pstree seg fault

Bug #1837444 reported by Russell Mora on 2019-07-22
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
psmisc (Debian)
Fix Released
Unknown
psmisc (Ubuntu)
Low
Unassigned
Xenial
Low
Lucas Kanashiro

Bug Description

[Impact]

Users might face a segmentation fault crash while executing 'pstree'. Backporting this fix will avoid 'pstree' breakage in our users' systems under
certain circumstances.

This is a timing issue where if the 'get_threadname' function is called and
during its execution the target thread is deleted, it tries to close a file
that does not exist anymore. This happens because of a coding issue, 'pstree'
invokes fclose function even if the fopen function call returns NULL. The
proposed patch fixes this issue simply moving the fclose function call three
lines up, inside of a conditional block which guarantees that the file was
properly open (the pointer to the file is not NULL).

This bug was introduced in upstream version 22.21 and fixed in version 23.0,
which means that Xenial is the only affected Ubuntu release:

$ rmadison psmisc
 psmisc | 22.15-2ubuntu1 | precise | source, amd64, armel, armhf, i386, powerpc
 psmisc | 22.15-2ubuntu1.2 | precise-updates | source, amd64, armel, armhf, i386, powerpc
 psmisc | 22.20-1ubuntu2 | trusty | source, amd64, arm64, armhf, i386, powerpc, ppc64el
 psmisc | 22.21-2.1build1 | xenial | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x
 psmisc | 23.1-1 | bionic | source, amd64, arm64, armhf, i386, ppc64el, s390x
 psmisc | 23.1-1ubuntu0.1 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
 psmisc | 23.2-1 | disco | source, amd64, arm64, armhf, i386, ppc64el, s390x
 psmisc | 23.2-1 | eoan | source, amd64, arm64, armhf, i386, ppc64el, s390x

[Test Case]

Since timing is an important factor for this issue, it is not easy to reproduce via a test case. This bug might pop up in any 'pstree' call regardless of the parameters passed to it. When it happens the user will be able to notice the segmentation fault immediately in the standard output. Below is the stack trace generated by the user who reported this bug on Debian [1]:

Core was generated by `pstree'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 _IO_new_fclose (fp=0x0) at iofclose.c:54
54 iofclose.c: No such file or directory.
(gdb) bt
#0 _IO_new_fclose (fp=0x0) at iofclose.c:54
#1 0x00000000004037be in ?? ()
#2 0x0000000000401a43 in ?? ()
#3 0x00007f577c553b45 in __libc_start_main (main=0x401670, argc=1,
argv=0x7ffeb6139328, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7ffeb6139318) at libc-start.c:287
#4 0x0000000000401e8d in ?? ()

However, as presented in the last section it is an easily identifiable error
in the code, and the fix is quite straightforward.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815902

[Regression Potential]

There is a potential problem since the bug was not reproducible in our side. Timing issues are hard to reproduce in general, so there might be another case(s) where this kind of situation can happen. The fix impacts only the 'pstree' utility, so any problem with other binaries provided by psmisc is not related to this update.

[Original message]

As per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815902

Perhaps Xenial needs to be upgraded to use 22.22??

Related branches

Andreas Hasenack (ahasenack) wrote :

Thanks for filing this bug in Ubuntu.

This looks like a straight forward patch, already applied upstream. If I understand it correctly, it might be hard to reproduce, because the thread deletion has to happen at the right time. Do you encounter this frequently, or have a way to reproduce that doesn't take too long?

Changed in psmisc (Ubuntu):
importance: Undecided → Low
status: New → Triaged
tags: added: bitesize
Andreas Hasenack (ahasenack) wrote :

https://sourceforge.net/p/psmisc/patches/33/ patch forwarded upstream, with upstream confirmation

link to upstream commit that included this fix, among other changes: https://sourceforge.net/p/psmisc/code/ci/265fa43ee48898001130b90d3656d48af5d241aa/

Russell Mora (rd-mora) wrote :

Unfortunately no. I have a system where it reproduces readily and others where it does not, but am unsure of what the difference between the systems is. Only obvious thing is that the bad system has 7000+ processes

description: updated
Changed in psmisc (Ubuntu):
status: Triaged → Fix Released
Changed in psmisc (Ubuntu Xenial):
status: New → Triaged
importance: Undecided → Low
description: updated
Changed in psmisc (Ubuntu Xenial):
assignee: nobody → Lucas Kanashiro (lucaskanashiro)

Hello Russell, or anyone else affected,

Accepted psmisc into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/psmisc/22.21-2.1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in psmisc (Ubuntu Xenial):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-xenial
Russell Mora (rd-mora) wrote :

I tried this out on one of out systems affected and it definitely resolves the bug. Before:

XXXX:~$ for ((i=0;i<20;i++)); do pstree -alp 2>&1 > /dev/null; done
Segmentation fault
Segmentation fault
Segmentation fault
Segmentation fault
Segmentation fault
Segmentation fault
XXXX:~$

After:

XXXX:~$ for ((i=0;i<20;i++)); do pstree -alp 2>&1 > /dev/null; done
XXXX:~$ for ((i=0;i<20;i++)); do pstree -alp 2>&1 > /dev/null; done
XXXX:~$ for ((i=0;i<20;i++)); do pstree -alp 2>&1 > /dev/null; done
XXXX:~$ for ((i=0;i<20;i++)); do pstree -alp 2>&1 > /dev/null; done
XXXX:~$

A cursory inspection of the output of pstree looks normal.

tags: removed: verification-needed verification-needed-xenial
tags: added: verification-done-xenial

All autopkgtests for the newly accepted psmisc (22.21-2.1ubuntu0.1) for xenial have finished running.
The following regressions have been reported in tests triggered by the package:

gvfs/1.28.2-1ubuntu1~16.04.3 (s390x, i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html#psmisc

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Changed in psmisc (Debian):
status: Unknown → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package psmisc - 22.21-2.1ubuntu0.1

---------------
psmisc (22.21-2.1ubuntu0.1) xenial; urgency=medium

  * d/p/fix-pstree-seg-fault.patch: Fix pstree segfault (LP: #1837444)

 -- Lucas Kanashiro <email address hidden> Mon, 12 Aug 2019 17:44:51 -0300

Changed in psmisc (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for psmisc has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.