Summary: | net-misc/ntpsec-1.2.0-r1[seccomp]: does not run | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Klemen Mihevc <solor> |
Component: | Current packages | Assignee: | Steve Arnold <nerdboy> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness, jamesb.fe80, jstein, sam, zeekec |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=705128 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 713688 | ||
Attachments: |
strace
proposed patch to add syscall to ntpsec this is a modified patch that directly works with gentoo ebuilds and prior patches |
Description
Klemen Mihevc
2021-04-28 06:34:21 UTC
Its defiantly not glib, reverting it doesnt do anything, so i guess its gcc. I have no idea what actual culprit is... i also reverted back to gcc 10.3 and i still get this error :/ it defiantly was still working after kernel & headers update to 5.12 ~2 days ago and it doesnt now... Created attachment 703182 [details]
strace
i attached strace if it helps, im to dumb for this :)
seccomp usually breaks when new syscalls start being used. That is most of the time is brought in by glibc update. I think it's a pread64: # strace -f /usr/sbin/ntpd -p ntpd.pid -g -u ntp:ntp -d 10 [pid 1098885] pread64(4, <unfinished ...> [pid 1098884] ioctl(3, SIOCGIFINDEX, {ifr_name="br0" <unfinished ...> [pid 1098885] <... pread64 resumed>"\2\0\0\220\0\0\0\0\360d\0050\35\177\0\0006", 48, 97920) = 17 [pid 1098884] <... ioctl resumed>, ifr_ifindex=4}) = 0 [pid 1098885] --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x7f1d30766fca, si_syscall=__NR_pread64, si_arch=AUDIT_ARCH_X86_64} --- [pid 1098885] +++ killed by SIGSYS +++ +++ killed by SIGSYS +++ Bad system call If you are curious of precise caller gdb shows it as: ``` # LANG=C gdb --quiet --args /usr/sbin/ntpd -p ntpd.pid -g -u ntp:ntp -d 10 Reading symbols from /usr/sbin/ntpd... Reading symbols from /usr/lib/debug//usr/sbin/ntpd.debug... (gdb) run Starting program: /usr/sbin/ntpd -p ntpd.pid -g -u ntp:ntp -d 10 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". 2021-04-28T23:23:29 ntpd[3472866]: INIT: ntpd ntpsec-1.2.0 2021-04-28T22:18:29Z: Starting 2021-04-28T23:23:29 ntpd[3472866]: INIT: Command line: /usr/sbin/ntpd -p ntpd.pid -g -u ntp:ntp -d 10 2021-04-28T23:23:29 ntpd[3472866]: INIT: precision = 0.063 usec (-24) 2021-04-28T23:23:29 ntpd[3472866]: INIT: successfully locked into RAM 2021-04-28T23:23:29 ntpd[3472866]: CONFIG: readconfig: parsing file: /etc/ntp.conf 2021-04-28T23:23:29 ntpd[3472866]: CONFIG: readconfig: parsing directory: /etc/ntp.d 2021-04-28T23:23:29 ntpd[3472866]: CONFIG: restrict nopeer ignored 2021-04-28T23:23:29 ntpd[3472866]: CONFIG: restrict nopeer ignored 2021-04-28T23:23:29 ntpd[3472866]: CONFIG: restrict nopeer ignored 2021-04-28T23:23:29 ntpd[3472866]: CONFIG: restrict nopeer ignored 2021-04-28T23:23:29 ntpd[3472866]: INIT: Using SO_TIMESTAMPNS 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen and drop on 0 v6wildcard [::]:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 2 lo 127.0.0.1:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 3 br0 10.0.0.1:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 4 wl0 192.168.1.200:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 5 lo [::1]:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 6 br0 [fd02::b838:dff:fe71:8a1a]:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 7 br0 [fe80::c2c0:c0ff:fec0:c0c0%4]:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 8 wl0 [fd01::20d:81ff:fea9:990]:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 9 wl0 [fe80::960c:6dff:fee2:47a1%8]:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 10 he-ipv6 [2001:470:1f1c:3e6::2]:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listen normally on 11 he-ipv6 [fe80::c0a8:1c8%9]:123 2021-04-28T23:23:29 ntpd[3472866]: IO: Listening on routing socket on fd #28 for interface updates 2021-04-28T23:23:29 ntpd[3472866]: SYNC: Found 10 servers, suggest minsane at least 3 2021-04-28T23:23:29 ntpd[3472866]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes 2021-04-28T23:23:29 ntpd[3472866]: INIT: OpenSSL 1.1.1k 25 Mar 2021, 101010bf 2021-04-28T23:23:29 ntpd[3472866]: NTSc: Using system default root certificates. 2021-04-28T23:23:29 ntpd[3472866]: INIT: sandbox: seccomp enabled. 2021-04-28T23:23:29 ntpd[3472866]: statistics directory /var/NTP/ does not exist or is unwriteable, error No such file or directory 2021-04-28T23:23:30 ntpd[3472866]: DNS: dns_probe: 10, cast_flags:1, flags:20901 [New Thread 0x7ffff7839640 (LWP 3472880)] Thread 2 "ntpd" received signal SIGSYS, Bad system call. [Switching to Thread 0x7ffff7839640 (LWP 3472880)] bt __GI___pread64_nocancel (fd=5, buf=0x7ffff78384a0, count=48, offset=97960) at ../sysdeps/unix/sysv/linux/pread64_nocancel.c:26 26 ../sysdeps/unix/sysv/linux/pread64_nocancel.c: No such file or directory. (gdb) bt #0 __GI___pread64_nocancel (fd=5, buf=0x7ffff78384a0, count=48, offset=97960) at ../sysdeps/unix/sysv/linux/pread64_nocancel.c:26 #1 0x00007ffff7fd2a88 in open_verify (name=name@entry=0x7ffff0001390 "/usr/lib/gcc/x86_64-pc-linux-gnu/12.0.0/libgcc_s.so.1", fbp=fbp@entry=0x7ffff78385b0, loader=<optimized out>, whatcode=whatcode@entry=8, found_other_class=found_other_class@entry=0x7ffff783859f, free_name=free_name@entry=false, mode=-1879048190, fd=5) at dl-load.c:1805 #2 0x00007ffff7fd5e85 in _dl_map_object (loader=loader@entry=0x7ffff7ad2000, name=<optimized out>, name@entry=0x7ffff7ac7b2f "libgcc_s.so.1", type=type@entry=2, trace_mode=trace_mode@entry=0, mode=mode@entry=-1879048190, nsid=<optimized out>) at dl-load.c:2224 #3 0x00007ffff7fdfdf4 in dl_open_worker (a=a@entry=0x7ffff7838b00) at dl-open.c:526 #4 0x00007ffff7a24b50 in __GI__dl_catch_exception (exception=0x7ffff7838ae0, operate=0x7ffff7fdfd50 <dl_open_worker>, args=0x7ffff7838b00) at /tmp/portage-tmpdir/portage/sys-libs/glibc-2.33/work/glibc-2.33/elf/dl-error-skeleton.c:208 #5 0x00007ffff7fdf967 in _dl_open (file=0x7ffff7ac7b2f "libgcc_s.so.1", mode=-2147483646, caller_dlopen=0x7ffff7ac456b <pthread_cancel_init+43>, nsid=-2, argc=8, argv=0x7ffff7838ae0, env=0x7fffffffe5c0) at dl-open.c:858 #6 0x00007ffff7a23ffd in do_dlopen (ptr=ptr@entry=0x7ffff7838d50) at dl-libc.c:96 #7 0x00007ffff7a24b50 in __GI__dl_catch_exception (exception=exception@entry=0x7ffff7838cd0, operate=operate@entry=0x7ffff7a23fc0 <do_dlopen>, args=args@entry=0x7ffff7838d50) at /tmp/portage-tmpdir/portage/sys-libs/glibc-2.33/work/glibc-2.33/elf/dl-error-skeleton.c:208 #8 0x00007ffff7a24c0f in __GI__dl_catch_error (objname=objname@entry=0x7ffff7838d28, errstring=errstring@entry=0x7ffff7838d30, mallocedp=mallocedp@entry=0x7ffff7838d27, operate=operate@entry=0x7ffff7a23fc0 <do_dlopen>, args=args@entry=0x7ffff7838d50) at /tmp/portage-tmpdir/portage/sys-libs/glibc-2.33/work/glibc-2.33/elf/dl-error-skeleton.c:227 #9 0x00007ffff7a240d7 in dlerror_run (operate=operate@entry=0x7ffff7a23fc0 <do_dlopen>, args=args@entry=0x7ffff7838d50) at dl-libc.c:46 #10 0x00007ffff7a24166 in __GI___libc_dlopen_mode (name=name@entry=0x7ffff7ac7b2f "libgcc_s.so.1", mode=mode@entry=-2147483646) at dl-libc.c:195 #11 0x00007ffff7ac456b in pthread_cancel_init () at ../sysdeps/nptl/unwind-forcedunwind.c:53 #12 0x00007ffff7ac4784 in _Unwind_ForcedUnwind (exc=0x7ffff7839cb0, stop=stop@entry=0x7ffff7ac2af0 <unwind_stop>, stop_argument=0x7ffff7838e70) at ../sysdeps/nptl/unwind-forcedunwind.c:127 #13 0x00007ffff7ac2c60 in __GI___pthread_unwind (buf=<optimized out>) at unwind.c:131 #14 0x00007ffff7abaf9c in __do_cancel () at /tmp/portage-tmpdir/portage/sys-libs/glibc-2.33/work/glibc-2.33/nptl/pthreadP.h:307 #15 __pthread_exit (value=<optimized out>) at pthread_exit.c:28 #16 0x000055555557008c in dns_lookup () #17 0x00007ffff7ab9cde in start_thread (arg=0x7ffff7839640) at pthread_create.c:473 #18 0x00007ffff79efaef in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 ``` Which is a glibc's shared library loader as a response to name services resolution. Created attachment 712923 [details, diff]
proposed patch to add syscall to ntpsec
It would be most convenient if you could apply this patch to NTPsec and check if it resolves the issue. If it does then the patch can be applied upstream for the release after next.
(In reply to James Browning from comment #6) > Created attachment 712923 [details, diff] [details, diff] > proposed patch to add syscall to ntpsec > > It would be most convenient if you could apply this patch to NTPsec and > check if it resolves the issue. If it does then the patch can be applied > upstream for the release after next. seems to work after i modified it a bit with proper tabs and lines... Created attachment 712929 [details, diff]
this is a modified patch that directly works with gentoo ebuilds and prior patches
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a87107cfff01e74e3519624360dbd72a60a1fdd9 commit a87107cfff01e74e3519624360dbd72a60a1fdd9 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-10 21:09:31 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-10 21:09:31 +0000 net-misc/ntpsec: add seccomp patch from upstream Closes: https://bugs.gentoo.org/786228 Closes: https://bugs.gentoo.org/705128 Signed-off-by: Sam James <sam@gentoo.org> net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 19 +++++++++++++++++++ ...{ntpsec-1.2.0-r1.ebuild => ntpsec-1.2.0-r2.ebuild} | 5 +++-- 2 files changed, 22 insertions(+), 2 deletions(-) That patch does not fix it, it lacks pread64 so custom patch is still needed. As it looks even 1.2.1 still does not have this fix. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=540ea2504d870d6ff28f61b3b399d178c7ae4df8 commit 540ea2504d870d6ff28f61b3b399d178c7ae4df8 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-11 06:38:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-11 06:38:33 +0000 net-misc/ntpsec: add additional pread64 syscall patch Closes: https://bugs.gentoo.org/786228 Signed-off-by: Sam James <sam@gentoo.org> net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 11 +++++++++++ .../ntpsec/{ntpsec-1.2.0-r2.ebuild => ntpsec-1.2.0-r3.ebuild} | 1 + 2 files changed, 12 insertions(+) |