Bug 777828 – tracker-extract crashed with signal 31 in dup2()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 777828 - tracker-extract crashed with signal 31 in dup2()


Summary:	tracker-extract crashed with signal 31 in dup2()


Status:	RESOLVED FIXED

Product:	tracker
Classification:	Core
Component:	Extractor
Version:	1.10.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	tracker-extractor
QA Contact:	tracker-extractor

URL:
Whiteboard:

Duplicates:	777976 (view as bug list)
Depends on:
Blocks:

Reported:	2017-01-27 12:41 UTC by Michael Biebl
Modified:	2017-02-23 11:27 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Michael Biebl 2017-01-27 12:41:57 UTC

Filed as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849936

Even after updating tracker to 1.10.4-1, we get crashes for dup2() in tracker-extract

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849936#27

Simon McVittie commented:
"dup2 is treated specially, only allowed to manipulate high fds
which breaks down when you want to fork and exec, rewriting stdout/stderr after the fork
solution: the seccomp'd code should not try to fork and exec
(I suspect)"

Comment 1 Michael Biebl 2017-01-31 10:44:34 UTC

 #0  0x00007f6214130c47 in dup2 () at ../sysdeps/unix/syscall-template.S:84
 #1  0x00007f62146a0bc4 in sane_dup2 (fd1=fd1@entry=18, fd2=fd2@entry=0) at
././glib/gspawn.c:1099
         ret = <optimized out>
 #2  0x00007f62146a0e33 in do_exec (child_err_report_fd=17, stdin_fd=18,
stdout_fd=21, stderr_fd=-1, working_directory=working_directory@entry=0x0, argv=
argv@entry=0x7f61f3ffe8b0, envp=0x0, close_descriptors=1, search_path=0,
search_path_from_envp=0, stdout_to_null=0, stderr_to_null=0,
child_inherits_stdin=0, file_and_argv_zero=0, child_setup=0x0, user_data=0x0) at
././glib/gspawn.c:1170
         __func__ = "do_exec"
 #3  0x00007f62146a1a53 in fork_exec_with_pipes (intermediate_child=0,
working_directory=0x0, argv=0x7f61f3ffe8b0, envp=0x0, close_descriptors=1, searc
h_path=search_path@entry=0, search_path_from_envp=0, stdout_to_null=0,
stderr_to_null=0, child_inherits_stdin=0, file_and_argv_zero=0, cloexec_pipes=0,
child_setup=0x0, user_data=0x0, child_pid=0x7f61e800b414,
standard_input=0x7f61e800b418, standard_output=0x7f61e800b420,
standard_error=0x0, error=0x0) at ././glib/gspawn.c:1426
         pid = 0
         stdin_pipe = {18, -1}
         stdout_pipe = {-1, 21}
         stderr_pipe = {-1, -1}
         child_err_report_pipe = {-1, 17}
         child_pid_report_pipe = {-1, -1}
         pipe_flags = 0
         status = 104449840
 #4  0x00007f62146a24c5 in g_spawn_async_with_pipes
(working_directory=<optimized out>, argv=<optimized out>, envp=<optimized out>,
flags=<optimized out>, child_setup=<optimized out>, user_data=<optimized out>,
child_pid=0x7f61e800b414, standard_input=0x7f61e800b418,
standard_output=0x7f61e800b420, standard_error=0x0, error=0x0) at
././glib/gspawn.c:656
         __func__ = "g_spawn_async_with_pipes"
 #5  0x00007f61f90b2e99 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #6  0x00007f61f90b2fc1 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #7  0x00007f61f90b3545 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #8  0x00007f61f90bc72c in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #9  0x00007f61f90bd891 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #10 0x00007f61f90bda66 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #11 0x00007f61f90bf6b4 in gst_update_registry () at /usr/lib/x86_64-linux-
gnu/libgstreamer-1.0.so.0
 #12 0x00007f61f905a20e in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #13 0x00007f6214666b08 in g_option_context_parse (context=<optimized out>,
argc=0x0, argv=<optimized out>, error=<optimized out>) at
././glib/goption.c:2165
         group = <optimized out>
         i = 32610
         j = <optimized out>
         k = <optimized out>
         list = 0x7f62000014a0
 #14 0x00007f61f905abdf in gst_init_check () at /usr/lib/x86_64-linux-
gnu/libgstreamer-1.0.so.0
 #15 0x00007f61f905ac34 in gst_init () at /usr/lib/x86_64-linux-
gnu/libgstreamer-1.0.so.0
 #16 0x00007f61f97b4916 in  () at /usr/lib/x86_64-linux-gnu/tracker-1.0/extract-
modules/libextract-gstreamer.so
 #17 0x00007f61f97b5e80 in tracker_extract_get_metadata () at /usr/lib/x86_64-
linux-gnu/tracker-1.0/extract-modules/libextract-gstreamer.so
 #18 0x000055aa0504e78c in  ()
 #19 0x000055aa0504edf3 in  ()
 #20 0x000055aa0504ee50 in  ()
 #21 0x00007f6214682345 in g_thread_proxy (data=0x7f62000041e0) at
././glib/gthread.c:784
         thread = 0x7f62000041e0
 #22 0x00007f62143fa424 in start_thread (arg=0x7f61f3fff700) at
pthread_create.c:333
         __res = <optimized out>
         pd = 0x7f61f3fff700
         now = <optimized out>
         unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140058682193664,
- -4518270974761498887, 0, 140730568722527, 0, 140059253153856,
4577917282149336825, 4580099265459128057}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
         not_first_call = <optimized out>
         pagesize_m1 = <optimized out>
         sp = <optimized out>
         freesize = <optimized out>
         __PRETTY_FUNCTION__ = "start_thread"
 #23 0x00007f621413d9bf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:105
StacktraceTop:
 dup2 () at ../sysdeps/unix/syscall-template.S:84
 sane_dup2 (fd1=fd1@entry=18, fd2=fd2@entry=0) at ././glib/gspawn.c:1099
 do_exec (child_err_report_fd=17, stdin_fd=18, stdout_fd=21, stderr_fd=-1, worki
ng_directory=working_directory@entry=0x0, argv=argv@entry=0x7f61f3ffe8b0,
envp=0x0, close_descriptors=1, search_path=0, search_path_from_envp=0,
stdout_to_null=0, stderr_to_null=0, child_inherits_stdin=0,
file_and_argv_zero=0, child_setup=0x0, user_data=0x0) at ././glib/gspawn.c:1170
 fork_exec_with_pipes (intermediate_child=0, working_directory=0x0,
argv=0x7f61f3ffe8b0, envp=0x0, close_descriptors=1, search_path=search_path@entr
y=0, search_path_from_envp=0, stdout_to_null=0, stderr_to_null=0,
child_inherits_stdin=0, file_and_argv_zero=0, cloexec_pipes=0, child_setup=0x0,
user_data=0x0, child_pid=0x7f61e800b414, standard_input=0x7f61e800b418,
standard_output=0x7f61e800b420, standard_error=0x0, error=0x0) at
././glib/gspawn.c:1426
 g_spawn_async_with_pipes (working_directory=<optimized out>, argv=<optimized
out>, envp=<optimized out>, flags=<optimized out>, child_setup=<optimized out>,
user_data=<optimized out>, child_pid=0x7f61e800b414,
standard_input=0x7f61e800b418, standard_output=0x7f61e800b420,
standard_error=0x0, error=0x0) at ././glib/gspawn.c:656
ThreadStacktrace:
 .
 Thread 1 (Thread 0x7f61f3fff700 (LWP 10830)):
 #0  0x00007f6214130c47 in dup2 () at ../sysdeps/unix/syscall-template.S:84
 #1  0x00007f62146a0bc4 in sane_dup2 (fd1=fd1@entry=18, fd2=fd2@entry=0) at
././glib/gspawn.c:1099
         ret = <optimized out>
 #2  0x00007f62146a0e33 in do_exec (child_err_report_fd=17, stdin_fd=18,
stdout_fd=21, stderr_fd=-1, working_directory=working_directory@entry=0x0, argv=
argv@entry=0x7f61f3ffe8b0, envp=0x0, close_descriptors=1, search_path=0,
search_path_from_envp=0, stdout_to_null=0, stderr_to_null=0,
child_inherits_stdin=0, file_and_argv_zero=0, child_setup=0x0, user_data=0x0) at
././glib/gspawn.c:1170
         __func__ = "do_exec"
 #3  0x00007f62146a1a53 in fork_exec_with_pipes (intermediate_child=0,
working_directory=0x0, argv=0x7f61f3ffe8b0, envp=0x0, close_descriptors=1, searc
h_path=search_path@entry=0, search_path_from_envp=0, stdout_to_null=0,
stderr_to_null=0, child_inherits_stdin=0, file_and_argv_zero=0, cloexec_pipes=0,
child_setup=0x0, user_data=0x0, child_pid=0x7f61e800b414,
standard_input=0x7f61e800b418, standard_output=0x7f61e800b420,
standard_error=0x0, error=0x0) at ././glib/gspawn.c:1426
         pid = 0
         stdin_pipe = {18, -1}
         stdout_pipe = {-1, 21}
         stderr_pipe = {-1, -1}
         child_err_report_pipe = {-1, 17}
         child_pid_report_pipe = {-1, -1}
         pipe_flags = 0
         status = 104449840
 #4  0x00007f62146a24c5 in g_spawn_async_with_pipes
(working_directory=<optimized out>, argv=<optimized out>, envp=<optimized out>,
flags=<optimized out>, child_setup=<optimized out>, user_data=<optimized out>,
child_pid=0x7f61e800b414, standard_input=0x7f61e800b418,
standard_output=0x7f61e800b420, standard_error=0x0, error=0x0) at
././glib/gspawn.c:656
         __func__ = "g_spawn_async_with_pipes"
 #5  0x00007f61f90b2e99 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #6  0x00007f61f90b2fc1 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #7  0x00007f61f90b3545 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #8  0x00007f61f90bc72c in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #9  0x00007f61f90bd891 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #10 0x00007f61f90bda66 in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #11 0x00007f61f90bf6b4 in gst_update_registry () at /usr/lib/x86_64-linux-
gnu/libgstreamer-1.0.so.0
 #12 0x00007f61f905a20e in  () at /usr/lib/x86_64-linux-gnu/libgstreamer-
1.0.so.0
 #13 0x00007f6214666b08 in g_option_context_parse (context=<optimized out>,
argc=0x0, argv=<optimized out>, error=<optimized out>) at
././glib/goption.c:2165
         group = <optimized out>
         i = 32610
         j = <optimized out>
         k = <optimized out>
         list = 0x7f62000014a0
 #14 0x00007f61f905abdf in gst_init_check () at /usr/lib/x86_64-linux-
gnu/libgstreamer-1.0.so.0
 #15 0x00007f61f905ac34 in gst_init () at /usr/lib/x86_64-linux-
gnu/libgstreamer-1.0.so.0
 #16 0x00007f61f97b4916 in  () at /usr/lib/x86_64-linux-gnu/tracker-1.0/extract-
modules/libextract-gstreamer.so
 #17 0x00007f61f97b5e80 in tracker_extract_get_metadata () at /usr/lib/x86_64-
linux-gnu/tracker-1.0/extract-modules/libextract-gstreamer.so
 #18 0x000055aa0504e78c in  ()
 #19 0x000055aa0504edf3 in  ()
 #20 0x000055aa0504ee50 in  ()
 #21 0x00007f6214682345 in g_thread_proxy (data=0x7f62000041e0) at
././glib/gthread.c:784
         thread = 0x7f62000041e0
 #22 0x00007f62143fa424 in start_thread (arg=0x7f61f3fff700) at
pthread_create.c:333
         __res = <optimized out>
         pd = 0x7f61f3fff700
         now = <optimized out>
         unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140058682193664,
- -4518270974761498887, 0, 140730568722527, 0, 140059253153856,
4577917282149336825, 4580099265459128057}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
         not_first_call = <optimized out>
         pagesize_m1 = <optimized out>
         sp = <optimized out>
         freesize = <optimized out>
         __PRETTY_FUNCTION__ = "start_thread"
 #23 0x00007f621413d9bf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:105
Title: tracker-extract crashed with signal 31 in dup2()

Comment 2 Sebastian Dröge (slomo) 2017-01-31 14:07:24 UTC

*** Bug 777976 has been marked as a duplicate of this bug. ***

Comment 3 Sebastian Dröge (slomo) 2017-01-31 14:10:53 UTC

As written on the Debian bug report, you could also set GST_REGISTRY_FORK=no. This has the disadvantage that plugin loading happens in-process, and broken plugins can't be gracefully blacklisted but will bring down the whole process instead.

Alternatively one could use different (new, non-stdout/in/err) fds in GStreamer for that, but I think there's no portable way for doing that in GLib.

Comment 4 Carlos Garnacho 2017-02-23 11:27:59 UTC

I pushed https://git.gnome.org/browse/tracker/commit/?h=tracker-1.10&id=b76f9f57007e60ded354bb1f361b8562c40c449f to tracker-1.10 (which doesn't avoid the registry creation from failing though...), and master took gst_init() out of the sandbox, so registry creation may actually succeed there.

I guess there's not much else I can do here...