#24759 closed defect (worksforme)

(Sandbox) Caught a bad syscall attempt (syscall socket)

Reported by: mig5 Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version: Tor: 0.3.1.9
Severity: Normal Keywords: sandbox, 033-must, crash, 033-triage-20180320, 033-included-20180320
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi,

With the following torrc I experience the subsequent trace:

Sandbox 1
DataDirectory /tmp/tmp2z5k8mqz
SocksPort 32609
ControlSocket /tmp/tmp2z5k8mqz/control_socket
CookieAuthentication 1
CookieAuthFile /tmp/tmp2z5k8mqz/cookie
AvoidDiskWrites 1
Log notice stdout
GeoIPFile /usr/share/tor/geoip
GeoIPv6File /usr/share/tor/geoip6
[user@host tmp2z5k8mqz]$ tor -f torrc 
Dec 29 10:24:05.125 [notice] Tor 0.3.1.9 (git-727d3f1b5e6eeda7) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.1.0g-fips, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Dec 29 10:24:05.125 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 29 10:24:05.125 [notice] Read configuration file "/tmp/tmp2z5k8mqz/torrc".
Dec 29 10:24:05.128 [notice] Opening Socks listener on 127.0.0.1:32609
Dec 29 10:24:05.128 [notice] Opening Control listener on /tmp/tmp2z5k8mqz/control_socket
Dec 29 10:24:05.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Dec 29 10:24:05.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Dec 29 10:24:05.000 [notice] Bootstrapped 0%: Starting
Dec 29 10:24:06.000 [notice] Starting with guard context "default"
Dec 29 10:24:06.000 [notice] Bootstrapped 5%: Connecting to directory server

============================================================ T= 1514503447
(Sandbox) Caught a bad syscall attempt (syscall socket)
tor(+0x1853fa)[0x56068ff303fa]
/lib64/libc.so.6(socket+0x7)[0x7893d9664fb7]
/lib64/libc.so.6(socket+0x7)[0x7893d9664fb7]
/lib64/libc.so.6(+0x12e3fa)[0x7893d96813fa]
/lib64/libc.so.6(+0x12e4f1)[0x7893d96814f1]
/lib64/libc.so.6(getifaddrs+0x10)[0x7893d9682230]
tor(get_interface_addresses_raw+0x3c)[0x56068ff13eec]
tor(get_interface_address6_list+0x30)[0x56068ff14620]
tor(get_interface_address6+0x45)[0x56068ff14875]
tor(+0x109378)[0x56068feb4378]
tor(connection_handle_write+0x2e)[0x56068feb44ae]
tor(+0x4d5ce)[0x56068fdf85ce]
/lib64/libevent-2.0.so.5(event_base_loop+0x7a9)[0x7893da6943f9]
tor(do_main_loop+0x29d)[0x56068fdf978d]
tor(tor_main+0xe25)[0x56068fdfc5a5]
tor(main+0x19)[0x56068fdf5009]
/lib64/libc.so.6(__libc_start_main+0xea)[0x7893d957388a]
tor(_start+0x2a)[0x56068fdf505a]

It of course works with Sandbox 0.

Is there something in my config that is incompatible with the Sandbox mode?

Maybe related to 16579 except syslog is not the issue here.

Thanks!

Child Tickets

Change History (13)

comment:1 Changed 21 months ago by dgoulet

Milestone: Tor: 0.3.3.x-final

comment:2 Changed 21 months ago by yawning

What libc (implementation and version) are you using?

The sandbox rules have a special case for how glibc implements the interface lookup, though I'm not sure how much glibc has changed over time.

   h->fd = __socket (PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);

https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/ifaddrs.c;h=32381f54e4e0e10c42c47aed0ebeb1df03bf19af;hb=HEAD#l258

comment:3 Changed 21 months ago by mig5

Hi yawning,

bash-4.4# ldd --version
ldd (GNU libc) 2.25

This is a Fedora 26 virtual machine running within QubesOS (which may or may not complicate the fact).

Last edited 21 months ago by mig5 (previous) (diff)

comment:4 Changed 21 months ago by yawning

That should be fine, if you want to debug it further, I'd suggest trying to figure out what args are passed to socket() when it fails.

comment:5 Changed 19 months ago by nickm

Keywords: 033-maybe-must added

Mark some tickets as possibly belonging in 033-must.

comment:6 Changed 19 months ago by nickm

Owner: set to nickm
Status: newaccepted

comment:7 Changed 19 months ago by nickm

Keywords: 033-must added; 033-maybe-must removed

move 033-maybe-must into 033-must

comment:8 Changed 18 months ago by nickm

Keywords: crash added

comment:9 Changed 18 months ago by nickm

Status: acceptedneeds_information

Yawning is right on this -- I can't figure out what's going on here without more information.

Could you try running Tor inside strace, and reporting what is the last call to socket() before the crash occurs?

comment:10 Changed 18 months ago by nickm

Keywords: 033-triage-20180320 added

Marking all tickets reached by current round of 033 triage.

comment:11 Changed 18 months ago by nickm

Keywords: 033-included-20180320 added

Mark 033-must tickets as triaged-in for 0.3.3

comment:12 Changed 18 months ago by mig5

The good and bad news is that I can't seem to reproduce this now!

Still a Fedora 26 AppVM in QubesOS - the only thing that's different is newer Tor, so perhaps this bug was somehow fixed in 0.3.1.10.

Mar 21 07:37:13.832 [notice] Tor 0.3.1.10 (git-e3966d47c7252409) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.1.0g-fips, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Mar 21 07:37:13.832 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 21 07:37:13.832 [notice] Read configuration file "/home/user/torrc".
Mar 21 07:37:13.835 [notice] Opening Socks listener on 127.0.0.1:20315
Mar 21 07:37:13.835 [notice] Opening Control listener on /tmp/tmpvgh5zfbs/control_socket
Mar 21 07:37:13.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Mar 21 07:37:13.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Mar 21 07:37:14.000 [notice] Bootstrapped 0%: Starting
Mar 21 07:37:14.000 [notice] Starting with guard context "default"
Mar 21 07:37:15.000 [notice] Bootstrapped 5%: Connecting to directory server
Mar 21 07:37:15.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Mar 21 07:37:17.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Mar 21 07:37:17.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Mar 21 07:37:18.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Mar 21 07:37:23.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Mar 21 07:37:24.000 [notice] Bootstrapped 40%: Loading authority key certs
Mar 21 07:37:25.000 [notice] I learned some more directory information, but not enough to build a circuit: We're missing descriptors for some of our primary entry guards
Mar 21 07:37:29.000 [notice] Bootstrapped 50%: Loading relay descriptors
Mar 21 07:37:33.000 [notice] Bootstrapped 57%: Loading relay descriptors
Mar 21 07:37:33.000 [notice] Bootstrapped 65%: Loading relay descriptors
Mar 21 07:37:34.000 [notice] Bootstrapped 70%: Loading relay descriptors
Mar 21 07:37:35.000 [notice] Bootstrapped 78%: Loading relay descriptors
Mar 21 07:37:36.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Mar 21 07:37:37.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Mar 21 07:37:39.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Mar 21 07:37:39.000 [notice] Bootstrapped 100%: Done
[user@onionshare ~]$ cat torrc 
Sandbox 1
DataDirectory /tmp/tmpvgh5zfbs
SocksPort 20315
ControlSocket /tmp/tmpvgh5zfbs/control_socket
CookieAuthentication 1
CookieAuthFile /tmp/tmpvgh5zfbs/cookie
AvoidDiskWrites 1
Log notice stdout
GeoIPFile /usr/share/tor/geoip
GeoIPv6File /usr/share/tor/geoip6

comment:13 Changed 18 months ago by nickm

Resolution: worksforme
Status: needs_informationclosed

Huh, that's sure weird. I'm glad it's working for you now, but please reopen if this ever comes back. :)

Note: See TracTickets for help on using tickets.