Bug 577310

Summary: [abrt] crash in elfutils-0.145-1.fc12: Process /usr/bin/eu-unstrip was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Jonathan Wakely <fedoration>
Component: elfutilsAssignee: Roland McGrath <roland>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: mjw, roland
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: abrt_hash:588f43b299e3c0d17650e83e53751cf9d34d50a7
Fixed In Version: elfutils-0.147-1.fc12 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-04-28 03:08:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
coredump none

Description Jonathan Wakely 2010-03-26 16:46:14 UTC 
abrt 1.0.8 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: eu-unstrip --core=/var/cache/abrt/ccpp-1269621267-2522/coredump -n
component: elfutils
executable: /usr/bin/eu-unstrip
kernel: 2.6.32.9-70.fc12.x86_64
package: elfutils-0.145-1.fc12
rating: 4
reason: Process /usr/bin/eu-unstrip was killed by signal 11 (SIGSEGV)
release: Fedora release 12 (Constantine)

comment
-----
my X server crashed (see bug 577297) and when I logged in again and ran abrt it failed to get a backtrace from the X server crash, saying:

warning: section .gnu.liblist not found in /usr/lib/debug/usr/bin/Xorg.debug
warning: section .gnu.conflict not found in /usr/lib/debug/usr/bin/Xorg.debug
"/var/cache/abrt/ccpp-1269621267-2522/coredump" is not a core dump: File truncated
No shared libraries loaded at this time.
No symbol "__abort_msg" in current context.
No symbol "__glib_assert_msg" in current context.

I think the following entries in /var/log/messages correspond to this crash:

Mar 26 16:37:07 moria abrtd: Creating report...
Mar 26 16:37:07 moria kernel: eu-unstrip[4522]: segfault at 7f0aef72a000 ip 0000003e21206c3d sp 00007fffa301cc90 error 4 in libelf-0.145.so[3e21200000+14000]
Mar 26 16:37:07 moria abrt[4523]: saved core dump of pid 4522 (/usr/bin/eu-unstrip) to /var/cache/abrt/ccpp-1269621427-4522.new/coredump (425984 bytes)
Mar 26 16:37:07 moria abrtd: Directory 'ccpp-1269621427-4522' creation detected
Mar 26 16:37:07 moria abrtd: abrt-debuginfo-install exited with 2
Mar 26 16:37:08 moria abrtd: Crash is in database already (dup of /var/cache/abrt/ccpp-1269621267-3744)
Mar 26 16:37:08 moria abrtd: Deleting crash ccpp-1269621427-4522 (dup of ccpp-1269621267-3744), sending dbus signal
Mar 26 16:37:08 moria abrtd: Getting crash infos...
Mar 26 16:37:08 moria abrtd: Getting global universal unique identification...
Mar 26 16:37:08 moria abrtd: abrt-backtrace failed to parse the backtrace
Mar 26 16:37:08 moria abrtd: Getting global universal unique identification...
Mar 26 16:37:08 moria abrtd: abrt-backtrace failed to parse the backtrace

How to reproduce
-----
1. ran abrt-gui from the command line as root
2.
3.
Comment 1 Jonathan Wakely 2010-03-26 16:46:17 UTC 
Created attachment 402887 [details]
File: backtrace
Comment 2 Roland McGrath 2010-04-06 20:02:34 UTC 
If you still have the file /var/cache/abrt/ccpp-1269621267-2522/coredump, please make this available for the elfutils maintainers to examine.
Comment 3 Jonathan Wakely 2010-04-11 23:50:03 UTC 
sorry, that file is gone now, but I will create a new one, all I have to do is run audacity for a few seconds and it takes down my X server ...
Comment 4 Jonathan Wakely 2010-04-12 00:01:22 UTC 
Created attachment 405869 [details]
coredump

New coredump, corresponding backtrace is

warning: section .gnu.liblist not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
warning: section .dynbss not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
warning: section .gnu.conflict not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
[New Thread 19106]
warning: section .gnu.liblist not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
warning: section .dynbss not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
warning: section .gnu.conflict not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
warning: Unable to open "librpm.so.1" (librpm.so.1: cannot open shared object file: No such file or directory), missing debuginfos notifications will not be displayed
Missing separate debuginfo for /usr/lib64/libelf.so.1
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/19/22724e6c1a2ddd0177001374f6ef960eafa9de /var/cache/abrt-di/usr/lib/debug/.build-id/19/22724e6c1a2ddd0177001374f6ef960eafa9de
Missing separate debuginfo for /usr/lib64/libdw.so.1
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/dd/07f879358fd1c3afdca8520798b3353700b9b8 /var/cache/abrt-di/usr/lib/debug/.build-id/dd/07f879358fd1c3afdca8520798b3353700b9b8
Missing separate debuginfo for /usr/lib64/liblzma.so.0
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/2e/e862b287ade0165e3467b5c80e33c9536941ba /var/cache/abrt-di/usr/lib/debug/.build-id/2e/e862b287ade0165e3467b5c80e33c9536941ba
Missing separate debuginfo for /lib64/libbz2.so.1
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/38/f63b34a9903961783c898f1ec03776f67e8353 /var/cache/abrt-di/usr/lib/debug/.build-id/38/f63b34a9903961783c898f1ec03776f67e8353
Missing separate debuginfo for /lib64/libz.so.1
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/f7/933750da80f555321576e72b375caf7a3cc075 /var/cache/abrt-di/usr/lib/debug/.build-id/f7/933750da80f555321576e72b375caf7a3cc075
Missing separate debuginfo for 
Try: yum --disablerepo='*' --enablerepo='*-debuginfo' install /usr/lib/debug/.build-id/8b/6feabeeae377da1938171057f8180e62ad90f0 /var/cache/abrt-di/usr/lib/debug/.build-id/8b/6feabeeae377da1938171057f8180e62ad90f0
warning: section .gnu.liblist not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
warning: section .dynbss not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
warning: section .gnu.conflict not found in /var/cache/abrt-di/usr/lib/debug/.build-id/e0/e743a77f72cf86f7bb7b3fee0011ed9f4f3543.debug
Core was generated by `eu-unstrip --core=/var/cache/abrt/ccpp-1271029896-17921/coredump -n'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003897c06c3d in gelf_getphdr (elf=0x63b5b0, 
    ndx=<value optimized out>, dst=<value optimized out>)
    at /usr/include/bits/string3.h:52
52	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));

Thread 1 (Thread 19106):
#0  0x0000003897c06c3d in gelf_getphdr (elf=0x63b5b0, 
    ndx=<value optimized out>, dst=<value optimized out>)
    at /usr/include/bits/string3.h:52
        phdr = <value optimized out>
        phnum = 1166
        result = 0x0
#1  0x0000003895c22035 in dwfl_report_core_segments (dwfl=0x63b540, 
    elf=0x63b5b0, phnum=1787, notes=0x0) at core-file.c:157
        phdr_mem = {p_type = 0, p_flags = 0, p_offset = 0, 
          p_vaddr = 211232453422, p_paddr = 7795506888185572399, 
          p_filesz = 3346019691383775849, p_memsz = 50, p_align = 0}
        phdr = <value optimized out>
        ndx = <value optimized out>
        result = <value optimized out>
#2  0x0000003895c2212a in dwfl_core_file_report (dwfl=0x63b540, elf=0x63b5b0, 
    ehdr=<value optimized out>) at core-file.c:418
        notes_phdr = {p_type = 4, p_flags = 0, p_offset = 100136, 
          p_vaddr = 0, p_paddr = 0, p_filesz = 9580, p_memsz = 0, p_align = 0}
        phnum = 1787
        ndx = <value optimized out>
        auxv = <value optimized out>
        auxv_size = <value optimized out>
#3  0x0000003895c19e82 in parse_opt (key=<value optimized out>, 
    arg=0x7fffe0532ee0 "/var/cache/abrt/ccpp-1271029896-17921/coredump")
    at argp-std.c:229
        fd = 7
        dwfl = 0x63b540
        core = 0x63b5b0
        error = DWFL_E_NOERROR
        ehdr = {
          e_ident = "\177ELF\002\001\001\000\000\000\000\000\000\000\000", 
          e_type = 4, e_machine = 62, e_version = 1, e_entry = 0, 
          e_phoff = 64, e_shoff = 0, e_flags = 0, e_ehsize = 64, 
          e_phentsize = 56, e_phnum = 1787, e_shentsize = 0, e_shnum = 0, 
          e_shstrndx = 0}
        result = <value optimized out>
        __PRETTY_FUNCTION__ = "parse_opt"
        state = 0x7fffe0531120
#4  0x00000038958ec5c8 in group_parse (argp=<value optimized out>, 
    argc=-531427128, argv=0x7fff00000002, flags=<value optimized out>, 
    end_index=0x7fffe053134c, input=0x7fffe05312c0) at argp-parse.c:257
No locals.
#5  parser_parse_opt (argp=<value optimized out>, argc=-531427128, 
    argv=0x7fff00000002, flags=<value optimized out>, 
    end_index=0x7fffe053134c, input=0x7fffe05312c0) at argp-parse.c:756
        group_key = 2
        err = 7
#6  parser_parse_next (argp=<value optimized out>, argc=-531427128, 
    argv=0x7fff00000002, flags=<value optimized out>, 
    end_index=0x7fffe053134c, input=0x7fffe05312c0) at argp-parse.c:867
        opt = 33554689
        err = <value optimized out>
#7  __argp_parse (argp=<value optimized out>, argc=-531427128, 
    argv=0x7fff00000002, flags=<value optimized out>, 
    end_index=0x7fffe053134c, input=0x7fffe05312c0) at argp-parse.c:921
        err = <value optimized out>
        parser = {argp = 0x7fffe0530fa0, 
          short_opts = 0x63b4e8 "fio:d:maRne:p:M:kK::?V", 
          long_opts = 0x63b208, opt_data = {optind = 2, opterr = 1, 
            optopt = -1, 
            optarg = 0x7fffe0532ee0 "/var/cache/abrt/ccpp-1271029896-17921/coredump", __initialized = 1, __nextchar = 0x7fffe0532f0e "", 
            __ordering = PERMUTE, __posixly_correct = 0, __first_nonopt = 1, 
            __last_nonopt = 1}, groups = 0x63b080, egroup = 0x63b1a0, 
          child_inputs = 0x63b1e8, try_getopt = 1, state = {
            root_argp = 0x7fffe0530fa0, argc = 3, argv = 0x7fffe0531468, 
            next = 2, flags = 0, arg_num = 0, quoted = 0, 
            input = 0x7fffe05312d0, child_inputs = 0x0, hook = 0x63b540, 
            name = 0x7fffe0532ece "eu-unstrip", err_stream = 0x3895b73860, 
            out_stream = 0x3895b73780, pstate = 0x7fffe05310b0}, 
          storage = 0x63b080}
        arg_ebadkey = <value optimized out>
#8  0x0000000000406e72 in main (argc=3, argv=0x7fffe0531468) at unstrip.c:2277
        argp_children = {{argp = 0x3895e30160, flags = 0, 
            header = 0x407ed9 "Input selection options:", group = 1}, {
            argp = 0x0, flags = 0, header = 0x0, group = 0}}
        argp = {options = 0x408e60, parser = 0x403c70 <parse_opt>, 
          args_doc = 0x408748 "STRIPPED-FILE DEBUG-FILE\n[MODULE...]", 
          doc = 0x408770 "Combine stripped files with separate symbols and debug information.\vThe first form puts the result in DEBUG-FILE if -o was not given.\n\nMODULE arguments give file name patterns matching modules to proc"..., 
          children = 0x7fffe0531240, help_filter = 0, argp_domain = 0x0}
        remaining = 0
        info = {output_file = 0x0, output_dir = 0x0, dwfl = 0x0, args = 0x0, 
          list = false, all = false, ignore = false, modnames = false, 
          match_files = false, relocate = false}
        result = <value optimized out>
        __PRETTY_FUNCTION__ = "main"
From                To                  Syms Read   Shared Object Library
0x0000003897c029d0  0x0000003897c0f7c8  Yes         /usr/lib64/libelf.so.1
0x0000003895c07e00  0x0000003895c270c8  Yes         /usr/lib64/libdw.so.1
0x0000003896000de0  0x0000003896001998  Yes         /lib64/libdl-2.11.1.so
0x000000389581e860  0x000000389592619c  Yes         /lib64/libc-2.11.1.so
0x0000003895400af0  0x0000003895418434  Yes         /lib64/ld-2.11.1.so
0x00000038a08025d0  0x00000038a0816978  Yes         /usr/lib64/liblzma.so.0
0x00000038a0401630  0x00000038a040dcc8  Yes         /lib64/libbz2.so.1
0x0000003896801ef0  0x000000389680d228  Yes         /lib64/libz.so.1
0x0000003896405390  0x0000003896410918  Yes         /lib64/libpthread-2.11.1.so
$1 = 0x0
No symbol "__glib_assert_msg" in current context.
Comment 5 Jonathan Wakely 2010-04-12 00:15:40 UTC 
Is there anything I can do to debug the X server crash (Bug 577297) which causes this eu-unstrip crash?
It does look as though the coredump is truncated (although that shouldn't cause a segfault in eu-unstrip) - should I open a separate bug for that?
I assume /usr/libexec/abrt-hook-ccpp is at fault there?
Comment 6 Roland McGrath 2010-04-14 18:01:19 UTC 
That core file is definitely truncated.  You should file a separate bug against abrt for that, yes.  You can also try to further diagnose the situation by setting "ulimit -c unlimited" and trying to get a regular core file too (I'm not really sure how that interacts with abrtd).  If you get a complete core file that way, you can get a full backtrace from it to report in your X bug.
Comment 7 Roland McGrath 2010-04-14 18:25:20 UTC 
The elfutils crashes had to do with the truncated file.  I've fixed that upstream.  If you get the complete file, please test eu-unstrip -n --core on it.
Comment 8 Jonathan Wakely 2010-04-17 20:06:31 UTC 
ulimit -c is already unlimited for root and my own user.  I'll try to reproduce it again when I won't lose work and see if I can persuade abrt not to truncate the file
Comment 9 Fedora Update System 2010-04-22 00:24:56 UTC 
elfutils-0.146-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/elfutils-0.146-1.fc12
Comment 10 Fedora Update System 2010-04-22 00:25:06 UTC 
elfutils-0.146-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/elfutils-0.146-1.fc11
Comment 11 Fedora Update System 2010-04-22 00:25:16 UTC 
elfutils-0.146-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/elfutils-0.146-1.fc13
Comment 12 Roland McGrath 2010-04-22 00:52:13 UTC 
This should be fixed by 0.146, now in updates-testing.
Comment 13 Fedora Update System 2010-04-22 22:32:20 UTC 
elfutils-0.146-1.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update elfutils'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/elfutils-0.146-1.fc11
Comment 14 Fedora Update System 2010-04-22 22:44:20 UTC 
elfutils-0.146-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update elfutils'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/elfutils-0.146-1.fc13
Comment 15 Fedora Update System 2010-04-22 22:49:38 UTC 
elfutils-0.146-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update elfutils'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/elfutils-0.146-1.fc12
Comment 16 Fedora Update System 2010-04-28 03:07:51 UTC 
elfutils-0.146-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2010-05-18 21:50:17 UTC 
elfutils-0.147-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2010-05-18 21:55:49 UTC 
elfutils-0.147-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.