vino-server won't start (SIGSEGV) when UPnP is enabled (SRU)

Bug #652961 reported by mike@papersolve.com on 2010-10-01
80
This bug affects 19 people
Affects Status Importance Assigned to Milestone
vino (Ubuntu)
High
Unassigned
Maverick
Medium
Unassigned

Bug Description

Binary package hint: vino

This is the SRU fix for the natty bug #663270.

vino won't start if you have UPnP enabled on at least some routers. This causes many users default remote desktop service to never start.

Test Case:
1) enable UPnP on your router

2)
$ /usr/lib/vino/vino-server
14/10/2010 07:47:39 PM Autoprobing TCP port in (all) network interface
14/10/2010 07:47:39 PM Listening IPv6://[::]:5900
14/10/2010 07:47:39 PM Listening IPv4://0.0.0.0:5900
14/10/2010 07:47:39 PM Autoprobing selected port 5900
14/10/2010 07:47:39 PM Advertising security type: 'TLS' (18)
14/10/2010 07:47:39 PM Advertising authentication type: 'VNC Authentication' (2)
14/10/2010 07:47:39 PM Advertising security type: 'VNC Authentication' (2)
** Message: Received signal 11, exiting...

Backtrace:
Thread 1 (Thread 0xb7fdba70 (LWP 5169)):
#0 0x00c34370 in __nss_hostname_digits_dots () from /lib/libc.so.6
#1 0x00c38cca in gethostbyname () from /lib/libc.so.6
#2 0x0807a5c2 in miniwget2 (url=<value optimized out>, host=0x0, port=2555, path=0x811f18b "/upnp/6c352473-8521-319e-8757-639e9dca9979/desc.xml", size=0xbfffefac, addr_str=0x80c0c58 "", addr_str_len=16) at miniwget.c:45
#3 0x0807a9b1 in miniwget_getaddr (url=0x811f174 "http://192.168.1.1:2555/upnp/6c352473-8521-319e-8757-639e9dca9979/desc.xml", size=0xbfffefac, addr=0x80c0c58 "", addrlen=16) at miniwget.c:223
#4 0x08079c53 in UPNP_GetValidIGD (devlist=0x811f168, urls=0x81104a8, data=0x811f1f8, lanaddr=0x80c0c58 "", lanaddrlen=16) at miniupnpc.c:676
#5 0x0805ce1d in update_upnp_status (upnp=0x80c0c40) at vino-upnp.c:96
#6 0x0805d0b7 in vino_upnp_add_port (upnp=0x80c0c40, port=5900) at vino-upnp.c:229
#7 0x08056d63 in vino_server_control_upnp (server=0x8108600) at vino-server.c:254
#8 0x08058208 in vino_server_set_use_upnp (server=0x8108600, use_upnp=1) at vino-server.c:275
#9 0x00a1d995 in ?? () from /usr/lib/libgobject-2.0.so.0
#10 0x00a1b86a in g_object_newv () from /usr/lib/libgobject-2.0.so.0
#11 0x00a1c3cc in g_object_new_valist () from /usr/lib/libgobject-2.0.so.0
#12 0x00a1c4e7 in g_object_new () from /usr/lib/libgobject-2.0.so.0
#13 0x08055dbf in vino_prefs_create_server (screen=0x80be0c8) at vino-prefs.c:517
#14 0x08054557 in main (argc=1, argv=0xbffff4a4) at vino-main.c:117

Solution:
Debian added a patch to fix a FTBFS on hurd. The patch worked well in the 2.28 branch, but breaks the UPnP support in 2.32. The fix, for Ubuntu, is to remove the patch since ubuntu doesn't release for hurd. See patch below.

Regression potential:
Very little - the patch that I removed was not written for the 2.32 branch, and we are reverting to pristine upstream UPnP code. We are losing build support for hurd. We don't build hurd, so there shouldn't be a problem.

Download full text (9.4 KiB)

More information after updating vino to 2.32, installing debug symbols and actually doing the Backtrace procedure as documented in the Wiki:

mike@rounder:~$ gdb /usr/lib/vino/vino-server
GNU gdb (GDB) 7.2-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/vino/vino-server...Reading symbols from /usr/lib/debug/usr/lib/vino/vino-server...done.
done.
(gdb) handle SIG33 pass nostop noprint
Signal Stop Print Pass to program Description
SIG33 No No Yes Real-time event 33
(gdb) set pagination 0
(gdb) run
Starting program: /usr/lib/vino/vino-server
[Thread debugging using libthread_db enabled]
[New Thread 0xb7ddab70 (LWP 5172)]
03/10/2010 10:42:06 PM Autoprobing TCP port in (all) network interface
03/10/2010 10:42:06 PM Listening IPv6://[::]:5900
03/10/2010 10:42:06 PM Listening IPv4://0.0.0.0:5900
03/10/2010 10:42:06 PM Autoprobing selected port 5900
03/10/2010 10:42:06 PM Advertising security type: 'TLS' (18)
03/10/2010 10:42:06 PM Advertising authentication type: 'VNC Authentication' (2)
03/10/2010 10:42:06 PM Advertising security type: 'VNC Authentication' (2)

Program received signal SIGSEGV, Segmentation fault.
0x00c34370 in __nss_hostname_digits_dots () from /lib/libc.so.6
(gdb) backtrace full
#0 0x00c34370 in __nss_hostname_digits_dots () from /lib/libc.so.6
No symbol table info available.
#1 0x00c38cca in gethostbyname () from /lib/libc.so.6
No symbol table info available.
#2 0x0807a5c2 in miniwget2 (url=<value optimized out>, host=0x0, port=2555, path=0x811f18b "/upnp/6c352473-8521-319e-8757-639e9dca9979/desc.xml", size=0xbfffefac, addr_str=0x80c0c58 "", addr_str_len=16) at miniwget.c:45
        buf = "\364\177\225\000\250\347\377\277\000\000\000\000(\347\377\277\364\177\225\000h\347\377\277g\000\000\000(\347\377\277\364\177\225\000\066\223\021\000\272ƕ\000\251\322\004\bۅ\224\000\370\356\021\b`\342\375\267\002\000\000\000\340\360\021\000\\\312\004\b \205\376\267\364\317\022\000\330\235\225\000\025\000\000\000\264\347\377\277\004\231\021\000\220\206\224\000\066\223\021\000\222\070\266\000\251\322\004\b\000\000\000\000\025\000\000\000\200\342\375\267\002\000\377\000\340\360\021\000i\315\004\b\270w\376\267\364\317\022\000\320;\265\000\033\000\000\000\364\347\377\277\004\231\021\000l\341\375\267\225M\235|O\000\000\000E\000\000\000\030\331\022\000\033\000\000\000\000\000\000\000\005\000\000\000\031\001\000\000`\342\375\267\320M\265\000p\250\022\000\274\347\377\277\b\237\004\b\020\000\000\000P\227\265\000\204\341\375\267\220u\202\rt\350\377\277E\000\000\000\030\331\022\000\000\000\000\000\000\000\000\000\005\000\000\000\230\004\000\000\200\342\375\267\350w\376\267\324\316\004\bPߵ\000\250\212\004\b\001\000\000\000\364\317\022\000\340\350\377\277\320\332\022\000\264\350\377\277\302\233\021\000\244\350\377\277\250...

Read more...

Added valgrind packages (actually this also included libc debug symbols which I forgot about in the gdb backtrace) and did a valgrind run as documented in the wiki.

Paul van Tilburg (paulvt) wrote :
Download full text (3.2 KiB)

I am guessing (from the output you paste) you also have an UPnP-enabled gateway and something seems to go wrong with that? I have something very similar. ltrace output (instead of gdb, which is the same for me as pasted above):

strncpy(0x7fffae2523a2, "/var/run/minissdpd.sock", 108) = 0x7fffae2523a2
connect(18, 0x7fffae2523a0, 110, 0, 84) = -1
close(18) = 0
socket(1, 1, 0) = 18
strncpy(0x7fffae2523a2, "/var/run/minissdpd.sock", 108) = 0x7fffae2523a2
connect(18, 0x7fffae2523a0, 110, 0, 84) = -1
close(18) = 0
socket(1, 1, 0) = 18
strncpy(0x7fffae2523a2, "/var/run/minissdpd.sock", 108) = 0x7fffae2523a2
connect(18, 0x7fffae2523a0, 110, 0, 84) = -1
close(18) = 0
socket(1, 1, 0) = 18
strncpy(0x7fffae2523a2, "/var/run/minissdpd.sock", 108) = 0x7fffae2523a2
connect(18, 0x7fffae2523a0, 110, 0, 84) = -1
close(18) = 0
socket(2, 2, 0) = 18
inet_addr("239.255.255.250") = 0xfaffffef
setsockopt(18, 1, 2, 0x7fffae252acc, 4) = 0
bind(18, 0x7fffae252ab0, 16, -1, 4) = 0
snprintf("", 4456408, "") = 137
sendto(18, 0x7fffae2524a0, 137, 0, 0x7fffae252aa0) = 137
poll(0x7fffae252420, 1, 2000, 2000, 0x7fffae252aa0) = 1
recv(18, 0x7fffae2524a0, 1536, 0, 0x7fffae252aa0) = 308
strncasecmp(0x7fffae2524b1, 0x43fcf4, 8, 0x7fffae2524a0, 308) = 0xfffffff7
strncasecmp(0x7fffae2524b1, 0x440ab1, 2, 0x7fffae2524a0, 308) = 0xfffffff0
strncasecmp(0x7fffae2524cd, 0x43fcf4, 8, 0x7fffae2524a0, 308) = 7
strncasecmp(0x7fffae2524cd, 0x440ab1, 2, 0x7fffae2524a0, 308) = 0
strncasecmp(0x7fffae252506, 0x43fcf4, 8, 0x7fffae2524a0, 308) = 9
strncasecmp(0x7fffae252506, 0x440ab1, 2, 0x7fffae2524a0, 308) = 2
strncasecmp(0x7fffae25256b, 0x43fcf4, 8, 0x7fffae2524a0, 308) = 0xfffffff9
strncasecmp(0x7fffae25256b, 0x440ab1, 2, 0x7fffae2524a0, 308) = 0xfffffff2
strncasecmp(0x7fffae252571, 0x43fcf4, 8, 0x7fffae2524a0, 308) = 7
strncasecmp(0x7fffae252571, 0x440ab1, 2, 0x7fffae2524a0, 308) = 0xfffffff1
strncasecmp(0x7fffae2525a2, 0x43fcf4, 8, 0x7fffae2524a0, 308) = 0
malloc(119) = 0x00d73b50
memcpy(0x00d73b68, "http://192.168.1.1:5000/rootDesc"..., 36) = 0x00d73b68
memcpy(0x00d73b8d, "urn:schemas-upnp-org:device:Inte"..., 51) = 0x00d73b8d
poll(0x7fffae252420, 1, 2000, 2000, 308) = 0
close(18) = 0
g_malloc(24, 1, 2000, -1, 0) = 0xd68f40
g_malloc(1796, 24, 0x2b988645de40, 0xd68f30, 0xd68f30) = 0xd753d0
strstr("http://192.168.1.1:5000/rootDesc"..., "://") = "://192.168.1.1:5000/rootDesc.xml"
strchr("192.168.1.1:5000/rootDesc.xml", ':') = ":5000/rootDesc.xml"
strchr("192.168.1.1:5000/rootDesc.xml", '/') = "/rootDesc.xml"
malloc(12) = 0x00d68d10
strncpy(0x00d68d10, "192.168.1.1", 11) = 0x00d68d10...

Read more...

I think you're onto something Paul with the UPnP support. ltrace output gives me similar indications it is involved, however I have other clients on the network that need UPnP. This is a standard Verizon FIOS router. I am not using UPnP for port forwarding of VNC however (that's a static rule).

malloc(141) = 0x09dc7030
memcpy(0x09dc703c, "http://192.168.1.1:2555/upnp/6c3"..., 74) = 0x09dc703c
memcpy(0x09dc7087, "urn:schemas-upnp-org:device:Inte"..., 51) = 0x09dc7087
poll(0xbfc51f58, 1, 2000, 0x8d8ff4, 0x8da3c0) = 0
close(22) = 0
g_malloc(12, 0, 0, 0, 0x808c7d8) = 0x9db8310
g_malloc(1796, 0, 0, 0, 0x808c7d8) = 0x9dc70c8
strstr("http://192.168.1.1:2555/upnp/6c3"..., "://") = "://192.168.1.1:2555/upnp/6c35247"...
strchr("192.168.1.1:2555/upnp/6c352473-8"..., ':') = ":2555/upnp/6c352473-8521-319e-87"...
strchr("192.168.1.1:2555/upnp/6c352473-8"..., '/') = "/upnp/6c352473-8521-319e-8757-63"...
malloc(12) = 0x09db8370
strncpy(0x09db8370, "192.168.1.1", 11) = 0x09db8370
gethostbyname(NULL <unfinished ...>
--- SIGSEGV (Segmentation fault) ---

CONFIRMED! I'm running into this as well with 10.10 x86_64. I turned off UpNP on my router (Buffalo BR2-G54S running DD-WRT v24-sp1), and vino-server now works fine.

Changed in vino (Ubuntu):
status: New → Confirmed
Leon (leonbo) wrote :

I'm having the same problem and I have UPnP enabled on my router (Tomato).

I meant that if you disable UPnP on your router, vino-server should
work. If UPnP is enabled, vnc-server probably won't work.

summary: - vino-server SIGSEGV in __nss_hostname_digits_dots
+ vino-server won't start (SIGSEGV) when UPnP is enabled

marking as triaged, putting debugging info into the description, and setting to "high" importance:

Has a severe impact on a small portion of Ubuntu users (estimated)
Has a moderate impact on a large portion of Ubuntu users (estimated)

And this is a regression, adding tag "regression-release"

description: updated
Changed in vino (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
tags: added: amd64 regression-release
Scott Howard (showard314) wrote :

I have prepared a package which fixes this bug here:
https://launchpad.net/~showard314/+archive/ppa

Please test it and report your results so we can push this fix into Ubuntu.

Instructions to install:
sudo add-apt-repository ppa:showard/ppa
sudo apt-get update
sudo apt-get upgrade

I got VNC server working on my computer. If testing works I'll turn that package into an SRU request for maverick and bug fix for natty.

Scott Howard (showard314) wrote :

corrected instructions:

sudo add-apt-repository ppa:showard314/ppa
sudo apt-get update
sudo apt-get upgrade

Scott Howard (showard314) wrote :

debdiff between vino_2.32.0-0ubuntu1 -> vino_2.32.0-0ubuntu1.1

you can also delete debian/patches/11_hurd_maxhostnamelen.patch

for some reason debdiff does not record that that file is deleted.

description: updated
summary: - vino-server won't start (SIGSEGV) when UPnP is enabled
+ vino-server won't start (SIGSEGV) when UPnP is enabled (SRU)
Scott Howard (showard314) wrote :

debdiff between vino_2.32.0-0ubuntu1 -> vino_2.32.0-0ubuntu2

you can also delete debian/patches/11_hurd_maxhostnamelen.patch

for some reason debdiff does not record that that file is deleted.

Scott Howard (showard314) wrote :

typo above:
debdiff between vino_2.32.0-0ubuntu1 -> vino_2.32.0-0ubuntu1.1

Changed in vino (Ubuntu):
importance: High → Critical
Scott Howard (showard314) wrote :

marking as critical:
"...which must be Importance: critical once the regression has been confirmed. "

https://wiki.ubuntu.com/StableReleaseUpdates

Scott Howard (showard314) wrote :

setting to "high" (the regression in the above link is in reference to the SRU itself causing a regression)

Changed in vino (Ubuntu):
importance: Critical → High
RapierTG (rapier) wrote :

I can confirm that new package works fine for me.

Before even disabling uPnP on all 3 routers was not enought to make it working.

bingo1912 (travis-wenks) wrote :

works great on 32 bit as well

tombert (tombert.live) wrote :

Did an update for Desktop 10.10 today ... still having the signal 11 ...
As a workaround it helps to start the application twice - then it works.

This bug has not been fixed in 10.10. This bug report is a request to
fix it in 10.10. An updated package is listed in the comments above
with instructions on how to install the updated package.

Martin Pitt (pitti) wrote :

SRU ack, please upload.

I believe I am having a related problem using UPnP with Deluge 1.30 on Maverick and D-link DIR-655 router. I also have the VNC issue.

I applied the patch above and it seems to have corrected both issues.

Daniel T Chen (crimsun) on 2010-10-26
Changed in vino (Ubuntu Maverick):
status: New → In Progress
importance: Undecided → Medium
milestone: none → maverick-updates
Daniel T Chen (crimsun) wrote :

Uploaded, awaiting archive admin acceptance

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vino - 2.32.0-0ubuntu2

---------------
vino (2.32.0-0ubuntu2) natty; urgency=low

  * Removing 11_hurd_maxhpstnamelen.patch since Ubuntu doesn't
    have a hurd arch and the patch prevents vino-server from starting
    when UPnP is enabled. (LP: #652961, #663270)
 -- Scott Howard <email address hidden> Tue, 19 Oct 2010 09:32:28 -0400

Changed in vino (Ubuntu):
status: Triaged → Fix Released
frankhofmann (naru) wrote :

guys, how do we get this in maverick-updates? sorry if i don't understand the process or this webseite, but it seems no one is working on this?

Scott Howard (showard314) wrote :

Daniel Chen uploaded the package to the archive for us. Next step is that the archive admins have to approve it, and it will go to maverick-proposed. The SRU verification team will check here with the bug to make sure that the package in -proposed fixes our bug. It will then move to maverick-updates.

Right now there are quite a few bugs in a similar boat as this one:
https://launchpad.net/ubuntu/+milestone/maverick-updates

Accepted vino into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in vino (Ubuntu Maverick):
status: In Progress → Fix Committed
tags: added: verification-needed
XabiX (xdealmeida) wrote :

Can this affect some OS in the network? I know it s weird but since last monday my Mac started to freeze when connected to either Ethernet or wifi within my network. I though it was an issue with some SW so I uninstalled many things and got it more stable. I was wondering if the UPNP could maybe affect some computers on the lan.
I have enabled the fw locally just in case.
Sry if this is a noob question :p

Tested the -proposed package and it works (vino starts during
start-up, can access desktop over the internet)

On Tue, Nov 9, 2010 at 4:56 PM, XabiX <email address hidden> wrote:
> Can this affect some OS in the network? I know it s weird but since last monday my Mac started to freeze when connected to either Ethernet or wifi within my network. I though it was an issue with some SW so I uninstalled many things and got it more stable. I was wondering if the UPNP could maybe affect some computers on the lan.
> I have enabled the fw locally just in case.
> Sry if this is a noob question :p

I actually saw something similar this month, but I don't know if vino
is causing it (or what is causing it). My wireless connections totally
drops or freezes up (the signal is good but data transfer is very
slow). When I turn off my ubuntu machine, the windows ones are ok
again. I don't know if that is caused by vino or another service in
ubuntu.

Next time you see that happening, try disabling vino or outright
remove it, and see what your other machines do. If it doesn't clear it
up, disable other network services on Ubuntu, and then just turn off
the machine in an attempt to isolate the cause.

I believe that the connection dropping bug you mention is unrelated to
this SRU fix since it appears to be older than this fix. It's also
possible that the bug is in the router firmware (I'm using DD-WRT
v24), but we should make sure it is not in ubuntu and report a new bug
if it is.

Also, check this out:
http://superuser.com/questions/164387/netbook-samsung-n220-on-ubuntu-10-04-slows-down-wifi-for-other-computers

Martin Pitt (pitti) on 2010-11-10
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vino - 2.32.0-0ubuntu1.1

---------------
vino (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low

  * Removing 11_hurd_maxhpstnamelen.patch since Ubuntu doesn't
    have a hurd arch and the patch prevents vino-server from starting
    when UPnP is enabled. (LP: #652961)
 -- Scott Howard <email address hidden> Tue, 19 Oct 2010 09:32:28 -0400

Changed in vino (Ubuntu Maverick):
status: Fix Committed → Fix Released

Please, fix it! :(

frankhofmann (naru) wrote :

yep, unfortunately the new package doesn't fix the bug for me either. if somebody tells me how to get something useful for debugging let me know. apport is enabled but doesn't show anything.

Scott Howard (showard314) wrote :

On Fri, Nov 19, 2010 at 12:50 PM, frankhofmann
<email address hidden> wrote:
> yep, unfortunately the new package doesn't fix the bug for me either. if
> somebody tells me how to get something useful for debugging let me know.
> apport is enabled but doesn't show anything.

You should probably open a new bug report. This bug was for a specific
crash which we traced using GDB. You should probably follow the first
six steps at:
https://wiki.ubuntu.com/Backtrace

and
https://wiki.ubuntu.com/DebuggingProgramCrash

in order to get a backtrace for your bug, then create a new bug report for vino.

Nikolay Bryskin (nikicat) wrote :

I've been trapped by this bug. As a workaround I'm now using
sudo iptables -A OUTPUT -j DROP -p udp --dport 1900
this disables UPnP support on the host.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers