Bug 1266756 - [abrt] kf5-kwallet: qt_message_fatal(): kwalletd5 killed by SIGABRT
Summary: [abrt] kf5-kwallet: qt_message_fatal(): kwalletd5 killed by SIGABRT
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kf5-kwallet
Version: 23
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Daniel Vrátil
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:ba8be0d14d9ba4dee5856c13aeb...
Depends On:
Blocks: F23FinalBlocker
TreeView+ depends on / blocked
 
Reported: 2015-09-27 13:06 UTC by Yonatan
Modified: 2016-10-03 20:03 UTC (History)
18 users (show)

Fixed In Version: kf5-kwallet-5.14.0-2.fc23
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-10-31 16:07:11 UTC


Attachments (Terms of Use)
File: backtrace (17.49 KB, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: build_ids (6.17 KB, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: cgroup (177 bytes, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: core_backtrace (2.05 KB, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: dso_list (13.40 KB, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: environ (413 bytes, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: limits (1.29 KB, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: maps (35.59 KB, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: mountinfo (3.02 KB, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: namespaces (85 bytes, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: open_fds (518 bytes, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: proc_pid_status (856 bytes, text/plain)
2015-09-27 13:06 UTC, Yonatan
no flags Details
File: var_log_messages (309 bytes, text/plain)
2015-09-27 13:07 UTC, Yonatan
no flags Details
kwalletd's startup window (573.43 KB, image/png)
2015-10-23 20:32 UTC, Giulio 'juliuxpigface'
no flags Details
sddm-0.12.0-fix-use-after-free.patch (884 bytes, patch)
2015-10-23 22:26 UTC, Kevin Kofler
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
KDE Software Compilation 351805 None None None Never

Description Yonatan 2015-09-27 13:06:14 UTC
Version-Release number of selected component:
kf5-kwallet-5.14.0-1.fc23

Additional info:
reporter:       libreport-2.6.2
backtrace_rating: 4
cmdline:        /usr/bin/kwalletd5 --pam-login 15 19
crash_function: qt_message_fatal
executable:     /usr/bin/kwalletd5
global_pid:     1282
kernel:         4.2.1-300.fc23.i686
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (4 frames)
 #3 qt_message_fatal at global/qlogging.cpp:1575
 #4 QMessageLogger::fatal at global/qlogging.cpp:777
 #5 KWallet::Backend::getSaveLocation at ../../../../../src/runtime/kwalletd/backend/kwalletbackend.cc:108
 #6 KWalletD::KWalletD at ../../../../src/runtime/kwalletd/kwalletd.cpp:146

Comment 1 Yonatan 2015-09-27 13:06:23 UTC
Created attachment 1077675 [details]
File: backtrace

Comment 2 Yonatan 2015-09-27 13:06:26 UTC
Created attachment 1077676 [details]
File: build_ids

Comment 3 Yonatan 2015-09-27 13:06:31 UTC
Created attachment 1077677 [details]
File: cgroup

Comment 4 Yonatan 2015-09-27 13:06:33 UTC
Created attachment 1077678 [details]
File: core_backtrace

Comment 5 Yonatan 2015-09-27 13:06:36 UTC
Created attachment 1077679 [details]
File: dso_list

Comment 6 Yonatan 2015-09-27 13:06:38 UTC
Created attachment 1077680 [details]
File: environ

Comment 7 Yonatan 2015-09-27 13:06:40 UTC
Created attachment 1077681 [details]
File: limits

Comment 8 Yonatan 2015-09-27 13:06:45 UTC
Created attachment 1077682 [details]
File: maps

Comment 9 Yonatan 2015-09-27 13:06:47 UTC
Created attachment 1077683 [details]
File: mountinfo

Comment 10 Yonatan 2015-09-27 13:06:50 UTC
Created attachment 1077684 [details]
File: namespaces

Comment 11 Yonatan 2015-09-27 13:06:54 UTC
Created attachment 1077685 [details]
File: open_fds

Comment 12 Yonatan 2015-09-27 13:06:58 UTC
Created attachment 1077686 [details]
File: proc_pid_status

Comment 13 Yonatan 2015-09-27 13:07:08 UTC
Created attachment 1077687 [details]
File: var_log_messages

Comment 14 Giulio 'juliuxpigface' 2015-10-23 20:24:17 UTC
Another user experienced a similar problem:

Steps to reproduce:
1. Install Fedora 23 i686 (RC3 compose) on qemu-kvm
2. Boot the installed system.
3. Login to a Plasma session.

Actual result:
1. A window related to kwalletd pops up.
2. abrt catches a crash.

reporter:       libreport-2.6.2
backtrace_rating: 4
cmdline:        /usr/bin/kwalletd5 --pam-login 15 19
crash_function: qt_message_fatal
executable:     /usr/bin/kwalletd5
global_pid:     1374
kernel:         4.2.3-300.fc23.i686
package:        kf5-kwallet-5.14.0-1.fc23
reason:         kwalletd5 killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1000

Comment 15 Giulio 'juliuxpigface' 2015-10-23 20:32:58 UTC
Created attachment 1085943 [details]
kwalletd's startup window

this window pops up right after the first login

Comment 16 Fedora Blocker Bugs Application 2015-10-23 20:33:25 UTC
Proposed as a Blocker for 23-final by Fedora user juliuxpigface using the blocker tracking app because:

 I've hit this right after the first login on an installed i686 system (qemu-kvm).

It seems a violation of the "2.4.4 SELinux and crash notifications" final criteria:

"There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop."

https://fedoraproject.org/wiki/Fedora_23_Final_Release_Criteria#SELinux_and_crash_notifications

Comment 17 satellitgo 2015-10-23 20:39:27 UTC
Another user experienced a similar problem:

on first boot

reporter:       libreport-2.6.2
backtrace_rating: 4
cmdline:        /usr/bin/kwalletd5 --pam-login 15 19
crash_function: qt_message_fatal
executable:     /usr/bin/kwalletd5
global_pid:     1368
kernel:         4.2.3-300.fc23.i686
package:        kf5-kwallet-5.14.0-1.fc23
reason:         kwalletd5 killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1000

Comment 18 satellitgo 2015-10-23 20:57:33 UTC
(In reply to satellitgo from comment #17)
> Another user experienced a similar problem:
> 
> on first boot
> 
> reporter:       libreport-2.6.2
> backtrace_rating: 4
> cmdline:        /usr/bin/kwalletd5 --pam-login 15 19
> crash_function: qt_message_fatal
> executable:     /usr/bin/kwalletd5
> global_pid:     1368
> kernel:         4.2.3-300.fc23.i686
> package:        kf5-kwallet-5.14.0-1.fc23
> reason:         kwalletd5 killed by SIGABRT
> runlevel:       N 5
> type:           CCpp
> uid:            1000
on boot: "kwalletd5rc not writiable"

Comment 19 Kevin Kofler 2015-10-23 21:20:41 UTC
The fatal error says: "Cannot create wallet save location!"

It's this qFatal:
https://quickgit.kde.org/?p=kwallet.git&a=blob&h=fbb014d2b9efc38072634c6178013daabe882587&hb=f1e6b9d168281196010c44af2eae4587c1d2d088&f=src%2Fruntime%2Fkwalletd%2Fbackend%2Fkwalletbackend.cc#l108

I have 2 guesses as to what could be the issue:
1. I don't see HOME being set in environ. If it is really not set in the environment, it might be trying to write to something else as a result, instead of the expected ~/.local/…. (Unfortunately, the backtrace was done without a printer for QString, so I don't know what's in writeLocation and writeDir.)
2. It could also be an SELinux denial. (Try booting with selinux=0, does the error still appear then?)

Comment 20 Adam Williamson 2015-10-23 21:38:33 UTC
There's an error message shown on login, as well as the crash:

Configuration file "//.config/kwalletd5rc" not writable. Please contact your system administrator.

That seems to tie in with kk's guess #1 (note the location).

This bug seems to be i686 only - I tested x86_64 and i686 and saw it only on i686.

Comment 21 satellitgo 2015-10-23 21:51:10 UTC
(In reply to Kevin Kofler from comment #19)
> The fatal error says: "Cannot create wallet save location!"
> 
> It's this qFatal:
> https://quickgit.kde.org/?p=kwallet.
> git&a=blob&h=fbb014d2b9efc38072634c6178013daabe882587&hb=f1e6b9d168281196010c
> 44af2eae4587c1d2d088&f=src%2Fruntime%2Fkwalletd%2Fbackend%2Fkwalletbackend.
> cc#l108
> 
> I have 2 guesses as to what could be the issue:
> 1. I don't see HOME being set in environ. If it is really not set in the
> environment, it might be trying to write to something else as a result,
> instead of the expected ~/.local/…. (Unfortunately, the backtrace was done
> without a printer for QString, so I don't know what's in writeLocation and
> writeDir.)
> 2. It could also be an SELinux denial. (Try booting with selinux=0, does the
> error still appear then?)
selinux=0, in boot line, does not fix it in virtual machine manager install with 2048 memoru and 2 cpu's

Comment 22 Adam Williamson 2015-10-23 22:19:21 UTC
So to save anyone else the trouble, we (Kevin and I) think we know what's going on here now: it's very similar to a bug spotted and fixed a few weeks back, https://bugzilla.redhat.com/show_bug.cgi?id=1265813 , more or less just another case of the same thing. The offending code is in src/helper/Backend.cpp:

        pw = getpwnam(qPrintable(qobject_cast<HelperApp*>(parent())->user()));

Kevin's also spotted several other places something similar is happening, so he's just thinking about the best way to go about this. But we don't need more info or diagnosis at present.

Comment 23 Kevin Kofler 2015-10-23 22:25:01 UTC
Right, we tracked this down to yet another use-after-free in SDDM, similar to the one that was recently fixed upstream, except using qPrintable rather than QByteArray (so the -DQT_NO_CAST_FROM_BYTEARRAY safeguard does not catch it).

Comment 24 Kevin Kofler 2015-10-23 22:26:47 UTC
Created attachment 1085970 [details]
sddm-0.12.0-fix-use-after-free.patch

The attached patch should fix this use-after-free. There are other uses of qPrintable, some of which are also suspicious (e.g. in the PasswdBackend), but this patch should fix this blocker.

Comment 25 Adam Williamson 2015-10-23 23:30:43 UTC
Bad news - it doesn't seem to solve the bug. I built a live image with an SDDM with that patch applied, installed it, booted the installed system, and got the same KWallet error.

Comment 26 Kevin Kofler 2015-10-23 23:38:26 UTC
I'm out of ideas now. :-( I'm resetting this to the default assignee, but of course, if we can think of something to try, I'm still here to help.

Comment 27 Kevin Kofler 2015-10-24 01:23:19 UTC
Reassigning back to kf5-kwallet because it looks like that's where the issue lies after all.

Comment 28 Adam Williamson 2015-10-24 01:34:50 UTC
My next suspect is https://quickgit.kde.org/?p=kwallet.git&a=commit&h=f1e6b9d168281196010c44af2eae4587c1d2d088 , which refers to a bug that looks  identical to this: https://bugs.kde.org/show_bug.cgi?id=351805 . Testing that theory now.

Comment 29 Adam Williamson 2015-10-24 01:52:36 UTC
OK, yup, that's it. Installing from an image built with a patched kf5-kwallet results in no bug.

Possibly of interest, I first tried installing the patched kf5-kwallet to an installed system which had already hit the bug, and KDE session startup broke completely. Not sure if that was just a one-off thing, or something we might have to watch out for, if people have installed from images that suffer this bug.

We have an issue here: there's already a kf5 5.15.0 update in updates-testing, pending stable status.

https://bodhi.fedoraproject.org/updates/FEDORA-2015-084749eee7

I'd very strongly suggest we should *NOT* take a version bump for a couple of dozen packages through freeze at this point. That means we need to 'rewind' kf5-kwallet; we need to do a 5.14.0-2 build and pull that through the freeze instead. Dennis, can you advise on the best way to do that? Do we need to unpush that update, do a 5.14.0-2 build of kf5-kwallet, submit that, and then possibly go and do a 5.15.0-2 build of kf5-kwallet and re-submit the 5.15.0 update (for 0-day / post-release purposes), or what? Thanks!

Comment 30 Pier Luigi Fiorini 2015-10-24 10:07:45 UTC
(In reply to Kevin Kofler from comment #24)
> Created attachment 1085970 [details]
> sddm-0.12.0-fix-use-after-free.patch
> 
> The attached patch should fix this use-after-free. There are other uses of
> qPrintable, some of which are also suspicious (e.g. in the PasswdBackend),
> but this patch should fix this blocker.

It's a problem only if the qPrintable return value is used after the statement where qPrintable is invoked. So as long as that const char* is not referenced later it should be fine.

Comment 31 Rex Dieter 2015-10-24 13:32:48 UTC
Fwiw, I pulled the fix into latest kf5-kwallet-5.15.0 builds at least,

%changelog
* Sat Oct 24 2015 Rex Dieter <rdieter@fedoraproject.org> 5.15.0-2
- .spec cosmetics, update URL, backport upstream fixes (#1266756)


I'm personally in favor of pulling kf5-5.15.0 in (it includes several other nice-to-have's, including kf5-kservice related fixes for kbuildsycoca and login delays, https://bugs.kde.org/show_bug.cgi?id=353203), but if folks insist that's not viable, I could try flexing my releng supwercow powers to get an older 5.14 build too

Comment 32 Rex Dieter 2015-10-24 14:26:01 UTC
Take your pick from:

kf5-kwallet-5.15.0-2.fc23:
https://bodhi.fedoraproject.org/updates/FEDORA-2015-71c484c99b

(depends on the rest of kf5-5.15.0 too of course,
https://bodhi.fedoraproject.org/updates/FEDORA-2015-084749eee7
)

or

kf5-kwallet-5.14.0-2.fc23:
https://koji.fedoraproject.org/koji/buildinfo?buildID=694085


I'm guessing it would be problematic to try submitting the older one via bodhi, though we could probably try tagging it manually.

Comment 33 Bruno Wolff III 2015-10-24 16:32:33 UTC
+1 blocker. I dont have a strong opinion of whether or not it is best to try a limited fix or do a version upfate.

Comment 34 Adam Williamson 2015-10-24 20:52:21 UTC
Thanks for the builds! I would strongly prefer the 5.14.0 build, we have already slipped once, I don't want unnecessary churn in subsequent composes.

I *believe* it's OK to submit older builds to Bodhi, but that's more or less what I was asking for Dennis' advice on. We'll figure it out, anyhow.

Comment 35 David Shier 2015-10-26 02:08:38 UTC
Another user experienced a similar problem:

On log-in after rebooting from command line. I've not yet tried to reproduce.

reporter:       libreport-2.6.2
backtrace_rating: 4
cmdline:        /usr/bin/kwalletd5 --pam-login 14 18
crash_function: qt_message_fatal
executable:     /usr/bin/kwalletd5
global_pid:     1379
kernel:         4.2.3-300.fc23.i686
package:        kf5-kwallet-5.14.0-1.fc23
reason:         kwalletd5 killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1000

Comment 36 Stephen Gallagher 2015-10-26 13:22:33 UTC
I'm also +1 blocker here.

Regarding the Bodhi updates: you *can* submit both to Bodhi, but at least back in Bodhi 1.x that could cause issues (because it would cause the second one submitted to supplant the earlier one from the repository, which can result in a stuck upgrade path for anyone who installed the later version). I have no idea if that was fixed in Bodhi 2.x.

Of course, anyone who has installed the 5.15.x builds from u-t won't get this fix until a later 5.15 build arrives with it. And we can't just epoch-bump kf5-wallet because we'd have to do the same to every other package that depends on it... I think the best we can do is unpush the 5.15.x stuff from updates-testing and announce that this happened on announce@ so people can manually downgrade.

This is one of the reasons why I've never been comfortable with KDE's blanket exception to the stable updates policy. Maybe we can at least require for the future that no major/minor updates happen between Beta Freeze and Final Release, even in u-t? It's just too difficult to navigate since all the pieces need to update together.

Comment 37 Petr Schindler 2015-10-26 17:24:23 UTC
Discussed at 2015-10-26 blocker review meeting: [1]. 

This bug was accepted as Final blocker: This bug is a clear violation of the following criterion: "There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop."

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1271993

Comment 39 Fedora Update System 2015-10-26 22:44:45 UTC
kf5-kwallet-5.14.0-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-845978d82d

Comment 40 Kevin Kofler 2015-10-29 00:39:47 UTC
> This is one of the reasons why I've never been comfortable with
> KDE's blanket exception to the stable updates policy.

Especially with upstream's KF5 release policy (no stable branches), there is no other way. And even if it had been a point release (which are commonly pushed for many other packages including GNOME), we would have had the same issue because QA refused to just drag in the new release.

> Maybe we can at least require for the future that no major/minor
> updates happen between Beta Freeze and Final Release, even in u-t?
> It's just too difficult to navigate since all the pieces need to
> update together.

We should just pull those updates, which are mostly (though not entirely) bugfixes, in through the freeze.

Comment 41 Fedora Update System 2015-10-31 15:54:58 UTC
kf5-kwallet-5.14.0-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update kf5-kwallet'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-845978d82d

Comment 42 Fedora Update System 2015-10-31 16:06:29 UTC
kf5-kwallet-5.14.0-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 43 Dennis Gilmore 2016-10-03 20:03:12 UTC
removing needinfo


Note You need to log in before you can comment on or make changes to this bug.