Bug 1656518 - [abrt] fprintd: g_malloc0(): fprintd killed by SIGTRAP
Summary: [abrt] fprintd: g_malloc0(): fprintd killed by SIGTRAP
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: libfprint (Show other bugs)
(Show other bugs)
Version: 29
Hardware: x86_64 Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Bastien Nocera
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:b55ac7cefaa3cbae3d35564190e...
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-05 16:53 UTC by lennart_reuther
Modified: 2018-12-06 10:18 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-12-06 10:08:03 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
File: backtrace (20.49 KB, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: cgroup (305 bytes, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: core_backtrace (13.05 KB, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: cpuinfo (1.57 KB, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: dso_list (3.51 KB, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: environ (144 bytes, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: limits (1.29 KB, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: maps (23.79 KB, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: mountinfo (6.83 KB, text/plain)
2018-12-05 16:53 UTC, lennart_reuther 		no flags Details
File: open_fds (1.12 KB, text/plain)
2018-12-05 16:54 UTC, lennart_reuther 		no flags Details
File: proc_pid_status (1.28 KB, text/plain)
2018-12-05 16:54 UTC, lennart_reuther 		no flags Details
File: var_log_messages (268 bytes, text/plain)
2018-12-05 16:54 UTC, lennart_reuther 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Description lennart_reuther 2018-12-05 16:53:39 UTC 
Description of problem:
doing a sudo for remounting a tmpfs file system (so guess, this should be pretty uncorrelated. SE-Linux was throwing lots of notifications in the gnome-shell. 

Version-Release number of selected component:
fprintd-0.8.1-3.fc29

Additional info:
reporter:       libreport-2.9.6
backtrace_rating: 4
cmdline:        /usr/libexec/fprintd
crash_function: g_malloc0
executable:     /usr/libexec/fprintd
journald_cursor: s=f660756ad2664806af02c219ed9f98a6;i=37ec;b=928fb8bb0fd043b89ada15153a072c93;m=156a34cff9;t=57c49103a9b87;x=25c5703ec99b21cc
kernel:         4.19.5-300.fc29.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            0

Potential duplicate: bug 1546261
Comment 1 lennart_reuther 2018-12-05 16:53:44 UTC 
Created attachment 1511794 [details]
File: backtrace
Comment 2 lennart_reuther 2018-12-05 16:53:46 UTC 
Created attachment 1511795 [details]
File: cgroup
Comment 3 lennart_reuther 2018-12-05 16:53:48 UTC 
Created attachment 1511796 [details]
File: core_backtrace
Comment 4 lennart_reuther 2018-12-05 16:53:49 UTC 
Created attachment 1511797 [details]
File: cpuinfo
Comment 5 lennart_reuther 2018-12-05 16:53:51 UTC 
Created attachment 1511798 [details]
File: dso_list
Comment 6 lennart_reuther 2018-12-05 16:53:53 UTC 
Created attachment 1511799 [details]
File: environ
Comment 7 lennart_reuther 2018-12-05 16:53:54 UTC 
Created attachment 1511800 [details]
File: limits
Comment 8 lennart_reuther 2018-12-05 16:53:57 UTC 
Created attachment 1511801 [details]
File: maps
Comment 9 lennart_reuther 2018-12-05 16:53:58 UTC 
Created attachment 1511802 [details]
File: mountinfo
Comment 10 lennart_reuther 2018-12-05 16:54:00 UTC 
Created attachment 1511803 [details]
File: open_fds
Comment 11 lennart_reuther 2018-12-05 16:54:01 UTC 
Created attachment 1511804 [details]
File: proc_pid_status
Comment 12 lennart_reuther 2018-12-05 16:54:02 UTC 
Created attachment 1511805 [details]
File: var_log_messages
Comment 13 Bastien Nocera 2018-12-06 10:08:03 UTC 
Looks like a integer overflow in the assembling functions:

        msg_alloc = 0x56415598dd30 "gmem.c:135: failed to allocate 18446744073709551612 bytes"


#4  0x00007f4ea042702a in g_malloc0 (n_bytes=n_bytes@entry=18446744073709551612) at gmem.c:134
        mem = <optimized out>
#5  0x00007f4ea07b1afb in median_filter (filtersize=25, size=-1, data=0x0) at ../libfprint/assembling.c:317
        i = <optimized out>
        result = <optimized out>
        sortbuf = <optimized out>
        i = <optimized out>
        result = <optimized out>
        sortbuf = <optimized out>
        i1 = <optimized out>
        i2 = <optimized out>
#6  fpi_assemble_lines (ctx=ctx@entry=0x7f4ea08163c0 <assembling_ctx>, lines=0x56415598d790, lines_len=1) at ../libfprint/assembling.c:400
        i = 0
        row1 = 0x56415598d790
        row2 = <optimized out>
        y = 0
        line_ind = 0
        offsets = 0x0
        output = 0x5641559cfed0 ""
        img = <optimized out>
        __func__ = "fpi_assemble_lines"

Ultimately it's a bug in the vfs5011 driver though, which is a device I don't have access to.

The crasher fix is here, and will be in the next version of libfprint:
https://gitlab.freedesktop.org/libfprint/libfprint/merge_requests/37

This is the driver bug:
https://gitlab.freedesktop.org/libfprint/libfprint/issues/135
Comment 14 lennart_reuther 2018-12-06 10:18:44 UTC 
Hi Bastien, that's great news. Thanks for taking care within a really timely manner. Cheers from Cologne, L.
Note You need to log in before you can comment on or make changes to this bug.