[tor-bugs] #27315 [Core Tor/Tor]: Sandbox regression in 0.3.4.7-rc

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 11 17:42:40 UTC 2018 

#27315: Sandbox regression in 0.3.4.7-rc
--------------------------+------------------------------------
 Reporter:  toralf        |          Owner:  (none)
     Type:  defect        |         Status:  needs_revision
 Priority:  Medium        |      Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.4.7-rc
 Severity:  Normal        |     Resolution:
 Keywords:  regression?   |  Actual Points:
Parent ID:                |         Points:
 Reviewer:  ahf           |        Sponsor:
--------------------------+------------------------------------

Comment (by toralf):

 Bad news: With 0.3.4.8 at a stable hardened Gentoo Desktop I do run into
 this again:
 {{{
 t44 tmp # cat info.log
 Sep 11 19:33:56.000 [notice] Tor 0.3.4.8 (git-da95b91355248ad8) opening
 new log file.
 Sep 11 19:33:56.000 [warn] Your log may contain sensitive information -
 you're logging more than "notice". Don't log unless it serves an important
 reason. Overwrite the log afterwards.
 Sep 11 19:33:56.000 [info] options_act_reversible(): Recomputed OOS
 thresholds: ConnLimit 1000, ConnLimit_ 29968, ConnLimit_high_thresh 29904,
 ConnLimit_low_thresh 22476
 Sep 11 19:33:56.000 [info] tor_lockfile_lock(): Locking
 "/var/lib/tor/data/lock"
 Sep 11 19:33:56.000 [info] or_state_load(): Loaded state from
 "/var/lib/tor/data/state"
 Sep 11 19:33:56.000 [info] sampled_guards_update_from_consensus(): Not
 updating the sample guard set; we have no live consensus.
 Sep 11 19:33:56.000 [info] sample_reachable_filtered_entry_guards():
 Trying to sample a reachable guard: We know of 0 in the USABLE_FILTERED
 set.
 Sep 11 19:33:56.000 [info] sample_reachable_filtered_entry_guards():
 (That isn't enough. Trying to expand the sample.)
 Sep 11 19:33:56.000 [info] entry_guards_expand_sample(): Not expanding the
 sample guard set; we have no live consensus.
 Sep 11 19:33:56.000 [info] sample_reachable_filtered_entry_guards():
 (After filters [b], we have 0 guards to consider.)
 Sep 11 19:33:56.000 [info] circuit_build_times_parse_state(): Adding 145
 timeouts.
 Sep 11 19:33:56.000 [info] circuit_build_times_parse_state(): Loaded
 1000/1000 values from 122 lines in circuit time histogram
 Sep 11 19:33:56.000 [info] circuit_build_times_get_xm(): Xm mode #0: 225
 135
 Sep 11 19:33:56.000 [info] circuit_build_times_get_xm(): Xm mode #1: 275
 113
 Sep 11 19:33:56.000 [info] circuit_build_times_get_xm(): Xm mode #2: 225
 135
 Sep 11 19:33:56.000 [info] circuit_build_times_set_timeout(): Based on
 1000 circuit times, it looks like we don't need to wait so long for
 circuits to finish. We will now assume a circuit is too slow to use after
 waiting 4 seconds.
 Sep 11 19:33:56.000 [info] circuit_build_times_set_timeout(): Circuit
 timeout data: 4126.277304ms, 60000.000000ms, Xm: 239, a: 0.564979, r:
 0.210000
 Sep 11 19:33:56.000 [info] read_file_to_str(): Could not open
 "/var/lib/tor/data/router-stability": No such file or directory
 Sep 11 19:33:56.000 [info] init_cookie_authentication(): Generated auth
 cookie file in '"/var/lib/tor/data/control_auth_cookie"'.
 Sep 11 19:33:56.000 [info] scheduler_kist_set_full_mode(): Setting KIST
 scheduler with kernel support (KIST mode)
 Sep 11 19:33:56.000 [info] cmux_ewma_set_options(): Enabled cell_ewma
 algorithm because of value in CircuitPriorityHalflifeMsec in consensus;
 scale factor is 0.793701 per 10 seconds
 Sep 11 19:33:56.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
 Sep 11 19:33:56.000 [notice] Parsing GEOIP IPv6 file
 /usr/share/tor/geoip6.
 Sep 11 19:33:56.000 [info] add_predicted_port(): New port prediction
 added. Will continue predictive circ building for 2494 more seconds.
 Sep 11 19:33:56.000 [info] crypto_global_init(): NOT using OpenSSL engine
 support.
 Sep 11 19:33:56.000 [info] evaluate_evp_for_aes(): This version of OpenSSL
 has a known-good EVP counter-mode implementation. Using it.
 Sep 11 19:33:56.000 [notice] We were built to run on a 64-bit CPU, with
 OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently
 lacks accelerated support for the NIST P-224 and P-256 groups. Building
 openssl with such support (using the enable-ec_nistp_64_gcc_128 option
 when configuring it) would make ECDH much faster.
 Sep 11 19:33:56.000 [notice] Bootstrapped 0%: Starting
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/cached-
 certs": Permission denied
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/cached-
 consensus": Permission denied
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/unverified-
 consensus": Permission denied
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/cached-
 microdesc-consensus": Permission denied
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/unverified-
 microdesc-consensus": Permission denied
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/cached-
 microdescs" for mmap(): Permission denied
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/cached-
 microdescs.new": Permission denied
 Sep 11 19:33:56.000 [info] microdesc_cache_reload(): Reloaded
 microdescriptor cache. Found 0 descriptors.
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/cached-
 descriptors" for mmap(): Permission denied
 Sep 11 19:33:56.000 [warn] Could not open "/var/lib/tor/data/cached-
 extrainfo" for mmap(): Permission denied
 Sep 11 19:33:56.000 [notice] Starting with guard context "default"
 Sep 11 19:33:56.000 [info] sampled_guards_update_from_consensus(): Not
 updating the sample guard set; we have no live consensus.
 Sep 11 19:33:56.000 [info] sample_reachable_filtered_entry_guards():
 Trying to sample a reachable guard: We know of 0 in the USABLE_FILTERED
 set.
 Sep 11 19:33:56.000 [info] sample_reachable_filtered_entry_guards():
 (That isn't enough. Trying to expand the sample.)
 Sep 11 19:33:56.000 [info] entry_guards_expand_sample(): Not expanding the
 sample guard set; we have no live consensus.
 Sep 11 19:33:56.000 [info] sample_reachable_filtered_entry_guards():
 (After filters [b], we have 0 guards to consider.)
 Sep 11 19:33:56.000 [info] I learned some more directory information, but
 not enough to build a circuit: We have no usable consensus.
 Sep 11 19:33:57.000 [info] update_consensus_bootstrap_attempt_downloads():
 Launching microdesc bootstrap mirror networkstatus consensus download.
 Sep 11 19:33:57.000 [info] sample_reachable_filtered_entry_guards():
 Trying to sample a reachable guard: We know of 0 in the USABLE_FILTERED
 set.
 Sep 11 19:33:57.000 [info] sample_reachable_filtered_entry_guards():
 (That isn't enough. Trying to expand the sample.)
 Sep 11 19:33:57.000 [info] entry_guards_expand_sample(): Not expanding the
 sample guard set; we have no live consensus.
 Sep 11 19:33:57.000 [info] sample_reachable_filtered_entry_guards():
 (After filters [7], we have 0 guards to consider.)
 Sep 11 19:33:57.000 [info] select_entry_guard_for_circuit(): Absolutely no
 sampled guards were available. Marking all guards for retry and starting
 from top again.
 Sep 11 19:33:57.000 [info] directory_pick_generic_dirserver(): No router
 found for consensus network-status fetch; falling back to dirserver list.
 Sep 11 19:33:57.000 [info] connection_ap_make_link(): Making internal
 direct tunnel to [scrubbed]:22 ...
 Sep 11 19:33:57.000 [info] connection_ap_make_link(): ... application
 connection created and linked.
 Sep 11 19:33:57.000 [info] directory_send_command(): Downloading consensus
 from 176.31.180.157:22 using /tor/status-vote/current/consensus-
 microdesc/0232AF+14C131+23D15D+27102B+49015F+D586D1+E8A9C4+ED03BB+EFCBE7.z

 ============================================================ T= 1536687237
 (Sandbox) Caught a bad syscall attempt (syscall openat)
 /usr/bin/tor(+0x191e3a)[0x55ec09e79e3a]
 /lib64/libpthread.so.0(open64+0x5d)[0x7efc590023ad]
 /lib64/libpthread.so.0(open64+0x5d)[0x7efc590023ad]
 /usr/bin/tor(tor_open_cloexec+0x40)[0x55ec09e606a0]
 /usr/bin/tor(start_writing_to_file+0x16a)[0x55ec09e7420a]
 /usr/bin/tor(+0x18c2eb)[0x55ec09e742eb]
 /usr/bin/tor(+0x18c438)[0x55ec09e74438]
 /usr/bin/tor(or_state_save+0x151)[0x55ec09da0401]
 /usr/bin/tor(+0x503dd)[0x55ec09d383dd]
 /usr/bin/tor(+0x6bc71)[0x55ec09d53c71]
 /usr/lib64/libevent-2.1.so.6(+0x226bd)[0x7efc59ecc6bd]
 /usr/lib64/libevent-2.1.so.6(event_base_loop+0x4e7)[0x7efc59ecd377]
 /usr/bin/tor(do_main_loop+0x17a)[0x55ec09d3c33a]
 /usr/bin/tor(tor_run_main+0x11a5)[0x55ec09d3e8b5]
 /usr/bin/tor(tor_main+0x3a)[0x55ec09d36bba]
 /usr/bin/tor(main+0x19)[0x55ec09d36949]
 /lib64/libc.so.6(__libc_start_main+0xfd)[0x7efc58c4005d]
 /usr/bin/tor(_start+0x2a)[0x55ec09d3699a]
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27315#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list