Ubuntu
indicator-session package

indicator-session sporadically segfaults if used with winbind

Bug #1501244 reported by Jonathan on 2015-09-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	indicator-session (Ubuntu)	Fix Released	High	Unassigned
	Trusty	Fix Released	High	Unassigned

Bug Description

when looking into our pc pool with 44 machines, in around 2-5 sessions the System Menu is missing after a crash of indicator-session-service, making the users unable to log out using the mouse.

There are arround 100 ubuntu machines for students with 32000 real users from an active directory. The users cannot see any users real name.

I wasn't able to find the right debug symbols, but in the disassembly it looks like a crash in service.c:321 .
In the attached crash dump the instruction pointer points to 0x4120a0 in memory, which should be the get_current_realname function.

static const char *
get_current_real_name (IndicatorSessionService * self)
{
GHashTableIter iter;
gpointer key, value;

  /* is it the guest? */
  if (indicator_session_guest_is_active (self->priv->backend_guest))
    return _("Guest");

  /* is it a user? */
  g_hash_table_iter_init (&iter, self->priv->users);
  while (g_hash_table_iter_next (&iter, &key, &value))
    {
      IndicatorSessionUser * user = value;
      if (user->is_current_user) // SEGFAULT PROBABLY HERE (movzx edx, byte ptr [r13]), r13=user ist NULL
        return get_user_label (user);
    }

return "";
}

The strange thing is: before inserting into the hashmap, every user is checked to be != NULL. So maybe I guessed the wrong function, or there are threading issues.

Disassembly:
   0x0000000000412081 <+1484>: mov r13,rax
   0x0000000000412084 <+1487>: setne al
   0x0000000000412087 <+1490>: test al,al
   0x0000000000412089 <+1492>: je 0x411f56 <_start+1185>
   0x000000000041208f <+1498>: jmp 0x411f51 <_start+1180>
   0x0000000000412094 <+1503>: nop DWORD PTR [rax+0x0]
   0x0000000000412098 <+1507>: mov r13,QWORD PTR [rdx+0x20]
   0x000000000041209c <+1511>: mov rsi,QWORD PTR [rdx+0x18]
=> 0x00000000004120a0 <+1515>: movzx edx,BYTE PTR [r13+0x0]
   0x00000000004120a5 <+1520>: test dl,dl
   0x00000000004120a7 <+1522>: je 0x4120d6 <_start+1569>
   0x00000000004120a9 <+1524>: mov rax,QWORD PTR [rip+0x248770] # 0x65a820 <g_ascii_table>
   0x00000000004120b0 <+1531>: test BYTE PTR [rax+rdx*2+0x1],0x1
   0x00000000004120b5 <+1536>: je 0x411f51 <_start+1180>
   0x00000000004120bb <+1542>: mov rdx,r13
   0x00000000004120be <+1545>: jmp 0x4120cb <_start+1558>

Some command output:
$> lsb_release -rd
Description: Ubuntu 14.04.3 LTS
Release: 14.04

Package version:
$> dpkg -l | grep indicator-session
ii indicator-session 12.10.5+14.04.20150404-0ubuntu1 amd64 indicator showing session management, status and user switching

~$> gsettings list-recursively com.canonical.indicator.session
com.canonical.indicator.session show-real-name-on-panel false
com.canonical.indicator.session suppress-logout-menuitem false
com.canonical.indicator.session suppress-restart-menuitem false
com.canonical.indicator.session suppress-shutdown-menuitem false
com.canonical.indicator.session suppress-logout-restart-shutdown false
com.canonical.indicator.session user-show-menu false

~$> wbinfo -u | wc -l
127390

iw18ejyg@cip-54-54: ~$> python -c 'print(__import__("pwd").getpwnam("iw18ejyg"))'
pwd.struct_passwd(pw_name='iw18ejyg', pw_passwd='*', pw_uid=1069023, pw_gid=1000513, pw_gecos='', pw_dir='/home/stud/iw18ejyg', pw_shell='/bin/bash')

Tags:

Related branches

lp:ubuntu/trusty-proposed/indicator-session

Revision history for this message

Jonathan (jonny-4) wrote on 2015-09-30:

_usr_lib_x86_64-linux-gnu_indicator-session_indicator-session-service.1069023.crash Edit (1.1 MiB, text/plain)

Revision history for this message

Jonathan (jonny-4) wrote on 2015-09-30:

using another machine with the same package selection, home directory, user id, but user information with real name from ldap+kerberos, I never observed this crash.

Revision history for this message

Sebastien Bacher (seb128) wrote on 2015-10-02:

Thank you for your bug report, is there any chance you could install the dbgsym package (see https://wiki.ubuntu.com/DebuggingProgramCrash#Non-built-in_debug_symbol_packages_.28.2A-dbgsym.29) for indicator-session and get a debug backtrace? It might also be worth testing newer versions of the deb if they can be installed on trusty (I didn't try but they might), it could be https://code.launchpad.net/~charlesk/indicator-session/lp-1290876-fix-null-dereference-in-get-user-label/+merge/254105

Changed in indicator-session (Ubuntu):
importance:	Undecided → High

Revision history for this message

Sebastien Bacher (seb128) wrote on 2015-10-02:

hum, for some reasons it seems like the debug packages for the current version are missing in trusty, sorry about that, we are going to try to fix that

Changed in indicator-session (Ubuntu):
status:	New → Incomplete

Revision history for this message

Jonathan (jonny-4) wrote on 2015-10-07:

after installing the version with debug symbols in trusty, i figured out i reversed wrong, it is the get_user_label function.

(gdb) bt
#0 get_user_label (user=0xa02db0, user=0xa02db0) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:299
#1 get_current_real_name (self=0x831840) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:322
#2 action_state_for_header (self=self@entry=0x831910) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:179
#3 0x0000000000412c85 in update_header_action (self=0x831910) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:210
#4 rebuild_now (self=0x831910, sections=57) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:956
#5 0x0000000000412cb0 in rebuild_timeout_func (self=<optimized out>) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:993
#6 0x00007fb3e49d7703 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#7 0x00007fb3e49d6ce5 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#8 0x00007fb3e49d7048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9 0x00007fb3e49d730a in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x0000000000411a35 in main (argc=<optimized out>, argv=<optimized out>) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/main.c:62
(gdb) i args
user = 0xa02db0
user = 0xa02db0
(gdb) print *user
$1 = {is_current_user = 1, is_logged_in = 0, uid = 0, login_frequency = 0, user_name = 0x0, real_name = 0x0, icon_file = 0x0}
(gdb) disas get_user_label

but user_name and real_name are BOTH NULL.

after installing the version with debug symbols in trusty, i figured out i reversed wrong, it is the get_user_label function.

ii  indicator-session                                     12.10.5+14.04.20140410-0ubuntu1                     amd64        indicator showing session management, status and user switching
ii  indicator-session-dbgsym                              12.10.5+14.04.20140410-0ubuntu1                     amd64        debug symbols for package indicator-session

(gdb) bt
#0  get_user_label (user=0xa02db0, user=0xa02db0) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:299
#1  get_current_real_name (self=0x831840) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:322
#2  action_state_for_header (self=self@entry=0x831910) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:179
#3  0x0000000000412c85 in update_header_action (self=0x831910) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:210
#4  rebuild_now (self=0x831910, sections=57) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:956
#5  0x0000000000412cb0 in rebuild_timeout_func (self=<optimized out>) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/service.c:993
#6  0x00007fb3e49d7703 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#7  0x00007fb3e49d6ce5 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#8  0x00007fb3e49d7048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9  0x00007fb3e49d730a in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x0000000000411a35 in main (argc=<optimized out>, argv=<optimized out>) at /build/buildd/indicator-session-12.10.5+14.04.20140410/src/main.c:62
(gdb) i args
user = 0xa02db0
user = 0xa02db0
(gdb) print *user
$1 = {is_current_user = 1, is_logged_in = 0, uid = 0, login_frequency = 0, user_name = 0x0, real_name = 0x0, icon_file = 0x0}
(gdb) disas get_user_label

but user_name and real_name are BOTH NULL.

Revision history for this message

Sebastien Bacher (seb128) wrote on 2015-10-07:

hum, so the fix pointed wouldn't be enough ... could you try to see what is in /etc/password that confuses it?

Revision history for this message

Jonathan (jonny-4) wrote on 2015-10-07:

the patch will be enough:
get_current_realname() will return username=NULL, and action_state_for_header will correct it to "":
label = show_name && real_name ? real_name : "";

Our users are not in /etc/passwd, but accessed by libnss-winbind, and sometimes the connection is quite slow or winbindd hangs.

Thanks for your answers.

Charles Kerr (charlesk) on 2015-10-08

Changed in indicator-session (Ubuntu):
status:	Incomplete → New

Revision history for this message

Sebastien Bacher (seb128) wrote on 2015-10-08:

looks like you are saying it's fixed in trunk, I've started a SRU update to backport the fix to trusty

Changed in indicator-session (Ubuntu):
status:	New → Fix Released

Revision history for this message

Sebastien Bacher (seb128) wrote on 2015-10-08:

SRU is being prepared in https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/landing-009 if you want to test the deb

Revision history for this message

Jonathan (jonny-4) wrote on 2015-10-12:

#10

No crashes with this deb until now, thanks!

Revision history for this message

Chris J Arges (arges) wrote on 2015-10-14: Please test proposed package

#11

Hello Jonathan, or anyone else affected,

Accepted indicator-session into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/indicator-session/12.10.5+14.04.20151008-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in indicator-session (Ubuntu Trusty):
status:	New → Fix Committed
tags:	added: verification-needed

Mathew Hodson (mhodson) on 2015-10-20

Changed in indicator-session (Ubuntu Trusty):
importance:	Undecided → High

Revision history for this message

Jonathan (jonny-4) wrote on 2015-10-20:

#12

12.10.5+14.04.20151008-0ubuntu1 for me

Revision history for this message

Jonathan (jonny-4) wrote on 2015-10-20:

#13

we had no crashes of indicator-session in the last 12 days

tags:

added: verification-done
removed: verification-needed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-10-21:

#14

This bug was fixed in the package indicator-session - 12.10.5+14.04.20151008-0ubuntu1

---------------
indicator-session (12.10.5+14.04.20151008-0ubuntu1) trusty; urgency=medium

  * Backport fix for segfault in get_user_label() (lp: #1501244) (LP:
    #1501244)
  * chmod +x debian/rules

-- Sebastien Bacher <email address hidden> Thu, 08 Oct 2015 16:33:40 +0000

Changed in indicator-session (Ubuntu Trusty):
status:	Fix Committed → Fix Released

Revision history for this message

Chris J Arges (arges) wrote on 2015-10-21: Update Released

#15

The verification of the Stable Release Update for indicator-session has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.