Wilco: diagnosticsd crashes on startup |
|||
Issue descriptionChrome Version: 72.0.3588.0 OS: Chrome OS 11186.0.2018_10_24_1722-18.10.24 Hardware: Wilco Proto What steps will reproduce the problem? (1) Build and deploy the diagnostics package to Wilco. (2) start diagnosticsd (3) status diagnosticsd What is the expected result? diagnosticsd should be running. What happens instead? diagnosticsd has crashed, and "status diagnosticsd" reports stop/waiting. dmesg reports the following: "init: diagnosticsd main process (1224) terminated with status 254" I attached gdb, and ran diagnosticsd until the following error occurred: "[FATAL:dbus_daemon.cc(78)] Check failed: bus_->RequestOwnershipAndBlock(service_name_, dbus::Bus::REQUIRE_PRIMARY). Unable to take ownership of org.chromium.Diagnosticsd"
,
Oct 30
I'm wondering if the error in #1 is real, or if it's a byproduct of the way I'm starting the daemon with GDB - I might not be running the daemon as the diagnostics user. /etc/dbus-1/system.d/org.chromium.Diagnosticsd.conf looks okay, and the diagnostics user should be allowed to own org.chromium.Diagnosticsd. Maksim did point out that the upstart script expects the directory /sys/devices/virtual/hwmon to exist, and it doesn't, so that could be the issue as well.
,
Oct 31
There are two issues here: 1.) The missing directory /sys/devices/virtual/hwmon - if I edit the upstart script to not try to mount this, I can work around this issue. 2.) the seccomp filters for socket need to be more permissive - it looks like emaxx@chromium.org already found this as well, and has a CL at https://chromium-review.googlesource.com/c/chromiumos/platform2/+/1310174 With these two changes, I can run diagnosticsd on Wilco.
,
Nov 2
Thanks for verifying that, Paul. For the reference, attaching the corresponding CLs: https://crrev.com/c/1310174, https://crrev.com/c/1315287.
,
Nov 4
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/8bd273f6ba0cef973b74065352c07ea4c1b0a474 commit 8bd273f6ba0cef973b74065352c07ea4c1b0a474 Author: Maksim Ivanov <emaxx@chromium.org> Date: Sun Nov 04 00:16:54 2018 diagnostics: Allow socket AF_INET in seccomp filters Whitelist calling socket with domain==AF_INET for both diagnosticsd and diagnostics_processor. It's needed despite that no direct internet requests are allowed or expected from these daemons. The reason why it's required is that the gRPC library makes such call during its initialization. gRPC does this in order to check whether the SO_REUSEPORT option is available. There doesn't seem to be a way to suppress this check. BUG=chromium:869377, chromium:899766 TEST=manual - check that the daemons don't crash Change-Id: Id9f1596f8f2cec856654b82bf744b732d8beb584 Reviewed-on: https://chromium-review.googlesource.com/1310174 Commit-Ready: Maksim Ivanov <emaxx@chromium.org> Tested-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/8bd273f6ba0cef973b74065352c07ea4c1b0a474/diagnostics/init/diagnosticsd-seccomp-arm.policy [modify] https://crrev.com/8bd273f6ba0cef973b74065352c07ea4c1b0a474/diagnostics/init/diagnosticsd-seccomp-amd64.policy [modify] https://crrev.com/8bd273f6ba0cef973b74065352c07ea4c1b0a474/diagnostics/init/diagnostics_processor-seccomp-arm.policy [modify] https://crrev.com/8bd273f6ba0cef973b74065352c07ea4c1b0a474/diagnostics/init/diagnostics_processor-seccomp-amd64.policy
,
Nov 7
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/37bd432e1462fef0756acce35489788013793a1f commit 37bd432e1462fef0756acce35489788013793a1f Author: Maksim Ivanov <emaxx@chromium.org> Date: Wed Nov 07 14:34:43 2018 diagnostics: Skip binding non-existing directories Fix the upstart script for the diagnosticsd daemon to not request minijail to bind non-existing directories. This refers to directories that the daemon wishes to read but aren't crucial to them, and whose presence is outside of the daemon's control. For example, the number of hwmon virtual devices and their paths under /sys/devices/ vary depending on the kernel and drivers versions. Without this fix, the diagnosticsd daemon couldn't even start when some of such directories are missing. BUG=chromium:869377, chromium:899766 TEST=check that the daemon starts successfully Change-Id: Iee1247da1c1f548f903a67400b1f2bbdad181412 Reviewed-on: https://chromium-review.googlesource.com/1315287 Commit-Ready: Maksim Ivanov <emaxx@chromium.org> Tested-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/37bd432e1462fef0756acce35489788013793a1f/diagnostics/init/diagnosticsd.conf
,
Nov 21
pmoy@: I think we can close this one. Unless you were still observing the crashes?
,
Nov 26
You're right - sorry I've been slow on this!
,
Nov 26
|
|||
►
Sign in to add a comment |
|||
Comment 1 by pmoy@chromium.org
, Oct 30I dug around with GDB, and dbus_bus_request_name is failing with the following error: {error_ = {name = 0x5555555f59c0 "org.freedesktop.DBus.Error.AccessDenied", message = 0x555555605640 "Connection \":1.66\" is not allowed to own the service \"org.chromium.Diagnosticsd\" due to security policies in the configuration file", dummy1 = 0, dummy2 = 0, dummy3 = 0, dummy4 = 0, dummy5 = 0, padding1 = 0x7fffffffd540}}