Polkitd traps general protection ip in libmozjs-17.0.so

madko · March 12, 2015, 10:24am

Is anyone having this flooding messages:

[1268318.316876] traps: polkitd[2431] general protection ip:7f0f39924cf2 sp:7fffdecead90 error:0 in libmozjs-17.0.so[7f0f397e6000+3b3000]
[1269021.023279] traps: polkitd[23591] general protection ip:7f4bf3931cf2 sp:7fffb92ff140 error:0 in libmozjs-17.0.so[7f4bf37f3000+3b3000]
[1269709.998019] traps: polkitd[12919] general protection ip:7fa475e03cf2 sp:7fff7470f0a0 error:0 in libmozjs-17.0.so[7fa475cc5000+3b3000]
[1270411.427162] traps: polkitd[1849] general protection ip:7f179f907cf2 sp:7fff097c1e60 error:0 in libmozjs-17.0.so[7f179f7c9000+3b3000]
[1271099.456344] traps: polkitd[23258] general protection ip:7fd048dfdcf2 sp:7fffbd6b4fe0 error:0 in libmozjs-17.0.so[7fd048cbf000+3b3000]
[1271800.964452] traps: polkitd[12157] general protection ip:7ffa7fc77cf2 sp:7fff431e5090 error:0 in libmozjs-17.0.so[7ffa7fb39000+3b3000]
[1272489.131726] traps: polkitd[1345] general protection ip:7f196c0c4cf2 sp:7fffcab11db0 error:0 in libmozjs-17.0.so[7f196bf86000+3b3000]
[1273190.682984] traps: polkitd[22510] general protection ip:7ffe344ffcf2 sp:7fffc4efee20 error:0 in libmozjs-17.0.so[7ffe343c1000+3b3000]
[1273878.915149] traps: polkitd[11824] general protection ip:7f452f286cf2 sp:7fff7b9a3550 error:0 in libmozjs-17.0.so[7f452f148000+3b3000]
[1274751.770860] traps: polkitd[628] general protection ip:7fc037849cf2 sp:7fffd460b730 error:0 in libmozjs-17.0.so[7fc03770b000+3b3000]

This is on CentOS 7 up-to-date, OpenNebula 4.12 (have this on 4.10 too). Any idea?

madko · June 4, 2015, 9:35am

no one? It seems to be related to polkitd. I suspect polkit doesn’t like the user oneadmin to run VM? This is how the opennebula-kvm-node package configure KVM

[root] # cat /etc/libvirt/qemu.conf
user  = "oneadmin"
group = "oneadmin"
dynamic_ownership = 0

May be there is something to do on polkit side ?

vholer · June 4, 2015, 3:40pm

Yes, I’m as well on CentOS 7.x .

It’s related to PolicyKit, which crashes after many authentication checks. I would strongly recommend to disable PolicyKit support in libvirtd on RHEL/CentOS 7.x by adding following lines into /etc/libvirt/libvirtd.conf :

auth_unix_ro = "none"
auth_unix_rw = "none"
unix_sock_group = "oneadmin"
unix_sock_ro_perms = "0770"
unix_sock_rw_perms = "0770"

When PolicyKit fails, also the libvirt operations initiated by KVM IM probes or KVM VMM actions fail. OpenNebula end user then can experience random failures, which is veeery unfortunate.

https://bugzilla.redhat.com/show_bug.cgi?id=1209158
https://bugs.freedesktop.org/show_bug.cgi?id=69501

madko · June 10, 2015, 11:28am

Thanks Vlastimil, I have added those lines, will see if it fix the problem.

michaudg · December 24, 2015, 8:28pm

Same problem for me. Solved with the Vlastimil_Holer solution.

Thanks for sharing!

mago · January 27, 2016, 11:27am

We have a problem with UNKNOWN machines status en ERROR hosts status. We tried Vlastimil_Holer solution but it doesn’t work.

We’ve restarted the services opennebula-sunstone, opennebula-novnc, opennebula-scheduler and opennebula.

efrakt · March 1, 2016, 8:22am

You need to restart libvirtd not opennebula.

billcole · March 1, 2016, 7:38pm

Confirmed: libvirtd on the host in ERROR status gets into a hung-busy state where it’s eating lots of CPU but not conversing with the OpenNebula monitoring components. Restarting libvirtd resolves that.

Also: the polkitd crashes in RHEL/CentOS7 which seem related are fixed by a recent update (backported from upstream) but the testing I’ve been able to do so far isn’t enough to be sure that this fully fixes the libvirtd problem. The only way I could reliably reproduce the full breakage was in a production cluster with an overloaded host and we had a preventative workaround in before the update.

valerio_schiavoni · March 6, 2016, 3:37pm

On which hosts should we add those lines The one one where the oned runs ?

atodorov_storpool · March 6, 2016, 8:38pm

On all CentOS 7.x hosts from the output of onehost list.

Yannick_MOLINET · August 26, 2016, 12:44pm

it seems that this configuration don’t work on Debian 8.
I have this error on a host, I have configured libvrt as mentionned, but problem is back.

Yannick_MOLINET · August 26, 2016, 12:55pm

so sorry , I’m wrong.
I don’t have apply the setting in the correct files
I’m have apply this in /etc/libvirt/libvirt.conf and not in /etc/libvirt/libvirtd.conf

ranjith · March 25, 2017, 5:46am

In my .conf file unix_sock_group is ‘libvirt’. What means by that. Do i have to change it to oneadmin.

drupalshift · September 12, 2017, 9:25am

You are a life saver man

daryn · November 25, 2017, 9:16pm

Legend! I had this error for over a year. Where the state goes to UNKNOWN and things stop working. Couldn’t create VM’s , or deploy etc Thank you!

Topic		Replies	Views
Unknown machines and error hosts after update Community Support	3	2178	January 28, 2016
Major issue: error from service: CheckAuthorization Community Support	12	2673	September 7, 2016
One.zone.raftstatus result FAILURE [one.zone.raftstatus] User couldn't be authenticated, aborting call Community Support	10	2562	July 28, 2017
Cloud Bursting for Amazon Community Support	1	547	December 25, 2016
Error monitoring host Community Support	2	2897	January 1, 2016

Polkitd traps general protection ip in libmozjs-17.0.so

Related Topics