Bug 69643

Summary: systemdadm double free or corruption
Product: systemd Reporter: justin <jlec>
Component: generalAssignee: systemd-bugs
Status: RESOLVED FIXED QA Contact: systemd-bugs
Severity: normal    
Priority: medium CC: systemd
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Full crash log
Output of “backtrace full” (gdb)

Description justin 2013-09-21 14:36:07 UTC 
Created attachment 86246 [details]
Full crash log

Every time when restarting a service systemadm crashes.

 # systemadm 
*** Error in `systemadm': free(): invalid pointer: 0x0000000001a5f160 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x796de)[0x2ae7843a26de]
/lib64/libc.so.6(+0x7a3d7)[0x2ae7843a33d7]
systemadm[0x41a87c]
systemadm[0x40a1bc]
systemadm[0x40bd4d]
/usr/lib64/libgobject-2.0.so.0(g_closure_invoke+0x145)[0x2ae783ce8e15]
/usr/lib64/libgobject-2.0.so.0(+0x21854)[0x2ae783cfa854]
/usr/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0xeb5)[0x2ae783d02555]
/usr/lib64/libgobject-2.0.so.0(g_signal_emit_by_name+0x51b)[0x2ae783d02d7b]
systemadm[0x414826]
/usr/lib64/libffi.so.6(ffi_call_unix64+0x4c)[0x2ae785ed9c98]
/usr/lib64/libffi.so.6(ffi_call+0x1e1)[0x2ae785ed9651]
/usr/lib64/libgobject-2.0.so.0(g_cclosure_marshal_generic+0x1c5)[0x2ae783ce9655]
/usr/lib64/libgobject-2.0.so.0(g_closure_invoke+0x145)[0x2ae783ce8e15]
/usr/lib64/libgobject-2.0.so.0(+0x21485)[0x2ae783cfa485]
/usr/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0xeb5)[0x2ae783d02555]
/usr/lib64/libgobject-2.0.so.0(g_signal_emit+0x8a)[0x2ae783d0284a]
/usr/lib64/libgio-2.0.so.0(+0xc7bec)[0x2ae783713bec]
/usr/lib64/libgio-2.0.so.0(+0xb78a9)[0x2ae7837038a9]
/usr/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x268)[0x2ae783d73c28]
/usr/lib64/libglib-2.0.so.0(+0x48ee8)[0x2ae783d73ee8]
/usr/lib64/libglib-2.0.so.0(g_main_loop_run+0x6a)[0x2ae783d7431a]
/usr/lib64/libgtk-3.so.0(gtk_main+0x8d)[0x2ae78398f53d]
systemadm[0x40d3e5]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x2ae78434a975]
systemadm[0x404561]
Comment 1 justin 2013-09-21 14:36:25 UTC 
Portage 2.2.6 (default/linux/amd64/13.0, gcc-4.8.1-asneeded, glibc-2.17, 3.10.12-lh x86_64)
=================================================================
System uname: Linux-3.10.12-lh-x86_64-Intel-R-_Core-TM-_i7-2600_CPU_@_3.40GHz-with-gentoo-2.2
KiB Mem:    16344916 total,   5499228 free
KiB Swap:    3987452 total,   3987452 free
Timestamp of tree: Sat, 21 Sep 2013 00:45:01 +0000
ld GNU gold (GNU Binutils 2.23.2) 1.11
ccache version 3.1.9 [enabled]
app-shells/bash:          4.2_p45
dev-java/java-config:     2.2.0
dev-lang/python:          2.6.8-r3, 2.7.5-r2, 3.2.5-r2, 3.3.2-r2
dev-util/ccache:          3.1.9-r2::science
dev-util/cmake:           2.8.11.2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.12
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.10.3, 1.11.6, 1.12.6, 1.13.4, 1.14
sys-devel/binutils:       2.23.2
sys-devel/gcc:            4.4.7, 4.5.4, 4.6.4, 4.7.3, 4.8.1
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.11 (virtual/os-headers)
sys-libs/glibc:           2.17
Repositories: gentoo sunrise bicatali betagarden dummy Neurogeek science Raspberry-Pi-Overlay last-hope g-ctan
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -ftracer   -march=native -mtune=native -frecord-gcc-switches -g -Wimplicit-function-declaration"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib/systemd/system /usr/share/eselect/ /usr/share/gnupg/qualified.txt /usr/share/nano/ /var/lib/hsqldb /var/spool/munin-async/.ssh"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -ftracer   -march=native -mtune=native -frecord-gcc-switches -g -Wenum-compare"
DISTDIR="/var/cache/portage/distfiles"
EMERGE_DEFAULT_OPTS=" -vt --keep-going --autounmask-write --autounmask --quiet-build=n"
FCFLAGS="-O2 -pipe -ftracer   -march=native -mtune=native -frecord-gcc-switches -g"
FEATURES="assume-digests binpkg-logs buildsyspkg candy ccache collision-protect compressdebug distlocks ebuild-locks fixlafiles merge-sync multilib-strict news noinfo parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms sign split-log splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe -ftracer   -march=native -mtune=native -frecord-gcc-switches -g"
GENTOO_MIRRORS=" /mnt/tmpfs/ http://gentoo.j-schmitz.net/mirror/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://ftp.tu-clausthal.de/pub/linux/gentoo/"
LANG="en_GB.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-O1,--hash-style=gnu,--sort-common"
MAKEOPTS="-j12 -l9"
PKGDIR="/var/cache/portage/packages"
PORTAGE_COMPRESS="xz"
PORTAGE_COMPRESS_FLAGS="-z -e -9 -v"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--omit-dir-times"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/local/overlays/sunrise-reviewed /local/overlays/bicatali /local/overlays/betagarden /local/overlays/dummy /local/overlays/neurogeek /local/overlays/sci /local/overlays/gen2pi /local/overlays/lh-overlay /local/overlays/g-ctan"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl alsa amd64 avx bash-completion berkdb branding bzip2 cairo caps cli cracklib crypt cxx dbus dri fortran gdbm gif gmp gnome gnome-keyring gstreamer gtk iconv icu ipv6 jpeg jpeg2k mmx mmxext modules mudflap multilib ncurses network-cron nls nptl nsplugin numa opengl openmp pam pcre pgo png pulseaudio qt3support raw readline session smp sse sse2 sse2_4way sse2check sse3 sse4 sse41 sse4_1 sse4_2 sse4a ssl ssse3 startup-notification systemd tcpd threads tiff truetype unicode vaapi vdpau xattr xinerama zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" DRACUT_MODULES="plymouth" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer pdfimport scripting-javascript wiki-publisher nlpsolver" LINGUAS="en" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_conn limit_req map memcached proxy referer rewrite scgi split_clients ssi upstream_ip_hash userid uwsgi stub_status" OFFICE_IMPLEMENTATION="libreoffice" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_6 python2_7 python3_2 python3_3 pypy2_0" QEMU_SOFTMMU_TARGETS="i386 x86_64 arm armeb" QEMU_USER_TARGETS="i386 x86_64 arm armeb" RUBY_TARGETS="ruby19" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
USE_PYTHON="2.6 2.7 3.2 3.3 2.7-pypy-2.0"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND
Comment 2 Michael Stapelberg 2013-12-08 13:06:31 UTC 
I can reproduce this with the current git HEAD (commit 0bfc54dedd309b3e265fb8d514e58ac1c67811af) and systemd-204 on Debian. This has also been reported as http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731387 in Debian.

Steps to reproduce:
1) launch systemadm
2) sudo systemctl stop miredo.service

The backtrace is:

#0  0x00007fdc978851e5 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fdc97888398 in __GI_abort () at abort.c:90
#2  0x00007fdc978c07cb in __libc_message (do_abort=do_abort@entry=2, 
    fmt=fmt@entry=0x7fdc979bcbe8 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
#3  0x00007fdc978caa26 in malloc_printerr (action=3, 
    str=0x7fdc979b8b8a "free(): invalid pointer", ptr=<optimized out>) at malloc.c:4902
#4  0x00007fdc978cb7a3 in _int_free (av=<optimized out>, 
    p=0x624648 <g_define_type_id__volatile.26118>, have_lock=0) at malloc.c:3758
#5  0x000000000041a00c in job_unit_link_destroy (self=self@entry=0x7ffffa64b430)
    at /tmp/systemd-ui/src/systemd-interfaces.vala:151
#6  0x00000000004095d0 in main_window_update_job_iter (self=self@entry=0x69c070, 
    iter=iter@entry=0x7ffffa64b530, id=id@entry=705, j=0xa548c0)
    at /tmp/systemd-ui/src/systemadm.vala:767
#7  0x000000000040acea in main_window_on_job_new (self=0x69c070, id=705, 
    path=0x8ce960 "/org/freedesktop/systemd1/job/705")
    at /tmp/systemd-ui/src/systemadm.vala:795
#8  0x00007fdc983d6f28 in g_closure_invoke ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#9  0x00007fdc983e7edd in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#10 0x00007fdc983efce9 in g_signal_emit_valist ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x00007fdc983f0462 in g_signal_emit_by_name ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x00000000004139b6 in _dbus_handle_manager_job_new (parameters=<optimized out>, 
    self=0x7af1b0) at systemd-interfaces.c:1506
#13 manager_proxy_g_signal (proxy=0x7af1b0, sender_name=<optimized out>, 
    signal_name=<optimized out>, parameters=<optimized out>) at systemd-interfaces.c:1541
#14 0x00007fdc94651e28 in ffi_call_unix64 () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#15 0x00007fdc94651790 in ffi_call () from /usr/lib/x86_64-linux-gnu/libffi.so.6
#16 0x00007fdc983d7768 in g_cclosure_marshal_generic ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#17 0x00007fdc983d6f28 in g_closure_invoke ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#18 0x00007fdc983e7c9b in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#19 0x00007fdc983efce9 in g_signal_emit_valist ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#20 0x00007fdc983eff32 in g_signal_emit ()
   from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#21 0x00007fdc986da21c in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#22 0x00007fdc986cace5 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#23 0x00007fdc9810fea6 in g_main_context_dispatch ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007fdc981101f8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007fdc981105fa in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007fdc98afc39d in gtk_main () at /tmp/buildd/gtk+3.0-3.8.4/./gtk/gtkmain.c:1156
#27 0x000000000040c595 in _vala_main (args=0x7ffffa64c478, args_length1=1)
    at /tmp/systemd-ui/src/systemadm.vala:1074
#28 0x00007fdc97871995 in __libc_start_main (main=0x4049a0 <main>, argc=1, 
    ubp_av=0x7ffffa64c478, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7ffffa64c468) at libc-start.c:260
#29 0x00000000004049fc in _start ()

I have attached the output of “backtrace full” as an attachment.
Comment 3 Michael Stapelberg 2013-12-08 13:07:41 UTC 
Created attachment 90455 [details]
Output of “backtrace full” (gdb)
Comment 4 Kay Sievers 2013-12-08 14:16:59 UTC 
systemadm is unmaintained. It should probably just be deleted.

Looking at its history, I doubt anybody will ever make it useful or even fix it.
Comment 5 Zbigniew Jedrzejewski-Szmek 2014-01-07 01:11:15 UTC 
Those issues seem to be fixed when recompiling with vala 0.22.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.