Tor crash on start when Sandbox enabled

changed milestone to %Tor: 0.2.5.x-final

added component::core tor/tor milestone::Tor: 0.2.5.x-final owner::nickm priority::medium reporter::alphawolf resolution::fixed sandbox status::closed type::defect version::tor 0.2.5.4-alpha labels

Trac:
Username: alphawolf

stack-trace.txt

stack trace.. and more.

Trac:
Username: alphawolf

torrc

combined torrc

Trac:
Username: alphawolf

I think this is crashing because you're profiling... (I say that because it's happening inside moncontrol, which is a profiling-related function).

I wonder how to fix this combination (Sandbox+profiling), and whether we should support it in 0.2.5. The crash is probably reproducible, at least, which should put a fix within reach.

Trac:
Summary: Tor crash on start when Sandbox enabled to Tor crash on start when Sandbox enabled with profiling.

I'm actually having trouble reproducing this on another vm (VirtualBox on another host), even after copying over torrc with minimal changes and using the same ./configure options. I'll need to spin up another VM on the Xen host to limit variables. Maybe the hypervisor doesn't want to play nice. I'll give more info when I'm able to reproduce.

Trac:
Username: alphawolf
Status: new to needs_information

Alright, I was able to reproduce the problem in both the Xen guest and the VirtualBox guest. It doesn't appear to be related to any of the CFLAGS, or indeed any options passed to ./configure at all (I tried many combos). It only seems to happen if I start Tor using Debian's /etc/init.d/tor start. If I call it directly @ /usr/bin/tor it does not generate a stack trace.

I thought perhaps it was something in how I built it from source, but this problem can be reproduced with the deb packages from the tor experimental repo as well, on a fresh install of Debian Jessie. As soon as Sandbox 1 is enabled, any attempt to start tor using $ /etc/init.d/tor start or $ service tor start results in a stack trace. Calling the binary directly starts without crash.

Trac:
Username: alphawolf
Status: needs_information to new
Summary: Tor crash on start when Sandbox enabled with profiling. to Tor crash on start when Sandbox enabled

Hm. I wonder, what does the init.d script do that starting Tor from the command line does not? And which of those things matters?

Trac:
Milestone: N/A to Tor: 0.2.5.x-final

Trac:
Status: new to assigned
Owner: N/A to nickm

Line 149 of /etc/init.d/tor calls check_config.

If I comment out that line, tor will start with sandbox enabled. Uncomment, and it crashes. That function (?) consists of:

check_config () {
        if ! $DAEMON $VERIFY_ARGS > /dev/null; then
                log_failure_msg "Checking if $NAME configuration is valid"
                $DAEMON $VERIFY_ARGS >&2
                exit 1
        fi
}

I've located it... someone else will have to figure out the "why".

Trac:
Username: alphawolf

Can you tell me what the stack trace looks like in this case (without profiling)?

This is on the fresh install. Everything as-shipped except enabling Sandbox in torrc:

# /etc/init.d/tor start

============================================================ T= 1398992076
(Sandbox) Caught a bad syscall attempt (syscall ioctl)
/usr/bin/tor(+0x124c3a)[0x7fb5d3b40c3a]
/lib/x86_64-linux-gnu/libc.so.6(tcgetattr+0x19)[0x7fb5d2143d49]
/lib/x86_64-linux-gnu/libc.so.6(tcgetattr+0x19)[0x7fb5d2143d49]
/lib/x86_64-linux-gnu/libc.so.6(isatty+0xc)[0x7fb5d214053c]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_doallocate+0x104)[0x7fb5d20cf314]
/lib/x86_64-linux-gnu/libc.so.6(_IO_doallocbuf+0x2c)[0x7fb5d20dbdec]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_overflow+0x198)[0x7fb5d20db2d8]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_xsputn+0xa1)[0x7fb5d20da5d1]
/lib/x86_64-linux-gnu/libc.so.6(_IO_puts+0xa0)[0x7fb5d20d16b0]
/usr/bin/tor(tor_main+0x129e)[0x7fb5d3a54e5e]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fb5d2087b45]
/usr/bin/tor(+0x32d0b)[0x7fb5d3a4ed0b]
[FAIL] Checking if tor configuration is valid ... failed!
May 01 20:54:36.776 [notice] Tor v0.2.5.4-alpha (git-af996adebf1f0225) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1g and Zlib 1.2.8.
May 01 20:54:36.776 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
May 01 20:54:36.776 [notice] This version is not a stable Tor release. Expect more bugs than usual.
May 01 20:54:36.776 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
May 01 20:54:36.776 [notice] Read configuration file "/etc/tor/torrc".

============================================================ T= 1398992076
(Sandbox) Caught a bad syscall attempt (syscall ioctl)
/usr/bin/tor(+0x124c3a)[0x7fdff7fd7c3a]
/lib/x86_64-linux-gnu/libc.so.6(tcgetattr+0x19)[0x7fdff65dad49]
/lib/x86_64-linux-gnu/libc.so.6(tcgetattr+0x19)[0x7fdff65dad49]
/lib/x86_64-linux-gnu/libc.so.6(isatty+0xc)[0x7fdff65d753c]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_doallocate+0x104)[0x7fdff6566314]
/lib/x86_64-linux-gnu/libc.so.6(_IO_doallocbuf+0x2c)[0x7fdff6572dec]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_overflow+0x198)[0x7fdff65722d8]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_xsputn+0xa1)[0x7fdff65715d1]
/lib/x86_64-linux-gnu/libc.so.6(_IO_puts+0xa0)[0x7fdff65686b0]
/usr/bin/tor(tor_main+0x129e)[0x7fdff7eebe5e]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fdff651eb45]
/usr/bin/tor(+0x32d0b)[0x7fdff7ee5d0b]

Trac:
Username: alphawolf

Trac:
11609.patch

If you can try a patch, I have an idea that the one I just attached might fix --verify-config. It only applies the sandbox in the case where we're about to run Tor.

Trac:
Status: assigned to needs_review

Confirmed; patch fixes issue both with and without profiling.

Trac:
Username: alphawolf

Fix applied as 5d496963b4a98512711bd4cbc5565535d89e7845; thanks!

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

Tor crash on start when Sandbox enabled

Child items ...

Activity