Ubuntu
systemd package

systemd-logind crashed with SIGSEGV

Bug #1553040 reported by Daniel Holbach
58
This bug affects 5 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Fix Released
High
Martin Pitt

Bug Description

No idea what happened.

ProblemType: Crash
DistroRelease: Ubuntu 16.04
Package: systemd 229-2ubuntu1 [modified: usr/share/dbus-1/system-services/org.freedesktop.systemd1.service]
ProcVersionSignature: Ubuntu 4.4.0-9.24-generic 4.4.3
Uname: Linux 4.4.0-9-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
Date: Fri Mar 4 07:01:44 2016
ExecutablePath: /lib/systemd/systemd-logind
InstallationDate: Installed on 2015-04-30 (308 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
MachineType: LENOVO 429149G
ProcCmdline: /lib/systemd/systemd-logind
ProcEnviron:
 LANG=de_DE.UTF-8
 PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-9-generic root=UUID=457973fc-512e-4b6a-b65b-85f15fa85b7b ro console=tty1 console=ttyS0 panic=-1
SegvAnalysis:
 Segfault happened at: 0x7fa6033fed9e <__strcmp_sse2_unaligned+30>: movdqu (%rsi),%xmm0
 PC (0x7fa6033fed9e) ok
 source "(%rsi)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%xmm0" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: systemd
StacktraceTop:
 ?? ()
 ?? ()
 ?? ()
 ?? ()
 ?? ()
SystemImageInfo: Error: command ['system-image-cli', '-i'] failed with exit code 2:
SystemdDelta:
 [EXTENDED] /lib/systemd/system/systemd-timesyncd.service → /lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf
 [EXTENDED] /etc/systemd/system/display-manager.service → /lib/systemd/system/display-manager.service.d/xdiagnose.conf
 [EXTENDED] /lib/systemd/system/rc-local.service → /lib/systemd/system/rc-local.service.d/debian.conf

 3 overridden configuration files found.
Title: systemd-logind crashed with SIGSEGV
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

dmi.bios.date: 05/18/2011
dmi.bios.vendor: LENOVO
dmi.bios.version: 8DET46WW (1.16 )
dmi.board.asset.tag: Not Available
dmi.board.name: 429149G
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr8DET46WW(1.16):bd05/18/2011:svnLENOVO:pn429149G:pvrThinkPadX220:rvnLENOVO:rn429149G:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 429149G
dmi.product.version: ThinkPad X220
dmi.sys.vendor: LENOVO

Revision history for this message
Daniel Holbach (dholbach) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 logind_wall_tty_filter ()
 utmp_wall.constprop ()
 warn_wall.lto_priv ()
 method_schedule_shutdown.lto_priv ()
 object_find_and_run.lto_priv ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in systemd (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Daniel Holbach (dholbach)
information type: Private → Public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'm on a xenial ubuntu-desktop and have snappy dimension on classic installed. I was working on other things and apport popped up. The trigger seems to be the background snappy update task for ubuntu-core that triggers a reboot of ubuntu-core. Looking at my logs I see:

Mar 21 10:00:30 <hostname> systemd[1]: Started Ubuntu Core Snappy AutoUpdate.
Mar 21 10:01:02 <hostname> systemd[1]: Mounting Squashfs mount unit for ubuntu-core...
Mar 21 10:01:02 <hostname> systemd[1]: Mounted Squashfs mount unit for ubuntu-core.
Mar 21 10:01:03 <hostname> snappy[25381]: Name Date Version Developer
Mar 21 10:01:03 <hostname> snappy[25381]: ubuntu-core 2016-03-21 16.04-20160321-05-01 canonical!
Mar 21 10:01:03 <hostname> snappy[25381]: Reboot to use ubuntu-core version 16.04-20160321-05-01.
Mar 21 10:01:03 <hostname> snappy[25381]: Rebooting to satisfy updates for ubuntu-core
Mar 21 10:01:03 <hostname> kernel: [85783.825747] systemd-logind[1101]: segfault at 0 ip 00007fc5cafcfd9e sp 00007ffc1cf 580b8 error 4 in libc-2.21.so[7fc5caf30000+1c0000]
Mar 21 10:01:03 <hostname> systemd[1]: systemd-logind.service: Main process exited, code=dumped, status=11/SEGV
Mar 21 10:01:03 <hostname> systemd[1]: systemd-logind.service: Unit entered failed state.
Mar 21 10:01:03 <hostname> /usr/bin/snappy[25381]: main.go:50: DEBUG: [/usr/bin/snappy update --automatic-reboot] failed : failed to auto reboot: Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: Message re cipient disconnected from message bus without replying
Mar 21 10:01:03 <hostname> snappy[25381]: failed to auto reboot: Failed to call ScheduleShutdown in logind, proceeding w ith immediate shutdown: Message recipient disconnected from message bus without replying
Mar 21 10:01:03 <hostname> systemd[1]: systemd-logind.service: Failed with result 'core-dump'.
Mar 21 10:01:03 <hostname> systemd[1]: snappy-autopilot.service: Main process exited, code=exited, status=1/FAILURE
Mar 21 10:01:03 <hostname> systemd[1]: snappy-autopilot.service: Unit entered failed state.
Mar 21 10:01:03 <hostname> systemd[1]: snappy-autopilot.service: Failed with result 'exit-code'.
Mar 21 10:01:03 <hostname> systemd[1]: systemd-logind.service: Service has no hold-off time, scheduling restart.
Mar 21 10:01:03 <hostname> systemd[1]: Stopped Login Service.
Mar 21 10:01:03 <hostname> dbus[1163]: [system] Activating via systemd: service name='org.freedesktop.login1' unit='dbus -org.freedesktop.login1.service'
Mar 21 10:01:03 <hostname> systemd[1]: Starting Login Service...
Mar 21 10:01:03 <hostname> dbus[1163]: [system] Successfully activated service 'org.freedesktop.login1'
Mar 21 10:01:03 <hostname> systemd[1]: Started Login Service.
Mar 21 10:01:03 <hostname> systemd[1]: Started User Manager for UID 1000.
Mar 21 10:01:03 <hostname> systemd[1]: Started User Manager for UID 119.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This appears to be happening on the hour. I imagine a workaround is to uninstall ubuntu-core, then install it again. /me goes to do that now.

Changed in systemd (Ubuntu):
importance: Medium → High
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Can't currently 'snappy remove ubuntu-core'. I'm going to hack on /lib/systemd/system/snappy-autopilot.timer as a workaround.

Revision history for this message
Martin Pitt (pitti) wrote :

Unfortunately the stack trace isn't particularly useful. If you can reproduce this, it would be helpful if you could install systemd-dbg and look at the generated stack trace then?

This crashes in:

bool logind_wall_tty_filter(const char *tty, void *userdata) {

        Manager *m = userdata;

        assert(m);

        if (!startswith(tty, "/dev/"))
                return true;

        return !streq(tty + 5, m->scheduled_shutdown_tty);
}

startswith() does a strlen() and a strncmp(), so I don't think it's that as it would already segfault in strlen(). m is also not NULL (due to the assert), so I figure it's the m->scheduled_shutdown_tty that is NULL.

I'll dig through the code to see where this is being set.

Revision history for this message
Martin Pitt (pitti) wrote :

I tried to reproduce this with "nohup shutdown" and similar, but wasn't able to. However, I do understand what's going on.

Upstream fix sent: https://github.com/systemd/systemd/pull/2887

Changed in systemd (Ubuntu):
status: Confirmed → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

My fix landed upstream, I cherry-picked it into our packaging git.

Changed in systemd (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 229-3ubuntu2

---------------
systemd (229-3ubuntu2) xenial; urgency=medium

  * udev.postinst: Quiesce error message if /sys/class/net/eno* does not
    exist. (LP: #1560112)
  * Fix assertion crash when processing a (broken) device without a sysfs
    path. (Closes: #819290, LP: #1560695)
  * Fix crash when shutdown is issued from a non-tty. (LP: #1553040)
  * networkd: Stay running while any non-loopback interface is up.
    (Closes: #819414)
  * udev: Don't kill peer processes if we don't run in a cgroup. This happens
    when running under/upgrading from upstart. udevd and everything
    else run in the root hierarchy on all controllers then, and the alleged
    cleanup of "our" cgroup becomes a system-wide killing spree.
    (LP: #1555237)

 -- Martin Pitt <email address hidden> Thu, 31 Mar 2016 23:11:19 +0200

Changed in systemd (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.