lightdm crashed with SIGSEGV in initialize_password_db()

Bug #829221 reported by Tamer Saadeh on 2011-08-19
96
This bug affects 27 people
Affects Status Importance Assigned to Milestone
lightdm (Ubuntu)
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
samba (Ubuntu)
High
Steve Langasek
Oneiric
High
Steve Langasek
Precise
High
Steve Langasek

Bug Description

Happens on every login afer upgrading from 11.04

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: lightdm 0.9.3-0ubuntu5
ProcVersionSignature: Ubuntu 3.0.0-8.11-generic 3.0.1
Uname: Linux 3.0.0-8-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Fri Aug 19 00:59:54 2011
Disassembly: => 0x0: Cannot access memory at address 0x0
ExecutablePath: /usr/sbin/lightdm
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcCmdline: lightdm
ProcCwd: /
ProcEnviron: PATH=(custom, no user)
SegvAnalysis:
 Segfault happened at: 0x0: Cannot access memory at address 0x0
 PC (0x00000000) not located in a known VMA region (needed executable region)!
 Stack memory exhausted (SP below stack segment)
SegvReason: executing NULL VMA
Signal: 11
SourcePackage: lightdm
StacktraceTop:
 ?? ()
 ?? () from /lib/security/pam_smbpass.so
 initialize_password_db () from /lib/security/pam_smbpass.so
 pam_sm_authenticate () from /lib/security/pam_smbpass.so
 ?? () from /lib/x86_64-linux-gnu/libpam.so.0
Title: lightdm crashed with SIGSEGV in initialize_password_db()
UpgradeStatus: Upgraded to oneiric on 2011-08-18 (0 days ago)
UserGroups:

Tamer Saadeh (tamersaadeh) wrote :
visibility: private → public
Changed in lightdm (Ubuntu):
status: New → Confirmed
Sebastien Bacher (seb128) wrote :

seems like a bug in libpam-smbpass

affects: lightdm (Ubuntu) → samba (Ubuntu)

StacktraceTop:
 ?? ()
 pdb_get_methods_reload (reload=<optimized out>) at passdb/pdb_interface.c:179
 initialize_password_db (reload=<optimized out>, event_ctx=<optimized out>) at passdb/pdb_interface.c:1126
 pam_sm_authenticate (pamh=0x20641b0, flags=<optimized out>, argc=<optimized out>, argv=<optimized out>) at pam_smbpass/pam_smb_auth.c:115
 _pam_dispatch_aux (use_cached_chain=<optimized out>, resumed=<optimized out>, h=0x20842d0, flags=<optimized out>, pamh=0x20641b0) at pam_dispatch.c:110

Changed in samba (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Sebastien Bacher (seb128) wrote :

Doing an "also affect lightdm" seems bugs tend to land there and it could be it mis-using that code

Steve, Robert, do you have any idea of the issue is a lightdm, pam or samba one?

Bug #876843 is a recent duplicate for Oneiric stable with 1.0.1

Changed in samba (Ubuntu):
importance: Medium → High
Changed in samba (Ubuntu Oneiric):
importance: Undecided → High
Changed in lightdm (Ubuntu):
importance: Undecided → High
Changed in lightdm (Ubuntu Oneiric):
importance: Undecided → High
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lightdm (Ubuntu Oneiric):
status: New → Confirmed
Changed in lightdm (Ubuntu):
status: New → Confirmed
Changed in samba (Ubuntu Oneiric):
status: New → Confirmed
Steve Langasek (vorlon) wrote :

Tamer, please attach the /etc/samba/smb.conf file from the affected system.

Steve Langasek (vorlon) wrote :

In source3/passdb/pdb_interface.c, pdb_get_methods_reload() assumes that pdb->free_private_data will always be set and callable. This is not the case for the tdbsam backend, which has:

        /* no private data */

        (*pdb_method)->private_data = NULL;
        (*pdb_method)->free_private_data = NULL;

(source3/passdb/pdb_tdb.c)

and pam_smbpass does call initialize_password_db(True, NULL), which triggers this codepath.

The only thing that's not clear to me is why people haven't been reporting this issue in droves before now. Tamer, have you configured pam_smbpass to be used for account authorization in addition to authentication? Can you attach /etc/pam.d/common-* and /etc/pam.d/lightdm?

Steve Langasek (vorlon) wrote :

This code is also unchanged since upstream version 3.4.0pre1 (May 2009). Very strange indeed.

Steve Langasek (vorlon) wrote :

Here's a prospective fix for this issue.

The attachment "samba-829221.patch" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Download full text (3.2 KiB)

Dear Steve,

I am unable to report any further details about this bug, since I upgraded a
month ago and my computer crashed. With other complications in the way of
fixing the laptop, I wasn't able to fix it until last week. My fix is
actually a complete re-install of Natty, then upgraded to Onieric. That
said, I do not have the same configurations on my laptop, which happens to
cause many of the bug I was facing to disappear. Therefore, I think it is
safe to say that this bug is incomplete or fixed.

Sorry for the delayed response,
Tamer

On Wed, Oct 19, 2011 at 6:14 AM, Ubuntu QA's Bug Bot <
<email address hidden>> wrote:

> The attachment "samba-829221.patch" of this bug report has been
> identified as being a patch in the form of a debdiff. The ubuntu-
> sponsors team has been subscribed to the bug report so that they can
> review and hopefully sponsor the debdiff. In the event that this is in
> fact not a patch you can resolve this situation by removing the tag
> 'patch' from the bug report and editing the attachment so that it is not
> flagged as a patch. Additionally, if you are member of the ubuntu-
> sponsors please also unsubscribe the team from this bug report.
>
> [This is an automated message performed by a Launchpad user owned by
> Brian Murray. Please contact him regarding any issues with the action
> taken in this bug report.]
>
> ** Tags added: patch
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/829221
>
> Title:
> lightdm crashed with SIGSEGV in initialize_password_db()
>
> Status in “lightdm” package in Ubuntu:
> Confirmed
> Status in “samba” package in Ubuntu:
> Confirmed
> Status in “lightdm” source package in Oneiric:
> Confirmed
> Status in “samba” source package in Oneiric:
> Confirmed
>
> Bug description:
> Happens on every login afer upgrading from 11.04
>
> ProblemType: Crash
> DistroRelease: Ubuntu 11.10
> Package: lightdm 0.9.3-0ubuntu5
> ProcVersionSignature: Ubuntu 3.0.0-8.11-generic 3.0.1
> Uname: Linux 3.0.0-8-generic x86_64
> NonfreeKernelModules: nvidia
> Architecture: amd64
> Date: Fri Aug 19 00:59:54 2011
> Disassembly: => 0x0: Cannot access memory at address 0x0
> ExecutablePath: /usr/sbin/lightdm
> InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64
> (20101007)
> ProcCmdline: lightdm
> ProcCwd: /
> ProcEnviron: PATH=(custom, no user)
> SegvAnalysis:
> Segfault happened at: 0x0: Cannot access memory at address 0x0
> PC (0x00000000) not located in a known VMA region (needed executable
> region)!
> Stack memory exhausted (SP below stack segment)
> SegvReason: executing NULL VMA
> Signal: 11
> SourcePackage: lightdm
> StacktraceTop:
> ?? ()
> ?? () from /lib/security/pam_smbpass.so
> initialize_password_db () from /lib/security/pam_smbpass.so
> pam_sm_authenticate () from /lib/security/pam_smbpass.so
> ?? () from /lib/x86_64-linux-gnu/libpam.so.0
> Title: lightdm crashed with SIGSEGV in initialize_password_db()
> UpgradeStatus: Upgraded to oneiric on 2011-08-18 (0 days ago)
> UserGroups:
>
> To manage notifications about this bug go to:
>
> https://bugs.launchp...

Read more...

Stéphane Graber (stgraber) wrote :

Unsubscribing ubuntu-sponsors as Steve has upload rights for the package.

Steve Langasek (vorlon) wrote :

Ok. It appears that this bug is still a problem for other people, however; bug #876843 is duped to this one and mentions that it still happens with lightdm 1.0.1-0ubuntu6, and the patch I've attached to this bug seems to fix a real issue.

Is someone else who's seeing this issue willing to try a test package? If so I can go ahead and prepare one.

Yes. I'm willing to test it.

J. Le Clerc (leclercj) wrote :

I'll be pleased to test it also. this is a blocking issue for me using lightdm. thanks

Steve Langasek (vorlon) wrote :

Ok, since we have people available to test, I've gone ahead with uploading a package with this patch applied to oneiric-proposed. It should be reviewed and accepted by the SRU team in the next few days, at which point you will be able to test the fix by installing the libpam-smbpass package from -proposed. Please report any results here, so we know whether to push this fix out to the rest of our users and forward it to upstream.

Changed in samba (Ubuntu Oneiric):
assignee: nobody → Steve Langasek (vorlon)
status: Confirmed → In Progress
Changed in samba (Ubuntu):
assignee: nobody → Steve Langasek (vorlon)
milestone: none → precise-alpha-1

Hello Tamer, or anyone else affected,

Accepted samba into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in samba (Ubuntu Oneiric):
status: In Progress → Fix Committed
tags: added: verification-needed
Robert Ancell (robert-ancell) wrote :

This can't be fixed in the lightdm in Oneiric, as the architecture runs the PAM code in the main process. We will change this for Precise, see bug 881466.

Changed in lightdm (Ubuntu Oneiric):
status: Confirmed → Invalid
Changed in lightdm (Ubuntu Precise):
status: Confirmed → Invalid
Miklos Juhasz (mjuhasz) wrote :

This fix works well for me. Thanks, Steve!
I had samba installed before and not a single user switch attempt was successful. Having installed the samba packages from proposed I switched between users several times, all user switchings were successful.

Steve Langasek (vorlon) wrote :

Thanks, marking this fix as verified. Will push upstream ASAP.

tags: added: verification-done
removed: verification-needed
J. Le Clerc (leclercj) wrote :

Same result for me -> You've fixed it !

Tested on my 2 desktops, where the problem was 100% reproducible

Using the folowing packages from proposed:
2011-10-25 19:23:58 status installed libwbclient0 2:3.5.11~dfsg-1ubuntu2.1
2011-10-25 19:23:59 status installed samba-common 2:3.5.11~dfsg-1ubuntu2.1
2011-10-25 19:24:00 status installed winbind 2:3.5.11~dfsg-1ubuntu2.1
2011-10-25 19:24:03 status installed libpam-smbpass 2:3.5.11~dfsg-1ubuntu2.1
2011-10-25 19:24:03 status installed samba 2:3.5.11~dfsg-1ubuntu2.1
2011-10-25 19:24:03 status installed smbclient 2:3.5.11~dfsg-1ubuntu2.1

Many thanks

This fix works for me too.
Thanks Steve.

Martin Pitt (pitti) wrote :

samba (2:3.5.11~dfsg-1ubuntu2.1) oneiric-proposed; urgency=low

  * debian/patches/initialize_password_db-null-deref: Avoid null
    dereference in initialize_password_db(). Closes LP: #829221.

 -- Steve Langasek <email address hidden> Fri, 21 Oct 2011 00:58:26 +0000

Changed in samba (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Dave Walker (davewalker) on 2011-12-01
Changed in samba (Ubuntu):
milestone: precise-alpha-1 → precise-alpha-2
tags: added: rls-mgr-p-tracking
Colin Watson (cjwatson) on 2012-02-05
Changed in samba (Ubuntu Precise):
milestone: precise-alpha-2 → ubuntu-12.04-beta-1
Martin Pitt (pitti) on 2012-03-02
Changed in samba (Ubuntu):
milestone: ubuntu-12.04-beta-1 → ubuntu-12.04-beta-2
Steve Langasek (vorlon) wrote :

This was fixed in Debian revision 2:3.6.1-2, which has been merged in precise.

Changed in samba (Ubuntu Precise):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers