[X2Go-Dev] Bug#1283: x2goclient segfault in ssh_poll_set_events

Orion Poplawski orion at nwra.com
Wed Apr 11 21:33:21 CEST 2018 

Package: x2goclient
Version: 4.1.1.1

This seems to be a new issue with 4.1.1.1.

On EL7.4:

Program terminated with signal 11, Segmentation fault.
#0  0x00007fdec5cb2d7b in ssh_poll_set_events (p=0x7fdea400c0c0, events=4)
    at /usr/src/debug/libssh-0.7.1/src/poll.c:349
349         p->ctx->pollfds[p->x.idx].events = events;
gdb) thr app all bt

Thread 3 (Thread 0x7fdeaa1b7700 (LWP 15963)):
#0  0x00007fdec340fa3d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fdec42d0dc8 in qt_safe_poll(pollfd*, int, int, bool) (__timeout=-1,
__nfds=1, __fds=0x7fdeaa1b6d20) at /usr/include/bits/poll2.h:46
#2  0x00007fdec42d0dc8 in qt_safe_poll(pollfd*, int, int, bool)
(fds=fds at entry=0x7fdeaa1b6d20, nfds=nfds at entry=1,
timeout_ms=timeout_ms at entry=-1, retry_eintr=retry_eintr at entry=false)
    at kernel/qcore_unix.cpp:121
#3  0x00007fdec4280c88 in QProcessManager::run() (this=
    0x7fdec460b520 <processManager()::processManager>) at io/qprocess_unix.cpp:240
#4  0x00007fdec419d11f in QThreadPrivate::start(void*) (arg=0x7fdec460b520
<processManager()::processManager>) at thread/qthread_unix.cpp:338
#5  0x00007fdec3f0ce25 in start_thread (arg=0x7fdeaa1b7700) at
pthread_create.c:308
#6  0x00007fdec341a34d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 2 (Thread 0x7fdec6ae58c0 (LWP 15927)):
#0  0x00007fdec340fa3d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fdebfb277ac in g_main_context_iterate.isra.21 () at
/lib64/libglib-2.0.so.0
#2  0x00007fdebfb278cc in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#3  0x00007fdec42d35d5 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=0xbdd630, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#4  0x00007fdec4bbcb26 in
QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#5  0x00007fdec42a365f in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=this at entry=0x7ffca4e35600, flags=...) at kernel/qeventloop.cpp:149
#6  0x00007fdec42a39ad in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(this=this at entry=0x7ffca4e35600, flags=...) at kernel/qeventloop.cpp:204
#7  0x00007fdec42a8eb9 in QCoreApplication::exec() () at
kernel/qcoreapplication.cpp:1221
#8  0x00007fdec4b1922c in QApplication::exec() () at kernel/qapplication.cpp:3826
#9  0x000000000050d1d1 in x2goMain(int, char**) (argc=1, argv=<optimized out>)
    at ../src/ongetpass.cpp:114
#10 0x000000000053d53e in fork_helper(int, char**) (argv=0x7ffca4e359e8, argc=1)
    at ../src/x2goclient.cpp:36
#11 0x000000000053d53e in fork_helper(int, char**) (argc=argc at entry=1,
argv=argv at entry=0x7ffca4e359e8) at ../src/x2goclient.cpp:89
#12 0x000000000041d60e in main(int, char**) (argc=1, argv=0x7ffca4e359e8)
    at ../src/x2goclient.cpp:123

Thread 1 (Thread 0x7fdeaa9b8700 (LWP 15934)):
#0  0x00007fdec5cb2d7b in ssh_poll_set_events (p=0x7fdea400c0c0, events=4)
    at /usr/src/debug/libssh-0.7.1/src/poll.c:349
#1  0x00007fdec5cb62eb in ssh_socket_nonblocking_flush (len=<optimized out>,
buffer=<optimized out>, s=0x7fdea40038e0) at
/usr/src/debug/libssh-0.7.1/src/socket.c:568
#2  0x00007fdec5cb62eb in ssh_socket_nonblocking_flush (s=s at entry=0x7fdea40038e0)
    at /usr/src/debug/libssh-0.7.1/src/socket.c:661
#3  0x00007fdec5cb63d4 in ssh_socket_write (s=0x7fdea40038e0,
buffer=<optimized out>, len=len at entry=52) at
/usr/src/debug/libssh-0.7.1/src/socket.c:622
#4  0x00007fdec5cad5ff in packet_send2 (session=0x7fdea4002f90,
session=0x7fdea4002f90)
    at /usr/src/debug/libssh-0.7.1/src/packet.c:509
#5  0x00007fdec5cad5ff in packet_send2 (session=session at entry=0x7fdea4002f90)
    at /usr/src/debug/libssh-0.7.1/src/packet.c:579
#6  0x00007fdec5cadfe5 in packet_send (session=session at entry=0x7fdea4002f90)
    at /usr/src/debug/libssh-0.7.1/src/packet.c:604
#7  0x00007fdec5c9c16a in channel_write_common (channel=0x7fdea400e5b0,
data=0x7fdeaa937b20, len=9, is_stderr=0) at
/usr/src/debug/libssh-0.7.1/src/channels.c:1321
#8  0x00000000004d6f11 in SshMasterConnection::channelLoop()
(this=this at entry=0xf97710)
    at ../src/sshmasterconnection.cpp:2320
#9  0x00000000004da13d in SshMasterConnection::run() (this=0xf97710)
    at ../src/sshmasterconnection.cpp:791
#10 0x00007fdec419d11f in QThreadPrivate::start(void*) (arg=0xf97710)
    at thread/qthread_unix.cpp:338
#11 0x00007fdec3f0ce25 in start_thread (arg=0x7fdeaa9b8700) at
pthread_create.c:308
#12 0x00007fdec341a34d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113

(gdb) print *p->ctx
$3 = {pollptrs = 0x0, pollfds = 0x45, polls_allocated = 140594210989168,
polls_used = 0,
  chunk_size = 15}

so pollfds is not valid.

Happens with certain users/certain configs.  Seen on EL7 and Fedora 27 though
with different call stacks.

Fedora 27 - https://bugzilla.redhat.com/show_bug.cgi?id=1562168


-- 
Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                 https://www.nwra.com/

More information about the x2go-dev mailing list