Opened 5 weeks ago

Last modified 3 weeks ago

#24198 merge_ready defect

(Sandbox) Caught a bad syscall attempt (syscall kill)

Reported by: asn Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version: Tor: 0.3.2.4-alpha
Severity: Normal Keywords: 029-backport 030-backport 030-backport
Cc: Actual Points:
Parent ID: Points: 0.1
Reviewer: Sponsor:

Description

maint-0.3.2 is failing make test-network-all right now with:

============================================================ T= 1510233993
(Sandbox) Caught a bad syscall attempt (syscall kill)
/home/f/Computers/tor/mytor/src/or/tor(+0x19f21a)[0x55c60558821a]
/lib/x86_64-linux-gnu/libc.so.6(kill+0x7)[0x7fa9605d4317]
/lib/x86_64-linux-gnu/libc.so.6(kill+0x7)[0x7fa9605d4317]
/home/f/Computers/tor/mytor/src/or/tor(+0x1de69b)[0x55c6055c769b]
/usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(+0x229ba)[0x7fa9618e79ba]
/usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(event_base_loop+0x5a7)[0x7fa9618e8537]
/home/f/Computers/tor/mytor/src/or/tor(do_main_loop+0x22d)[0x55c60543b90d]
/home/f/Computers/tor/mytor/src/or/tor(tor_main+0xe1d)[0x55c60543e5fd]
/home/f/Computers/tor/mytor/src/or/tor(main+0x19)[0x55c6054371f9]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fa9605c12e1]
/home/f/Computers/tor/mytor/src/or/tor(_start+0x2a)[0x55c60543724a]

Child Tickets

Change History (12)

comment:1 Changed 5 weeks ago by dgoulet

On my system, it dies on openat syscall:

(Sandbox) Caught a bad syscall attempt (syscall openat)
/usr/lib/x86_64-linux-gnu/libasan.so.4(+0x558c0)[0x7fb5203ab8c0]
/lib/x86_64-linux-gnu/libpthread.so.0(open64+0x4e)[0x7fb51ec6667e]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x13150)[0x7fb51ec67150]
/lib/x86_64-linux-gnu/libpthread.so.0(open64+0x4e)[0x7fb51ec6667e]
/usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(evutil_open_closeonexec_+0x20)[0x7fb51fbb5540]
/usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(evutil_read_file_+0x53)[0x7fb51fbb5603]
/usr/lib/x86_64-linux-gnu/libevent-2.1.so.6(evdns_base_load_hosts+0x8b)[0x7fb51fbc429b]
/home/dgoulet/Documents/git/tor/src/or/tor(+0x9f7adf)[0x55aa44446adf]
/home/dgoulet/Documents/git/tor/src/or/tor(do_main_loop+0x745)[0x55aa440f01d5]
/home/dgoulet/Documents/git/tor/src/or/tor(tor_run_main+0x1895)[0x55aa440f4065]
/home/dgoulet/Documents/git/tor/src/or/tor(tor_main+0x86)[0x55aa440e1fb6]
/home/dgoulet/Documents/git/tor/src/or/tor(main+0x1c)[0x55aa440df20c]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fb51db741c1]
/home/dgoulet/Documents/git/tor/src/or/tor(_start+0x2a)[0x55aa440e1c6a]

comment:2 Changed 5 weeks ago by dgoulet

strace output in my case:

19360 openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 257
19360 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x7f7d90ab667e, si_syscall=__NR_openat, si_arch=AUDIT_ARCH_X86_64} ---

It is the first file being opened _after_ the seccomp sandbox has been applied. Our sandbox code only considers "open()" to touch that file:

  OPEN("/etc/hosts");

comment:3 Changed 5 weeks ago by nickm

What libc version do you have? Did your libc change recently at all?

comment:4 in reply to:  3 Changed 5 weeks ago by dgoulet

Replying to nickm:

What libc version do you have? Did your libc change recently at all?

I've been on 2.26 at the very least for 6 months.

comment:5 Changed 4 weeks ago by nickm

Owner: set to nickm
Status: newaccepted

comment:6 Changed 4 weeks ago by nickm

So, I'm pretty sure that the openat one has to be a separate issue. dgoulet -- could you open a new ticket for that? Has your libevent version changed at all?

I'll look into the kill() thing here.

comment:7 in reply to:  6 Changed 4 weeks ago by dgoulet

Replying to nickm:

So, I'm pretty sure that the openat one has to be a separate issue. dgoulet -- could you open a new ticket for that? Has your libevent version changed at all?

#24315 is about the openat() issue.

Last edited 4 weeks ago by dgoulet (previous) (diff)

comment:8 Changed 4 weeks ago by nickm

As for the kill issue -- we call kill() either through tor_process_monitor_poll_cb(), or in tor_terminate_process(). I think it's likely to be our kill(pid, 0) usage in process_monitor_poll_cb().

comment:9 Changed 4 weeks ago by nickm

Keywords: 029-backport 030-backport 030-backport added

Fix for this one in bug24198_029.

The problem here showed up when Chutney started to use OwningControllerProcess.

comment:10 Changed 4 weeks ago by nickm

Status: acceptedneeds_review

comment:11 Changed 4 weeks ago by asn

For some reason Chutney is not failing for me anymore even without bug24198_029. I tested bug24198_029 and chutney seems to continue working fine...

comment:12 Changed 3 weeks ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.1.x-final
Status: needs_reviewmerge_ready

After initial review, and testing from dgoulet, merging this to 0.3.2 and forward; marking for possible backport.

Note: See TracTickets for help on using tickets.