PulseAudio opens too many files, locks up, and fills up root fs (/var/log)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
alsa-lib (Ubuntu) |
Fix Released
|
High
|
Daniel T Chen | ||
Karmic |
Fix Released
|
Undecided
|
Daniel T Chen | ||
pulseaudio (Fedora) |
Fix Released
|
Critical
|
Bug Description
--- SRU information follows ---
Impact: 9.10 users may experience a local denial of service due to fd exhaustion caused by alsa-lib failing to properly free timers upon closing slave pcm devices.
10.04 resolution: http://
Minimal 9.10 patch: http://
TEST CASE: Choose a multichannel surround profile in Sound Preferences > Hardware > Profile
Regression potential: low to none -- all pcm (including slave pcm) devices will properly free associated timers
--- original bug report follows ---
Binary package hint: pulseaudio
First: note that this is not bug 446355, though it is similar. The message in the system log is:
Oct 13 14:25:51 zest pulseaudio[3578]: alsa-util.c: Unable to set sw params: Too many open files
Oct 13 14:25:51 zest pulseaudio[3578]: alsa-sink.c: Failed to set software parameters: Too many open files
Infinitely, repeatedly, until the /var/log/syslog and /var/log/user.log files fill up the partition that they are on. I have had to clear my log files 3 times now in the past day because my root filesystem was full, which started breaking various things (like my postfix installation which gets my mail delivered directly to me).
The log files are available on request privately, they contain information that I do not want published on the bug report, and due to their size, I cannot be sure to filter them and not accidentally remove anything relevant. There may be more in the log files than I have seen, simply because of the amount of stuff there. For anyone who requests the files, I'll email them: note that the log files are to 4 MB. However, they will expand to somewhere around 9 GB; compression on my system (4x 2.2 GHz 64-bit cores) took 300 minutes each, compressing with pbzip2. If you have a multiple-core system, decompression will go a lot more quickly if you use pbzip2 instead of bzip2 (and note also that compression took about 5 hours, I'd expect decompression to be similar). I will attached trimmed-down versions of these files as well, shortly after uploading the full log files.
This bug causes denial of service of anything in /var or on /, so I am classifying this as a security bug.
ProblemType: Bug
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/
/dev/snd/timer: mbt 27536 f.... pulseaudio
Card0.Amixer.info:
Card hw:0 'Live'/'SB Live! 5.1 [SB0060] (rev.7, serial:0x80611102) at 0xdc00, irq 19'
Mixer name : 'SigmaTel STAC9708,11'
Components : 'AC97a:83847608'
Controls : 224
Simple ctrls : 45
Date: Thu Oct 15 00:42:33 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelMo
Package: pulseaudio 1:0.9.19-0ubuntu1
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: pulseaudio
Uname: Linux 2.6.31.3-bfs303 x86_64
Related branches
- Luke Yelavich (community): Approve
- Diff: None lines
security vulnerability: | yes → no |
visibility: | private → public |
Changed in pulseaudio (Fedora): | |
status: | Unknown → Confirmed |
affects: | pulseaudio (Ubuntu) → alsa-lib (Ubuntu) |
Changed in alsa-lib (Ubuntu): | |
assignee: | nobody → Daniel T Chen (crimsun) |
importance: | Undecided → High |
status: | Confirmed → Fix Committed |
description: | updated |
Changed in alsa-lib (Ubuntu Karmic): | |
assignee: | nobody → Daniel T Chen (crimsun) |
tags: |
added: verification-done removed: verification-needed |
Changed in alsa-lib (Ubuntu Karmic): | |
status: | Fix Released → Fix Committed |
Changed in pulseaudio (Fedora): | |
importance: | Unknown → Critical |
status: | Confirmed → Fix Released |
Hi Marc,
I'm wondering why you removed the security vulnerability flag. This causes a denial of service for at least MTA software and probably any other software that relies on /var or / not being full.
PulseAudio is opening /dev/snd/timer until its maximum number of open files is reached. At that point. PulseAudio logs the same two messages until /var/log's available space is full. This causes subsequent log messages to be lost, and provides opportunities for several security-related events to occur without even a remote chance of detection. Furthermore, it causes the failure of MTA software even if /var/mail is _not_ full.