Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1881745 - abrt-action-generate-backtrace crashes during local processing
Summary: abrt-action-generate-backtrace crashes during local processing
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: abrt
Version: 33
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: abrt
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedBlocker
Depends On:
Blocks: F33FinalBlocker
TreeView+ depends on / blocked
 
Reported: 2020-09-23 01:32 UTC by Chris Murphy
Modified: 2020-10-23 21:24 UTC (History)
17 users (show)

Fixed In Version: abrt-2.14.4-6.fc33
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-09-25 17:03:03 UTC
Type: Bug


Attachments (Terms of Use)
screenshot (82.25 KB, image/png)
2020-09-23 01:32 UTC, Chris Murphy
no flags Details
coredumpctl gdb (abrt-action-gen) (6.86 KB, text/plain)
2020-09-23 01:34 UTC, Chris Murphy
no flags Details
journal (414.83 KB, text/plain)
2020-09-23 01:36 UTC, Chris Murphy
no flags Details

Description Chris Murphy 2020-09-23 01:32:18 UTC
Created attachment 1715878 [details]
screenshot

Description of problem:

Abrt crash while processing a test crash (kill -SIGSEGV gedit)

Sep 22 19:03:52 fmac.local systemd-coredump[2860]: [🡕] Process 2847 (abrt-action-gen) of user 1000 dumped core.
Stack trace of thread 2847:
#0  0x00007ff37db6abc5 raise (libc.so.6 + 0x3dbc5)
#1  0x00007ff37db538a4 abort (libc.so.6 + 0x268a4)
#2  0x00007ff37dbad127 __libc_message (libc.so.6 + 0x80127)
#3  0x00007ff37dbb4e1c malloc_printerr (libc.so.6 + 0x87e1c)
#4  0x00007ff37dbb6674 _int_free (libc.so.6 + 0x89674)
#5  0x00007ff37dd6ab99 g_free (libglib-2.0.so.0 + 0x56b99)
#6  0x0000556a4dfb6539 main (abrt-action-generate-backtrace + 0x1539)
#7  0x00007ff37db551a2 __libc_start_main (libc.so.6 + 0x281a2)
#8  0x0000556a4dfb669e _start (abrt-action-generate-backtrace + 0x169e)



Version-Release number of selected component (if applicable):
abrt-2.14.4-5.fc33.x86_64
abrt-addon-ccpp-2.14.4-5.fc33.x86_64
abrt-addon-ccpp-debuginfo-2.14.4-5.fc33.x86_64
abrt-addon-kerneloops-2.14.4-5.fc33.x86_64
abrt-addon-pstoreoops-2.14.4-5.fc33.x86_64
abrt-addon-vmcore-2.14.4-5.fc33.x86_64
abrt-addon-xorg-2.14.4-5.fc33.x86_64
abrt-cli-2.14.4-5.fc33.x86_64
abrt-dbus-2.14.4-5.fc33.x86_64
abrt-debuginfo-2.14.4-5.fc33.x86_64
abrt-desktop-2.14.4-5.fc33.x86_64
abrt-gui-2.14.4-5.fc33.x86_64
abrt-gui-libs-2.14.4-5.fc33.x86_64
abrt-java-connector-1.2.0-5.fc33.x86_64
abrt-libs-2.14.4-5.fc33.x86_64
abrt-plugin-bodhi-2.14.4-5.fc33.x86_64
abrt-retrace-client-2.14.4-5.fc33.x86_64
abrt-tui-2.14.4-5.fc33.x86_64
gnome-abrt-1.3.6-5.fc33.x86_64
python3-abrt-2.14.4-5.fc33.x86_64
python3-abrt-addon-2.14.4-5.fc33.noarch


How reproducible:


Steps to Reproduce:
1. kill -SIGSEGV gedit
2. launch Problem Reporting
3. Report the bug

Actual results:

Processing failed

double free or corruption

See screenshot.

Expected results:

Locally process the bug, and file it.


Additional info:

Comment 1 Chris Murphy 2020-09-23 01:34:06 UTC
Created attachment 1715879 [details]
coredumpctl gdb (abrt-action-gen)

Comment 2 Chris Murphy 2020-09-23 01:36:15 UTC
Created attachment 1715880 [details]
journal

Comment 3 Chris Murphy 2020-09-23 01:52:07 UTC
This is reproducible, 3 for 3 attempts.

Comment 4 Chris Murphy 2020-09-23 01:55:34 UTC
Same thing when doing 'will_abort --random'

[  346.077524] systemd[1585]: Finished Cleanup of User's Temporary Files and Directories.
[  389.449341] audit[2673]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=2673 comm="will_abort" exe="/usr/bin/will_abort" sig=6 res=1
[  389.465478] audit: BPF prog-id=83 op=LOAD
[  389.466077] audit: BPF prog-id=84 op=LOAD
[  389.466228] audit: BPF prog-id=85 op=LOAD
[  389.467067] systemd[1]: Started Process Core Dump (PID 2674/UID 0).
[  389.468106] audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@3-2674-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  389.534374] systemd-coredump[2675]: [🡕] Process 2673 (will_abort) of user 1000 dumped core.
                                       
                                       Stack trace of thread 2673:
                                       #0  0x00007f0ac1f53bc5 __GI_raise (libc.so.6 + 0x3dbc5)
                                       #1  0x00007f0ac1f3c8a4 __GI_abort (libc.so.6 + 0x268a4)
                                       #2  0x0000559dfe60d1cc l.cold (will_abort + 0x11cc)
                                       #3  0x0000559dfe60da25 r (will_abort + 0x1a25)
                                       #4  0x0000559dfe60da75 s (will_abort + 0x1a75)
                                       #5  0x0000559dfe60d7a5 j (will_abort + 0x17a5)
                                       #6  0x0000559dfe60d525 b (will_abort + 0x1525)
                                       #7  0x0000559dfe60d9d5 q (will_abort + 0x19d5)
                                       #8  0x0000559dfe60dca5 z (will_abort + 0x1ca5)
                                       #9  0x0000559dfe60d4d5 a (will_abort + 0x14d5)
                                       #10 0x0000559dfe60d985 p (will_abort + 0x1985)
                                       #11 0x0000559dfe60d665 f (will_abort + 0x1665)
                                       #12 0x0000559dfe60dac5 t (will_abort + 0x1ac5)
                                       #13 0x0000559dfe60dac5 t (will_abort + 0x1ac5)
                                       #14 0x0000559dfe60d985 p (will_abort + 0x1985)
                                       #15 0x0000559dfe60d755 i (will_abort + 0x1755)
                                       #16 0x0000559dfe60d895 m (will_abort + 0x1895)
                                       #17 0x0000559dfe60d4d5 a (will_abort + 0x14d5)
                                       #18 0x0000559dfe60d34e main (will_abort + 0x134e)
                                       #19 0x00007f0ac1f3e1a2 __libc_start_main (libc.so.6 + 0x281a2)
                                       #20 0x0000559dfe60d3ce _start (will_abort + 0x13ce)
[  389.536618] systemd[1]: systemd-coredump@3-2674-0.service: Succeeded.
[  389.578749] audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@3-2674-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  389.605678] audit: BPF prog-id=85 op=UNLOAD
[  389.606056] audit: BPF prog-id=84 op=UNLOAD
[  389.606191] audit: BPF prog-id=83 op=UNLOAD
[  390.354626] abrt-notification[2733]: [🡕] Process 2673 (will_abort) crashed in m.cold()
[  396.688937] gnome-shell[1799]: Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x1a00008
[  400.112879] org.freedesktop.GnomeAbrt.desktop[2583]: Fetching title for problem report failed: HTTP Error 404: NOT FOUND
[  410.106297] audit[2772]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=2772 comm="abrt-action-gen" exe="/usr/bin/abrt-action-generate-backtrace" sig=6 res=1
[  410.124025] audit: BPF prog-id=86 op=LOAD
[  410.124424] audit: BPF prog-id=87 op=LOAD
[  410.124610] audit: BPF prog-id=88 op=LOAD
[  410.126263] systemd[1]: Started Process Core Dump (PID 2782/UID 0).
[  410.127375] audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@4-2782-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  410.226241] systemd-coredump[2783]: [🡕] Process 2772 (abrt-action-gen) of user 1000 dumped core.
                                       
                                       Stack trace of thread 2772:
                                       #0  0x00007fed6517bbc5 __GI_raise (libc.so.6 + 0x3dbc5)
                                       #1  0x00007fed651648a4 __GI_abort (libc.so.6 + 0x268a4)
                                       #2  0x00007fed651be127 __libc_message (libc.so.6 + 0x80127)
                                       #3  0x00007fed651c5e1c malloc_printerr (libc.so.6 + 0x87e1c)
                                       #4  0x00007fed651c7674 _int_free (libc.so.6 + 0x89674)
                                       #5  0x00007fed6537bb99 g_free (libglib-2.0.so.0 + 0x56b99)
                                       #6  0x000055d7b32ac539 main (abrt-action-generate-backtrace + 0x1539)
                                       #7  0x00007fed651661a2 __libc_start_main (libc.so.6 + 0x281a2)
                                       #8  0x000055d7b32ac69e _start (abrt-action-generate-backtrace + 0x169e)
[  410.228382] systemd[1]: systemd-coredump@4-2782-0.service: Succeeded.
[  410.319544] audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@4-2782-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  410.319990] audit: BPF prog-id=88 op=UNLOAD
[  410.320213] audit: BPF prog-id=87 op=UNLOAD
[  410.320317] audit: BPF prog-id=86 op=UNLOAD
[  410.562395] abrt-dump-journal-core[804]: Ignoring crash of ABRT executable '/usr/bin/abrt-action-generate-backtrace'

Comment 5 Fedora Blocker Bugs Application 2020-09-23 02:04:45 UTC
Proposed as a Blocker for 33-beta by Fedora user chrismurphy using the blocker tracking app because:

 Inability to report a bug using local or remote tracing  "hinders execution of required Beta test plans or dramatically reduces test coverage"

Same justification as:
https://bugzilla.redhat.com/show_bug.cgi?id=1878317#c6
https://bugzilla.redhat.com/show_bug.cgi?id=1878317#c7

Comment 6 Kamil Páral 2020-09-23 07:38:05 UTC
I can confirm this bug. ABRT can't process will_abort crash locally (and the retrace server doesn't accept the crash either).

Comment 7 Jonathan Haas 2020-09-23 14:06:16 UTC
This change seems to be suspicious: https://github.com/abrt/abrt/commit/89e0ddda37d8eb9b3aff78858be87255b36379dc#diff-a2b3bbd04cbb577c318d002d11a69171R351

As far as I understand it, this will always free the backtrace, instead of only freeing it when an error happens.

Comment 8 Jonathan Haas 2020-09-23 14:12:47 UTC
Upstream issue: https://github.com/abrt/abrt/issues/1528

Comment 9 Jonathan Haas 2020-09-23 16:36:16 UTC
This has been fixed upstream.

Comment 10 Michael Catanzaro 2020-09-23 18:30:05 UTC
Thanks very much for your patch, Jonathan!

Go/no-go is tomorrow, so we need it fixed in Fedora today. Help from any provenpackager would be great. Jonathan's patch is here: https://patch-diff.githubusercontent.com/raw/abrt/abrt/pull/1529.patch

Comment 11 Michael Catanzaro 2020-09-23 18:31:41 UTC
(In reply to Michael Catanzaro from comment #10)
> Thanks very much for your patch, Jonathan!

Er, well, I see your name is not on the patch. :P But thanks for identifying the problem!

Comment 12 Fedora Update System 2020-09-24 08:34:14 UTC
FEDORA-2020-7cad807210 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-7cad807210

Comment 13 Kamil Páral 2020-09-24 10:40:45 UTC
(In reply to Fedora Update System from comment #12)
> FEDORA-2020-7cad807210 has been submitted as an update to Fedora 33.
> https://bodhi.fedoraproject.org/updates/FEDORA-2020-7cad807210

With this update, I can report a bug using local generation. However, I also encountered bug 1882319 and bug 1882328.

Comment 14 Fedora Update System 2020-09-24 13:34:30 UTC
FEDORA-2020-7cad807210 has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-7cad807210`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-7cad807210

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 15 Michael Catanzaro 2020-09-24 16:01:09 UTC
(In reply to Kamil Páral from comment #13)
> With this update, I can report a bug using local generation.

Can you please link to the bug that you reported?

Comment 16 Kamil Páral 2020-09-24 16:19:55 UTC
(In reply to Michael Catanzaro from comment #15)
> Can you please link to the bug that you reported?

Sure, it's bug 1882327.

Comment 17 Kamil Páral 2020-09-24 16:30:04 UTC
Accepted as a Beta blocker:
https://pagure.io/fedora-qa/blocker-review/issue/119

Comment 18 Geoffrey Marr 2020-09-24 19:32:50 UTC
Discussed during the 2020-09-24 Fedora 33 Go/No-Go meeting: [0]

The decision to waive this bug's existing classification as an "AcceptedBlocker (Beta)" in the Go/No-Go decision was made under the late blocker exception since Beta getting the fix in an update is sufficient.

[0] https://meetbot-raw.fedoraproject.org/fedora-meeting-1/2020-09-24/f33-beta-go_no_go-meeting.2020-09-24-17.00.txt

Comment 19 Kamil Páral 2020-09-25 10:09:57 UTC
If a blocker is waived according to an exception rule, it's moved to the very next milestone per policy. Setting as a Final blocker.

Comment 20 Fedora Update System 2020-09-25 17:03:03 UTC
FEDORA-2020-7cad807210 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 21 Jeff Law 2020-10-12 16:51:25 UTC
 This change appears to be wrong:


commit 1ab9d3859ffa8bbfd002a95e79f9808f864b23a8 (HEAD -> master, origin/master, origin/HEAD)
Author: Matěj Grabovský <mgrabovs@redhat.com>
Date:   Thu Sep 24 10:07:28 2020 +0200

    Add patch for #1881745


        if (bt)
            log_warning("Backtrace is too big (%u bytes), reducing depth to %u",
                        (unsigned)strlen(bt), bt_depth);
        else
            /* (NB: in fact, current impl. of exec_vp() never returns NULL) */
            log_warning("Failed to generate backtrace, reducing depth to %u",
                        bt_depth);
            free(bt);


Note that the "free" is indented as if it's guarded by the ELSE clause, but it isn't.  I'm guessing you're missing some braces in the ELSE clause.


Jeff

Comment 22 Matej Grabovsky 2020-10-12 17:19:06 UTC
You're right, Jeff. Thanks for pointing that out.

I have proposed a patch upstream: https://github.com/abrt/abrt/pull/1534

Comment 23 Adam Williamson 2020-10-23 21:23:48 UTC
This stupid pattern is absolutely the worst thing about C...

Comment 24 Adam Williamson 2020-10-23 21:24:59 UTC
Bug fixed (and fix also fixed), commonbugs not needed.


Note You need to log in before you can comment on or make changes to this bug.