Bug 1071128 - [abrt] systemd: crash.2510(): systemd killed by SIGSEGV
Summary: [abrt] systemd: crash.2510(): systemd killed by SIGSEGV
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: rawhide
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:48065db08f7900d8b3a634ba26b...
: 1069752 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-28 06:39 UTC by D. Charles Pyle
Modified: 2020-12-02 16:23 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-12-02 16:23:23 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: backtrace (17.01 KB, text/plain)
2014-02-28 06:39 UTC, D. Charles Pyle
no flags Details
File: cgroup (130 bytes, text/plain)
2014-02-28 06:39 UTC, D. Charles Pyle
no flags Details
File: core_backtrace (3.87 KB, text/plain)
2014-02-28 06:39 UTC, D. Charles Pyle
no flags Details
File: dso_list (2.09 KB, text/plain)
2014-02-28 06:39 UTC, D. Charles Pyle
no flags Details
File: limits (1.29 KB, text/plain)
2014-02-28 06:39 UTC, D. Charles Pyle
no flags Details
File: maps (8.61 KB, text/plain)
2014-02-28 06:40 UTC, D. Charles Pyle
no flags Details
File: open_fds (2.08 KB, text/plain)
2014-02-28 06:40 UTC, D. Charles Pyle
no flags Details
File: proc_pid_status (900 bytes, text/plain)
2014-02-28 06:40 UTC, D. Charles Pyle
no flags Details
File: var_log_messages (30.36 KB, text/plain)
2014-02-28 06:40 UTC, D. Charles Pyle
no flags Details
The script to help reproduce the bug (2.12 KB, application/x-shellscript)
2020-11-30 12:04 UTC, Han Han
no flags Details


Links
System ID Private Priority Status Summary Last Updated
FreeDesktop.org 75571 0 None None None Never

Description D. Charles Pyle 2014-02-28 06:39:47 UTC
Description of problem:
I do not know how it can be reproduced.  It happened right after I ran a beesu script and deleted a file from /boot that was left over from an old installation.  That was immediately followed by this error but I am not sure it was related.  Maybe it was since beesu asks for a root password to work, but it has never happened before the recent update to systemd in rawhide.

Version-Release number of selected component:
systemd-210-2.fc21

Additional info:
reporter:       libreport-2.1.12
backtrace_rating: 4
cmdline:        /usr/lib/systemd/systemd --switched-root --system --deserialize 22
crash_function: crash.2510
environ:        
executable:     /usr/lib/systemd/systemd
kernel:         3.14.0-0.rc4.git0.1.fc21.x86_64
runlevel:       N 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (8 frames)
 #1 crash.2510 at ../src/core/main.c:151
 #3 unit_unwatch_pid at ../src/core/unit.c:1734
 #4 invoke_sigchld_event.3785 at ../src/core/manager.c:1429
 #5 manager_dispatch_sigchld.3790 at ../src/core/manager.c:1477
 #6 manager_dispatch_signal_fd.3742 at ../src/core/manager.c:1723
 #7 source_dispatch at ../src/libsystemd/sd-event/sd-event.c:1861
 #8 sd_event_run at ../src/libsystemd/sd-event/sd-event.c:2117
 #9 manager_loop at ../src/core/manager.c:1844

Comment 1 D. Charles Pyle 2014-02-28 06:39:52 UTC
Created attachment 868862 [details]
File: backtrace

Comment 2 D. Charles Pyle 2014-02-28 06:39:53 UTC
Created attachment 868863 [details]
File: cgroup

Comment 3 D. Charles Pyle 2014-02-28 06:39:55 UTC
Created attachment 868864 [details]
File: core_backtrace

Comment 4 D. Charles Pyle 2014-02-28 06:39:57 UTC
Created attachment 868865 [details]
File: dso_list

Comment 5 D. Charles Pyle 2014-02-28 06:39:58 UTC
Created attachment 868866 [details]
File: limits

Comment 6 D. Charles Pyle 2014-02-28 06:40:00 UTC
Created attachment 868867 [details]
File: maps

Comment 7 D. Charles Pyle 2014-02-28 06:40:01 UTC
Created attachment 868868 [details]
File: open_fds

Comment 8 D. Charles Pyle 2014-02-28 06:40:03 UTC
Created attachment 868869 [details]
File: proc_pid_status

Comment 9 D. Charles Pyle 2014-02-28 06:40:04 UTC
Created attachment 868870 [details]
File: var_log_messages

Comment 10 Zbigniew Jędrzejewski-Szmek 2014-03-01 13:48:04 UTC
*** Bug 1069752 has been marked as a duplicate of this bug. ***

Comment 11 Bruno Wolff III 2014-03-03 19:03:37 UTC
Is there a way to restart the systemd daemon without having to reboot as a workaround? a

Comment 12 Kevin Fenzi 2014-03-03 19:11:13 UTC
Not that I know of. 

It's worth noting that after updating to systemd-210-3.fc21.x86_64 I have not yet seen the crash again here. (Uptime around 27 hours).

Comment 13 Kevin Fenzi 2014-03-03 19:12:43 UTC
https://bugs.freedesktop.org/show_bug.cgi?id=75571 seems to be the upstream bug of this same issue...

Comment 14 Bruno Wolff III 2014-03-03 19:13:19 UTC
I have. That's what prompted me to ask.

Message from syslogd@bruno at Mar  3 13:00:01 ...
 kernel:[22095.559688] systemd[1]: segfault at 0 ip   (null) sp bff9b4fc error 4

[root@bruno bruno]# systemctl
Failed to list units: Connection timed out
[root@bruno bruno]# rpm -q systemd
systemd-210-3.fc21.i686

Comment 15 D. Charles Pyle 2014-03-04 15:54:15 UTC
(In reply to Bruno Wolff III from comment #14)
> I have. That's what prompted me to ask.
> 
> Message from syslogd@bruno at Mar  3 13:00:01 ...
>  kernel:[22095.559688] systemd[1]: segfault at 0 ip   (null) sp bff9b4fc
> error 4
> 
> [root@bruno bruno]# systemctl
> Failed to list units: Connection timed out
> [root@bruno bruno]# rpm -q systemd
> systemd-210-3.fc21.i686

I've seen the crash, too, just the other day.  I had to do a hard reset after it happened because none of the restart buttons would work in MATE-Desktop after that, and I couldn't bring up another VT.  Definitely had the word systemd in the error as it appeared in a terminal I had open at the time. Just thought I would mention that.

Comment 16 Han Han 2020-11-30 09:51:54 UTC
Similar problem has been detected:

Bug happends when destroy a VM:
virsh destroy pc

reporter:       libreport-2.14.0
backtrace_rating: 4
cgroup:         0::/init.scope
cmdline:        /usr/lib/systemd/systemd --switched-root --system --deserialize 30
crash_function: crash
executable:     /usr/lib/systemd/systemd
journald_cursor: s=a6799a509f77475f8c391dbe81e1294f;i=16c880;b=88f7a653be684b8c906fcd923835cad5;m=168999123;t=5b54fd12e83d6;x=56746f821ba9d095
kernel:         5.10.0-0.rc5.20201125git127c501a03d5.85.fc34.x86_64
package:        systemd-247-1.fc34
reason:         systemd killed by SIGSEGV
rootdir:        /
runlevel:       N 3
type:           CCpp
uid:            0

Comment 17 Han Han 2020-11-30 12:04:52 UTC
Created attachment 1734806 [details]
The script to help reproduce the bug

Steps:
1. Start an VM by virsh
# virsh start pc

2. Run the run.sh. This script will build and install libvirt rpms
# bash run.sh

3. Destroy the VM
# virsh destroy pc                                                                                           

Message from syslogd@fedora-rawhide at Nov 30 11:56:13 ...
 kernel:systemd[1]: segfault at d8 ip 00005630efe3b215 sp 00007ffffed969f0 error 4 in systemd[5630efdb4000+de000]

Message from syslogd@fedora-rawhide at Nov 30 11:56:13 ...
 kernel:Code: 83 ec 08 48 85 ff 0f 84 d1 00 00 00 89 f5 85 f6 0f 8e ef 00 00 00 48 8b 07 48 89 fb 4c 63 ee f7 dd 48 89 da 4c 89 ee 4c 63 e5 <48> 8b b8 d8 00 00 00 e8 2f 1a f8 ff 48 8b 03 4c 89 e6 48 8b b8 d8

Broadcast message from systemd-journald@fedora-rawhide (Mon 2020-11-30 11:56:14 UTC):

systemd[1]: Caught <SEGV>, dumped core as pid 13803.


Broadcast message from systemd-journald@fedora-rawhide (Mon 2020-11-30 11:56:14 UTC):

systemd[1]: Freezing execution.


Message from syslogd@fedora-rawhide at Nov 30 11:56:14 ...
 systemd[1]:Caught <SEGV>, dumped core as pid 13803.

Message from syslogd@fedora-rawhide at Nov 30 11:56:14 ...
 systemd[1]:Freezing execution.


Backtrace:

Thread 2 (Thread 0x7f812da2b300 (LWP 1)):
#0  <unavailable> in ?? ()
PC unavailable, cannot determine locals.
Backtrace stopped: not enough registers or memory available to unwind further

Thread 1 (LWP 13803):
#0  0x00007f812e49f66b in kill () at ../sysdeps/unix/syscall-template.S:120
No locals.
#1  0x00005630efdc66ef in crash (sig=11) at ../src/core/main.c:224
        sa = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0}
        pid = <optimized out>
        __func__ = "crash"
        __PRETTY_FUNCTION__ = "crash"
#2  <signal handler called>
No locals.
#3  0x00005630efe3b215 in hashmap_remove_value (value=0x5630f1ef2d00, key=0x8d0, h=<error reading variable: Cannot access memory at address 0xd8>) at ../src/basic/hashmap.h:206
No locals.
#4  unit_unwatch_pid (u=0x5630f1ef2d00, pid=2256) at ../src/core/unit.c:2818
        array = <optimized out>
        __PRETTY_FUNCTION__ = "unit_unwatch_pid"
#5  0x00005630efe028b9 in manager_invoke_sigchld_event (m=<optimized out>, u=0x5630f1ef2d00, si=0x7ffffed96a70) at ../src/core/manager.c:2510
        __PRETTY_FUNCTION__ = "manager_invoke_sigchld_event"
        __func__ = "manager_invoke_sigchld_event"
#6  0x00005630efe02c75 in manager_dispatch_sigchld (source=<optimized out>, userdata=0x5630f1c97dd0) at ../src/core/manager.c:2589
        u1 = 0x5630f1efbff0
        array = <optimized out>
        array_copy = 0x0
        name = 0x5630f1e43190 "qemu-system-x86"
        u2 = 0x5630f1ef2d00
        m = 0x5630f1c97dd0
        si = {si_signo = 17, si_errno = 0, si_code = 1, __pad0 = 0, _sifields = {_pad = {2256, 107, 0 <repeats 26 times>}, _kill = {si_pid = 2256, si_uid = 107}, _timer = {si_tid = 2256, si_overrun = 107, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = {si_pid = 2256, si_uid = 107, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 2256, si_uid = 107, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x6b000008d0, si_addr_lsb = 0, _bounds = {_addr_bnd = {_lower = 0x0, _upper = 0x0}, _pkey = 0}}, _sigpoll = {si_band = 459561502928, si_fd = 0}, _sigsys = {_call_addr = 0x6b000008d0, _syscall = 0, _arch = 0}}}
        r = <optimized out>
        __PRETTY_FUNCTION__ = "manager_dispatch_sigchld"
        __func__ = "manager_dispatch_sigchld"
#7  0x00007f812e953ad6 in source_dispatch (s=<optimized out>) at ../src/libsystemd/sd-event/sd-event.c:3278
        saved_event = 0x5630f1c98620
        saved_type = SOURCE_DEFER
        r = <optimized out>
        __PRETTY_FUNCTION__ = "source_dispatch"
        __func__ = "source_dispatch"
#8  0x00007f812e953fcd in sd_event_dispatch (e=0x5630f1c98620) at ../src/libsystemd/sd-event/sd-event.c:3689
        ref = 0x5630f1c98620
        p = 0x5630f1c992c0
        r = <optimized out>
        __PRETTY_FUNCTION__ = "sd_event_dispatch"
#9  0x00007f812e956628 in sd_event_run (e=0x5630f1c98620, timeout=18446744073709551615) at ../src/libsystemd/sd-event/sd-event.c:3747
        r = 1
        __PRETTY_FUNCTION__ = "sd_event_run"
#10 0x00005630efe0fd70 in manager_loop (m=0x5630f1c97dd0) at ../src/core/manager.c:2976
        wait_usec = <optimized out>
        watchdog_usec = <optimized out>
        rl = {interval = 1000000, burst = 50000, num = 15, begin = 855815082}
        r = <optimized out>
        __PRETTY_FUNCTION__ = "manager_loop"
        __func__ = "manager_loop"
#11 0x00005630efdc458a in invoke_main_loop (ret_error_message=0x7ffffed96d40, ret_switch_root_init=<synthetic pointer>, ret_switch_root_dir=<synthetic pointer>, ret_fds=0x7ffffed96d30, ret_shutdown_verb=<synthetic pointer>, ret_retval=<synthetic pointer>, ret_reexecute=<synthetic pointer>, saved_rlimit_memlock=0x7ffffed96d50, saved_rlimit_nofile=0x7ffffed96d60, m=0x5630f1c97dd0) at ../src/core/main.c:1860
        r = <optimized out>
        r = <optimized out>
        __PRETTY_FUNCTION__ = {<optimized out> <repeats 17 times>}
        __func__ = {<optimized out> <repeats 17 times>}
        _level = <optimized out>
        _e = <optimized out>
        _realm = <optimized out>
        saved_log_target = <optimized out>
        saved_log_level = <optimized out>
        _level = <optimized out>
        _e = <optimized out>
        _realm = <optimized out>
        _level = <optimized out>
        _e = <optimized out>
        _realm = <optimized out>
        _level = <optimized out>
        _e = <optimized out>
        _realm = <optimized out>
        _ptr_ = <optimized out>
        _ptr_ = <optimized out>
        _level = <optimized out>
        _e = <optimized out>
        _realm = <optimized out>
        table = {<optimized out>, <optimized out>, <optimized out>, <optimized out>, <optimized out>, <optimized out>, <optimized out>, <optimized out>, <optimized out>}
        _level = <optimized out>
        _e = <optimized out>
        _realm = <optimized out>
#12 main (argc=5, argv=0x7ffffed96f98) at ../src/core/main.c:2861
        initrd_timestamp = {realtime = <optimized out>, monotonic = <optimized out>}
        userspace_timestamp = {realtime = 1606736529728024, monotonic = 12059624}
        kernel_timestamp = {realtime = 1606736517668391, monotonic = 0}
        security_start_timestamp = {realtime = 1606736529742568, monotonic = 12074168}
        security_finish_timestamp = {realtime = 1606736530278182, monotonic = 12609783}
        saved_rlimit_nofile = {rlim_cur = 1024, rlim_max = 4096}
        saved_rlimit_memlock = {rlim_cur = 65536, rlim_max = 65536}
        skip_setup = <optimized out>
        loaded_policy = true
        queue_default_job = <optimized out>
        first_boot = false
        reexecute = false
        switch_root_dir = 0x0
        switch_root_init = 0x0
        before_startup = <optimized out>
        after_startup = <optimized out>
        timespan = "\030N\351\357\060V\000\000@S\351\357\060V", '\000' <repeats 42 times>, "\202ݵ\361\060V\000"
        shutdown_verb = 0x0
        error_message = 0x0
        r = <optimized out>
        retval = 1
        m = 0x5630f1c97dd0
        fds = 0x0
        systemd = "systemd"
        __func__ = "main"
        __PRETTY_FUNCTION__ = "main"
quit

Comment 18 Zbigniew Jędrzejewski-Szmek 2020-12-02 16:23:23 UTC
Han, please don't reopen a bug that was fixed 6 years ago. Your issue looks like a dup of #1902819.
Please check whether 247.1-fc34 fixes the issue for you.


Note You need to log in before you can comment on or make changes to this bug.