Bug#813492: kde-workspace-bin: kdeinit4 increase memory-consumption by every extern ssh-login and never release it
Package: kde-workspace-bin
Version: 4:4.11.13-2
Severity: critical
Justification: causes serious data loss
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages kde-workspace-bin depends on:
ii iso-codes 3.57-1
ii kde-runtime 4:4.14.2-2
ii kde-style-oxygen 4:4.11.13-2
ii kde-workspace-data 4:4.11.13-2
ii kde-workspace-kgreet-plugins 4:4.11.13-2
ii kscreen 1.0.2.1-1
ii libc6 2.19-18+deb8u2
ii libcln6 1.3.4-1
ii libdbusmenu-qt2 0.9.2-1
ii libfontconfig1 2.11.0-6.3
ii libfreetype6 2.5.2-3+deb8u1
ii libgcc1 1:4.9.2-10
ii libgl1-mesa-glx [libgl1] 10.3.2-1+deb8u1
ii libice6 2:1.0.9-1+b1
ii libjpeg62-turbo 1:1.3.1-12
ii libkactivities6 4:4.13.3-1
ii libkcmutils4 4:4.14.2-5
ii libkdeclarative5 4:4.14.2-5
ii libkdecore5 4:4.14.2-5
ii libkdesu5 4:4.14.2-5
ii libkdeui5 4:4.14.2-5
ii libkfile4 4:4.14.2-5
ii libkidletime4 4:4.14.2-5
ii libkio5 4:4.14.2-5
ii libknewstuff3-4 4:4.14.2-5
ii libknotifyconfig4 4:4.14.2-5
ii libkparts4 4:4.14.2-5
ii libkpty4 4:4.14.2-5
ii libkscreensaver5 4:4.11.13-2
ii libkworkspace4abi2 4:4.11.13-2
ii libnepomukcore4 4:4.14.0-1+b2
ii libpam0g 1.1.8-3.1+deb8u1
ii libphonon4 4:4.8.0-4
ii libplasma3 4:4.14.2-5
ii libplasmagenericshell4 4:4.11.13-2
ii libpng12-0 1.2.50-2+deb8u2
ii libprocesscore4abi1 4:4.11.13-2
ii libprocessui4a 4:4.11.13-2
ii libqalculate5 0.9.7-9
ii libqimageblitz4 1:0.0.6-4
ii libqjson0 0.8.1-3
ii libqt4-dbus 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libqt4-declarative 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libqt4-sql 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libsm6 2:1.2.2-1+b1
ii libsolid4 4:4.14.2-5
ii libsoprano4 2.9.4+dfsg-1.1
ii libstdc++6 4.9.2-10
ii libstreamanalyzer0 0.7.8-1.2+b2
ii libudev1 215-17+deb8u3
ii libusb-0.1-4 2:0.1.12-25
ii libx11-6 2:1.6.2-3
ii libxcursor1 1:1.1.14-1+b1
ii libxext6 2:1.3.3-1
ii libxfixes3 1:5.0.1-2+b2
ii libxft2 2.3.2-1
ii libxi6 2:1.7.4-1+b2
ii libxinerama1 2:1.1.3-1+b1
ii libxkbfile1 1:1.0.8-1
ii libxrandr2 2:1.4.2-1+b1
ii libxrender1 1:0.9.8-1+b1
ii libxtst6 2:1.2.2-1+b1
ii phonon 4:4.8.0-4
ii plasma-desktop 4:4.11.13-2
ii qdbus 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii x11-utils 7.7+2
ii x11-xserver-utils 7.7+3+b1
Versions of packages kde-workspace-bin recommends:
ii plasma-scriptengines 4:4.11.13-2
ii policykit-1-gnome 0.105-2
ii polkit-kde-1 0.99.1-1
ii upower 0.99.1-3.2
Versions of packages kde-workspace-bin suggests:
ii x11-xkb-utils 7.7+1
-- no debconf information
Hallo,
if one User on the machine run kde and this one or an other user makes a ssh-connection like
ssh test@$IP1 -i ~/.ssh/test-key ls
the kdeinit4-process of the local user increase memory-consumption for any login and never
released it until the local user logged out. If many ssh-requests appear the memory filled over quota,
than system begin to swap and ultimatly it crashed without closing files and so on.
Possible it exist other vectors to use this crashing-method. Above all it is very suprising, that
login from other users have a consequence by the local user. If this user use i. e. gnome no problems seen.
I found the problem by testing systems with a external loop including many ssh-calls. And I see the systems
crashed all. Without running kde _or_ without ssh-calls the system looks stabil. The systems are virtual using
kvm (qemu). Crosstesting on a real system with kernel 4.4.0 (patched with a line against cve-2016-0718) sound like
non-affected. I will test with a other kernel on the kvm-machines in future.
with regards
Andreas Matthus
Reply to: