freerdp-shadow-cli segmentation fault

EnchantedHunter commented 1 year ago

Describe the bug in some cases, a connection attempt leads to a segmentation fault

Additional context backtrace after the fall:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50                                                                                     
#1  0x00007ffff79af537 in __GI_abort () at abort.c:79                                                                                                         
#2  0x00007ffff7a073a8 in __libc_message (action=action@entry=do_abort,                                                                                       
    fmt=fmt@entry=0x7ffff7b25390 "%s\n") at ../sysdeps/posix/libc_fatal.c:155                                                                                 
#3  0x00007ffff7a0e69a in malloc_printerr (                                                                                                                   
    str=str@entry=0x7ffff7b27750 "double free or corruption (out)")                                                                                           
    at malloc.c:5347                                                                                                                                          
#4  0x00007ffff7a0fcc8 in _int_free (av=0x7ffff7b5bb80 <main_arena>,                                                                                          
    p=0x7fffe95aa6b0, have_lock=<optimized out>) at malloc.c:4314                                                                                             
#5  0x00007ffff7dc5fcf in peer_channel_queue_free_message (obj=0x7ffff1eeca10)                                                                                
    at /home/mike/workspace/FreeRDP/libfreerdp/core/server.c:1207                                                                                             
#6  0x00007ffff7dc6c2c in FreeRDP_WTSVirtualChannelRead (                                                                                                     
    hChannelHandle=0x7fffe8016aa0, TimeOut=0, Buffer=0x7fffe95b36e0 "\020",                                                                                   
    BufferSize=65536, pBytesRead=0x7ffff1eecac4)                                                                                                              
    at /home/mike/workspace/FreeRDP/libfreerdp/core/server.c:1531                                                                                             
#7  0x00007ffff7c3df14 in WTSVirtualChannelRead (                                                                                                             
    hChannelHandle=0x7fffe8016aa0, TimeOut=0, Buffer=0x7fffe95b36e0 "\020",                                                                                   
    BufferSize=65536, pBytesRead=0x7ffff1eecac4)                                                                                                              
    at /home/mike/workspace/FreeRDP/winpr/libwinpr/wtsapi/wtsapi.c:383                                                                                        
#8  0x00007ffff75cc802 in rdpgfx_server_handle_messages (                                                                                                     
    context=0x7fffe801e310)

EnchantedHunter commented 1 year ago

sometimes I get such a backtrace

#0  tcache_get (tc_idx=<optimized out>) at malloc.c:2937
#1  __GI___libc_malloc (bytes=40) at malloc.c:3051
#2  0x00007ffff72e634a in CRYPTO_zalloc () at /lib/x86_64-linux-gnu/libcrypto.so.1.1
#3  0x00007ffff74692b0 in  () at /lib/x86_64-linux-gnu/libssl.so.1.1
#4  0x00007ffff746c088 in  () at /lib/x86_64-linux-gnu/libssl.so.1.1
#5  0x00007ffff74761da in  () at /lib/x86_64-linux-gnu/libssl.so.1.1
#6  0x00007ffff7474425 in  () at /lib/x86_64-linux-gnu/libssl.so.1.1
#7  0x00007ffff7d6e374 in bio_rdp_tls_free (bio=0x7fffdc00f580) at /home/mike/workspace/rdp/libfreerdp/crypto/tls.c:482
#8  0x00007ffff7210a5f in BIO_free () at /lib/x86_64-linux-gnu/libcrypto.so.1.1
#9  0x00007ffff7211564 in BIO_free_all () at /lib/x86_64-linux-gnu/libcrypto.so.1.1
#10 0x00007ffff7d7214e in freerdp_tls_free (tls=0x7fffdc01b9a0) at /home/mike/workspace/rdp/libfreerdp/crypto/tls.c:1824
#11 0x00007ffff7dfa99f in transport_default_disconnect (transport=0x7fffe800e5c0) at /home/mike/workspace/rdp/libfreerdp/core/transport.c:1470
#12 0x00007ffff7dfa8dc in transport_disconnect (transport=0x7fffe800e5c0) at /home/mike/workspace/rdp/libfreerdp/core/transport.c:1458
#13 0x00007ffff7e1a75f in freerdp_peer_disconnect (client=0x7fffe801b560) at /home/mike/workspace/rdp/libfreerdp/core/peer.c:1219
#14 0x00007ffff7fafbd5 in shadow_client_thread (arg=0x7fffe800d280) at /home/mike/workspace/rdp/server/shadow/shadow_client.c:2405
#15 0x00007ffff7c0f1ce in thread_launcher (arg=0x7fffe8039bb0) at /home/mike/workspace/rdp/winpr/libwinpr/thread/thread.c:520
#16 0x00007ffff74e1ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
#17 0x00007ffff7a85a2f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

#0  tcache_get (tc_idx=<optimized out>) at malloc.c:2937
#1  __GI___libc_malloc (bytes=40) at malloc.c:3051
#2  0x00007ffff72e634a in CRYPTO_zalloc () at /lib/x86_64-linux-gnu/libcrypto.so.1.1
#3  0x00007ffff74692b0 in  () at /lib/x86_64-linux-gnu/libssl.so.1.1
#4  0x00007ffff746c088 in  () at /lib/x86_64-linux-gnu/libssl.so.1.1
#5  0x00007ffff746caa5 in  () at /lib/x86_64-linux-gnu/libssl.so.1.1
#6  0x00007ffff747f873 in SSL_write () at /lib/x86_64-linux-gnu/libssl.so.1.1
#7  0x00007ffff7d6d953 in bio_rdp_tls_write (bio=0x7fffdc005ad0, buf=0x7fffe802f2f0 "", size=29)
    at /home/mike/workspace/rdp/libfreerdp/crypto/tls.c:106
#8  0x00007ffff721176a in  () at /lib/x86_64-linux-gnu/libcrypto.so.1.1
#9  0x00007ffff72107c4 in  () at /lib/x86_64-linux-gnu/libcrypto.so.1.1
#10 0x00007ffff7210c83 in BIO_write () at /lib/x86_64-linux-gnu/libcrypto.so.1.1
#11 0x00007ffff7df9b45 in transport_default_write (transport=0x7fffe8027fd0, s=0x7fffe8028ab0)
    at /home/mike/workspace/rdp/libfreerdp/core/transport.c:1136
#12 0x00007ffff7df98f8 in transport_write (transport=0x7fffe8027fd0, s=0x7fffe8028ab0) at /home/mike/workspace/rdp/libfreerdp/core/transport.c:1096
#13 0x00007ffff7df46db in fastpath_send_update_pdu (fastpath=0x7fffe8028a80, updateCode=11 '\v', s=0x7fffe8001570, skipCompression=0)
    at /home/mike/workspace/rdp/libfreerdp/core/fastpath.c:1271
#14 0x00007ffff7e032c3 in update_send_pointer_new (context=0x7fffe800d280, pointer_new=0x7fffe7805380)
    at /home/mike/workspace/rdp/libfreerdp/core/update.c:2275
#15 0x00007ffff7fae0ef in shadow_client_subsystem_process_message (client=0x7fffe800d280, message=0x7fffe7805650)
    at /home/mike/workspace/rdp/server/shadow/shadow_client.c:2011
#16 0x00007ffff7faf781 in shadow_client_thread (arg=0x7fffe800d280) at /home/mike/workspace/rdp/server/shadow/shadow_client.c:2352
#17 0x00007ffff7c0f1ce in thread_launcher (arg=0x7fffe8039b50) at /home/mike/workspace/rdp/winpr/libwinpr/thread/thread.c:520
#18 0x00007ffff74e1ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
#19 0x00007ffff7a85a2f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

EnchantedHunter commented 1 year ago

I think I understood why the error occurs, when creating a new connection in the WTSVirtualChannelManagerCheckFileDescriptorEx function, sometimes packets that have accumulated during this time in the queue from the last connection are sent

EnchantedHunter commented 1 year ago

When adding WITH_SANITIZE_ADDRESS, I get such logs when I fall

==6072==ERROR: AddressSanitizer: attempting double-free on 0x6020000acf30 in thread T7:                                           
[15:27:45:169] [6072:000017e8] [DEBUG][com.freerdp.channels.rdpgfx.server] - [rdpgfx_server_receive_pdu]: cmdId: RDPGFX_CMDID_CAPS
ADVERTISE (0x0012) flags: 0x0000 pduLength: 106                                                                                   
[15:27:45:169] [6072:000017e8] [DEBUG][com.freerdp.client.shadow] - [shadow_encoder_prepare]: initializing H.264 encoder          
[15:27:45:178] [6072:000017e8] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]: primitives benchmark result:       
[15:27:45:234] [6072:00001805] [ERROR][com.freerdp.channels.audin.server] - [audin_server_thread_func]: WTSVirtualChannelQuery fai
led                                                                                                                               
    #0 0x7ffff766fc18 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164                        
    #1 0x7ffff68d3498 in Stream_EnsureCapacity /home/computer/workspace/rrdp/winpr/libwinpr/utils/stream.c:72                     
    #2 0x7ffff68d35db in Stream_EnsureRemainingCapacity /home/computer/workspace/rrdp/winpr/libwinpr/utils/stream.c:90            
[15:27:46:475] [6072:000017e8] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]:  * generic= 3                      
    #3 0x7ffff72ff905 in rdpgfx_server_handle_messages /home/computer/workspace/rrdp/channels/rdpgfx/server/rdpgfx_main.c:1718    
    #4 0x7ffff72fd269 in rdpgfx_server_thread_func /home/computer/workspace/rrdp/channels/rdpgfx/server/rdpgfx_main.c:1412        
    #5 0x7ffff6916a7d in thread_launcher /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:520                         
    #6 0x7ffff65c2b42 in start_thread nptl/pthread_create.c:442                                                                   
    #7 0x7ffff66549ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)                                                                 

0x6020000acf30 is located 0 bytes inside of 4-byte region [0x6020000acf30,0x6020000acf34)                                         
freed by thread T4 here:
    #0 0x7ffff766fc18 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164
    #1 0x7ffff68d3498 in Stream_EnsureCapacity /home/computer/workspace/rrdp/winpr/libwinpr/utils/stream.c:72
    #2 0x7ffff68d35db in Stream_EnsureRemainingCapacity /home/computer/workspace/rrdp/winpr/libwinpr/utils/stream.c:90
    #3 0x7ffff72ff905 in rdpgfx_server_handle_messages /home/computer/workspace/rrdp/channels/rdpgfx/server/rdpgfx_main.c:1718
    #4 0x7ffff757b129 in shadow_client_thread /home/computer/workspace/rrdp/server/shadow/shadow_client.c:2287
    #5 0x7ffff6916a7d in thread_launcher /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:520
    #6 0x7ffff65c2b42 in start_thread nptl/pthread_create.c:442
previously allocated by thread T4 here:
    #0 0x7ffff766f867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x7ffff68d3674 in Stream_New /home/computer/workspace/rrdp/winpr/libwinpr/utils/stream.c:108
    #2 0x7ffff72ff02d in rdpgfx_server_context_new /home/computer/workspace/rrdp/channels/rdpgfx/server/rdpgfx_main.c:1623
    #3 0x7ffff7585b3e in shadow_client_rdpgfx_init /home/computer/workspace/rrdp/server/shadow/shadow_rdpgfx.c:32
    #4 0x7ffff7584104 in shadow_client_channels_post_connect /home/computer/workspace/rrdp/server/shadow/shadow_channels.c:46
    #5 0x7ffff756ade2 in shadow_client_post_connect /home/computer/workspace/rrdp/server/shadow/shadow_client.c:464
    #6 0x7ffff6ef837f in rdp_peer_handle_state_active /home/computer/workspace/rrdp/libfreerdp/core/peer.c:766
    #7 0x7ffff6efa18d in peer_recv_callback_internal /home/computer/workspace/rrdp/libfreerdp/core/peer.c:1134
    #8 0x7ffff6efa58b in peer_recv_callback /home/computer/workspace/rrdp/libfreerdp/core/peer.c:1167
    #9 0x7ffff6eb9677 in transport_check_fds /home/computer/workspace/rrdp/libfreerdp/core/transport.c:1392
    #10 0x7ffff6e95f6a in rdp_check_fds /home/computer/workspace/rrdp/libfreerdp/core/rdp.c:2120
    #11 0x7ffff6ef553a in freerdp_peer_check_fds /home/computer/workspace/rrdp/libfreerdp/core/peer.c:321
    #12 0x7ffff757a750 in shadow_client_thread /home/computer/workspace/rrdp/server/shadow/shadow_client.c:2214
    #13 0x7ffff6916a7d in thread_launcher /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:520
    #14 0x7ffff65c2b42 in start_thread nptl/pthread_create.c:442

Thread T7 created by T4 here:
    #0 0x7ffff7613685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7ffff6916e3b in winpr_StartThread /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:568
    #2 0x7ffff69173c0 in CreateThread /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:650
    #3 0x7ffff72fdf9d in rdpgfx_server_open /home/computer/workspace/rrdp/channels/rdpgfx/server/rdpgfx_main.c:1503
    #4 0x7ffff757ae4f in shadow_client_thread /home/computer/workspace/rrdp/server/shadow/shadow_client.c:2255
    #5 0x7ffff6916a7d in thread_launcher /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:520
    #6 0x7ffff65c2b42 in start_thread nptl/pthread_create.c:442

Thread T4 created by T1 here:
    #0 0x7ffff7613685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7ffff6916e3b in winpr_StartThread /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:568
    #2 0x7ffff69173c0 in CreateThread /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:650
    #3 0x7ffff757c4d9 in shadow_client_accepted /home/computer/workspace/rrdp/server/shadow/shadow_client.c:2434
    #4 0x7ffff6ef2cac in freerdp_check_and_create_client /home/computer/workspace/rrdp/libfreerdp/core/listener.c:369
    #5 0x7ffff6ef33e7 in freerdp_listener_check_fds /home/computer/workspace/rrdp/libfreerdp/core/listener.c:415
    #6 0x7ffff758c6d3 in shadow_server_thread /home/computer/workspace/rrdp/server/shadow/shadow_server.c:505
    #7 0x7ffff6916a7d in thread_launcher /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:520
    #8 0x7ffff65c2b42 in start_thread nptl/pthread_create.c:442

Thread T1 created by T0 here:
    #0 0x7ffff7613685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7ffff6916e3b in winpr_StartThread /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:568
    #2 0x7ffff69173c0 in CreateThread /home/computer/workspace/rrdp/winpr/libwinpr/thread/thread.c:650
    #3 0x7ffff758d40a in shadow_server_start /home/computer/workspace/rrdp/server/shadow/shadow_server.c:657
    #4 0x555555557ab2 in main /home/computer/workspace/rrdp/server/shadow/shadow.c:144
    #5 0x7ffff6557d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164 in __interceptor_realloc
==6072==ABORTING

EnchantedHunter commented 1 year ago

@akallabeth still sometimes falls

tcache_thread_shutdown(): unaligned tcache chunk detected

Thread 257 "freerdp-shadow-" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffe7806640 (LWP 160116)]
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737077339712) at ./nptl/pthread_kill.c:44
44      ./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737077339712) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737077339712) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737077339712, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7925476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff790b7f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff796c6f6 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7abeb8c "%s\n")
    at ../sysdeps/posix/libc_fatal.c:155
#6  0x00007ffff7983d7c in malloc_printerr
    (str=str@entry=0x7ffff7ac1f40 "tcache_thread_shutdown(): unaligned tcache chunk detected") at ./malloc/malloc.c:5664
#7  0x00007ffff7988744 in tcache_thread_shutdown () at ./malloc/malloc.c:3224
#8  __malloc_arena_thread_freeres () at ./malloc/arena.c:1003
--Type <RET> for more, q to quit, c to continue without paging--
#9  0x00007ffff798b24a in __libc_thread_freeres () at ./malloc/thread-freeres.c:44
#10 0x00007ffff79779cf in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:456
#11 0x00007ffff7a09a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

akallabeth commented 1 year ago

@EnchantedHunter then a useful dump would be nice to have ;) yours is nowhere in the freerdp codebase. anyway, might already be fixed by #9311

EnchantedHunter commented 1 year ago

@akallabeth the program crashes exactly in this place, of course it looks like the problem is deeper

EnchantedHunter commented 1 year ago

@akallabeth with the address sanitizer, I get this error

[18:29:17:345] [178324:0002b8f0] [DEBUG][com.freerdp.channels.rdpgfx.server] - [rdpgfx_server_receive_pdu]: cmdId: RDPGFX_CMDID_CA
PSADVERTISE (0x0012) flags: 0x0000 pduLength: 106                                                                                 
[18:29:17:345] [178324:0002b8f0] [DEBUG][com.freerdp.client.shadow] - [shadow_encoder_prepare]: initializing H.264 encoder        
==178324==ERROR: AddressSanitizer: attempting double-free on 0x6020000b5990 in thread T7:                                         
[18:29:17:349] [178324:0002b8f0] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]: primitives benchmark result:     
[18:29:17:428] [178324:0002b912] [ERROR][com.freerdp.channels.audin.server] - [audin_server_thread_func]: WTSVirtualChannelQuery f
ailed                                                                                                                             
[18:29:17:631] [178324:0002b8f0] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]:  * generic= 3                    
    #0 0x7ffff766fc18 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164                        
    #1 0x7ffff68974d7 in Stream_EnsureCapacity /home/computer/workspace/freerdp/winpr/libwinpr/utils/stream.c:72                  
    #2 0x7ffff689761a in Stream_EnsureRemainingCapacity /home/computer/workspace/freerdp/winpr/libwinpr/utils/stream.c:90         
    #3 0x7ffff72ff88b in rdpgfx_server_handle_messages /home/computer/workspace/freerdp/channels/rdpgfx/server/rdpgfx_main.c:1710 
    #4 0x7ffff72fd1ef in rdpgfx_server_thread_func /home/computer/workspace/freerdp/channels/rdpgfx/server/rdpgfx_main.c:1404     
    #5 0x7ffff68daabc in thread_launcher /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:520                      
    #6 0x7ffff6586b42 in start_thread nptl/pthread_create.c:442                                                                   
    #7 0x7ffff66189ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)                                                                 

0x6020000b5990 is located 0 bytes inside of 4-byte region [0x6020000b5990,0x6020000b5994)                                         
freed by thread T4 here:                                                                                                          
    #0 0x7ffff766fc18 in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164                        
    #1 0x7ffff68974d7 in Stream_EnsureCapacity /home/computer/workspace/freerdp/winpr/libwinpr/utils/stream.c:72                  
    #2 0x7ffff689761a in Stream_EnsureRemainingCapacity /home/computer/workspace/freerdp/winpr/libwinpr/utils/stream.c:90         
    #3 0x7ffff72ff88b in rdpgfx_server_handle_messages /home/computer/workspace/freerdp/channels/rdpgfx/server/rdpgfx_main.c:1710 
    #4 0x7ffff757b129 in shadow_client_thread /home/computer/workspace/freerdp/server/shadow/shadow_client.c:2287                 
    #5 0x7ffff68daabc in thread_launcher /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:520                      
    #6 0x7ffff6586b42 in start_thread nptl/pthread_create.c:442

previously allocated by thread T4 here:                                                                                           
    #0 0x7ffff766f867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145                         
    #1 0x7ffff68976b3 in Stream_New /home/computer/workspace/freerdp/winpr/libwinpr/utils/stream.c:108                            
    #2 0x7ffff72fefb3 in rdpgfx_server_context_new /home/computer/workspace/freerdp/channels/rdpgfx/server/rdpgfx_main.c:1615
    #3 0x7ffff7585b3e in shadow_client_rdpgfx_init /home/computer/workspace/freerdp/server/shadow/shadow_rdpgfx.c:32
    #4 0x7ffff7584104 in shadow_client_channels_post_connect /home/computer/workspace/freerdp/server/shadow/shadow_channels.c:46
    #5 0x7ffff756ade2 in shadow_client_post_connect /home/computer/workspace/freerdp/server/shadow/shadow_client.c:464
    #6 0x7ffff6ee7219 in rdp_peer_handle_state_active /home/computer/workspace/freerdp/libfreerdp/core/peer.c:766
    #7 0x7ffff6ee9027 in peer_recv_callback_internal /home/computer/workspace/freerdp/libfreerdp/core/peer.c:1134
    #8 0x7ffff6ee9425 in peer_recv_callback /home/computer/workspace/freerdp/libfreerdp/core/peer.c:1167
    #9 0x7ffff6ea8511 in transport_check_fds /home/computer/workspace/freerdp/libfreerdp/core/transport.c:1392
    #10 0x7ffff6e84e04 in rdp_check_fds /home/computer/workspace/freerdp/libfreerdp/core/rdp.c:2120
    #11 0x7ffff6ee43d4 in freerdp_peer_check_fds /home/computer/workspace/freerdp/libfreerdp/core/peer.c:321
    #12 0x7ffff757a750 in shadow_client_thread /home/computer/workspace/freerdp/server/shadow/shadow_client.c:2214
    #13 0x7ffff68daabc in thread_launcher /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:520
    #14 0x7ffff6586b42 in start_thread nptl/pthread_create.c:442

Thread T7 created by T4 here:
    #0 0x7ffff7613685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7ffff68dae7a in winpr_StartThread /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:568
    #2 0x7ffff68db3ff in CreateThread /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:650
    #3 0x7ffff72fdf23 in rdpgfx_server_open /home/computer/workspace/freerdp/channels/rdpgfx/server/rdpgfx_main.c:1495
    #4 0x7ffff757ae4f in shadow_client_thread /home/computer/workspace/freerdp/server/shadow/shadow_client.c:2255
    #5 0x7ffff68daabc in thread_launcher /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:520
    #6 0x7ffff6586b42 in start_thread nptl/pthread_create.c:442
Thread T4 created by T1 here:
    #0 0x7ffff7613685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7ffff68dae7a in winpr_StartThread /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:568
    #2 0x7ffff68db3ff in CreateThread /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:650
    #3 0x7ffff757c4d9 in shadow_client_accepted /home/computer/workspace/freerdp/server/shadow/shadow_client.c:2434
    #4 0x7ffff6ee1b46 in freerdp_check_and_create_client /home/computer/workspace/freerdp/libfreerdp/core/listener.c:369
    #5 0x7ffff6ee2281 in freerdp_listener_check_fds /home/computer/workspace/freerdp/libfreerdp/core/listener.c:415
    #6 0x7ffff758c6d3 in shadow_server_thread /home/computer/workspace/freerdp/server/shadow/shadow_server.c:505
    #7 0x7ffff68daabc in thread_launcher /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:520
    #8 0x7ffff6586b42 in start_thread nptl/pthread_create.c:442

Thread T1 created by T0 here:
    #0 0x7ffff7613685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7ffff68dae7a in winpr_StartThread /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:568
    #2 0x7ffff68db3ff in CreateThread /home/computer/workspace/freerdp/winpr/libwinpr/thread/thread.c:650
    #3 0x7ffff758d40a in shadow_server_start /home/computer/workspace/freerdp/server/shadow/shadow_server.c:657
    #4 0x555555557ab2 in main /home/computer/workspace/freerdp/server/shadow/shadow.c:144
    #5 0x7ffff651bd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:164 in __interceptor_realloc
==178324==ABORTING

akallabeth commented 1 year ago

@EnchantedHunter this trace looks exactly like what #9311 fixes, check if you are up to date ;)

FreeRDP / FreeRDP

freerdp-shadow-cli segmentation fault #9271