sslh_fork seccomp blocked "kill" (SIGTERM) and "socket" (AF_UNIX) syscalls |
|||||||
Issue descriptionchromeos-test@chromeos-staging-master2:/usr/local/autotest/site_utils$ ./dut_status.py -f chromeos2-row1-rack2-host17 --web chromeos-staging-master2.hot.corp.google.com chromeos2-row1-rack2-host17 2017-09-26 15:32:27 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/207-verify/ 2017-09-26 15:13:25 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/204-repair/ 2017-09-26 14:50:12 -- http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/200-provision/ 2017-09-26 14:48:00 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/197-verify/ 2017-09-26 14:44:26 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/194-verify/ 2017-09-26 14:25:22 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/191-repair/ 2017-09-26 14:02:17 -- http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/188-provision/ 2017-09-26 14:01:11 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/185-verify/ 2017-09-26 13:48:15 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/181-verify/ 2017-09-26 13:28:42 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/182-repair/ 2017-09-26 13:07:29 -- http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/174-provision/ 2017-09-26 13:05:56 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/173-verify/ 2017-09-26 10:26:15 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/170-verify/ 2017-09-26 10:02:34 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/165-repair/ 2017-09-26 09:47:18 -- http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/163-provision/ 2017-09-26 09:45:51 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/160-verify/ 2017-09-26 09:07:50 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/157-verify/ 2017-09-26 09:05:47 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/154-verify/ 2017-09-26 05:07:37 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/151-verify/ 2017-09-26 05:05:43 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/148-verify/ 2017-09-26 01:10:18 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/142-verify/ 2017-09-26 01:09:07 OK http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/145-repair/ 2017-09-26 01:08:05 -- http://chromeos-staging-master2.hot.corp.google.com/tko/retrieve_logs.cgi?job=/results/hosts/chromeos2-row1-rack2-host17/139-provision/
,
Sep 26 2017
START ---- repair timestamp=1506464006 localtime=Sep 26 15:13:26 GOOD ---- verify.servo_ssh timestamp=1506464007 localtime=Sep 26 15:13:27 GOOD ---- verify.brd_config timestamp=1506464007 localtime=Sep 26 15:13:27 GOOD ---- verify.ser_config timestamp=1506464007 localtime=Sep 26 15:13:27 GOOD ---- verify.job timestamp=1506464008 localtime=Sep 26 15:13:28 GOOD ---- verify.servod timestamp=1506464010 localtime=Sep 26 15:13:30 GOOD ---- verify.pwr_button timestamp=1506464011 localtime=Sep 26 15:13:31 GOOD ---- verify.lid_open timestamp=1506464011 localtime=Sep 26 15:13:31 GOOD ---- verify.update timestamp=1506464013 localtime=Sep 26 15:13:33 GOOD ---- verify.PASS timestamp=1506464013 localtime=Sep 26 15:13:33 FAIL ---- verify.ssh timestamp=1506464597 localtime=Sep 26 15:23:17 No answer to ping from chromeos2-row1-rack2-host17 START ---- repair.rpm timestamp=1506464597 localtime=Sep 26 15:23:17 FAIL ---- repair.rpm timestamp=1506464599 localtime=Sep 26 15:23:19 Client call exception: <Fault 1: "<class 'rpm_infrastructure_exception.RPMInfrastructureException'>:Can not retrieve rpm information from AFE for chromeos2-row1-rack2-host17, no host found."> END FAIL ---- repair.rpm timestamp=1506464599 localtime=Sep 26 15:23:19 START ---- repair.sysrq timestamp=1506464599 localtime=Sep 26 15:23:19 FAIL ---- repair.sysrq timestamp=1506464851 localtime=Sep 26 15:27:31 Host chromeos2-row1-rack2-host17 is still offline after sysrq. END FAIL ---- repair.sysrq timestamp=1506464851 localtime=Sep 26 15:27:31 START ---- repair.servoreset timestamp=1506464851 localtime=Sep 26 15:27:31 INFO ---- ---- timestamp=1506465076 localtime=Sep 26 15:31:16 Start crashcollection record INFO ---- New Crash Dump timestamp=1506465076 localtime=Sep 26 15:31:16 /usr/local/autotest/results/hosts/chromeos2-row1-rack2-host17/204-repair/20172609151324/crashinfo.chromeos2-row1-rack2-host17/sslh_fork.20170926.151640.1813.dmp INFO ---- Orphaned Crash Dump timestamp=1506465076 localtime=Sep 26 15:31:16 /var/spool/crash/os-release INFO ---- Orphaned Crash Dump timestamp=1506465076 localtime=Sep 26 15:31:16 /var/spool/crash/lsb-release INFO ---- Orphaned Crash Dump timestamp=1506465076 localtime=Sep 26 15:31:16 /var/spool/crash/sslh_fork.20170926.151640.1813.meta INFO ---- Orphaned Crash Dump timestamp=1506465076 localtime=Sep 26 15:31:16 /var/spool/crash/sslh_fork.20170926.151640.1813.core INFO ---- Orphaned Crash Dump timestamp=1506465076 localtime=Sep 26 15:31:16 /var/spool/crash/sslh_fork.20170926.151640.1813.dmp INFO ---- ---- timestamp=1506465076 localtime=Sep 26 15:31:16 End crashcollection record GOOD ---- verify.ssh timestamp=1506465102 localtime=Sep 26 15:31:42 END GOOD ---- repair.servoreset timestamp=1506465102 localtime=Sep 26 15:31:42 GOOD ---- verify.fwstatus timestamp=1506465102 localtime=Sep 26 15:31:42 GOOD ---- verify.good_au timestamp=1506465102 localtime=Sep 26 15:31:42 GOOD ---- verify.devmode timestamp=1506465102 localtime=Sep 26 15:31:42 GOOD ---- verify.writable timestamp=1506465103 localtime=Sep 26 15:31:43 GOOD ---- verify.tpm timestamp=1506465103 localtime=Sep 26 15:31:43 GOOD ---- verify.ext4 timestamp=1506465103 localtime=Sep 26 15:31:43 GOOD ---- verify.power timestamp=1506465103 localtime=Sep 26 15:31:43 GOOD ---- verify.rwfw timestamp=1506465104 localtime=Sep 26 15:31:44 GOOD ---- verify.python timestamp=1506465104 localtime=Sep 26 15:31:44 GOOD ---- verify.cros timestamp=1506465106 localtime=Sep 26 15:31:46 GOOD ---- verify.hwid timestamp=1506465108 localtime=Sep 26 15:31:48 GOOD ---- verify.PASS timestamp=1506465108 localtime=Sep 26 15:31:48 START ---- reboot timestamp=1506465108 localtime=Sep 26 15:31:48 GOOD ---- reboot.start timestamp=1506465108 localtime=Sep 26 15:31:48 GOOD ---- reboot.verify timestamp=1506465144 localtime=Sep 26 15:32:24 END GOOD ---- reboot kernel=4.4.86-11736-g0452e344f3e5 localtime=Sep 26 15:32:24 timestamp=1506465144 INFO ---- repair timestamp=1506465144 localtime=Sep 26 15:32:24 Can't repair label 'pool:bvt'. INFO ---- repair timestamp=1506465144 localtime=Sep 26 15:32:24 Can't repair label 'board:quawks'. INFO ---- repair timestamp=1506465144 localtime=Sep 26 15:32:24 Can't repair label 'cleanup-reboot'. INFO ---- repair timestamp=1506465144 localtime=Sep 26 15:32:24 Can't repair label 'cros-version:quawks-release/R63-9976.0.0'. END GOOD ---- repair timestamp=1506465144 localtime=Sep 26 15:32:24 chromeos2-row1-rack2-host17 repaired successfully
,
Sep 26 2017
Is this due to the sshl_fork crashdumps? https://pantheon.corp.google.com/storage/browser/chromeos-autotest-results/hosts/chromeos2-row1-rack2-host17/204-repair/20172609151324/crashinfo.chromeos2-row1-rack2-host17/
,
Sep 26 2017
,
Sep 26 2017
> Is this due to the sshl_fork crashdumps? Could be. I believe that those failure suggest that sshd can't start, at least, not right away. That would lead provision to fail, because the DUT would be offline. If the daemon then recovered, repair and verify would find nothing wrong. I seem to recall seeing sshl_fork crash dumps like before, probably in CQ runs. Alas, I can't remember when, and I can't find bug references...
,
Sep 26 2017
Another similar failure on a different quawks. Going to unlock the DUT, doesn't seem to be a DUT issue, and instead try a different "stable version" for it.
,
Sep 26 2017
chromeos-test@chromeos-staging-master2:/usr/local/autotest/cli$ ./atest stable_version modify -b quawks -i R62-9901.29.0 Stable version for board quawks is changed from R63-9976.0.0 to R62-9901.29.0.
,
Sep 26 2017
,
Sep 26 2017
where are the corresponding binaries/symbols ? the core/dmp files aren't sufficient to debug.
,
Sep 26 2017
The dumps at https://pantheon.corp.google.com/storage/browser/chromeos-autotest-results/hosts/chromeos2-row1-rack2-host17/204-repair/20172609151324/crashinfo.chromeos2-row1-rack2-host17/ correspond to this build https://uberchromegw.corp.google.com/i/chromeos/builders/quawks-release/builds/1813 with symbols at (?) https://pantheon.corp.google.com/storage/browser/chromeos-image-archive/quawks-release/R63-9976.0.0
,
Sep 27 2017
looks like some syscall is getting blocked, and minijail went to log it, but then minijail itself (ironically) was killed for attempting to log. i'm guessing it's something like:
- minijail preload runs openlog()
- minijail assumes it always stays open
- minijail whitelists connect & sendto only for x86_64
- at some point during the lifetime of sslh-fork, one of the following happens:
- it closes the syslog socket
- a log is attempted but it fails
- syslog itself restarts (breaking connections)
- sslh-fork then makes some syscall that is blocked
- minijail goes to log that failure via syslog which in turn triggers an implicit openlog() and socket() usage
- minijail gets blocked and is killed with SIGSYS
i guess we'll have to add socket to the allowed list for everyone and then wait for this crash to happen again ? :x
the libc-2.23.so frames (5 & 6) from the minidump before the crash aren't being symbolized. poking them via the core file shows something more useful:
(gdb) bt
#0 0x00007fbfa983b167 in socket () from d/lib64/libc.so.6
#1 0x00007fbfa9834860 in ?? () from d/lib64/libc.so.6
#2 0x00007fbfa9834da4 in __vsyslog_chk () from d/lib64/libc.so.6
#3 0x00007fbfa9d03bc6 in vsyslog (__pri=0x1, __fmt=0x4000 <error: Cannot access memory at address 0x4000>, __ap=0x3000000020) at ../../../../../../usr/include/bits/syslog.h:31
#4 do_log (priority=0x1, format=0x4000 <error: Cannot access memory at address 0x4000>) at util.c:88
#5 0x00007fbfa9d033d6 in log_sigsys_handler (nr=0x1f, info=<optimized out>, void_context=<optimized out>) at signal_handler.c:39
#6 <signal handler called>
#7 0x00007fbfa97770f7 in kill () from d/lib64/libc.so.6
#8 0x000055bda1803792 in stop_listeners (sig=0xf) at sslh-fork.c:135
#9 <signal handler called>
#10 0x00007fbfa98069b0 in wait () from d/lib64/libc.so.6
#11 0x000055bda1803884 in main_loop (listen_sockets=0x55bda1acb580, num_addr_listen=0x1) at sslh-fork.c:178
#12 0x000055bda18055da in main (argc=<optimized out>, argv=<optimized out>) at sslh-main.c:642
ok, so someone sent SIGTERM to sslh-fork when it had an open connection, so when it tried to kill its children, it was killed because we don't list "kill" in the seccomp filter.
minidump_stackwalk shows:
Operating system: Linux
0.0.0 Linux 4.4.86-11736-g0452e344f3e5 #1 SMP PREEMPT Tue Sep 26 04:04:32 PDT 2017 x86_64
CPU: amd64
family 6 model 55 stepping 8
2 CPUs
GPU: UNKNOWN
Crash reason: SIGSYS
Crash address: 0x0
Process uptime: not available
Thread 0 (crashed)
0 libc-2.23.so!socket + 0x7
rax = 0x0000000000000029 rdx = 0x0000000000000000
rcx = 0x00007fbfa983b167 rbx = 0x0000000000000001
rsi = 0x0000000000080002 rdi = 0x0000000000000001
rbp = 0x00007ffccca833e0 rsp = 0x00007ffccca833b8
r8 = 0x0000000000000000 r9 = 0x0000000000000000
r10 = 0x0000000000004000 r11 = 0x0000000000000202
r12 = 0x0000000000000000 r13 = 0x0000000000000000
r14 = 0x00007ffccca83590 r15 = 0x0000000000000014
rip = 0x00007fbfa983b167
Found by: given as instruction pointer in context
1 libc-2.23.so!openlog_internal [syslog.c : 349 + 0x18]
rbx = 0x0000000000000001 rbp = 0x00007ffccca833e0
rsp = 0x00007ffccca833c0 r12 = 0x0000000000000000
r13 = 0x0000000000000000 r14 = 0x00007ffccca83590
r15 = 0x0000000000000014 rip = 0x00007fbfa9834860
Found by: call frame info
2 libc-2.23.so!__vsyslog_chk [syslog.c : 286 + 0x8]
rbx = 0x0000000000000001 rbp = 0x00007ffccca834d0
rsp = 0x00007ffccca833f0 r12 = 0x0000000000000000
r13 = 0x000055bda1acc0a0 r14 = 0x00007ffccca83590
r15 = 0x0000000000000014 rip = 0x00007fbfa9834da4
Found by: call frame info
3 libminijailpreload.so!do_log [syslog.h : 31 + 0xd]
rbx = 0x00007fbfa9d065aa rbp = 0x00007ffccca835b0
rsp = 0x00007ffccca834e0 r12 = 0x00007ffccca842f8
r13 = 0x0000000000000001 r14 = 0x000000000000001f
r15 = 0x0000000000000001 rip = 0x00007fbfa9d03bc6
Found by: call frame info
4 libminijailpreload.so!log_sigsys_handler [signal_handler.c : 39 + 0x18]
rbx = 0x00007fbfa9d065aa rbp = 0x00007ffccca835d0
rsp = 0x00007ffccca835c0 r12 = 0x00007ffccca842f8
r13 = 0x0000000000000001 r14 = 0x000000000000001f
r15 = 0x0000000000000001 rip = 0x00007fbfa9d033d6
Found by: call frame info
5 libc-2.23.so + 0x33e50
rbx = 0x0000000000000000 rbp = 0x00007ffccca83830
rsp = 0x00007ffccca835e0 r12 = 0x00007ffccca842f8
r13 = 0x0000000000000001 r14 = 0x000000000000000f
r15 = 0x0000000000000001 rip = 0x00007fbfa9776e50
Found by: call frame info
6 libc-2.23.so + 0x33e50
rbp = 0x00007ffccca83d80 rsp = 0x00007ffccca83840
rip = 0x00007fbfa9776e50
Found by: previous frame's frame pointer
7 sslh-fork!main [sslh-main.c : 642 + 0x7]
rbp = 0x00007ffccca84200 rsp = 0x00007ffccca83d90
rip = 0x000055bda18055da
Found by: previous frame's frame pointer
8 libc-2.23.so!__libc_start_main [libc-start.c : 289 + 0x1a]
rbx = 0x0000000000000000 rbp = 0x00007ffccca842d0
rsp = 0x00007ffccca84210 r12 = 0x000055bda1806fa0
r13 = 0x00007ffccca842f0 r14 = 0x0000000000000000
r15 = 0x0000000000000000 rip = 0x00007fbfa9763736
Found by: call frame info
9 sslh-fork!_start + 0x29
rbx = 0x0000000000000000 rbp = 0x0000000000000000
rsp = 0x00007ffccca842e0 r12 = 0x000055bda18032e0
r13 = 0x00007ffccca842f0 r14 = 0x0000000000000000
r15 = 0x0000000000000000 rip = 0x000055bda1803309
Found by: call frame info
10 0x7ffccca842e8
rbx = 0x0000000000000000 rbp = 0x0000000000000000
rsp = 0x00007ffccca842e8 r12 = 0x000055bda18032e0
r13 = 0x00007ffccca842f0 r14 = 0x0000000000000000
r15 = 0x0000000000000000 rip = 0x00007ffccca842e8
Found by: call frame info
11 sslh-fork!_init + 0x530
rsp = 0x00007ffccca84400 rip = 0x000055bda18032e0
Found by: stack scanning
Loaded modules:
0x55bda1801000 - 0x55bda1807fff sslh-fork ??? (main)
0x7fbfa9334000 - 0x7fbfa933dfff libnss_files-2.23.so ???
0x7fbfa953f000 - 0x7fbfa9540fff libdl-2.23.so ???
0x7fbfa9743000 - 0x7fbfa98e3fff libc-2.23.so ???
0x7fbfa9aee000 - 0x7fbfa9b11fff ld-2.23.so ???
0x7fbfa9ccb000 - 0x7fbfa9ccefff libattr.so.1.1.0 ???
0x7fbfa9cd2000 - 0x7fbfa9cd6fff libcap.so.2.24 ???
0x7fbfa9cd9000 - 0x7fbfa9ce3fff libconfig.so.9.2.0 ???
0x7fbfa9cf3000 - 0x7fbfa9d09fff libminijailpreload.so ???
0x7ffccca9c000 - 0x7ffccca9dfff linux-gate.so ???
,
Sep 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/25b8bf1f108a9bc31d53ef11150060ab8a786459 commit 25b8bf1f108a9bc31d53ef11150060ab8a786459 Author: Mike Frysinger <vapier@chromium.org> Date: Thu Sep 28 04:13:01 2017 arc-sslh-init: whitelist kill syscall We need to kill(SIGTERM) our children when shutting down, so allow this syscall. We run in a unique pid namespace, so we shouldn't be able to hit any other random process. BUG= chromium:769047 TEST=precq passes Change-Id: I55fc2a4d5eaf4382cc0381bc4474002f73853576 Reviewed-on: https://chromium-review.googlesource.com/685377 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org> [add] https://crrev.com/25b8bf1f108a9bc31d53ef11150060ab8a786459/chromeos-base/arc-sslh-init/arc-sslh-init-0.0.1-r1.ebuild [modify] https://crrev.com/25b8bf1f108a9bc31d53ef11150060ab8a786459/chromeos-base/arc-sslh-init/files/sslh-seccomp-amd64.policy
,
Sep 28 2017
minijail update landed here: https://android-review.googlesource.com/495230
,
Oct 5 2017
This is marked fixed, but I'm seeing something very similar on a recent build. master-paladin builds 16490 [0] failed partially because kevin-paladin build 2627 [1] failed in HWTest bvt-inline. provision_AutoUpdate.double was run twice and FAILed both times with an "ABORT: None" [2] & [3]. [0] https://uberchromegw.corp.google.com/i/chromeos/builders/master-paladin/builds/16490 [1] https://uberchromegw.corp.google.com/i/chromeos/builders/kevin-paladin/builds/2627/steps/HWTest%20%5Bbvt-inline%5D/logs/stdio [2] http://cautotest-prod/tko/retrieve_logs.cgi?job=/results/147053934-chromeos-test/ on chromeos6-row4-rack5-host2 [3] http://cautotest-prod/tko/retrieve_logs.cgi?job=/results/147061867-chromeos-test/ on chromeos6-row2-rack24-host11 The results [4] from the first failed run of provision_AutoUpdate.double [2] show some sslh_fork crashes [5]. [4] https://pantheon.corp.google.com/storage/browser/chromeos-autotest-results/147053934-chromeos-test/chromeos6-row4-rack5-host2/crashinfo.chromeos6-row4-rack5-host2/ [5] https://storage.cloud.google.com/chromeos-autotest-results/147053934-chromeos-test/chromeos6-row4-rack5-host2/crashinfo.chromeos6-row4-rack5-host2/sslh_fork.20171005.071919.2576.dmp.txt?_ga=2.170781286.-734044362.1501703718 Operating system: Linux 0.0.0 Linux 4.4.86-11788-g09cdcf26e5b6 #1 SMP PREEMPT Thu Oct 5 03:43:29 PDT 2017 aarch64 CPU: arm ARMv1 ARM part(0x4100d0b0) features: half,thumb,fastmult,vfpv2,edsp,neon,vfpv3,tls,vfpv4,idiva,idivt 6 CPUs GPU: UNKNOWN Crash reason: SIGSYS Crash address: 0x0 Process uptime: not available Thread 0 (crashed) 0 libc-2.23.so!socket + 0x7 r0 = 0x00000001 r1 = 0x00080002 r2 = 0x00000000 r3 = 0x0000000a r4 = 0xf28fb4c0 r5 = 0xf28c10e4 r6 = 0xf28c2ad4 r7 = 0x00000119 r8 = 0xf28c2adc r9 = 0x00000001 r10 = 0xffcceba0 r12 = 0xf28c2ae6 fp = 0xf28c2ad4 sp = 0xffccea9c lr = 0xf286d0d3 pc = 0xf2870fe8 Found by: given as instruction pointer in context 1 libc-2.23.so!openlog_internal [syslog.c : 349 + 0xf] r4 = 0xf28fb4c0 r5 = 0xf28c10e4 r6 = 0xf28c2ad4 r7 = 0xf28c10e4 r8 = 0xf28c2adc r9 = 0x00000001 r10 = 0xffcceba0 fp = 0xf28c2ad4 sp = 0xffcceaa0 pc = 0xf286d0d3 Found by: call frame info 2 libc-2.23.so!__vsyslog_chk [syslog.c : 286 + 0x3] r4 = 0xf28c2ad4 r5 = 0x00000014 r6 = 0x00000000 r7 = 0xffffffff r8 = 0x00000000 r9 = 0xf28da0c0 r10 = 0xffcceba0 fp = 0x00001ffc sp = 0xffccead8 pc = 0xf286d4ef Found by: call frame info 3 libminijailpreload.so!do_log [syslog.h : 31 + 0x3] r4 = 0x0000001f r5 = 0xf28db2f0 r6 = 0x089ac210 r7 = 0xffcceb98 r8 = 0x089ac214 r9 = 0x00000000 r10 = 0xffccf8d4 fp = 0x00000000 sp = 0xffcceb80 pc = 0xf28d86c5 Found by: call frame info 4 libminijailpreload.so!log_sigsys_handler [signal_handler.c : 39 + 0xb] r4 = 0x0000001f r5 = 0xf28db2f0 r6 = 0x089ac210 r7 = 0xffccebb0 r8 = 0x089ac214 r9 = 0x00000000 r10 = 0xffccf8d4 fp = 0x00000000 sp = 0xffcceba8 pc = 0xf28d8207 Found by: call frame info 5 libc-2.23.so!__default_sa_restorer + 0xe r4 = 0x0000000f r5 = 0x00000000 r6 = 0x089ac210 r7 = 0x00000025 r8 = 0x089ac214 r9 = 0x00000000 r10 = 0xffccf8d4 fp = 0x00000000 sp = 0xffccebb8 pc = 0xf27fe2a1 Found by: call frame info 6 libc-2.23.so!kill + 0x5 sp = 0xffccebc8 pc = 0xf27fd768 Found by: stack scanning 7 libc-2.23.so!gaih_inet [getaddrinfo.c : 1223 + 0x5] sp = 0xffccebe0 pc = 0xf285f47d Found by: stack scanning Loaded modules: 0x089a5000 - 0x089aafff sslh-fork ??? (main) 0xf27a4000 - 0xf27a9fff libnss_files-2.23.so ??? 0xf27bb000 - 0xf27bdfff libattr.so.1.1.0 ??? 0xf27c0000 - 0xf27c1fff libdl-2.23.so ??? 0xf27d3000 - 0xf27d5fff libcap.so.2.24 ??? 0xf27d8000 - 0xf28aefff libc-2.23.so ??? (WARNING: Corrupt symbols, libc-2.23.so, AC5733146C7E6BC4E15F2644C80494230) 0xf28c5000 - 0xf28ccfff libconfig.so.9.2.0 ??? 0xf28cf000 - 0xf28defff libminijailpreload.so ??? 0xf28e3000 - 0xf28fafff ld-2.23.so ??? ===================== The timestamp on the crashinfo .dmp is: 20171005.071919.2576, so the crash was PID 2576 @ 2017-10-05 @ 07:19:19. /var/log/messages shows that this corresponds to just at the previous reboot; but the log shut off to early to catch sslh getting killed... (note the time-zone change from +00:00 -> -07:00 between reboots) 2017-10-05T14:19:18.844961+00:00 INFO session_manager[1691]: [INFO:session_manager_service.cc(191)] SessionManagerService exiting 2017-10-05T14:19:19.263830+00:00 WARNING chapsd[1666]: SRK does not exist - this is normal when the TPM is not yet owned. 2017-10-05T14:19:19.274940+00:00 NOTICE pre-shutdown[7895]: Shutting down for reboot: unknown-reason 2017-10-05T14:19:19.288600+00:00 WARNING chapsd[1666]: SRK does not exist - this is normal when the TPM is not yet owned. 2017-10-05T14:19:19.289085+00:00 WARNING chapsd[1666]: SRK does not exist - this is normal when the TPM is not yet owned. 2017-10-05T14:19:19.289125+00:00 INFO chapsd[1666]: Unloading keys for all slots. 2017-10-05T07:19:26.453913-07:00 INFO kernel: [ 0.000000] Booting Linux on physical CPU 0x0 /dev/pstore/console-ramoops has it, but there are no crash reporter selinux messages: [ 2573.551634] ip_local_port_range: prefer different parity for start/end values. [ 2573.561922] init: sslh main process (2576) killed by SYS signal [ 2573.708342] init: recover_duts main process (2614) killed by TERM signal [ 2573.938650] Unsafe core_pattern used with suid_dumpable=2. Pipe handler or fully qualified core dump path required. [ 2577.303121] mwifiex_pcie 0000:01:00.0: info: shutdown mwifiex... [ 2577.340476] tpm_i2c_infineon 0-0020: gentle shutdown done [ 2577.343104] reboot: Restarting system
,
Oct 5 2017
Oh - and since the sslh-fork crash occurs at shutdown, AFAICT it doesn't appear to be related at all to the build failure; its just leaving behind a core dump.
,
Oct 5 2017
minijail hasn't seen a dep roll, but that's being done here: https://chromium-review.googlesource.com/703096 i'd wait for that before worrying about new sslh-fork SIGSYS failures
,
Oct 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/8cbbdfaada1d8c153695193f138e850537ec3295 commit 8cbbdfaada1d8c153695193f138e850537ec3295 Author: Mike Frysinger <vapier@chromium.org> Date: Tue Oct 10 03:07:58 2017 chromeos-minijail: uprev for /dev & socket whitelisting Pulled 12 new changes from platform/external/minijail: 99becbd5afb6 minijail0: drop unused longoption_index 227c291e5ad1 minijail0: support --help too 33ffef38b5de add an option to set up a minimal /dev e1f046a67c15 common.mk: sync w/platform2 e131e132451c build w/-Wunused-parameter to match Android ed6a82ea5ec9 Use -Werror in external/minijail 2acbec5a9a8b Convert to Android.bp 780aef7ec4b7 libminijail_unittest: change userns test into a runtime probe 2e9b4584f44e libminijail_unittest: delete redundant prototypes b2c12d15946c libminijail_unittest: unify program constants 0412dcc954b5 Add minijail_fork 0956086b299a whitelist socket for logging purposes BUG= chromium:769047 TEST=precq passes Change-Id: Ifaf1fb0ebef32e6f40a9d709d93a74f43659c591 Reviewed-on: https://chromium-review.googlesource.com/703096 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> [rename] https://crrev.com/8cbbdfaada1d8c153695193f138e850537ec3295/chromeos-base/chromeos-minijail/chromeos-minijail-0.0.1-r1485.ebuild
,
Oct 10 2017
we also fixed a seccomp failure via issue 772273 . guess we'll see how it plays out.
,
Jan 22 2018
,
Jan 23 2018
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by akes...@chromium.org
, Sep 26 2017