Package: gvfs-backends Version: 1.50.0-1 Severity: important Hi,
I'm currently experiencing a segfault in gvfs-dav when mounting a share (using gio mount davs://<url>/remote.php/dav/corsac on a Nextcloud instance). I only started experiencing the issue now but it's been a while since I tried to mount using gio so I'm unsure when it started appearing. Running gvfsd from a terminal with GVFS_DEBUG=1 I get: dav: Added new job source 0x64a7363fc080 (GVfsBackendDav) dav: Queued new job 0x64a7363f4a70 (GVfsJobMount) dav: + mount dav: + soup_authenticate (interactive, first auth) dav: - soup_authenticate dav: [/remote.php/dav/files/corsac] webdav: 1, collection 1 [res: 1] Adding GVFS_HTTP_DEBUG=all I get at the end: > PROPFIND /remote.php/dav/files/ HTTP/1.1 [...] > <?xml version="1.0" encoding="utf-8" ?> > <D:propfind xmlns:D="DAV:"> > <D:prop> > <D:resourcetype/> > <D:getcontentlength/> > </D:prop> > </D:propfind> < HTTP/1.1 405 Method Not Allowed < Soup-Debug-Timestamp: 1651085719 < Soup-Debug: SoupMessage 2 (0x784f50007210) < Date: Wed, 27 Apr 2022 18:55:19 GMT < Server: nginx/1.18.0 < Content-Type: application/xml; charset=utf-8 < Expires: Thu, 19 Nov 1981 08:52:00 GMT < Cache-Control: no-store, no-cache, must-revalidate < Pragma: no-cache < Content-Security-Policy: default-src 'none'; < Vary: Brief,Prefer < Referrer-Policy: no-referrer < X-Content-Type-Options: nosniff < X-Frame-Options: SAMEORIGIN < X-XSS-Protection: 1; mode=block < Keep-Alive: timeout=5, max=97 < Connection: Keep-Alive < Transfer-Encoding: chunked < Strict-Transport-Security: max-age=63072000; includeSubdomains; preload < DAV: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nc-calendar-search, nc-enable-birthday-calendar < Allow: OPTIONS, GET, HEAD, DELETE, PROPFIND, PUT, PROPPATCH, COPY, MOVE, REPORT < X-Download-Options: noopen < X-Permitted-Cross-Domain-Policies: none < X-Robots-Tag: none < < <?xml version="1.0" encoding="utf-8"?> < <d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns";> < <s:exception>Sabre\DAV\Exception\MethodNotAllowed</s:exception> < <s:message>Listing members of this collection is disabled</s:message> < </d:error> dav: [/remote.php/dav/files/] webdav: 1, collection 0 [res: 0] dav: send_reply(0x57419e1afab0), failed=0 () malloc(): unsorted double linked list corrupted I'm not sure why gvfs-dav tries to access /remote.php/dav/files/ but in any case it should crash on receiving a 405 error. Also I'm a bit worried about the malloc error, memory corruption is bad. I've installed some debugging symbols and try to get a backtrace but I'm unsure if it's really helpful: corsac@scapa: gdb -p 874753 GNU gdb (Debian 10.1-2+b1) 10.1.90.20210103-git Copyright (C) 2021 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word". Attaching to process 874753 [New LWP 874754] [New LWP 874755] [New LWP 874756] [New LWP 874758] [New LWP 874759] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". 0x000071c244b9a87f in __GI___poll (fds=0x5f89614d0600, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 29 ../sysdeps/unix/sysv/linux/poll.c: No such file or directory. (gdb) c Continuing. Thread 5 "pool" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x71c23b7fe640 (LWP 874758)] __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:115 115 ../sysdeps/x86_64/multiarch/strcmp-avx2.S: No such file or directory. (gdb) bt #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:115 #1 0x000071c244e9441e in soup_body_input_stream_read_chunked (error=0x71c23b7fda18, cancellable=0x0, blocking=1, count=4096, buffer=0x0, bistream=0x71c22835ec90 [SoupBodyInputStream]) at ../libsoup/http1/soup-body-input-stream.c:234 #2 read_internal (stream=<optimized out>, buffer=0x0, count=4096, blocking=1, cancellable=0x0, error=0x71c23b7fda18) at ../libsoup/http1/soup-body-input-stream.c:267 #3 0x000071c24510a271 in g_input_stream_skip (stream=0x71c22835ec90 [SoupBodyInputStream], count=count@entry=4096, cancellable=cancellable@entry=0x0, error=error@entry=0x71c23b7fda18) at ../../../gio/ginputstream.c:391 #4 0x000071c244eae4ba in soup_filter_input_stream_skip (stream=<optimized out>, count=4096, cancellable=0x0, error=0x71c23b7fda18) at ../libsoup/soup-filter-input-stream.c:131 #5 0x000071c244eaa2af in soup_client_input_stream_skip (stream=0x71c2284c4f20 [SoupClientInputStream], count=4096, cancellable=0x0, error=0x71c23b7fda18) at ../libsoup/soup-client-input-stream.c:140 #6 0x000071c24510a271 in g_input_stream_skip (stream=0x71c2284c4f20 [SoupClientInputStream], count=4096, cancellable=0x0, error=0x71c23b7fda18) at ../../../gio/ginputstream.c:391 #7 0x00005f895ff43818 in () #8 0x000071c2452ea34a in g_vfs_job_run (job=0x5f89614de2b0 [GVfsJobMount]) at ../daemon/gvfsjob.c:195 #9 0x000071c2452e81df in job_handler_callback (data=<optimized out>, user_data=<optimized out>) at ../daemon/gvfsdaemon.c:203 #10 0x000071c244f72e94 in g_thread_pool_thread_proxy (data=<optimized out>) at ../../../glib/gthreadpool.c:354 #11 0x000071c244f7259d in g_thread_proxy (data=0x5f89614d4760) at ../../../glib/gthread.c:827 #12 0x000071c2446efd80 in start_thread (arg=0x71c23b7fe640) at pthread_create.c:481 #13 0x000071c244ba676f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) bt full #0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:115 #1 0x000071c244e9441e in soup_body_input_stream_read_chunked (error=0x71c23b7fda18, cancellable=0x0, blocking=1, count=4096, buffer=0x0, bistream=0x71c22835ec90 [SoupBodyInputStream]) at ../libsoup/http1/soup-body-input-stream.c:234 priv = 0x71c22835ec40 fstream = 0x71c228046670 [SoupFilterInputStream] metabuf = "0\r\n\000\000\000\000\000\030\332\177;\302q\000\000\000\020", '\000' <repeats 14 times>, " OL(\302q\000\000\277\246\005E\302q\000\000\030\000\000\000\060\000\000\000\020\331\177;\302q\000\000P\330\177;\302q\000\000\000n\372\213\200Xn\370\020r\000(\302q\000\000\264)\263D\302q\000\000\020r\000(\302q\000\000\366", '\000' <repeats 15 times>, "\220\354\065(\302q\000" nread = 2 got_line = 1 bistream = 0x71c22835ec90 [SoupBodyInputStream] priv = 0x71c22835ec40 nread = <optimized out> __func__ = "read_internal" #2 read_internal (stream=<optimized out>, buffer=0x0, count=4096, blocking=1, cancellable=0x0, error=0x71c23b7fda18) at ../libsoup/http1/soup-body-input-stream.c:267 bistream = 0x71c22835ec90 [SoupBodyInputStream] priv = 0x71c22835ec40 nread = <optimized out> __func__ = "read_internal" #3 0x000071c24510a271 in g_input_stream_skip (stream=0x71c22835ec90 [SoupBodyInputStream], count=count@entry=4096, cancellable=cancellable@entry=0x0, error=error@entry=0x71c23b7fda18) at ../../../gio/ginputstream.c:391 class = 0x71c228360840 res = <optimized out> __func__ = "g_input_stream_skip" #4 0x000071c244eae4ba in soup_filter_input_stream_skip (stream=<optimized out>, count=4096, cancellable=0x0, error=0x71c23b7fda18) at ../libsoup/soup-filter-input-stream.c:131 fstream = 0x71c2284c4f20 [SoupClientInputStream] priv = 0x71c2284c4ef0 bytes_skipped = <optimized out> #5 0x000071c244eaa2af in soup_client_input_stream_skip (stream=0x71c2284c4f20 [SoupClientInputStream], count=4096, cancellable=0x0, error=0x71c23b7fda18) at ../libsoup/soup-client-input-stream.c:140 priv = 0x71c2284c4ee0 nread = <optimized out> #6 0x000071c24510a271 in g_input_stream_skip (stream=0x71c2284c4f20 [SoupClientInputStream], count=4096, cancellable=0x0, error=0x71c23b7fda18) at ../../../gio/ginputstream.c:391 class = 0x71c228361550 res = <optimized out> __func__ = "g_input_stream_skip" #7 0x00005f895ff43818 in () --Type <RET> for more, q to quit, c to continue without paging-- #8 0x000071c2452ea34a in g_vfs_job_run (job=0x5f89614de2b0 [GVfsJobMount]) at ../daemon/gvfsjob.c:195 class = 0x5f89614ee1c0 #9 0x000071c2452e81df in job_handler_callback (data=<optimized out>, user_data=<optimized out>) at ../daemon/gvfsdaemon.c:203 job = 0x5f89614de2b0 [GVfsJobMount] #10 0x000071c244f72e94 in g_thread_pool_thread_proxy (data=<optimized out>) at ../../../glib/gthreadpool.c:354 task = 0x5f89614de2b0 pool = <optimized out> #11 0x000071c244f7259d in g_thread_proxy (data=0x5f89614d4760) at ../../../glib/gthread.c:827 thread = 0x5f89614d4760 __func__ = "g_thread_proxy" #12 0x000071c2446efd80 in start_thread (arg=0x71c23b7fe640) at pthread_create.c:481 ret = <optimized out> pd = 0x71c23b7fe640 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {125079035831872, -3908132707509501404, 140733515511774, 140733515511775, 0, 125079035831872, 3046668644706648612, 3046420027103740452}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 #13 0x000071c244ba676f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (450, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.16.0-6-amd64 (SMP w/2 CPU threads; PREEMPT) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gvfs-backends depends on: ii dconf-gsettings-backend [gsettings-backend] 0.40.0-3 ii gvfs 1.50.0-1 ii gvfs-common 1.50.0-1 ii gvfs-daemons 1.50.0-1 ii gvfs-libs 1.50.0-1 ii libarchive13 3.6.0-1 ii libavahi-client3 0.8-5 ii libavahi-common3 0.8-5 ii libavahi-glib1 0.8-5 ii libc6 2.33-7 ii libcdio-cdda2 10.2+2.0.0-1+b2 ii libcdio-paranoia2 10.2+2.0.0-1+b2 ii libcdio19 2.1.0-3 ii libgcrypt20 1.10.1-2 ii libgdata22 0.18.1-2 ii libglib2.0-0 2.72.1-1 ii libgoa-1.0-0b 3.44.0-1 ii libgphoto2-6 2.5.27-1 ii libgphoto2-port12 2.5.27-1 ii libgudev-1.0-0 237-2 ii libimobiledevice6 1.3.0-6+b1 ii libmtp9 1.1.19-1 ii libnfs13 4.0.0-1 ii libplist3 2.2.0-6+b1 ii libpolkit-gobject-1-0 0.120-6 ii libsmbclient 2:4.16.0+dfsg-7 ii libsoup-3.0-0 3.0.6-1 ii libusb-1.0-0 2:1.0.26-1 ii libxml2 2.9.13+dfsg-1+b1 ii psmisc 23.4-2 Versions of packages gvfs-backends recommends: ii gnome-keyring 40.0-3 Versions of packages gvfs-backends suggests: ii bluez-obexd 5.64-2 ii samba-common 2:4.16.0+dfsg-7 -- no debconf information
