Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1685503 - lftp command crashed with "segmentation fault" when transferring using SFTP protocol
Summary: lftp command crashed with "segmentation fault" when transferring using SFTP p...
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: lftp
Version: 29
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Michal Ruprich
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-05 10:52 UTC by Renaud Métrich
Modified: 2019-03-05 10:54 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)
Crash (deleted)
2019-03-05 10:53 UTC, Renaud Métrich
no flags Details

Description Renaud Métrich 2019-03-05 10:52:56 UTC
Description of problem:

Sometimes, when transferring a file using the SFTP protocol and network rate limiting is enabled (e.g. "set net:limit-rate 200000"), the lftp program dies with Segmentation Fault:

Core was generated by `lftp'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:530
530		VMOVNT	%VEC(0), (%r9)
(gdb) bt
#0  __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:530
#1  0x00007fd515f5ff55 in memmove (__len=131072, __src=0x564489911850, __dest=<optimized out>)
    at /usr/include/bits/string_fortified.h:40
#2  Buffer::Append (this=0x5644898e04f8, buf=0x564489911850 "", size=131072) at buffer.cc:112
#3  0x00007fd515f5ffb7 in Buffer::Put (this=0x5644898e04f8, buf=<optimized out>, size=131072)
    at buffer.cc:117
#4  0x00007fd515f55bb8 in FileCopy::Do (this=0x564489911610) at FileCopy.cc:332
#5  0x00007fd515f4776d in SMTask::ScheduleThis (this=0x564489911610) at SMTask.cc:206
#6  0x00007fd515f47979 in SMTask::Schedule () at SMTask.cc:248
#7  0x00007fd515fc4365 in Job::WaitDone (this=0x5644898d4650) at Job.cc:557
#8  0x0000564487b09e5e in main (argc=<optimized out>, argv=0x7fff27fb0668) at lftp.cc:590


Version-Release number of selected component (if applicable):

lftp-4.8.4-1.fc29.x86_64


How reproducible:

Once every hundreds of transfers


Steps to Reproduce:
1. Enable rate limiting in /etc/lftp.conf

set net:limit-rate 200000

2. Create a dummy 10M file to transfer

# dd if=/dev/zero of=/root/ccc.txt bs=10M count=1

3. Transfer the file to some distant host (wasn't able to reproduce between VM and hypervisor) in loop until the issue occurs. Using multiple instances (e.g. 4 of them) helps speed up things. The test program will stop all transfers upon crash of one instance.

lftptest.sh:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
#!/bin/bash

STOPFILE="/tmp/lftptest.stop"

rm $STOPFILE 2>/dev/null

while [ ! -f $STOPFILE ] ; do
	lftp <<EOF
debug 10
set cmd:fail-exit true
set net:timeout 10
set net:reconnect-interval-base 10
set net:max-retries 
open -u XXXuser,XXXpass sftp://xx.xx.xx.xx
put /root/ccc.txt -o "$$.$(date +%s).txt"
cls -l 
exit
EOF
	ret=$?
	if [ $ret -ne 0 ]; then
		touch $STOPFILE
		exit $ret
	fi
done
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

# for i in $(seq 1 4); do ./lftptest.sh & done


Actual results:

Crash after ~ 75 transfers (~20 transfers per instance)


Expected results:

No crash


Additional info:

Also seen on RHEL7.6 (lftp-4.4.8-11.el7.x86_64).

Comment 1 Renaud Métrich 2019-03-05 10:53:30 UTC
Created attachment 1540897 [details]
Crash


Note You need to log in before you can comment on or make changes to this bug.