[Bug 1983859] Re: tracker-extract crashes with SIGSYS when upgrading from 20.04 to 22.04

Łukasz Zemczak 1983859 at bugs.launchpad.net
Thu Aug 11 15:18:00 UTC 2022 

Hello Simon, or anyone else affected,

Accepted tracker-miners into focal-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/tracker-
miners/2.3.3-2ubuntu0.20.04.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: tracker-miners (Ubuntu Focal)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1983859

Title:
  tracker-extract crashes with SIGSYS when upgrading from 20.04 to 22.04

Status in tracker-miners package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader package in Ubuntu:
  Triaged
Status in tracker-miners source package in Focal:
  Fix Committed
Status in ubuntu-release-upgrader source package in Focal:
  Triaged

Bug description:
  [Impact]
  The crash will prompt users during the ugprade, leaving a relatively bad user experience, compounded by the fact that the issue is marked by apport as "Unreportable" since the exec that crashed has usually been removed during the upgrade by the time the user tries to report it.

  [Fix]
  The crash is due to the Focal tracker-extract binary being triggered during the upgrade while its dependencies, including glibc have already been switched to their Jammy version, leading to new syscalls being used that the Focal seccomp filter didn't know about, notably fstatat64.

  There's an upstream commit addressing this specific issue that has been cherry-picked in both Hirsute and Debian, see
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983637

  The fix is just backporting this patch further back to Focal, adding
  fstatat64 and newfstatat to the allowed-list of the seccomp filter. I
  consider those two syscalls fairly safe and legitimate.

  [Test plan]
  - Boot a pristine Focal VM
  - Install tracker-extract & tracker-miners from -proposed
  - run do-release-upgrade -d
    -> continue through the "do you want to continue" prompts
  => If all goes well the upgrade should finish and ask you to reboot
  => Otherwise you'd have a tracker-extract crash during the dist-upgrade phase of the upgrade

  [Regression potential]
  Messing with the seccomp filter could lead to the filter being made either too restrictive, making tracker-extract crash whenever called, or too permissive, weakening the sandboxing for this binary. That latter possibility is IMO more worrisome given the purpose of the package.

  [Original report]
  When upgrading Ubuntu Desktop from 20.04 to 22.04, there's often (pretty much always) a crash from tracker-extract, as described in the following error report:

  https://errors.ubuntu.com/oops/d7866d85-14cc-11ed-a52b-fa163e55efd0

  The crash occurs during the upgrade, which means it's fairly hard to
  investigate exactly what's going on as apport fails to extract a stack
  trace, the binaries being overwritten during the upgrade.

  However, the crash occurs because of a unhandled SIGSYS, meaning a
  seccomp filter issue. I've tried backporting this patch fixing a
  similar issue:

  https://gitlab.gnome.org/GNOME/tracker-
  miners/-/commit/4cda983b02e49f6bd28b94a6b96c9fe7026887ef

  but it doesn't apply, likely due to the code having diverged too much
  since.

  My proposal is thus to disable tracker-extract during upgrade,
  including in all user sessions. I'm assuming that the new version will
  be enabled automatically as its unit file changed name anyway.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tracker-miners/+bug/1983859/+subscriptions

More information about the foundations-bugs mailing list