Bug 1247941 - [abrt] gnome-boxes: vasprintf(): gnome-boxes killed by SIGSEGV
Summary: [abrt] gnome-boxes: vasprintf(): gnome-boxes killed by SIGSEGV
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-boxes
Version: 22
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Christophe Fergeau
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:8abfac2925a75b906a8bbc93763...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-07-29 09:59 UTC by Vladimir Benes
Modified: 2016-07-19 17:14 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-19 17:14:55 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: backtrace (101.06 KB, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: cgroup (190 bytes, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: core_backtrace (403.42 KB, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: dso_list (18.76 KB, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: environ (903 bytes, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: limits (1.29 KB, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: maps (130.89 KB, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: mountinfo (3.38 KB, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: namespaces (85 bytes, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: open_fds (59.48 KB, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: proc_pid_status (970 bytes, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details
File: var_log_messages (648 bytes, text/plain)
2015-07-29 09:59 UTC, Vladimir Benes
no flags Details

Description Vladimir Benes 2015-07-29 09:59:15 UTC
Description of problem:
I've tried to reproduce live cd not created issue and after starting ~ 130th livecd Boxes crashed.

I've used tiny core 5.3 liveCD (9MB in size)

Version-Release number of selected component:
gnome-boxes-3.16.2-1.fc22

Additional info:
reporter:       libreport-2.5.1
backtrace_rating: 4
cmdline:        /usr/bin/gnome-boxes --gapplication-service
crash_function: vasprintf
executable:     /usr/bin/gnome-boxes
global_pid:     2572
kernel:         4.0.4-301.fc22.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 0 (10 frames)
 #3 vasprintf at /usr/include/bits/stdio2.h:210
 #4 virVasprintfInternal at util/virstring.c:476
 #5 virRaiseErrorFull at util/virerror.c:723
 #6 virReportSystemErrorFull at util/virerror.c:1469
 #7 virNetClientProgramCall at rpc/virnetclientprogram.c:371
 #8 callFull at remote/remote_driver.c:6522
 #9 remoteDomainOpenGraphicsFD at remote/remote_driver.c:6362
 #10 virDomainOpenGraphicsFD at libvirt-domain.c:10202
 #11 gvir_domain_open_graphics_fd at libvirt-gobject-domain.c:1261
 #12 ____lambda160_ at /home/zeenix/checkout/gnome/gnome-boxes/src/libvirt-machine.vala:69

Comment 1 Vladimir Benes 2015-07-29 09:59:22 UTC
Created attachment 1057263 [details]
File: backtrace

Comment 2 Vladimir Benes 2015-07-29 09:59:23 UTC
Created attachment 1057264 [details]
File: cgroup

Comment 3 Vladimir Benes 2015-07-29 09:59:26 UTC
Created attachment 1057265 [details]
File: core_backtrace

Comment 4 Vladimir Benes 2015-07-29 09:59:28 UTC
Created attachment 1057266 [details]
File: dso_list

Comment 5 Vladimir Benes 2015-07-29 09:59:29 UTC
Created attachment 1057267 [details]
File: environ

Comment 6 Vladimir Benes 2015-07-29 09:59:31 UTC
Created attachment 1057268 [details]
File: limits

Comment 7 Vladimir Benes 2015-07-29 09:59:33 UTC
Created attachment 1057269 [details]
File: maps

Comment 8 Vladimir Benes 2015-07-29 09:59:35 UTC
Created attachment 1057270 [details]
File: mountinfo

Comment 9 Vladimir Benes 2015-07-29 09:59:36 UTC
Created attachment 1057271 [details]
File: namespaces

Comment 10 Vladimir Benes 2015-07-29 09:59:38 UTC
Created attachment 1057272 [details]
File: open_fds

Comment 11 Vladimir Benes 2015-07-29 09:59:39 UTC
Created attachment 1057273 [details]
File: proc_pid_status

Comment 12 Vladimir Benes 2015-07-29 09:59:40 UTC
Created attachment 1057274 [details]
File: var_log_messages

Comment 13 Zeeshan Ali 2015-07-31 15:26:39 UTC
Seems deep in libvirt territory.

Comment 14 Daniel Berrangé 2015-07-31 15:44:59 UTC
Looking at the stack trace I can't see why it would be SEGV'ing, but I do see an interesting error message in the stack

 "Cannot duplicate FD 1011: Too many open files"

It looks like Boxes has exhausted the (stupidly low) default file descriptor limit for its user environment. I wonder if there is a file descriptor leak somewhere in either Boxes or libvirt, or if the particular usage scenario genuinely needed so many FDs ?  I guess the FD exhaustion might have tickled some, never used, code path which results in memory corruption causing the eventual SEGV.

Comment 15 Daniel Berrangé 2015-07-31 15:47:20 UTC
Looking at the open_fds attachment there is a good mix of pipe and socket FDs open, but I can't tell what they're for.

Comment 16 Christophe Fergeau 2015-07-31 15:53:16 UTC
Wondering if this could be related to https://bugzilla.gnome.org/show_bug.cgi?id=746800

Comment 17 Zeeshan Ali 2015-07-31 16:02:39 UTC
(In reply to Daniel Berrange from comment #14)
> Looking at the stack trace I can't see why it would be SEGV'ing, but I do
> see an interesting error message in the stack
> 
>  "Cannot duplicate FD 1011: Too many open files"
> 
> It looks like Boxes has exhausted the (stupidly low) default file descriptor
> limit for its user environment. I wonder if there is a file descriptor leak
> somewhere in either Boxes or libvirt, or if the particular usage scenario
> genuinely needed so many FDs ?  I guess the FD exhaustion might have tickled
> some, never used, code path which results in memory corruption causing the
> eventual SEGV.

Ah, this is then likely a side-effect of https://bugzilla.gnome.org/show_bug.cgi?id=748646 , which I really should solve sooner than later.

Comment 18 Zeeshan Ali 2015-08-04 22:47:00 UTC
(In reply to Zeeshan Ali from comment #17)
> (In reply to Daniel Berrange from comment #14)
> > Looking at the stack trace I can't see why it would be SEGV'ing, but I do
> > see an interesting error message in the stack
> > 
> >  "Cannot duplicate FD 1011: Too many open files"
> > 
> > It looks like Boxes has exhausted the (stupidly low) default file descriptor
> > limit for its user environment. I wonder if there is a file descriptor leak
> > somewhere in either Boxes or libvirt, or if the particular usage scenario
> > genuinely needed so many FDs ?  I guess the FD exhaustion might have tickled
> > some, never used, code path which results in memory corruption causing the
> > eventual SEGV.
> 
> Ah, this is then likely a side-effect of
> https://bugzilla.gnome.org/show_bug.cgi?id=748646 , which I really should
> solve sooner than later.

Done! I'll do a 3.16 bug fix release soon so you can test if this bug is fixed with these patches.

Comment 19 Zeeshan Ali 2015-09-22 14:06:29 UTC
I never got around to rolling out another 3.16 release but now that I'm about to roll-out 3.18.0 and F23 is soon out with it, I don't think i'll be fixing this in F22.

Comment 20 Fedora End Of Life 2016-07-19 17:14:55 UTC
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.