there any chance you could do the same with gnome-settings-daemon-dbgsym installed? (you can get the ddeb from http://ddebs.ubuntu.com/pool/main/g/gnome-settings-daemon/)

jerrylamos (jerrylamos) wrote :

In that link I found
gnome-settings-daemon-dbgsym_3.4.2-0ubuntu2_i386.ddeb
so I did a sudo dpkg -i on it.
Then did
gdb gnome-settings-daemon
run --debug

Created the problem. A whole lot on the console. I looked in http://bugs.launchpad.net/gdb-linaro/>... which seemed to me to be a whole lot of bugs people reported with "no instructions" on how to report. Everything says look in http://bugs.launchpad.net/gdb-linaro/>... which is just a google type list of bugs people found and no instructions on what to do.

So I copied the console output it's 27015 characters long attached.

"backtrace" got
(gdb) backtrace
#0 0xb2ae9f00 in gdk_device_manager_list_devices@plt ()
   from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
#1 0xb2aecec5 in gsd_mouse_manager_idle_cb (manager=0x8130248)
    at gsd-mouse-manager.c:1124
#2 0xb786b570 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#3 0xb786da93 in g_main_context_dispatch ()
   from /lib/i386-linux-gnu/libglib-2.0.so.0
#4 0xb786de30 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5 0xb786e28b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
#6 0xb7c5b19d in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-3.so.0
#7 0x0804abc9 in main (argc=1, argv=0xbffff3b4) at main.c:464
(gdb)

Did I do things in the right sequence?

Thanks for input on tracking down this bug.

Jerry

Sebastien Bacher (seb128) wrote :

Thanks, that stacktrace has debug info, it's similar to https://launchpadlibrarian.net/106223472/Stacktrace.txt

Changed in gnome-settings-daemon (Ubuntu):
status: Incomplete → New
importance: Low → High
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-settings-daemon (Ubuntu):
status: New → Confirmed
jerrylamos (jerrylamos) wrote :

Today's aptitude update full upgrade the resolution appears to be 1280x1024 on the external display much better than 1024x768.

Do note selecting System Settings, Displays results in a loop - open, I close it, automatically open, I close it, ad nauseum.

Nice to have the higher resolution back. Still have to turn the laptop display off manually. Boots at max bright no matter what.

Jerry

jerrylamos (jerrylamos) wrote :

Oh, tried to install proprietary driver FGLRX which got a bug see attached jockey.log. I've got a pile of bugs in my reader and can't tell which one is related.

Jerry

summary: - cannot set displays on dual monitor: No such interface
- `org.gnome.SettingsDaemon.XRANDR_2
+ [mouse]: gnome-settings-daemon SIGSEGV in
+ gdk_device_manager_list_devices@plt()
Michael Terry (mterry) wrote :

It's interesting that the stack is crashing in the @plt version of the function. See http://stackoverflow.com/questions/5469274/what-does-plt-mean-here for an explanation of the plt (procedure linkage table).

So it's not even hitting libgdk. And neither gtk/gdk or gnome-settings-daemon changed (AFAIK) since this bug started appearing in quantal. So it seems likely to be a toolchain issue?

Dennis Kaarsemaker (dennis) wrote :

This happens to me as well with gnome-settings-daemon 3.4.2-0ubuntu1 or 3.4.2-0ubuntu4. Downgrading to 3.4.1-ubuntu1 works around the problem but is no longer an option. Backtrace:

#0 0xaedeaf00 in gdk_device_manager_list_devices@plt ()
   from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
#1 0xaededec5 in gsd_mouse_manager_idle_cb (manager=0x813a610)
    at gsd-mouse-manager.c:1124
#2 0xb7860570 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#3 0xb7862a93 in g_main_context_dispatch ()
   from /lib/i386-linux-gnu/libglib-2.0.so.0
#4 0xb7862e30 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5 0xb786328b in g_main_loop_run () from /lib/i386-linux-gnu/libglib-2.0.so.0
#6 0xb7c5024d in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-3.so.0
#7 0x0804abc9 in main (argc=1, argv=0xbfffec34) at main.c:464

Dennis Kaarsemaker (dennis) wrote :

Backtrace after installing the glib dbgsym:

#0 0xaedeaf00 in gdk_device_manager_list_devices@plt ()
   from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
#1 0xaededec5 in gsd_mouse_manager_idle_cb (manager=manager@entry=0x813e620)
    at gsd-mouse-manager.c:1124
#2 0xb7860570 in g_idle_dispatch (source=source@entry=0x8175a78,
    callback=0xaededca0 <gsd_mouse_manager_idle_cb>, user_data=0x813e620)
    at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:4657
#3 0xb7862a93 in g_main_dispatch (context=0x8086cc8)
    at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:2539
#4 g_main_context_dispatch (context=context@entry=0x8086cc8)
    at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:3075
#5 0xb7862e30 in g_main_context_iterate (context=0x8086cc8,
    block=block@entry=1, dispatch=dispatch@entry=1,
    self=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
    at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:3146
#6 0xb786328b in g_main_loop_run (loop=0x81fe920)
    at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:3340
#7 0xb7c5024d in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-3.so.0
#8 0x0804abc9 in main (argc=1, argv=0xbfffec34) at main.c:464

Dennis Kaarsemaker (dennis) wrote :

Further evidence towards Michael Terry's suspicion about this possibly being a toolchain issue: 3.4.1 also segfaults in the same location when I rebuild it on quantal.

Dennis Kaarsemaker (dennis) wrote :

And commenting out that part of gsd_mouse_manager_idle_cb makes it segfault in another part of the plt:

0xaedf0200 in g_settings_get_boolean@plt () from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
(gdb) bt
#0 0xaedf0200 in g_settings_get_boolean@plt () from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
#1 0xaedf2b37 in ?? () from /usr/lib/gnome-settings-daemon-3.0/libmouse.so
#2 0xb785e570 in g_idle_dispatch (source=source@entry=0x815c978, callback=0xaedf2910, user_data=0x813c230)
    at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:4657
#3 0xb7860a93 in g_main_dispatch (context=0x8086cc8) at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:2539
#4 g_main_context_dispatch (context=context@entry=0x8086cc8) at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:3075
#5 0xb7860e30 in g_main_context_iterate (context=0x8086cc8, block=block@entry=1, dispatch=dispatch@entry=1,
    self=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:3146
#6 0xb786128b in g_main_loop_run (loop=0x81f4358) at /build/buildd/glib2.0-2.33.1/./glib/gmain.c:3340
#7 0xb7c4e24d in gtk_main () from /usr/lib/i386-linux-gnu/libgtk-3.so.0
#8 0x0804ab29 in main ()

Dennis Kaarsemaker (dennis) wrote :

Another point:

between 3.4.1 and 3.4.2 the mouse plugin received no related changes, which also indicates a build/toolchain problem.

Removing the mouse plugin at leaset makes g-s-d stable for me, so I've done that for now. I'll keep testing updates.

Dennis Kaarsemaker (dennis) wrote :

Another finger pointing to gcc: setting CC=gcc-4.6 in debian/rules makes the resulting binary not fail this way.

Chris Coulson (chrisccoulson) wrote :

Hi,

The information here doesn't yet rule out it being something other than a toolchain issue (this type of crash can be caused by overwriting the GOT). Whilst I set up an i386 environment to debug this in, could someone please try running gnome-settings-daemon in valgrind and recreate the issue there? Instructions for that are here: https://wiki.ubuntu.com/Valgrind

Michael Terry (mterry) wrote :
Changed in gnome-settings-daemon (Ubuntu Quantal):
assignee: nobody → Chris Coulson (chrisccoulson)
Chris Coulson (chrisccoulson) wrote :

Ok, with some help from mterry who is able to reproduce this quite easily, it looks like we've determined that what happens is something in set_disable_w_typing() writes 0x0 to the %ebx register and doesn't restore its original contents (%ebx must be preserved by the callee as per the SysV i386 ABI).

As %ebx is used to hold the base address of the GOT on i386, the next call which goes via the PLT (which happens to be gdk_device_manager_list_devices) crashes when trying to read the address to jump to

Chris Coulson (chrisccoulson) wrote :

Note, you can observe that %ebx still contains 0x0 when it crashes in the PLT.

As a workaround, you can turn off "disable touchpad whilst typing", as it is something specific to the codepath which enables this functionality. I guess everyone experiencing this does actually have a touchpad? (I hope so!)

Yes I do have a touchpad on my lenovo T61 and I did have the Disable touchpad flag set. I have now unchecked the box and see how I go. thanks for tracking this down.

jerrylamos (jerrylamos) wrote :

I always have touchpad turned off since I touch type and my hands are all over the keyboard and the touchpad goes nuts. Right now I'm using an external keyboard so I could try turning touchpad back on.
Tried simply turning touchpad on and doing Systems Settings Displays, got

GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface `org.gnome.SettingsDaemon.XRANDR_2' on object at path /org/gnome/SettingsDaemon/XRANDR.

Let me try reboot.

Jerry

jerrylamos (jerrylamos) wrote :

Rebooted, touchpad is on, tried Systems Settings Display Apply and got

GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface `org.gnome.SettingsDaemon.XRANDR_2' on object at path /org/gnome/SettingsDaemon/XRANDR

The external minitor did come up 1280x1024 as it was, so some improvement with touchpad on, CLI xrandr still works O.K. for the external monitor.
Turned off the laptop "full bright" monitor manually. I don't know CLI to turn off the laptop monitor.

Easy for me to reproduce if anyone has anything to try that I'm able to follow through on.

Thanks, Jerry

Dennis Kaarsemaker (dennis) wrote :

Yes, touchpad, disabled while typing. Unticking that checkbox indeed makes g-s-d not crash. Attached is the valgrind output from when I reenabled that setting and ran g-s-d again.

Dennis Kaarsemaker (dennis) wrote :

(And now the real valgrind log, following instructions from the wiki)

jerrylamos (jerrylamos) wrote :

Disconnected external monitor. Widescreen laptop monitor came up with 1366x768 the max res. Any attempt to change that with Systems Settings Displays including just 1360x768 causes same crash as soon as "apply" is selected. The touchpad is turned on. For that matter, don't have to change anything, just do "apply":

GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface `org.gnome.SettingsDaemon.XRANDR_2' on object at path /org/gnome/SettingsDaemon/XRANDR

Advanced Micro Devices [AMD] nee ATI Wrestler [Radeon HD 6310]

All up to date as of today, 16 June. Install was 11 June with the then current i386.iso. Will try another install or so as 28 June A2 approaches.

Jerry

Sebastien Bacher (seb128) wrote :

Ok, after discussion on IRC we figured that there is an obvious error in 10_smaller_syndaemon_timeout.patch: we add an extra argument to *args[] without changing the allocation (i.e we write NULL out of the arrays), not sure how that turns out in corrupting ebx but Chris is looking at it ;-)

Chris Coulson (chrisccoulson) wrote :

The registed corruption occurs when the function returns, where it restores the register states from the stack. At least this is an easy fix :)

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-settings-daemon - 3.4.2-0ubuntu5

---------------
gnome-settings-daemon (3.4.2-0ubuntu5) quantal; urgency=low

  * debian/patches/10_smaller_syndaemon_timeout.patch: Update to increase
    the size of the stack allocated array for the extra argument passed to
    syndaemon. This fixes a crash in the PLT due to a corrupt %ebx register
    (which holds the GOT base address on i386), which was caused in an earlier
    function by writing zero in to the location on the stack where the value of
    %ebx is saved. Thanks to Sebastien Bacher for spotting the buggy patch!
    (fixes LP: #1007588)
 -- Chris Coulson <email address hidden> Mon, 18 Jun 2012 10:27:29 +0100

Changed in gnome-settings-daemon (Ubuntu Quantal):
status: Confirmed → Fix Released
Changed in gnome-settings-daemon (Ubuntu Precise):
status: New → Fix Committed
importance: Undecided → High
description: updated
jerrylamos (jerrylamos) wrote :

Updated 12 noon EST and Systems Settings Displays works, so the bug is fixed. Anyone know how to mark the bug solved?

Thanks much!

One funny, pull down menus now have a white stripe with black lettering for each line, example Systems Settings from the applet on the top right of the screen. I can read the text so no big deal, just different. Some default somewhere I don't know must have changed.

Thanks for the fix,

Jerry

Sebastien Bacher (seb128) wrote :

The bug is marked fix released so no need to change anything, the rendering issues are side effects of the new GTK uploads and being worked, today updates have some fixes already even if it's not perfect

Hello jerrylamos, or anyone else affected,

Accepted gnome-settings-daemon into precise-proposed. The package will build now and be available in a few hours. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Sebastien Bacher (seb128) wrote :

setting the bug to verified, the change is trivial and obviously correct and there is no visible issue after running the new version for a week here

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-settings-daemon - 3.4.2-0ubuntu0.2

---------------
gnome-settings-daemon (3.4.2-0ubuntu0.2) precise-proposed; urgency=low

  * Upload to precise-proposed

  [ Chris Coulson ]
  * debian/patches/10_smaller_syndaemon_timeout.patch: Update to increase
    the size of the stack allocated array for the extra argument passed to
    syndaemon. This fixes a crash in the PLT due to a corrupt %ebx register
    (which holds the GOT base address on i386), which was caused in an earlier
    function by writing zero in to the location on the stack where the value of
    %ebx is saved. Thanks to Sebastien Bacher for spotting the buggy patch!
    (fixes LP: #1007588)

  [ Hsin-Yi, Chen (hychen) ]
  * debian/patches/git_xrandr_explicitly_set_clone_state.patch:
    - "xrandr; explicitly set clone state variable when generating monitor
       configs" (LP: #1014533)
 -- Sebastien Bacher <email address hidden> Mon, 18 Jun 2012 12:32:40 +0200

Changed in gnome-settings-daemon (Ubuntu Precise):
status: Fix Committed → Fix Released
Maraschin (carlo-maraschin) wrote :

I just got this problem!
I can't enable the second monitor as a separete monitor.
I only get it as a mirror... :-/

GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface `org.gnome.SettingsDaemon.XRANDR_2' on object at path /org/gnome/SettingsDaemon/XRANDR

amcmorl (amcmorl) wrote :

I can confirm that this is still a problem.

I've just upgraded from 12.04 to 12.10, and am trying to get my dual monitor setup working again (worked fine under 12.04). I have gnome-settings-daemon 3.4.2-0ubuntu15, but still get the same 'No such interface' error as Maraschin.

Should this be working?

Changed in gnome-settings-daemon (Ubuntu):
assignee: Chris Coulson (chrisccoulson) → Joey Utin (josephutin2001)
assignee: Joey Utin (josephutin2001) → nobody
To post a comment you must log in.