Bug 1247941 - [abrt] gnome-boxes: vasprintf(): gnome-boxes killed by SIGSEGV
[abrt] gnome-boxes: vasprintf(): gnome-boxes killed by SIGSEGV
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: gnome-boxes (Show other bugs)
22
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Christophe Fergeau
Fedora Extras Quality Assurance
https://retrace.fedoraproject.org/faf...
abrt_hash:8abfac2925a75b906a8bbc93763...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-29 05:59 EDT by Vladimir Benes
Modified: 2016-07-19 13:14 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-19 13:14:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (101.06 KB, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: cgroup (190 bytes, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: core_backtrace (403.42 KB, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: dso_list (18.76 KB, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: environ (903 bytes, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: limits (1.29 KB, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: maps (130.89 KB, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: mountinfo (3.38 KB, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: namespaces (85 bytes, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: open_fds (59.48 KB, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: proc_pid_status (970 bytes, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details
File: var_log_messages (648 bytes, text/plain)
2015-07-29 05:59 EDT, Vladimir Benes
no flags Details

  None (edit)
Description Vladimir Benes 2015-07-29 05:59:15 EDT
Description of problem:
I've tried to reproduce live cd not created issue and after starting ~ 130th livecd Boxes crashed.

I've used tiny core 5.3 liveCD (9MB in size)

Version-Release number of selected component:
gnome-boxes-3.16.2-1.fc22

Additional info:
reporter:       libreport-2.5.1
backtrace_rating: 4
cmdline:        /usr/bin/gnome-boxes --gapplication-service
crash_function: vasprintf
executable:     /usr/bin/gnome-boxes
global_pid:     2572
kernel:         4.0.4-301.fc22.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 0 (10 frames)
 #3 vasprintf at /usr/include/bits/stdio2.h:210
 #4 virVasprintfInternal at util/virstring.c:476
 #5 virRaiseErrorFull at util/virerror.c:723
 #6 virReportSystemErrorFull at util/virerror.c:1469
 #7 virNetClientProgramCall at rpc/virnetclientprogram.c:371
 #8 callFull at remote/remote_driver.c:6522
 #9 remoteDomainOpenGraphicsFD at remote/remote_driver.c:6362
 #10 virDomainOpenGraphicsFD at libvirt-domain.c:10202
 #11 gvir_domain_open_graphics_fd at libvirt-gobject-domain.c:1261
 #12 ____lambda160_ at /home/zeenix/checkout/gnome/gnome-boxes/src/libvirt-machine.vala:69
Comment 1 Vladimir Benes 2015-07-29 05:59:22 EDT
Created attachment 1057263 [details]
File: backtrace
Comment 2 Vladimir Benes 2015-07-29 05:59:23 EDT
Created attachment 1057264 [details]
File: cgroup
Comment 3 Vladimir Benes 2015-07-29 05:59:26 EDT
Created attachment 1057265 [details]
File: core_backtrace
Comment 4 Vladimir Benes 2015-07-29 05:59:28 EDT
Created attachment 1057266 [details]
File: dso_list
Comment 5 Vladimir Benes 2015-07-29 05:59:29 EDT
Created attachment 1057267 [details]
File: environ
Comment 6 Vladimir Benes 2015-07-29 05:59:31 EDT
Created attachment 1057268 [details]
File: limits
Comment 7 Vladimir Benes 2015-07-29 05:59:33 EDT
Created attachment 1057269 [details]
File: maps
Comment 8 Vladimir Benes 2015-07-29 05:59:35 EDT
Created attachment 1057270 [details]
File: mountinfo
Comment 9 Vladimir Benes 2015-07-29 05:59:36 EDT
Created attachment 1057271 [details]
File: namespaces
Comment 10 Vladimir Benes 2015-07-29 05:59:38 EDT
Created attachment 1057272 [details]
File: open_fds
Comment 11 Vladimir Benes 2015-07-29 05:59:39 EDT
Created attachment 1057273 [details]
File: proc_pid_status
Comment 12 Vladimir Benes 2015-07-29 05:59:40 EDT
Created attachment 1057274 [details]
File: var_log_messages
Comment 13 Zeeshan Ali 2015-07-31 11:26:39 EDT
Seems deep in libvirt territory.
Comment 14 Daniel Berrange 2015-07-31 11:44:59 EDT
Looking at the stack trace I can't see why it would be SEGV'ing, but I do see an interesting error message in the stack

 "Cannot duplicate FD 1011: Too many open files"

It looks like Boxes has exhausted the (stupidly low) default file descriptor limit for its user environment. I wonder if there is a file descriptor leak somewhere in either Boxes or libvirt, or if the particular usage scenario genuinely needed so many FDs ?  I guess the FD exhaustion might have tickled some, never used, code path which results in memory corruption causing the eventual SEGV.
Comment 15 Daniel Berrange 2015-07-31 11:47:20 EDT
Looking at the open_fds attachment there is a good mix of pipe and socket FDs open, but I can't tell what they're for.
Comment 16 Christophe Fergeau 2015-07-31 11:53:16 EDT
Wondering if this could be related to https://bugzilla.gnome.org/show_bug.cgi?id=746800
Comment 17 Zeeshan Ali 2015-07-31 12:02:39 EDT
(In reply to Daniel Berrange from comment #14)
> Looking at the stack trace I can't see why it would be SEGV'ing, but I do
> see an interesting error message in the stack
> 
>  "Cannot duplicate FD 1011: Too many open files"
> 
> It looks like Boxes has exhausted the (stupidly low) default file descriptor
> limit for its user environment. I wonder if there is a file descriptor leak
> somewhere in either Boxes or libvirt, or if the particular usage scenario
> genuinely needed so many FDs ?  I guess the FD exhaustion might have tickled
> some, never used, code path which results in memory corruption causing the
> eventual SEGV.

Ah, this is then likely a side-effect of https://bugzilla.gnome.org/show_bug.cgi?id=748646 , which I really should solve sooner than later.
Comment 18 Zeeshan Ali 2015-08-04 18:47:00 EDT
(In reply to Zeeshan Ali from comment #17)
> (In reply to Daniel Berrange from comment #14)
> > Looking at the stack trace I can't see why it would be SEGV'ing, but I do
> > see an interesting error message in the stack
> > 
> >  "Cannot duplicate FD 1011: Too many open files"
> > 
> > It looks like Boxes has exhausted the (stupidly low) default file descriptor
> > limit for its user environment. I wonder if there is a file descriptor leak
> > somewhere in either Boxes or libvirt, or if the particular usage scenario
> > genuinely needed so many FDs ?  I guess the FD exhaustion might have tickled
> > some, never used, code path which results in memory corruption causing the
> > eventual SEGV.
> 
> Ah, this is then likely a side-effect of
> https://bugzilla.gnome.org/show_bug.cgi?id=748646 , which I really should
> solve sooner than later.

Done! I'll do a 3.16 bug fix release soon so you can test if this bug is fixed with these patches.
Comment 19 Zeeshan Ali 2015-09-22 10:06:29 EDT
I never got around to rolling out another 3.16 release but now that I'm about to roll-out 3.18.0 and F23 is soon out with it, I don't think i'll be fixing this in F22.
Comment 20 Fedora End Of Life 2016-07-19 13:14:55 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.