Discussion:
[X2Go-Dev] Bug#1283: x2goclient segfault in ssh_poll_set_events
Orion Poplawski
2018-04-11 19:33:21 UTC
Permalink
Package: x2goclient
Version: 4.1.1.1

This seems to be a new issue with 4.1.1.1.

On EL7.4:

Program terminated with signal 11, Segmentation fault.
#0 0x00007fdec5cb2d7b in ssh_poll_set_events (p=0x7fdea400c0c0, events=4)
at /usr/src/debug/libssh-0.7.1/src/poll.c:349
349 p->ctx->pollfds[p->x.idx].events = events;
gdb) thr app all bt

Thread 3 (Thread 0x7fdeaa1b7700 (LWP 15963)):
#0 0x00007fdec340fa3d in poll () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007fdec42d0dc8 in qt_safe_poll(pollfd*, int, int, bool) (__timeout=-1,
__nfds=1, __fds=0x7fdeaa1b6d20) at /usr/include/bits/poll2.h:46
#2 0x00007fdec42d0dc8 in qt_safe_poll(pollfd*, int, int, bool)
(fds=***@entry=0x7fdeaa1b6d20, nfds=***@entry=1,
timeout_ms=***@entry=-1, retry_eintr=***@entry=false)
at kernel/qcore_unix.cpp:121
#3 0x00007fdec4280c88 in QProcessManager::run() (this=
0x7fdec460b520 <processManager()::processManager>) at io/qprocess_unix.cpp:240
#4 0x00007fdec419d11f in QThreadPrivate::start(void*) (arg=0x7fdec460b520
<processManager()::processManager>) at thread/qthread_unix.cpp:338
#5 0x00007fdec3f0ce25 in start_thread (arg=0x7fdeaa1b7700) at
pthread_create.c:308
#6 0x00007fdec341a34d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 2 (Thread 0x7fdec6ae58c0 (LWP 15927)):
#0 0x00007fdec340fa3d in poll () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007fdebfb277ac in g_main_context_iterate.isra.21 () at
/lib64/libglib-2.0.so.0
#2 0x00007fdebfb278cc in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#3 0x00007fdec42d35d5 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=0xbdd630, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#4 0x00007fdec4bbcb26 in
QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#5 0x00007fdec42a365f in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=***@entry=0x7ffca4e35600, flags=...) at kernel/qeventloop.cpp:149
#6 0x00007fdec42a39ad in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(this=***@entry=0x7ffca4e35600, flags=...) at kernel/qeventloop.cpp:204
#7 0x00007fdec42a8eb9 in QCoreApplication::exec() () at
kernel/qcoreapplication.cpp:1221
#8 0x00007fdec4b1922c in QApplication::exec() () at kernel/qapplication.cpp:3826
#9 0x000000000050d1d1 in x2goMain(int, char**) (argc=1, argv=<optimized out>)
at ../src/ongetpass.cpp:114
#10 0x000000000053d53e in fork_helper(int, char**) (argv=0x7ffca4e359e8, argc=1)
at ../src/x2goclient.cpp:36
#11 0x000000000053d53e in fork_helper(int, char**) (argc=***@entry=1,
argv=***@entry=0x7ffca4e359e8) at ../src/x2goclient.cpp:89
#12 0x000000000041d60e in main(int, char**) (argc=1, argv=0x7ffca4e359e8)
at ../src/x2goclient.cpp:123

Thread 1 (Thread 0x7fdeaa9b8700 (LWP 15934)):
#0 0x00007fdec5cb2d7b in ssh_poll_set_events (p=0x7fdea400c0c0, events=4)
at /usr/src/debug/libssh-0.7.1/src/poll.c:349
#1 0x00007fdec5cb62eb in ssh_socket_nonblocking_flush (len=<optimized out>,
buffer=<optimized out>, s=0x7fdea40038e0) at
/usr/src/debug/libssh-0.7.1/src/socket.c:568
#2 0x00007fdec5cb62eb in ssh_socket_nonblocking_flush (s=***@entry=0x7fdea40038e0)
at /usr/src/debug/libssh-0.7.1/src/socket.c:661
#3 0x00007fdec5cb63d4 in ssh_socket_write (s=0x7fdea40038e0,
buffer=<optimized out>, len=***@entry=52) at
/usr/src/debug/libssh-0.7.1/src/socket.c:622
#4 0x00007fdec5cad5ff in packet_send2 (session=0x7fdea4002f90,
session=0x7fdea4002f90)
at /usr/src/debug/libssh-0.7.1/src/packet.c:509
#5 0x00007fdec5cad5ff in packet_send2 (session=***@entry=0x7fdea4002f90)
at /usr/src/debug/libssh-0.7.1/src/packet.c:579
#6 0x00007fdec5cadfe5 in packet_send (session=***@entry=0x7fdea4002f90)
at /usr/src/debug/libssh-0.7.1/src/packet.c:604
#7 0x00007fdec5c9c16a in channel_write_common (channel=0x7fdea400e5b0,
data=0x7fdeaa937b20, len=9, is_stderr=0) at
/usr/src/debug/libssh-0.7.1/src/channels.c:1321
#8 0x00000000004d6f11 in SshMasterConnection::channelLoop()
(this=***@entry=0xf97710)
at ../src/sshmasterconnection.cpp:2320
#9 0x00000000004da13d in SshMasterConnection::run() (this=0xf97710)
at ../src/sshmasterconnection.cpp:791
#10 0x00007fdec419d11f in QThreadPrivate::start(void*) (arg=0xf97710)
at thread/qthread_unix.cpp:338
#11 0x00007fdec3f0ce25 in start_thread (arg=0x7fdeaa9b8700) at
pthread_create.c:308
#12 0x00007fdec341a34d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113

(gdb) print *p->ctx
$3 = {pollptrs = 0x0, pollfds = 0x45, polls_allocated = 140594210989168,
polls_used = 0,
chunk_size = 15}

so pollfds is not valid.

Happens with certain users/certain configs. Seen on EL7 and Fedora 27 though
with different call stacks.

Fedora 27 - https://bugzilla.redhat.com/show_bug.cgi?id=1562168
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane ***@nwra.com
Boulder, CO 80301 https://www.nwra.com/
Loading...