Bug 1304700

Summary: segfault in network::TcpListener::TcpListener
Product: Red Hat Enterprise Linux 7 Reporter: Marcel Kolaja <mkolaja>
Component: tigervncAssignee: Jan Grulich <jgrulich>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: high    
Version: 7.2CC: alanm, ayadav, jgrulich, J.H.Hodrien, jminter, jraising, jsbillin, jwright, mkolbas, pasteur, paulm, tpelka
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Using -inetd option with tigervnc caused tigervnc to immediately crash. Consequence: Tigervnc immediately crashes and is not usable. Fix: I didn't backport IPv6 support properly during tigervnc rebase for RHEL 7.2 and there was a missing part of IPv6 patch which was causing this crash. The missing part was added and tigervnc no longer crashes with -inetd option. Result: You can now use tigervnc with -inetd option.
 Story Points: ---
Clone Of: 1283925 Environment:
Last Closed: 2016-03-31 22:03:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1283925    
Bug Blocks:    
Attachments:
Description Flags
coredump none

Description Marcel Kolaja 2016-02-04 12:10:43 UTC 
This bug has been copied from bug #1283925 and has been proposed
to be backported to 7.2 z-stream (EUS).
Comment 3 Jan Grulich 2016-02-04 12:25:41 UTC 
Fixed in tigervnc-1.3.1-4.el7_2.
Comment 8 Joe Wright 2016-02-23 22:25:17 UTC 
Created attachment 1129931 [details]
coredump

Customre reports test package does not resolve the issue. coredump attached
Comment 9 Joe Wright 2016-02-23 23:02:33 UTC 
$ gdb `which Xvnc` coredump 
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/Xvnc...Reading symbols from /usr/lib/debug/usr/bin/Xvnc.debug...done.
done.
[New LWP 3853]
Core was generated by `Xvnc -inetd -query localhost -once -geometry 1024x768 -depth 16 securitytypes=n'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000527267 in InputDevice::isAffectedByNumLock (this=<optimized out>, keycode=<optimized out>) at InputXKB.cc:516
516             act = XkbKeyActionPtr(xkb, numlock_keycode, state);
(gdb) bt
#0  0x0000000000527267 in InputDevice::isAffectedByNumLock (this=<optimized out>, keycode=<optimized out>) at InputXKB.cc:516
#1  0x00007ffd60856b70 in ?? ()
#2  0x000000000f3b9a5b in ?? ()
#3  0x190a8f440aeba800 in ?? ()
#4  0x0000000000000032 in ?? ()
#5  0x0000000000000032 in ?? ()
#6  0x0000000000000008 in ?? ()
#7  0x0000000000000001 in ?? ()
#8  0x000000000000000a in ?? ()
#9  0x000000000044794e in glColor3ubv@plt ()
#10 0x0000000000000000 in ?? ()

(gdb) info loc
state = 50
numlock_mask = <optimized out>
xkb = 0x7ffd60856ba0
type = <optimized out>
numlock_keycode = 0 '\000'
act = <optimized out>
(gdb) l
511             if (numlock_keycode == 0)
512                     return false;
513
514             xkb = GetMaster(keyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc;
515
516             act = XkbKeyActionPtr(xkb, numlock_keycode, state);
517             if (act == NULL)
518                     return false;
519             if (act->type != XkbSA_LockMods)
520                     return false;
(gdb) p keyboardDev
value has been optimized out
(gdb) edit
(gdb) info sh
No shared libraries loaded at this time.

This makes no sense at all
[root@localhost C01585119]# ldd -r /usr/bin/Xvnc
        linux-vdso.so.1 =>  (0x00007fffc79a7000)
        libjpeg.so.62 => /lib64/libjpeg.so.62 (0x00007f4022235000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f402201f000)
        libgnutls.so.28 => /lib64/libgnutls.so.28 (0x00007f4021ce9000)
        libnettle.so.4 => /lib64/libnettle.so.4 (0x00007f4021ab8000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f40218b4000)
        libpixman-1.so.0 => /lib64/libpixman-1.so.0 (0x00007f4021606000)
        libXfont.so.1 => /lib64/libXfont.so.1 (0x00007f40213d2000)
        libXau.so.6 => /lib64/libXau.so.6 (0x00007f40211ce000)
        libxshmfence.so.1 => /lib64/libxshmfence.so.1 (0x00007f4020fcb000)
        libXdmcp.so.6 => /lib64/libXdmcp.so.6 (0x00007f4020dc5000)
        libpam_misc.so.0 => /lib64/libpam_misc.so.0 (0x00007f4020bc1000)
        libpam.so.0 => /lib64/libpam.so.0 (0x00007f40209b1000)
        libGL.so.1 => /lib64/libGL.so.1 (0x00007f402071a000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f40204fe000)
        libX11.so.6 => /lib64/libX11.so.6 (0x00007f40201bf000)
        libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f401feb6000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f401fbb4000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f401f99d000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f401f5dc000)
        libp11-kit.so.0 => /lib64/libp11-kit.so.0 (0x00007f401f396000)
        libtspi.so.1 => /lib64/libtspi.so.1 (0x00007f401f124000)
        libtasn1.so.6 => /lib64/libtasn1.so.6 (0x00007f401ef10000)
        libhogweed.so.2 => /lib64/libhogweed.so.2 (0x00007f401ece9000)
        libgmp.so.10 => /lib64/libgmp.so.10 (0x00007f401ea71000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f40224a5000)
        libfreetype.so.6 => /lib64/libfreetype.so.6 (0x00007f401e7cb000)
        libfontenc.so.1 => /lib64/libfontenc.so.1 (0x00007f401e5c4000)
        libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f401e39c000)
        libexpat.so.1 => /lib64/libexpat.so.1 (0x00007f401e172000)
        libglapi.so.0 => /lib64/libglapi.so.0 (0x00007f401df44000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f401dd1e000)
        libXext.so.6 => /lib64/libXext.so.6 (0x00007f401db0c000)
        libXdamage.so.1 => /lib64/libXdamage.so.1 (0x00007f401d909000)
        libXfixes.so.3 => /lib64/libXfixes.so.3 (0x00007f401d702000)
        libX11-xcb.so.1 => /lib64/libX11-xcb.so.1 (0x00007f401d500000)
        libxcb-glx.so.0 => /lib64/libxcb-glx.so.0 (0x00007f401d2e6000)
        libxcb-dri2.so.0 => /lib64/libxcb-dri2.so.0 (0x00007f401d0e0000)
        libxcb-dri3.so.0 => /lib64/libxcb-dri3.so.0 (0x00007f401cedd000)
        libxcb-present.so.0 => /lib64/libxcb-present.so.0 (0x00007f401ccda000)
        libxcb-randr.so.0 => /lib64/libxcb-randr.so.0 (0x00007f401cacb000)
        libxcb-xfixes.so.0 => /lib64/libxcb-xfixes.so.0 (0x00007f401c8c3000)
        libxcb-render.so.0 => /lib64/libxcb-render.so.0 (0x00007f401c6b9000)
        libxcb-shape.so.0 => /lib64/libxcb-shape.so.0 (0x00007f401c4b4000)
        libxcb-sync.so.1 => /lib64/libxcb-sync.so.1 (0x00007f401c2ad000)
        libxcb.so.1 => /lib64/libxcb.so.1 (0x00007f401c08b000)
        libXxf86vm.so.1 => /lib64/libXxf86vm.so.1 (0x00007f401be84000)
        libdrm.so.2 => /lib64/libdrm.so.2 (0x00007f401bc77000)
        libffi.so.6 => /lib64/libffi.so.6 (0x00007f401ba6e000)
        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f401b687000)
        libssl.so.10 => /lib64/libssl.so.10 (0x00007f401b41a000)
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f401b1b8000)
        liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f401af93000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f401ad46000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f401aa61000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f401a85d000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f401a62a000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f401a41b000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f401a217000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f4019ffc000)
Comment 10 Jan Grulich 2016-02-24 09:31:53 UTC 
This is a completely different crash. Is any other customer able to confirm that the latest tigervnc still crashes due to the same problem?
Comment 11 Joe Wright 2016-02-24 16:14:52 UTC 
I haven't had anyone come back and say yes/no for confirmation.
Comment 16 Joe Wright 2016-03-01 16:08:18 UTC 
Ok so we figured out why it was still showing the old version. The vncserver-minimal package was not updated. Is there a reason that the minimal server package is not a dependency for the main package? RPM never should have allowed the main server package to update without the minimal package being updated as well.
Comment 17 Jan Grulich 2016-03-01 16:21:59 UTC 
There is a dependency between them, but it's not versioned. Usually when you update system using yum/dnf/whatever you won't have this problem.
Comment 18 Joe Wright 2016-03-01 16:24:05 UTC 
Can we make it versioned? I'd like to prevent this from happening again.
Comment 19 Jan Grulich 2016-03-01 18:49:21 UTC 
Yep, we can do that. I have another tigervnc bug(s) for RHEL 7.3 so I'll include your request too.
Comment 20 Joe Wright 2016-03-01 18:51:18 UTC 
Thanks much! :)
Comment 27 errata-xmlrpc 2016-03-31 22:03:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0543.html