bug#42740: Segfault in libssh during ‘guix copy’

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#42740: Segfault in libssh during ‘guix copy’

From:	Ludovic Courtès
Subject:	bug#42740: Segfault in libssh during ‘guix copy’
Date:	Sat, 29 Aug 2020 15:31:30 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hi Artyom!

Artyom Poptsov <poptsov.artyom@gmail.com> skribis:

> please check if this branch will work without segfaults in Guix:
>   https://github.com/artyom-poptsov/guile-ssh/tree/wip-fix-segfaults-on-gc
>
> Key changes:
>
> - Channels are now protecting the parent session from GC'ing.
>
> - Every channel procedure now ensures that the parent session is
>   connected before calling any libssh procedures upon a channel
>   instance.  The idea is that a channel cannot be created when a session
>   is disconnected and when channel is present and the session is closed,
>   it means that the session is disconnected and freed.

Looks like the problem is still there, after all:

--8<---------------cut here---------------start------------->8---
$ guix describe
Generacio 154   Aug 29 2020 14:49:14    (nuna)
  guix 0ec6b8a
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 0ec6b8afd7e7a6c288fbf48c5779f2e0bdaffb55
$  guix copy --to=olimex coreutils-minimal
sending 3 store items (86 MiB) to 'A20-OLinuXino.local'...
Adres-eraro(nekropsio elŝutita)
$ gdb $(type -P guile) core

[...]

Core was generated by 
`/gnu/store/0w76khfspfy8qmcpjya41chj3bgfcy0k-guile-3.0.4/bin/guile 
--no-auto-com'.
Program terminated with signal SIGSEGV, Segmentation fault.

warning: Unexpected size of section `.reg-xstate/25533' in core file.
#0  0x00007f1ba90e4185 in deflate_fast ()
   from /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1
[Current thread is 1 (Thread 0x7f1baefb9b80 (LWP 25533))]
(gdb) bt
#0  0x00007f1ba90e4185 in deflate_fast ()
   from /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1
#1  0x00007f1ba90e653d in deflate () from 
/gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1
#2  0x00007f1ba89b1b4a in gzip_compress (session=session@entry=0x12a4b20, 
source=source@entry=0x12a5580, 
    level=<optimized out>) at 
/tmp/guix-build-libssh-0.9.4.drv-0/source/src/gzip.c:91
#3  0x00007f1ba89b1e83 in compress_buffer (session=session@entry=0x12a4b20, 
buf=0x12a5580)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/gzip.c:112
#4  0x00007f1ba898eb5f in packet_send2 (session=session@entry=0x12a4b20)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/packet.c:1632
#5  0x00007f1ba898ec32 in ssh_packet_send (session=session@entry=0x12a4b20)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/packet.c:1810
#6  0x00007f1ba8978639 in channel_write_common (channel=0x12b0e90, 
data=0x7f1b9dba7020, len=65536, is_stderr=0)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/channels.c:1488
#7  0x00007f1ba89fce7a in write_to_channel_port ()
   from 
/gnu/store/hw2wb78q8zxza1p1kdi8bffdbi1hb19n-guile-ssh-0.13.1/lib/libguile-ssh.so.13
#8  0x00007f1baf67eedc in scm_i_write_bytes (port=#<port #<port-type channel 
7f1baaa1c6c0> 7f1ba7f25300>, 
    src="#<vu8vector>" = {...}, start=0, count=65536) at ports.c:2865
#9  0x00007f1baf68686f in scm_put_bytevector (port=#<port #<port-type channel 
7f1baaa1c6c0> 7f1ba7f25300>, 
    bv="#<vu8vector>" = {...}, start=<optimized out>, count=<optimized out>) at 
r6rs-ports.c:676

[...]

(gdb) info threads
  Id   Target Id                         Frame 
* 1    Thread 0x7f1baefb9b80 (LWP 25533) 0x00007f1ba90e4185 in deflate_fast ()
   from /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1
  2    Thread 0x7f1baec93700 (LWP 25534) warning: Unexpected size of section 
`.reg-xstate/25534' in core file.
0x00007f1baf56094c in futex_wait_cancelable (private=<optimized out>, 
    expected=0, futex_word=0x7f1baf5b86e8 <mark_cv+40>) at 
../sysdeps/nptl/futex-internal.h:183
  3    Thread 0x7f1bac9d0700 (LWP 25537) warning: Unexpected size of section 
`.reg-xstate/25537' in core file.
0x00007f1ba90e479f in deflate_fast ()
   from /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1
  4    Thread 0x7f1bae302700 (LWP 25535) warning: Unexpected size of section 
`.reg-xstate/25535' in core file.
0x00007f1baf56094c in futex_wait_cancelable (private=<optimized out>, 
    expected=0, futex_word=0x7f1baf5b86e8 <mark_cv+40>) at 
../sysdeps/nptl/futex-internal.h:183
  5    Thread 0x7f1baa6f9700 (LWP 25538) warning: Unexpected size of section 
`.reg-xstate/25538' in core file.
0x00007f1baf5640a4 in __libc_read (fd=10, buf=buf@entry=0x7f1baa6f8660, 
    nbytes=nbytes@entry=1) at ../sysdeps/unix/sysv/linux/read.c:26
  6    Thread 0x7f1bad971700 (LWP 25536) warning: Unexpected size of section 
`.reg-xstate/25536' in core file.
0x00007f1baf56094c in futex_wait_cancelable (private=<optimized out>, 
    expected=0, futex_word=0x7f1baf5b86e8 <mark_cv+40>) at 
../sysdeps/nptl/futex-internal.h:183
(gdb) thread 3
[Switching to thread 3 (Thread 0x7f1bac9d0700 (LWP 25537))]
#0  0x00007f1ba90e479f in deflate_fast ()
   from /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1
(gdb) bt
#0  0x00007f1ba90e479f in deflate_fast ()
   from /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1
#1  0x00007f1ba90e653d in deflate () from 
/gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1
#2  0x00007f1ba89b1b4a in gzip_compress (session=session@entry=0x12a4b20, 
source=source@entry=0x12a5580, 
    level=<optimized out>) at 
/tmp/guix-build-libssh-0.9.4.drv-0/source/src/gzip.c:91
#3  0x00007f1ba89b1e83 in compress_buffer (session=session@entry=0x12a4b20, 
buf=0x12a5580)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/gzip.c:112
#4  0x00007f1ba898eb5f in packet_send2 (session=session@entry=0x12a4b20)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/packet.c:1632
#5  0x00007f1ba898ec32 in ssh_packet_send (session=session@entry=0x12a4b20)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/packet.c:1810
#6  0x00007f1ba897a178 in ssh_channel_send_eof (channel=channel@entry=0x12b0930)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/channels.c:1250
#7  0x00007f1ba897a23b in ssh_channel_close (channel=0x12b0930)
    at /tmp/guix-build-libssh-0.9.4.drv-0/source/src/channels.c:1301
#8  0x00007f1ba89fcc36 in ptob_close ()
   from 
/gnu/store/hw2wb78q8zxza1p1kdi8bffdbi1hb19n-guile-ssh-0.13.1/lib/libguile-ssh.so.13
#9  0x00007f1baf67c153 in release_port (port=#<port #<port-type channel 
7f1baaa1c6c0> 7f1ba8e73400>)
    at ports.c:165
#10 0x00007f1baf67f19b in close_port (port=#<port #<port-type channel 
7f1baaa1c6c0> 7f1ba8e73400>, 
    explicit=<optimized out>) at ports.c:893
#11 0x00007f1baf63632a in scm_c_with_exception_handler (type=type@entry=#t, 
    handler=handler@entry=0x7f1baf6ad7e0 <catch_post_unwind_handler>, 
    handler_data=handler_data@entry=0x7f1bac9cf970, 
thunk=thunk@entry=0x7f1baf6ad920 <catch_body>, 
    thunk_data=thunk_data@entry=0x7f1bac9cf970) at exceptions.c:170
#12 0x00007f1baf6adb1d in scm_c_catch (tag=tag@entry=#t, 
body=body@entry=0x7f1baf67f200 <do_close>, 
    body_data=<optimized out>, handler=<optimized out>, 
handler_data=handler_data@entry=0x0, 
    pre_unwind_handler=pre_unwind_handler@entry=0x0, 
pre_unwind_handler_data=0x0) at throw.c:168
#13 0x00007f1baf6adb3e in scm_internal_catch (tag=tag@entry=#t, 
body=body@entry=0x7f1baf67f200 <do_close>, 
    body_data=<optimized out>, handler=<optimized out>, 
handler_data=handler_data@entry=0x0) at throw.c:177
#14 0x00007f1baf67ad84 in finalize_port (ptr=<optimized out>, data=<optimized 
out>) at ports.c:710
#15 0x00007f1baf58a6ef in GC_invoke_finalizers ()
   from /gnu/store/iycnpxxrg8m9wf9w58d6zvp9sdby6m9d-libgc-7.6.12/lib/libgc.so.1
#16 0x00007f1baf63ee79 in scm_run_finalizers () at finalizers.c:399
#17 0x00007f1baf63eefd in finalization_thread_proc (unused=<optimized out>) at 
finalizers.c:234
--8<---------------cut here---------------end--------------->8---

So we have the finalization thread closing a channel of session
0x12a4b20 (which causes a write on the channel), and the main thread
writing to a channel of that same session.  This is exactly what I
described at <https://issues.guix.gnu.org/26976#11>:

  AIUI, that means there’s one output compression buffer per session,
  and it’s not thread-safe (in Guile 2.2 finalizers are called from a
  separate thread.)

  I think the fix, in Guile-SSH, is to associate each libssh object
  (session, channel, etc.) with a mutex, and to protect all uses of the
  libssh object by that mutex.

Artyom, WDYT?  Do you think you could take a look into that?

In the meantime, I’ll look for the origin of the channel port that’s not
explicitly closed and see if we can work around it.

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#42740: Segfault in libssh during ‘guix copy’, Ludovic Courtès, 2020/08/07
- bug#42740: Segfault in libssh during ‘guix copy’, Artyom V. Poptsov, 2020/08/07
- bug#42740: Segfault in libssh during ‘guix copy’, Artyom Poptsov, 2020/08/09
  - bug#42740: Segfault in libssh during ‘guix copy’, Maxim Cournoyer, 2020/08/16
    - bug#42740: Segfault in libssh during ‘guix copy’, Ludovic Courtès, 2020/08/23
  - bug#42740: Segfault in libssh during ‘guix copy’, Ludovic Courtès <=
    - bug#42740: Segfault in libssh during ‘guix copy’, Ludovic Courtès, 2020/08/29

Prev by Date: bug#42912: cran.git importer fails because with-store swallows extra values.
Next by Date: bug#43090: [PATCH] emacs-clojure-mode 5.12.0 build failure
Previous by thread: bug#42740: Segfault in libssh during ‘guix copy’
Next by thread: bug#42740: Segfault in libssh during ‘guix copy’
Index(es):
- Date
- Thread