[libavg-devel] Ubuntu 8.04: libavg SIGSEGV on pyscript termination

OXullo Intersecans x at 02L.net
Tue Jun 3 23:43:14 CEST 2008 

On Ubuntu 8.04 libavg causes segmentation faults at *each* script exit.
This is due to libselinux1 which is the apparent responsible of the  
problem.

Workaround at tail.


Simplest testcase:

1. install python-libavg w/ deps (packaged hardy/universe or svn r:2885)
2. from python cli:
 >>> import libavg
 >>> CTRL-D


distro: Ubuntu hardy heron / 8.04
arch: both i386 (Intel core duo) and amd64 (AMD Athlon64 X2)

libselinux1:
   Installed: 2.0.55-0ubuntu4
   Candidate: 2.0.55-0ubuntu4
   Version table:
      2.0.55-0ubuntu4 0
         500 http://de.archive.ubuntu.com hardy/main Packages
  *** 2.0.55-0ubuntu4 0
         100 /var/lib/dpkg/status

python-libavg:
   Installed: 0.7.0-4ubuntu1
   Candidate: 0.7.0-4ubuntu1
   Version table:
  *** 0.7.0-4ubuntu1 0
         500 http://de.archive.ubuntu.com hardy/universe Packages
         100 /var/lib/dpkg/status

Valgrind reports:

=29183== Invalid read of size 8
==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211)
==29183== by 0xE28F1F1: (within /lib/libselinux.so.1)
==29183== by 0xE29D040: (within /lib/libselinux.so.1)
==29183== by 0x570010F: exit (exit.c:75)
==29183== by 0x56E91CA: (below main) (libc-start.c:252)
==29183== Address 0x80 is not stack'd, malloc'd or (recently) free'd
==29183==
==29183== Process terminating with default action of signal 11  
(SIGSEGV): dumping core
==29183== Access not within mapped region at address 0x80
==29183== at 0xE29B9DD: fini_context_translations (setrans_client.c:211)
==29183== by 0xE28F1F1: (within /lib/libselinux.so.1)
==29183== by 0xE29D040: (within /lib/libselinux.so.1)==29183== by  
0x570010F: exit (exit.c:75)
==29183== by 0x56E91CA: (below main) (libc-start.c:252)

gdb says:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f3af10916e0 (LWP 15047)]
0x00007f3ae812a9dd in fini_context_translations () at setrans_client.c: 
211
211 free(prev_r2t_trans);
(gdb) bt
#0 0x00007f3ae812a9dd in fini_context_translations () at  
setrans_client.c:211
#1 0x00007f3ae811e1f2 in __do_global_dtors_aux () from /lib/ 
libselinux.so.1
#2 0x00007ffff9097700 in ?? ()
#3 0x00007f3ae812c041 in _fini () from /lib/libselinux.so.1
#4 0x00007ffff9097700 in ?? ()
#5 0x00007f3af0e88796 in _dl_fini () from /lib64/ld-linux-x86-64.so.2
Backtrace stopped: previous frame inner to this frame (corrupt stack?)


NOTES:

src/setrans_client.c:209 (libselinux1-2.0.55 source)
--------------------------------------
hidden void fini_context_translations(void)
{
         free(prev_r2t_trans);
         free(prev_r2t_raw);
         free(prev_t2r_trans);
         free(prev_t2r_raw);
}

This function is called at exit, libselinux patches every execve().  
Without selinux package this low-level framework seems to be quite  
useless, but still unremovable, due to several dependencies and kernel  
design (I suppose. Any clues?)
Any line of code contained in this function causes segfault, don't be  
fouled by a simple free() fuss.


**** Workaround: disable SETRANS

$ apt-get source libselinux1
$ cd libselinux-2.0.55
$ DISABLE_SETRANS=y dpkg-buildpackage -rfakeroot -uc -b
$ cd ..
$ sudo dpkg -i libselinux1_2.0.55-0ubuntu4_amd64.deb (or i386 one)

( launchpad ref: https://bugs.launchpad.net/ubuntu/+source/libselinux/+bug/237156 
  )



--
OXullo Intersecans

0 2 L > Outside Standing Level
http://www.02L.net

More information about the libavg-devel mailing list