This bug was fixed in the package tracker-miners -
2.3.3-2ubuntu0.20.04.1
---------------
tracker-miners (2.3.3-2ubuntu0.20.04.1) focal; urgency=medium
* d/p/libtracker-miners-common-Add-newstatat-statat64-syscalls.patch:
cherry-picked from upstream to prevent seccomp crashes with newer glibc,
notably during dist-upgrade. (LP: #1983859)
-- Simon Chopin <[email protected]> Wed, 10 Aug 2022 14:05:34 +0200
** Changed in: tracker-miners (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to tracker-miners in Ubuntu.
https://bugs.launchpad.net/bugs/1983859
Title:
tracker-extract crashes with SIGSYS when upgrading from 20.04 to 22.04
Status in tracker-miners package in Ubuntu:
Fix Released
Status in ubuntu-release-upgrader package in Ubuntu:
Invalid
Status in tracker-miners source package in Focal:
Fix Released
Status in ubuntu-release-upgrader source package in Focal:
Invalid
Bug description:
[Impact]
The crash will prompt users during the ugprade, leaving a relatively bad user
experience, compounded by the fact that the issue is marked by apport as
"Unreportable" since the exec that crashed has usually been removed during the
upgrade by the time the user tries to report it.
[Fix]
The crash is due to the Focal tracker-extract binary being triggered during
the upgrade while its dependencies, including glibc have already been switched
to their Jammy version, leading to new syscalls being used that the Focal
seccomp filter didn't know about, notably fstatat64.
There's an upstream commit addressing this specific issue that has been
cherry-picked in both Hirsute and Debian, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983637
The fix is just backporting this patch further back to Focal, adding
fstatat64 and newfstatat to the allowed-list of the seccomp filter. I
consider those two syscalls fairly safe and legitimate.
[Test plan]
- Boot a pristine Focal VM
- Install tracker-extract & tracker-miners from -proposed
- run do-release-upgrade -d
-> continue through the "do you want to continue" prompts
=> If all goes well the upgrade should finish and ask you to reboot
=> Otherwise you'd have a tracker-extract crash during the dist-upgrade phase
of the upgrade
[Regression potential]
Messing with the seccomp filter could lead to the filter being made either
too restrictive, making tracker-extract crash whenever called, or too
permissive, weakening the sandboxing for this binary. That latter possibility
is IMO more worrisome given the purpose of the package.
[Original report]
When upgrading Ubuntu Desktop from 20.04 to 22.04, there's often (pretty much
always) a crash from tracker-extract, as described in the following error
report:
https://errors.ubuntu.com/oops/d7866d85-14cc-11ed-a52b-fa163e55efd0
The crash occurs during the upgrade, which means it's fairly hard to
investigate exactly what's going on as apport fails to extract a stack
trace, the binaries being overwritten during the upgrade.
However, the crash occurs because of a unhandled SIGSYS, meaning a
seccomp filter issue. I've tried backporting this patch fixing a
similar issue:
https://gitlab.gnome.org/GNOME/tracker-
miners/-/commit/4cda983b02e49f6bd28b94a6b96c9fe7026887ef
but it doesn't apply, likely due to the code having diverged too much
since.
My proposal is thus to disable tracker-extract during upgrade,
including in all user sessions. I'm assuming that the new version will
be enabled automatically as its unit file changed name anyway.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tracker-miners/+bug/1983859/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
