Description of problem:
Customer reported over 32K of unix sockets spawned by the spice-vdagent. Noticed that the spice daemon was failing to start also.
Version-Release number of selected component (if applicable):
The guest is running RHEL 7.4
My lab system is running RHEL 7.5 with the latest spice rpms and is also seeing this issue.
Every time. My lab system is exhibiting the same failures.
Steps to Reproduce:
1. Install a RHEL with spice enabled
2. Login and check the agent and sockets
The spice daemon failed to start and there are about 32K unix sockets belonging to spice-vdagent
Spice daemon should start and there should not be so many sockets.
# netstat -noap | grep spice-vdagent | wc -l
# cat ps| grep spice
root 14801 0.0 0.0 40432 516 ? Ss Nov12 0:04 /usr/bin/spice-vdagent
gdm 28950 0.0 0.0 40432 512 ? Ss Nov12 0:05 /usr/bin/spice-vdagent
unix 2 [ ] STREAM 164308595 28950/spice-vdagent
unix 2 [ ] STREAM 164106007 28950/spice-vdagent
unix 2 [ ] STREAM 164064092 28950/spice-vdagent
unix 2 [ ] STREAM 163985673 28950/spice-vdagent
unix 2 [ ] STREAM 163354789 28950/spice-vdagent
unix 2 [ ] STREAM 163131966 28950/spice-vdagent
unix 2 [ ] STREAM 162613524 28950/spice-vdagent
Created attachment 1506458 [details]
spice-vdagentd failing my lab VM
Created attachment 1506459 [details]
spice-vdagent starting too many sockets my lab VM
Moving to spice-vdagent in RHEL7 and we might need to clone to RHEL8 too.
Patch that fixes the leak of sockets:
The main issue is spice-vdagentd failing to start with "systemd: Job spice-vdagentd.socket/start failed with result 'dependency'.
I wonder if this was fixed by bug 1340160, fix would be in RHEL 7.5 at spice-vdagent-0.14.0-15.el7.x86_64.
Frank, is it possible to test?
Ah, sorry Frank, I missed that you already tested latest spice-vdagent from comment #0
Yes I tested with spice-vdagent-0.14.0-16.el7.x86_64.
Upstream patch at https://gitlab.freedesktop.org/spice/linux/vd_agent/commit/2d6d0d2acd3248e981361c2f3d8b253da8f04048. This fixes the file descriptor leak.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.