Ubuntu
udisks2 package

/usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected

Bug #1964532 reported by errors.ubuntu.com bug bridge
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
udisks2 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The Ubuntu Error Tracker has been receiving reports about a problem regarding udisks2. This problem was most recently seen with package version 2.9.4-1, the problem page at https://errors.ubuntu.com/problem/ee70e42ef96a41e0ae118869c75b7cc675ae974c contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in udisks2 (Ubuntu):
status: New → Confirmed
Revision history for this message
Jacob Moroni (jakemoroni) wrote :

This occurs every time I reboot my system - Ubuntu Mate 22.04.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Could someone having the issue attach the journalctl log from a session where they had the crash to the bug?

Changed in udisks2 (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Alex Murray (alexmurray) wrote :

See attached - it looks like the crash happens during shutdown - see line 11443

Changed in udisks2 (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Alex Murray (alexmurray) wrote :

This looks to be the same as LP: #1955758

Revision history for this message
Alex Murray (alexmurray) wrote :

I can reproduce this by just running `sudo systemctl restart udisks2.service` - will see if I can perhaps run it under valgrind and see where the memory corruption is happening.

Revision history for this message
Alex Murray (alexmurray) wrote :

Sadly running it under valgrind doesn't detect this memory corruption - we see an invalid memory read on shutdown but that is all:

$ sudo valgrind /usr/libexec/udisks2/udisksd
==567833== Memcheck, a memory error detector
==567833== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==567833== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==567833== Command: /usr/libexec/udisks2/udisksd
==567833==
udisks-Message: 15:23:12.496: udisks daemon version 2.9.4 starting

** (udisksd:567833): WARNING **: 15:23:12.985: failed to load module mdraid: libbd_mdraid.so.2: cannot open shared object file: No such file or directory

(udisksd:567833): udisks-WARNING **: 15:23:13.018: Failed to load the 'mdraid' libblockdev plugin
udisks-Message: 15:23:17.443: udisks daemon version 2.9.4 exiting
==567833== Invalid read of size 4
==567833== at 0x4B5BB14: g_resource_unref (gresource.c:527)
==567833== by 0x4B5D8C0: g_static_resource_fini (gresource.c:1449)
==567833== by 0x400624D: _dl_fini (dl-fini.c:142)
==567833== by 0x4E85494: __run_exit_handlers (exit.c:113)
==567833== by 0x4E8560F: exit (exit.c:143)
==567833== by 0x4E69D96: (below main) (libc_start_call_main.h:74)
==567833== Address 0x9246130 is 0 bytes inside a block of size 16 free'd
==567833== at 0x484B27F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==567833== by 0x4B5D8B8: g_static_resource_fini (gresource.c:1448)
==567833== by 0x400624D: _dl_fini (dl-fini.c:142)
==567833== by 0x4E85494: __run_exit_handlers (exit.c:113)
==567833== by 0x4E8560F: exit (exit.c:143)
==567833== by 0x4E69D96: (below main) (libc_start_call_main.h:74)
==567833== Block was alloc'd at
==567833== at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==567833== by 0x4D64718: g_malloc (gmem.c:125)
==567833== by 0x4B5D137: UnknownInlinedFun (gresource.c:545)
==567833== by 0x4B5D137: g_resource_new_from_data (gresource.c:613)
==567833== by 0x4B5D1F8: register_lazy_static_resources_unlocked (gresource.c:1374)
==567833== by 0x4B5D8FC: UnknownInlinedFun (gresource.c:1393)
==567833== by 0x4B5D8FC: UnknownInlinedFun (gresource.c:1387)
==567833== by 0x4B5D8FC: g_static_resource_get_resource (gresource.c:1472)
==567833== by 0x14E463: udisks_linux_mount_options_get_builtin (in /usr/libexec/udisks2/udisksd)
==567833== by 0x12BA6E: ??? (in /usr/libexec/udisks2/udisksd)
==567833== by 0x4CCB03E: g_object_new_internal (gobject.c:2053)
==567833== by 0x4CCC757: g_object_new_valist (gobject.c:2355)
==567833== by 0x4CCCC8C: g_object_new (gobject.c:1824)
==567833== by 0x1288BF: udisks_daemon_new (in /usr/libexec/udisks2/udisksd)
==567833== by 0x128935: ??? (in /usr/libexec/udisks2/udisksd)

I also tried rebuilding udisks2, cryptsetup and openssl with ASan enabled but that also didn't appear to detect it... I am out of ideas of where to look / what to try to dig further into this.

Revision history for this message
Alex Murray (alexmurray) wrote :

Ok so this looks to be the same as https://github.com/storaged-project/udisks/pull/926 which was fixed upstream - and according to the comment there causes exactly the type of issue we are seeing:

"leading to memory corruption causing random failures of further atexit handlers such as cryptsetup and openssl destructors."

I'll try rebuilding udisks2 with this patch and see if it helps.

Revision history for this message
Alex Murray (alexmurray) wrote :

Yep with this patch applied I can no longer reproduce the crash and the valgrind output is clean - have just uploaded this as 2.9.4-1ubuntu1 to jammy-proposed.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package udisks2 - 2.9.4-1ubuntu2

---------------
udisks2 (2.9.4-1ubuntu2) jammy; urgency=medium

  * Fix crash on shutdown (LP: #1964532)
    - d/p/udiskslinuxmountoptions-do-not-free-static-daemon-resources.patch:
      Upstream patch to avoid a double free of static daemon resources.

 -- Alex Murray <email address hidden> Fri, 08 Apr 2022 06:47:40 +0930

Changed in udisks2 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.