X2Go Bug report logs - #1283
x2goclient segfault in ssh_poll_set_events

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Orion Poplawski <orion@nwra.com>

Date: Wed, 11 Apr 2018 19:45:02 UTC

Severity: normal

Found in version 4.1.1.1

Full log


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 11 Apr 2018 19:43:08 +0000
From orion@nwra.com  Wed Apr 11 21:43:06 2018
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,
	URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id E6D345DAEA
	for <submit@bugs.x2go.org>; Wed, 11 Apr 2018 21:43:05 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id CCtOWmomULoZ for <submit@bugs.x2go.org>;
	Wed, 11 Apr 2018 21:42:58 +0200 (CEST)
X-Greylist: delayed 572 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Wed, 11 Apr 2018 21:42:57 CEST
Received: from mail.nwra.com (mail.nwra.com [72.52.192.72])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 401225DAC8
	for <submit@bugs.x2go.org>; Wed, 11 Apr 2018 21:42:57 +0200 (CEST)
Received: from barry.cora.nwra.com (inferno.cora.nwra.com [208.187.183.84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.nwra.com (Postfix) with ESMTPS id 743D13406DD
	for <submit@bugs.x2go.org>; Wed, 11 Apr 2018 12:33:22 -0700 (PDT)
To: submit@bugs.x2go.org
From: Orion Poplawski <orion@nwra.com>
Subject: x2goclient segfault in ssh_poll_set_events
Message-ID: <7a4933c6-011e-0532-00f0-1bc6e7ad2791@nwra.com>
Date: Wed, 11 Apr 2018 13:33:21 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Package: x2goclient
Version: 4.1.1.1

This seems to be a new issue with 4.1.1.1.

On EL7.4:

Program terminated with signal 11, Segmentation fault.
#0  0x00007fdec5cb2d7b in ssh_poll_set_events (p=0x7fdea400c0c0, events=4)
    at /usr/src/debug/libssh-0.7.1/src/poll.c:349
349         p->ctx->pollfds[p->x.idx].events = events;
gdb) thr app all bt

Thread 3 (Thread 0x7fdeaa1b7700 (LWP 15963)):
#0  0x00007fdec340fa3d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fdec42d0dc8 in qt_safe_poll(pollfd*, int, int, bool) (__timeout=-1,
__nfds=1, __fds=0x7fdeaa1b6d20) at /usr/include/bits/poll2.h:46
#2  0x00007fdec42d0dc8 in qt_safe_poll(pollfd*, int, int, bool)
(fds=fds@entry=0x7fdeaa1b6d20, nfds=nfds@entry=1,
timeout_ms=timeout_ms@entry=-1, retry_eintr=retry_eintr@entry=false)
    at kernel/qcore_unix.cpp:121
#3  0x00007fdec4280c88 in QProcessManager::run() (this=
    0x7fdec460b520 <processManager()::processManager>) at io/qprocess_unix.cpp:240
#4  0x00007fdec419d11f in QThreadPrivate::start(void*) (arg=0x7fdec460b520
<processManager()::processManager>) at thread/qthread_unix.cpp:338
#5  0x00007fdec3f0ce25 in start_thread (arg=0x7fdeaa1b7700) at
pthread_create.c:308
#6  0x00007fdec341a34d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 2 (Thread 0x7fdec6ae58c0 (LWP 15927)):
#0  0x00007fdec340fa3d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fdebfb277ac in g_main_context_iterate.isra.21 () at
/lib64/libglib-2.0.so.0
#2  0x00007fdebfb278cc in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#3  0x00007fdec42d35d5 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=0xbdd630, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#4  0x00007fdec4bbcb26 in
QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#5  0x00007fdec42a365f in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=this@entry=0x7ffca4e35600, flags=...) at kernel/qeventloop.cpp:149
#6  0x00007fdec42a39ad in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(this=this@entry=0x7ffca4e35600, flags=...) at kernel/qeventloop.cpp:204
#7  0x00007fdec42a8eb9 in QCoreApplication::exec() () at
kernel/qcoreapplication.cpp:1221
#8  0x00007fdec4b1922c in QApplication::exec() () at kernel/qapplication.cpp:3826
#9  0x000000000050d1d1 in x2goMain(int, char**) (argc=1, argv=<optimized out>)
    at ../src/ongetpass.cpp:114
#10 0x000000000053d53e in fork_helper(int, char**) (argv=0x7ffca4e359e8, argc=1)
    at ../src/x2goclient.cpp:36
#11 0x000000000053d53e in fork_helper(int, char**) (argc=argc@entry=1,
argv=argv@entry=0x7ffca4e359e8) at ../src/x2goclient.cpp:89
#12 0x000000000041d60e in main(int, char**) (argc=1, argv=0x7ffca4e359e8)
    at ../src/x2goclient.cpp:123

Thread 1 (Thread 0x7fdeaa9b8700 (LWP 15934)):
#0  0x00007fdec5cb2d7b in ssh_poll_set_events (p=0x7fdea400c0c0, events=4)
    at /usr/src/debug/libssh-0.7.1/src/poll.c:349
#1  0x00007fdec5cb62eb in ssh_socket_nonblocking_flush (len=<optimized out>,
buffer=<optimized out>, s=0x7fdea40038e0) at
/usr/src/debug/libssh-0.7.1/src/socket.c:568
#2  0x00007fdec5cb62eb in ssh_socket_nonblocking_flush (s=s@entry=0x7fdea40038e0)
    at /usr/src/debug/libssh-0.7.1/src/socket.c:661
#3  0x00007fdec5cb63d4 in ssh_socket_write (s=0x7fdea40038e0,
buffer=<optimized out>, len=len@entry=52) at
/usr/src/debug/libssh-0.7.1/src/socket.c:622
#4  0x00007fdec5cad5ff in packet_send2 (session=0x7fdea4002f90,
session=0x7fdea4002f90)
    at /usr/src/debug/libssh-0.7.1/src/packet.c:509
#5  0x00007fdec5cad5ff in packet_send2 (session=session@entry=0x7fdea4002f90)
    at /usr/src/debug/libssh-0.7.1/src/packet.c:579
#6  0x00007fdec5cadfe5 in packet_send (session=session@entry=0x7fdea4002f90)
    at /usr/src/debug/libssh-0.7.1/src/packet.c:604
#7  0x00007fdec5c9c16a in channel_write_common (channel=0x7fdea400e5b0,
data=0x7fdeaa937b20, len=9, is_stderr=0) at
/usr/src/debug/libssh-0.7.1/src/channels.c:1321
#8  0x00000000004d6f11 in SshMasterConnection::channelLoop()
(this=this@entry=0xf97710)
    at ../src/sshmasterconnection.cpp:2320
#9  0x00000000004da13d in SshMasterConnection::run() (this=0xf97710)
    at ../src/sshmasterconnection.cpp:791
#10 0x00007fdec419d11f in QThreadPrivate::start(void*) (arg=0xf97710)
    at thread/qthread_unix.cpp:338
#11 0x00007fdec3f0ce25 in start_thread (arg=0x7fdeaa9b8700) at
pthread_create.c:308
#12 0x00007fdec341a34d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113

(gdb) print *p->ctx
$3 = {pollptrs = 0x0, pollfds = 0x45, polls_allocated = 140594210989168,
polls_used = 0,
  chunk_size = 15}

so pollfds is not valid.

Happens with certain users/certain configs.  Seen on EL7 and Fedora 27 though
with different call stacks.

Fedora 27 - https://bugzilla.redhat.com/show_bug.cgi?id=1562168


-- 
Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                 https://www.nwra.com/


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Jun 20 22:14:22 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.