cupsd fails on startup during TLS initializion. Stopped by minijail. |
|||||
Issue descriptionChrome Version: N/A OS: 10032.86.0 Crash ID: crash/913582e4f653617d URL (if applicable) where crash occurred: N/A Can you reproduce this crash? Failing on banjo Kernel 4.4.86.* x86_64 What steps will reproduce this crash (or if it's not reproducible, what were you doing just before the crash)? (1) Boot computer cupsd is failing on startup when trying to initialize the http server TLS stack *Please note that issues filed with no information filled in above will be marked as WontFix* Stack: (libc-2.23.so -raise.c:54 ) raise (libc-2.23.so -abort.c:89 ) abort (libminijailpreload.so + 0x00010b1a ) (libpthread-2.23.so + 0x000112df ) (libgnutls.so.26.22.6 + 0x000a6075 ) (libgnutls.so.26.22.6 + 0x000478ff ) (libgnutls.so.26.22.6 + 0x000357d0 ) ** (libcups.so.2 -http.c:1571 ) <name omitted> ** (cupsd -main.c:577 ) main (libc-2.23.so -libc-start.c:289 ) __libc_start_main (cupsd + 0x00009e08 ) _start http.c#1571 _httpTLSInitialize();
,
Feb 15 2018
,
Feb 27 2018
After doing some digging I believe I've found the culprit to be a call to the "writev()" system call which happens inside of gnutls. This system call has been removed in newer versions, and the version in use on Chrome OS is in need of an update anyways so I think we should upgrade it. This will take some time as some of the newer version's dependencies will need to be added/upgraded as well so for the time being I'll update the seccomp policies to include the "writev" system call.
,
Mar 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/4ba9a0a46901c8edd6cef9e6661d4bc4e1fadf64 commit 4ba9a0a46901c8edd6cef9e6661d4bc4e1fadf64 Author: David Valleau <valleau@chromium.org> Date: Fri Mar 02 00:13:35 2018 Adding the latest upstream libidn2 package The libidn2 package is a dependency for the latest stable version of gnutls (v3.5.15). Differences from upstream: - Changed "KEYWORDS" list to just "*" BUG= chromium:805660 TEST=Able to successfully emerge and deploy to Asuka device Change-Id: Ie1fb1abb8d603f2dc2650193c6260ec1ce9e020a Reviewed-on: https://chromium-review.googlesource.com/938318 Commit-Ready: David Valleau <valleau@chromium.org> Tested-by: David Valleau <valleau@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Sean Kau <skau@chromium.org> [add] https://crrev.com/4ba9a0a46901c8edd6cef9e6661d4bc4e1fadf64/net-dns/libidn2/metadata.xml [add] https://crrev.com/4ba9a0a46901c8edd6cef9e6661d4bc4e1fadf64/net-dns/libidn2/Manifest [add] https://crrev.com/4ba9a0a46901c8edd6cef9e6661d4bc4e1fadf64/net-dns/libidn2/libidn2-2.0.4.ebuild
,
Mar 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/95a1d3cf3d17d8d2d5621362c3724d6bf296e3c4 commit 95a1d3cf3d17d8d2d5621362c3724d6bf296e3c4 Author: David Valleau <valleau@chromium.org> Date: Fri Mar 02 03:13:26 2018 Adding writev system call to cupsd seccomp policy I believe that the writev system call which is made in the gnutls library is the reason for occasional crashes seen in cupsd so I'm adding it to the seccomp policies for the time being until the update of gnutls is landed. BUG= chromium:805660 TEST=None Change-Id: Ibe59d222fe797d4ca243be829eb43022ffddd29a Reviewed-on: https://chromium-review.googlesource.com/939762 Commit-Ready: David Valleau <valleau@chromium.org> Tested-by: David Valleau <valleau@chromium.org> Reviewed-by: Sean Kau <skau@chromium.org> [modify] https://crrev.com/95a1d3cf3d17d8d2d5621362c3724d6bf296e3c4/net-print/cups/files/cupsd-seccomp-x86.policy [rename] https://crrev.com/95a1d3cf3d17d8d2d5621362c3724d6bf296e3c4/net-print/cups/cups-2.1.4-r37.ebuild [modify] https://crrev.com/95a1d3cf3d17d8d2d5621362c3724d6bf296e3c4/net-print/cups/files/cupsd-seccomp-amd64.policy [modify] https://crrev.com/95a1d3cf3d17d8d2d5621362c3724d6bf296e3c4/net-print/cups/files/cupsd-seccomp-arm.policy
,
Mar 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/4f2db94f3b69b29b87ac4e284ab6b5cadc773527 commit 4f2db94f3b69b29b87ac4e284ab6b5cadc773527 Author: David Valleau <valleau@chromium.org> Date: Sat Mar 03 06:22:24 2018 Updating libtasn1 to the latest stable version The latest version of gnutls depends on a newer version of libtasn1 Differences from upstream: - Changed the "KEYWORDS" list to just "*" BUG= chromium:805660 TEST=Able to successfully emerge and deploy to chromebook Change-Id: Ie245fc99f272652162c5315865f5c589212f340c Reviewed-on: https://chromium-review.googlesource.com/938637 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: David Valleau <valleau@chromium.org> Reviewed-by: Sean Kau <skau@chromium.org> [add] https://crrev.com/4f2db94f3b69b29b87ac4e284ab6b5cadc773527/dev-libs/libtasn1/libtasn1-4.12-r1.ebuild [modify] https://crrev.com/4f2db94f3b69b29b87ac4e284ab6b5cadc773527/dev-libs/libtasn1/metadata.xml [add] https://crrev.com/4f2db94f3b69b29b87ac4e284ab6b5cadc773527/dev-libs/libtasn1/files/libtasn1-4.12-CVE-2017-10790.patch [modify] https://crrev.com/4f2db94f3b69b29b87ac4e284ab6b5cadc773527/dev-libs/libtasn1/Manifest [delete] https://crrev.com/285d1a317e16ceba23a9bd80c591443b478558e1/dev-libs/libtasn1/libtasn1-2.4.ebuild
,
Mar 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/285d1a317e16ceba23a9bd80c591443b478558e1 commit 285d1a317e16ceba23a9bd80c591443b478558e1 Author: David Valleau <valleau@chromium.org> Date: Sat Mar 03 06:22:23 2018 Adding the latest stable libunistring library This package is needed by the latest upstream version of gnutls (v3.5.15) Differences from upstream: - Changed the "KEYWORDS" list to just "*" BUG= chromium:805660 TEST=Able to successfully emerge and deploy to chromebook Change-Id: I96bdf31db5fe514e243be80b7e866175ba79e933 Reviewed-on: https://chromium-review.googlesource.com/938639 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: David Valleau <valleau@chromium.org> Reviewed-by: Sean Kau <skau@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [add] https://crrev.com/285d1a317e16ceba23a9bd80c591443b478558e1/dev-libs/libunistring/Manifest [add] https://crrev.com/285d1a317e16ceba23a9bd80c591443b478558e1/dev-libs/libunistring/files/libunistring-nodocs.patch [add] https://crrev.com/285d1a317e16ceba23a9bd80c591443b478558e1/dev-libs/libunistring/libunistring-0.9.7.ebuild [add] https://crrev.com/285d1a317e16ceba23a9bd80c591443b478558e1/dev-libs/libunistring/metadata.xml
,
Mar 8 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/c5ed686dd13b85a44a957d7cbd273c1b53cd89d2 commit c5ed686dd13b85a44a957d7cbd273c1b53cd89d2 Author: David Valleau <valleau@chromium.org> Date: Thu Mar 08 06:08:23 2018 net-print/cups-filters: Adding direct dependency to gnutls cups-filters is linking to gnutls due to an over-expressive cups-config, so as a temporary workaround gnutls has been added as a direct dependency so that it will be rebuilt on upgrade. BUG= chromium:805660 TEST=Able to successfully build image Change-Id: I26375b8da34f13e5094e10881b5cadf9d59eea86 Reviewed-on: https://chromium-review.googlesource.com/953643 Commit-Ready: David Valleau <valleau@chromium.org> Tested-by: David Valleau <valleau@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> [rename] https://crrev.com/c5ed686dd13b85a44a957d7cbd273c1b53cd89d2/net-print/cups-filters/cups-filters-1.17.8-r2.ebuild
,
Mar 8 2018
Created bug for just the syscall update: crbug.com/820226
,
Mar 8 2018
,
Mar 8 2018
Issue 820263 has been merged into this issue.
,
Mar 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/1a0ab174077d1ba73d750cf635127049fdb59bbc commit 1a0ab174077d1ba73d750cf635127049fdb59bbc Author: David Valleau <valleau@chromium.org> Date: Fri Mar 09 01:00:52 2018 Updating nettle to the latest upstream version Upgrading to a newer version of gnutls requires also updating nettle. Differences from upstream: - Changed "KEYWORDS" list to just "*" BUG= chromium:805660 TEST=Able to successfully emerge and deploy to chromebook CQ-DEPEND=CL:938640 Change-Id: I9cb65fd1e1b49173a260b6311af7b0a3305d6c0f Reviewed-on: https://chromium-review.googlesource.com/938317 Commit-Ready: David Valleau <valleau@chromium.org> Tested-by: David Valleau <valleau@chromium.org> Reviewed-by: Sean Kau <skau@chromium.org> [delete] https://crrev.com/668f5ab889d9b7f2195b85c48a052dd0cfc6df4f/dev-libs/nettle/files/nettle-2.7-shared.patch [add] https://crrev.com/1a0ab174077d1ba73d750cf635127049fdb59bbc/dev-libs/nettle/files/nettle-3.3-ecc-add-eh.patch [add] https://crrev.com/1a0ab174077d1ba73d750cf635127049fdb59bbc/dev-libs/nettle/metadata.xml [delete] https://crrev.com/668f5ab889d9b7f2195b85c48a052dd0cfc6df4f/dev-libs/nettle/nettle-2.7.1.ebuild [add] https://crrev.com/1a0ab174077d1ba73d750cf635127049fdb59bbc/dev-libs/nettle/nettle-3.3-r2.ebuild [modify] https://crrev.com/1a0ab174077d1ba73d750cf635127049fdb59bbc/dev-libs/nettle/Manifest
,
Mar 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/0dbf3fce0ac5c05693fe499a72f9d2415ac64d10 commit 0dbf3fce0ac5c05693fe499a72f9d2415ac64d10 Author: David Valleau <valleau@chromium.org> Date: Fri Mar 09 01:00:53 2018 Updating gnutls to the latest stable version The current version of the gnutls package contained a system call not included in the cups seccomp policies which resulted in crashes. Considering the system call (writev) has some security vulnerabilites, is no longer in the newer versions of gnutls, and the gnutls package hadn't been updated in a long time, it seems like a good idea so simply update the package. Differences from upstream: - Changed the "KEYWORDS" list to just "*" BUG= chromium:805660 TEST=able to successfully emerge and deploy to chromebook CQ-DEPEND=CL:938639, CL:938318, CL:938317, CL:938637, CL:953643 Change-Id: I64af1310b2e2cf71ac08029e2d4b59d4c071a76e Reviewed-on: https://chromium-review.googlesource.com/938640 Commit-Ready: David Valleau <valleau@chromium.org> Tested-by: David Valleau <valleau@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> [modify] https://crrev.com/0dbf3fce0ac5c05693fe499a72f9d2415ac64d10/net-libs/gnutls/Manifest [delete] https://crrev.com/1a0ab174077d1ba73d750cf635127049fdb59bbc/net-libs/gnutls/gnutls-2.12.23-r6.ebuild [add] https://crrev.com/0dbf3fce0ac5c05693fe499a72f9d2415ac64d10/net-libs/gnutls/gnutls-3.5.15.ebuild [modify] https://crrev.com/0dbf3fce0ac5c05693fe499a72f9d2415ac64d10/net-libs/gnutls/metadata.xml
,
Mar 28 2018
Is this Fixed?
,
Apr 5 2018
,
Apr 5 2018
We suspect that this is fixed in build 10472, we should check back once 67 has been in the hands of enough users to see if the crash persists.
,
May 8 2018
Issue 207022 has been merged into this issue.
,
May 8 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by skau@chromium.org
, Jan 24 2018