Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#12229 closed defect (fixed)

Sandbox: bad syscall attempt (syscall getrlimit) after "New control connection opened"

Reported by: alphawolf Owned by:
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Keywords: sandbox
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Tor crashes with stack trace when sandbox enabled and controller (arm) connects. This is a regression at some point between c21377e7bcc70d2a456409225d8b2d91990a14cd (good) and a6688f9cbb930ad139a7f3886684fcadeec59d30 (bad). I haven't had a chance to bisect yet. If someone has an educated guess which commit might be at fault, that will save me a lot of time :)

Tor (git-95d47a74815ede0e)
Debian Jessie, kernel 3.14-1-amd64
libseccomp-dev 2.1.1-1

To repro:

  • Enable sandbox, start tor.
  • Open arm
  • Observe that tor has crashed.


Jun 08 02:04:20.000 [notice] New control connection opened.

============================================================ T= 1402207460
(Sandbox) Caught a bad syscall attempt (syscall getrlimit)


DataDirectory /var/lib/tor
PidFile /var/run/tor/
RunAsDaemon 1
User debian-tor
ControlSocket /var/run/tor/control
ControlSocketsGroupWritable 1
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/run/tor/control.authcookie
Log notice file /var/log/tor/log


ORPort 9001
Sandbox 1

(I see getrlimit mentioned in the comments of #9894, not sure if same bug.)

Child Tickets

Attachments (1)

bug12229.patch (630 bytes) - added by alphawolf 6 years ago.

Download all attachments as: .zip

Change History (4)

Changed 6 years ago by alphawolf

Attachment: bug12229.patch added

comment:1 Changed 6 years ago by alphawolf

Status: newneeds_review

git bisect came up with b0c1c700114aa8d4dfc180d85870c5bbe15fcacb as the first bad commit. Found a typo. Have a patch! Someone will need to test that this still works on ARM.

comment:2 Changed 6 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Thanks again, alphawolf!

comment:3 Changed 6 years ago by nickm

Fix applied as 307aa7eb43c25f0009de33f9aea4376c329b4fe5)

Note: See TracTickets for help on using tickets.