NetworkManager crashed with SIGSEGV in nm_dhcp_dhclient_escape_duid()

Bug #1153342 reported by Elbert Fliek on 2013-03-10
156
This bug affects 20 people
Affects Status Importance Assigned to Milestone
NetworkManager
Fix Released
Medium
network-manager (Ubuntu)
Critical
Mathieu Trudel-Lapierre
Raring
Critical
Unassigned
Saucy
Critical
Mathieu Trudel-Lapierre

Bug Description

NetworkManager crashed after booting and connecting to a new problem.
Then it restarted and crashed again multiple times until it connected properly.

ProblemType: Crash
DistroRelease: Ubuntu 13.04
Package: network-manager 0.9.8.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.8.0-11.20-generic 3.8.2
Uname: Linux 3.8.0-11-generic i686
ApportVersion: 2.9.1-0ubuntu1
Architecture: i386
Date: Sun Mar 10 18:35:04 2013
ExecutablePath: /usr/sbin/NetworkManager
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
InstallationDate: Installed on 2013-03-09 (1 days ago)
InstallationMedia: Xubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130309)
InterestingModules: b44
IpRoute:
 default via 192.168.1.1 dev eth1 proto static
 169.254.0.0/16 dev eth1 scope link metric 1000
 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.26 metric 9
MarkForUpload: True
NetworkManager.state:
 [main]
 NetworkingEnabled=true
 WirelessEnabled=true
 WWANEnabled=true
 WimaxEnabled=true
ProcCmdline: NetworkManager
ProcEnviron:
 TERM=linux
 PATH=(custom, no user)
 LANG=en_US.UTF-8
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SegvAnalysis:
 Segfault happened at: 0x80cca26 <nm_dhcp_dhclient_escape_duid+22>: mov 0x4(%esi),%eax
 PC (0x080cca26) ok
 source "0x4(%esi)" (0x00000004) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: network-manager
StacktraceTop:
 nm_dhcp_dhclient_escape_duid ()
 ?? ()
 nm_dhcp_client_start_ip6 ()
 ?? ()
 nm_dhcp_manager_start_ip6 ()
Title: NetworkManager crashed with SIGSEGV in nm_dhcp_dhclient_escape_duid()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

nmcli-con:
 NAME UUID TYPE TIMESTAMP TIMESTAMP-REAL AUTOCONNECT READONLY DBUS-PATH
 Wired connection 1 43c10ef8-5a8e-4565-87c8-16f805c2e895 802-3-ethernet 1362936962 zo 10 mrt 2013 18:36:02 CET yes no /org/freedesktop/NetworkManager/Settings/2
 Groningerweg 38 76d7a8b5-1716-4b7d-ad57-f583fc1af359 802-11-wireless 1362936964 zo 10 mrt 2013 18:36:04 CET yes no /org/freedesktop/NetworkManager/Settings/1
 HG655D-F3913D 329d1a58-a4e6-4e67-a036-2e8b9eab3ad8 802-11-wireless 1362935293 zo 10 mrt 2013 18:08:13 CET yes no /org/freedesktop/NetworkManager/Settings/0
nmcli-dev:
 DEVICE TYPE STATE DBUS-PATH
 eth1 802-11-wireless connected /org/freedesktop/NetworkManager/Devices/1
 eth0 802-3-ethernet unavailable /org/freedesktop/NetworkManager/Devices/0
nmcli-nm:
 RUNNING VERSION STATE NET-ENABLED WIFI-HARDWARE WIFI WWAN-HARDWARE WWAN
 running 0.9.8.0 connected enabled enabled enabled enabled disabled

Elbert Fliek (efliek) wrote :
Changed in network-manager (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager (Ubuntu):
status: New → Confirmed
Severin Heiniger (severinh) wrote :

Prior to the segmentation fault, network-manager always emits the following warning in generate_duid_from_machine_id.

Failed to read /etc/machine-id to generate DHCPv6 DUID: (4) Failed to open file '/etc/machine-id': No such file or directory

The duid being NULL later leads to a null pointer dereference when attempting to escape it in nm_dhcp_dhclient_escape_duid. I'm not sure whether the call to generate_duid_from_machine_id was supposed to happen in the first place. If not, get_duid in nm-dhcp-dhclient.c would be to blame because it failed to obtain a duid and thus decided to generate one. It did not emit any warnings, though.

information type: Private → Private Security
information type: Private Security → Private
Severin Heiniger (severinh) wrote :

The problem is indeed that the file /etc/machine-id does not exist. You can work around the problem by creating it using the following command:

dbus-uuidgen | sudo tee /etc/machine-id

The file /etc/machine-id does not exist on Ubuntu machines because it is related to systemd. The official command for generating this file would be systemd-machine-id-setup, but it is not available on Ubuntu, so I abused dbus-uuidgen to achieve the same result. See http://www.freedesktop.org/software/systemd/man/systemd-machine-id-setup.html

network-manager should probably be patched such that it does not rely on the existence of this file.

Changed in network-manager (Ubuntu):
importance: Medium → High
Severin Heiniger (severinh) wrote :

I set the importance to High because the bug completetly prevented me from connecting to the wireless network at work.

tags: added: bugpattern-needed
Jeremy Bicha (jbicha) on 2013-03-25
information type: Private → Public
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1153342

tags: added: iso-testing

That file exists in a few other locations; /etc is just one of the possibilities. It actually comes from DBUS.

Regardless, full ack; we need to fix this ASAP. Seems like it's already corrected upstream by commit http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-0-9-8&id=1d14f17998bf0388db43b52e53690188e907cb01.

Setting to Triaged / Critical; let's land this in saucy (and SRU to Raring) ASAP.

Changed in network-manager (Ubuntu):
status: Confirmed → Triaged
importance: High → Critical
Changed in network-manager (Ubuntu Raring):
status: New → Triaged
importance: Undecided → Critical
Changed in network-manager (Ubuntu Saucy):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
tags: added: nm-fix-upstream
Changed in network-manager:
importance: Unknown → Medium
status: Unknown → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager - 0.9.8.4-0ubuntu3

---------------
network-manager (0.9.8.4-0ubuntu3) trusty; urgency=low

  * Set "allow-stderr" for debian/tests/apparmor_workaround to avoid failure
    on AppArmor warnings.
 -- Martin Pitt <email address hidden> Tue, 05 Nov 2013 09:48:28 +0100

Changed in network-manager (Ubuntu):
status: Triaged → Fix Released
Rolf Leggewie (r0lf) wrote :

raring has seen the end of its life and is no longer receiving any updates. Marking the raring task for this ticket as "Won't Fix".

Changed in network-manager (Ubuntu Raring):
status: Triaged → Won't Fix
Rolf Leggewie (r0lf) wrote :

saucy has seen the end of its life and is no longer receiving any updates. Marking the saucy task for this ticket as "Won't Fix".

Changed in network-manager (Ubuntu Saucy):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.