console-kit-daemon crashed with SIGSEGV in fclose()

Bug #263245 reported by Niki Guldbrand
262
Affects Status Importance Assigned to Milestone
ConsoleKit
Fix Released
Medium
consolekit (Ubuntu)
Fix Released
Medium
Martin Pitt
Hardy
Invalid
Undecided
Martin Pitt
Intrepid
Fix Released
Medium
Martin Pitt

Bug Description

Binary package hint: consolekit

was watching a video in totem and this one just pooped up after exiting totem.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/sbin/console-kit-daemon
NonfreeKernelModules: nvidia
Package: consolekit 0.2.10-1ubuntu3
ProcAttrCurrent: unconfined
ProcCmdline: /usr/sbin/console-kit-daemon
ProcEnviron:

Signal: 11
SourcePackage: consolekit
StacktraceTop:
 fclose () from /lib/libc.so.6
 ?? ()
 ?? ()
 ?? ()
 ?? () from /usr/lib/libglib-2.0.so.0
Title: console-kit-daemon crashed with SIGSEGV in fclose()
Uname: Linux 2.6.27-1-generic x86_64
UserGroups:

SRU justification: ConsoleKit crashes have a high impact on system stability, since they mean that an user looses his consolekit session (since they are not saved persistently on disk) and thus looses access to USB hardware, etc.

Tags: apport-crash

Related branches

Revision history for this message
Niki Guldbrand (niki-guldbrand-net) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:fclose@@GLIBC_2.2.5 () from /lib/libc.so.6
reopen_file_stream (event_logger=0x6cdc50) at ck-event-logger.c:184
check_file_stream (event_logger=0x6cdc50) at ck-event-logger.c:217
writer_thread_start (event_logger=0x6cdc50) at ck-event-logger.c:233
g_thread_create_proxy (data=0x6d07f0)

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Changed in consolekit:
importance: Undecided → Medium
Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote :

I've got this one too. Apport poped up after login.

Revision history for this message
one goat (noze23) wrote :

was listening to audacious, and using firefox. got this error, and pulseaudio appears to have died.

Revision history for this message
Steve Langasek (vorlon) wrote :

pulseaudio doesn't die, but because console-kit-daemon dies (and is respawned), all the information about the current X session is lost - so pulseaudio is no longer authorized to access the sound devices.

A workaround for the current session is to run 'ck-launch-session bash' from a terminal.

Changed in consolekit:
status: New → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

Do you happen to have a recipe to reproduce this crash reliably? (It never crashes for me). Right after it happens, can you please attach /var/log/ConsoleKit/history?

Changed in consolekit:
assignee: nobody → pitti
status: Confirmed → In Progress
Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote : Re: [Bug 263245] Re: console-kit-daemon crashed with SIGSEGV in fclose()

Martin Pitt wrote:
> Do you happen to have a recipe to reproduce this crash reliably? (It
> never crashes for me).

Nope, it crashes randomly.

> Right after it happens, can you please attach
> /var/log/ConsoleKit/history?

I'll do so next time it crashes.

Revision history for this message
Chuck Renner (chuckrenner) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm not sure when it is happening. It is not while I am at my laptop.
I come back, and it is already there when I log in. If I can reproduce
it reliably, I will write a "test script" for reproducing it.

Martin Pitt wrote:
> Do you happen to have a recipe to reproduce this crash reliably? (It
> never crashes for me). Right after it happens, can you please attach
> /var/log/ConsoleKit/history?
>
> ** Changed in: consolekit (Ubuntu Intrepid)
> Assignee: (unassigned) => Martin Pitt (pitti)
> Status: Confirmed => In Progress
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjdu8oACgkQZAk0c807YXRoPQCfQlGIzQklZ0cnwFiasQz6RoHA
Dh8AnAseekWsed8CdB/Jfz+XdLhfHaR0
=1F/e
-----END PGP SIGNATURE-----

Revision history for this message
Martin Pitt (pitti) wrote : Re: [Bug 263245] Re: console-kit-daemon crashed with SIGSEGV in fclose()

Chuck Renner [2008-09-27 4:51 -0000]:
> I'm not sure when it is happening. It is not while I am at my laptop.
> I come back, and it is already there when I log in.

Ah, that's interesting data. After you log in, does "ck-list-sessions"
have a session for you? (Just copy it here if you are unsure). I
suspect it has, otherwise quite a lot of hardware wouldn't work for
you, such as USB sticks, cameras, etc. That would tell us if the crash
happens at logout time or login time.

Also, I still think having the log file would be good.

Thanks, Martin

Revision history for this message
Steve Langasek (vorlon) wrote :

For me it happens while I'm away, and when I come back and unlock the screen, it's crashed - and yes, my session is gone, and hardware /does/ stop working for me, which is why this is a big deal. :)

Attached is my /var/log/ConsoleKit/history. The X session starting at 2008-09-28T00:23:29.745915Z is a new one manually started by running 'ck-launch-session bash' following the latest crash; the crash itself happened at ~ 2008-09-27 17:10 UTC (the time console-kit-daemon restarted). Doesn't look like there's anything unusual in the logs around that time.

Revision history for this message
In , Martin Pitt (pitti) wrote :

We have several reports about consolekit crashing with a SEGV in reopen_file_stream() in ck-event-logger.c, in the fclose (event_logger->priv->file); call. Personally I never saw that, but our automatic crash reporting system is better at that. :-) See

  http://launchpadlibrarian.net/17208371/Stacktrace.txt

for the detailled stack trace. The original bug report at https://bugs.launchpad.net/bugs/263245 has some more information like the "history" file, but this doesn't look corrupted or otherwise "interesting".

I'm going to stare at the code for a bit, maybe I can spot something.

BTW, those reports are against 0.2.10, but ck-event-logger.c didn't change at all in 0.3, so I think it's still relevant.

Revision history for this message
In , Martin Pitt (pitti) wrote :

Oh, actually that was not quite correct. ck-event-logger.c did change in 0.3, but we already have that patch backported (dfcab49480565a7bcf71752c5b39eb367df81a19, "cleanly shutdown event logging thread").

(I have test packages for 0.3 ready for current Ubuntu, together with the hal and packagekit fixes for the ABI change, but they still break things, so we can't upgrade to 0.3 yet.)

Revision history for this message
In , Martin Pitt (pitti) wrote :

Ah, so that happens in check_file_stream(), here in particular if the file changed underneath:

        if (old_stats.st_ino != new_stats.st_ino || old_stats.st_dev != new_stats.st_dev) {
                g_debug ("File %s has been replaced; writing to end of new file", event_logger->priv->log_filename);
                reopen_file_stream (event_logger);

I just checked the code, and priv->file is only ever fdopen()'ed from priv->fd. Now man fdopen explains the crash: "The file descriptor is not dup’ed, and will be closed when the stream created by fdopen() is closed.".

Thus it seems this crash is due to close()ing priv->fd twice in reopen_file_stream():

  close (event_logger->priv->fd);
  fclose (event_logger->priv->file);

I confirmed that by instrumenting reopen_file_stream():

        g_debug ("Reopening %s", event_logger->priv->log_filename);
        close (event_logger->priv->fd);
        if (fclose (event_logger->priv->file) != 0)
            perror("fclose");

started the daemon, did a "rm /var/log/ConsoleKit/history; touch /var/log/ConsoleKit/history; ck-launch-session" and got

console-kit-daemon[15108]: DEBUG: Reopening /var/log/ConsoleKit/history
fclose: Bad file descriptor

Now I'm unclear why this actually causes a segfault at times, and not just a failed close() call, but that's something for the glibc developers to ask, I think.

In any case it is correct to remove the first close(). fclose() will flush the stream and call close() on priv->fd.

Revision history for this message
In , Martin Pitt (pitti) wrote :

Created an attachment (id=19338)
fix double close()

Revision history for this message
shemgp (shemgp) wrote :

Happened after login, for me.

Changed in consolekit:
status: Unknown → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

I think I have a pretty clear understanding of the bug now, see the discussion in the upstream bug report. Fixed package uploaded, will make it past unapproved after beta freeze is lifted.

Changed in consolekit:
status: In Progress → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

This should be fixed in hardy, too.

Changed in consolekit:
assignee: nobody → pitti
status: New → In Progress
Revision history for this message
In , William Jon McCann (william-jon-mccann) wrote :

Looks good. I've committed this to git. Thanks!

Revision history for this message
Martin Pitt (pitti) wrote :

I tried to reproduce this with

  sudo rm /var/log/ConsoleKit/history; sudo touch /var/log/ConsoleKit/history; ck-launch-session

which always triggers the double close(). However, it does not actually crash for me, the close() call just fails. It should crash for the people which reported that bug, though. Can you please try that?

description: updated
Revision history for this message
Bremm (bremm) wrote :

Same here, nothing happens.

bremm@host:~$ sudo rm /var/log/ConsoleKit/history; sudo touch /var/log/ConsoleKit/history; ck-launch-session
bremm@host:~$

Last crash 5 hours ago (last on list below):

console-kit-dae[19973] general protection ip:3cf7c69aa7 sp:41bcef70 error:0 in libc-2.8.90.so[3cf7c00000+169000]

All crashes between last 09/24 and today (10/02):

$ dmesg | grep console-kit
[35031.466477] console-kit-dae[5661]: segfault at 49 ip 39fea69b67 sp 40817f70 error 4 in libc-2.8.90.so[39fea00000+169000]
[66171.143065] console-kit-dae[29631]: segfault at 7f749ff35ff8 ip 39fea7bfe5 sp 40874810 error 4 in libc-2.8.90.so[39fea00000+169000]
[98211.436240] console-kit-dae[17709] general protection ip:39fea69b67 sp:40587f70 error:0 in libc-2.8.90.so[39fea00000+169000]
[130731.518840] console-kit-dae[30647] general protection ip:39fea69b67 sp:41596f70 error:0 in libc-2.8.90.so[39fea00000+169000]
[162530.796139] console-kit-dae[13361] general protection ip:39fea69b67 sp:408e9f70 error:0 in libc-2.8.90.so[39fea00000+169000]
[230631.546482] console-kit-dae[1609] general protection ip:39fea69b67 sp:409f0f70 error:0 in libc-2.8.90.so[39fea00000+169000]
[264231.374218] console-kit-dae[14635] general protection ip:39fea69b67 sp:41247f70 error:0 in libc-2.8.90.so[39fea00000+169000]
[310431.365024] console-kit-dae[26878] general protection ip:39fea69b67 sp:417c1f70 error:0 in libc-2.8.90.so[39fea00000+169000]
[350631.214140] console-kit-dae[2124] general protection ip:39fea69b67 sp:40813f70 error:0 in libc-2.8.90.so[39fea00000+169000]
[392031.357076] console-kit-dae[21487] general protection ip:39fea69b67 sp:4119af70 error:0 in libc-2.8.90.so[39fea00000+169000]
[423530.549443] console-kit-dae[8720]: segfault at 49 ip 39fea69b67 sp 40802f70 error 4 in libc-2.8.90.so[39fea00000+169000]
[455330.703130] console-kit-dae[20605] general protection ip:7ff57dd6eaa7 sp:40f58f70 error:0 in libc-2.8.90.so[7ff57dd05000+169000]
[494331.318542] console-kit-dae[14844] general protection ip:7fde4db9daa7 sp:41a41f70 error:0 in libc-2.8.90.so[7fde4db34000+169000]
[534170.881299] console-kit-dae[18725]: segfault at 49 ip 7fb4ecacbaa7 sp 41ec0f70 error 4 in libc-2.8.90.so[7fb4eca62000+169000]
[574430.458063] console-kit-dae[25127] general protection ip:3cf7c69aa7 sp:41a9af70 error:0 in libc-2.8.90.so[3cf7c00000+169000]
[607730.771046] console-kit-dae[31367] general protection ip:3cf7c69aa7 sp:41a50f70 error:0 in libc-2.8.90.so[3cf7c00000+169000]
[662030.895044] console-kit-dae[19973] general protection ip:3cf7c69aa7 sp:41bcef70 error:0 in libc-2.8.90.so[3cf7c00000+169000]

I'm not pretty sure if all errors above were reported by apport to launchpad.

Revision history for this message
kulight (kulight) wrote :

i also got this crash

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package consolekit - 0.2.10-1ubuntu6

---------------
consolekit (0.2.10-1ubuntu6) intrepid; urgency=low

  * Add 08-fix-double-close.patch: Fix double close()ing of the log file which
    sometimes causes not only close() to fail, but to segfault. (LP: #263245)

 -- Martin Pitt <email address hidden> Thu, 02 Oct 2008 13:01:48 +0200

Changed in consolekit:
status: Fix Committed → Fix Released
Changed in consolekit:
status: Confirmed → Fix Released
Revision history for this message
Wilbur Harvey (wilbur-harvey-spirentcom) wrote :

I have the same problem, happened at login.
I have consolekit - 0.2.10-lubnuntu6

Revision history for this message
Martin Pitt (pitti) wrote :

Ah, I just checked that this does in fact not affect Hardy at all.

Changed in consolekit:
status: In Progress → Invalid
Changed in consolekit:
importance: Unknown → Medium
Changed in consolekit:
importance: Medium → Unknown
Changed in consolekit:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.