syscall: TestCloneNEWUSERAndRemapNoRootDisableSetgroups failing with "operation not permitted" #11261

ALTree · 2015-06-17T18:49:16Z

go version devel +dd44d49 Wed Jun 17 20:00:06 2015 +0200 linux/amd64

$ uname -a
Linux gauss 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux

./all.bash fails with

--- FAIL: TestCloneNEWUSERAndRemapNoRootDisableSetgroups (0.00s)
    exec_linux_test.go:45: Cmd failed with err fork/exec /usr/bin/whoami: operation not permitted, output: 
FAIL
FAIL    syscall 0.020s

Output of

$ strace -f ./syscall.test -test.run=TestCloneNEWUSERAndRemapNoRootDisableSetgroups

is

execve("./syscall.test", ["./syscall.test", "-test.run=TestCloneNEWUSERAndRem"...], [/* 42 vars */]) = 0
brk(0)                                  = 0x2187000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f74baf75000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=104291, ...}) = 0
mmap(NULL, 104291, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f74baf5b000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20o\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=137440, ...}) = 0
mmap(NULL, 2213008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f74bab3a000
mprotect(0x7f74bab52000, 2093056, PROT_NONE) = 0
mmap(0x7f74bad51000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f74bad51000
mmap(0x7f74bad53000, 13456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f74bad53000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1729984, ...}) = 0
mmap(NULL, 3836448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f74ba791000
mprotect(0x7f74ba930000, 2097152, PROT_NONE) = 0
mmap(0x7f74bab30000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19f000) = 0x7f74bab30000
mmap(0x7f74bab36000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f74bab36000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f74baf5a000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f74baf58000
arch_prctl(ARCH_SET_FS, 0x7f74baf58740) = 0
mprotect(0x7f74bab30000, 16384, PROT_READ) = 0
mprotect(0x7f74bad51000, 4096, PROT_READ) = 0
mprotect(0x7f74baf77000, 4096, PROT_READ) = 0
munmap(0x7f74baf5b000, 104291)          = 0
set_tid_address(0x7f74baf58a10)         = 6090
set_robust_list(0x7f74baf58a20, 24)     = 0
rt_sigaction(SIGRTMIN, {0x7f74bab409f0, [], SA_RESTORER|SA_SIGINFO, 0x7f74bab498d0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f74bab40a80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f74bab498d0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
sched_getaffinity(0, 128, {f, 0, 0, 0, 0, 0, 0, 0}) = 64
mmap(0xc000000000, 65536, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
munmap(0xc000000000, 65536)             = 0
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f74baf18000
mmap(0xc820000000, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc820000000
mmap(0xc81fff8000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc81fff8000
mmap(0xc000000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f74baf65000
mmap(NULL, 1439992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f74badb8000
sigaltstack({ss_sp=0xc820002000, ss_flags=0, ss_size=32672}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGILL, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGILL, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGTRAP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTRAP, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGABRT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGABRT, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGBUS, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGBUS, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGFPE, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGFPE, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR1, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGSEGV, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSEGV, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR2, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGPIPE, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGALRM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGALRM, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGSTKFLT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSTKFLT, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGCHLD, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGURG, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGURG, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGXCPU, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXCPU, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGXFSZ, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXFSZ, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGVTALRM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGVTALRM, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGPROF, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPROF, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGWINCH, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGIO, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGIO, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGPWR, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPWR, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGSYS, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSYS, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRTMIN, NULL, {0x7f74bab409f0, [], SA_RESTORER|SA_SIGINFO, 0x7f74bab498d0}, 8) = 0
rt_sigaction(SIGRTMIN, NULL, {0x7f74bab409f0, [], SA_RESTORER|SA_SIGINFO, 0x7f74bab498d0}, 8) = 0
rt_sigaction(SIGRTMIN, {0x7f74bab409f0, [], SA_RESTORER|SA_STACK|SA_SIGINFO, 0x7f74bab498d0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, NULL, {0x7f74bab40a80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f74bab498d0}, 8) = 0
rt_sigaction(SIGRT_1, NULL, {0x7f74bab40a80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f74bab498d0}, 8) = 0
rt_sigaction(SIGRT_1, {0x7f74bab40a80, [], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x7f74bab498d0}, NULL, 8) = 0
rt_sigaction(SIGRT_2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_2, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_3, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_3, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_4, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_4, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_5, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_5, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_6, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_6, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_7, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_7, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_8, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_8, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_9, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_9, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_10, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_10, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_11, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_11, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_12, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_12, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_13, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_13, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_14, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_14, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_15, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_15, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_16, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_16, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_17, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_17, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_18, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_18, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_19, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_19, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_20, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_20, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_21, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_21, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_22, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_22, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_23, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_23, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_24, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_24, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_25, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_25, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_26, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_26, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_27, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_27, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_28, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_28, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_29, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_29, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_30, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_30, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_31, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_31, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_32, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_32, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
brk(0)                                  = 0x2187000
brk(0x21a8000)                          = 0x21a8000
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f74b9f90000
mprotect(0x7f74b9f90000, 4096, PROT_NONE) = 0
clone(Process 6091 attached
child_stack=0x7f74ba78ffb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f74ba7909d0, tls=0x7f74ba790700, child_tidptr=0x7f74ba7909d0) = 6091
[pid  6091] set_robust_list(0x7f74ba7909e0, 24 <unfinished ...>
[pid  6090] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  6091] <... set_robust_list resumed> ) = 0
[pid  6090] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  6091] sigaltstack({ss_sp=0xc820042000, ss_flags=0, ss_size=32672} <unfinished ...>
[pid  6090] mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  6091] <... sigaltstack resumed> , NULL) = 0
[pid  6090] <... mmap resumed> )        = 0x7f74bad78000
[pid  6091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
[pid  6090] rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
[pid  6090] mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f74b978f000
[pid  6090] mprotect(0x7f74b978f000, 4096, PROT_NONE <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] <... mprotect resumed> )    = 0
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] clone(Process 6092 attached
child_stack=0x7f74b9f8efb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f74b9f8f9d0, tls=0x7f74b9f8f700, child_tidptr=0x7f74b9f8f9d0) = 6092
[pid  6092] set_robust_list(0x7f74b9f8f9e0, 24 <unfinished ...>
[pid  6090] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  6092] <... set_robust_list resumed> ) = 0
[pid  6090] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  6092] sigaltstack({ss_sp=0xc820052000, ss_flags=0, ss_size=32672} <unfinished ...>
[pid  6090] rt_sigprocmask(SIG_SETMASK, NULL,  <unfinished ...>
[pid  6092] <... sigaltstack resumed> , NULL) = 0
[pid  6090] <... rt_sigprocmask resumed> [], 8) = 0
[pid  6092] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  6090] rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1],  <unfinished ...>
[pid  6092] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  6090] <... rt_sigprocmask resumed> [], 8) = 0
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  6092] rt_sigprocmask(SIG_SETMASK, NULL,  <unfinished ...>
[pid  6090] <... mmap resumed> )        = 0x7f74b8f8e000
[pid  6092] <... rt_sigprocmask resumed> [], 8) = 0
[pid  6090] mprotect(0x7f74b8f8e000, 4096, PROT_NONE <unfinished ...>
[pid  6092] mmap(NULL, 134217728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0 <unfinished ...>
[pid  6090] <... mprotect resumed> )    = 0
[pid  6092] <... mmap resumed> )        = 0x7f74b0f8e000
[pid  6090] clone( <unfinished ...>
[pid  6092] munmap(0x7f74b0f8e000, 50798592Process 6093 attached
 <unfinished ...>
[pid  6090] <... clone resumed> child_stack=0x7f74b978dfb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f74b978e9d0, tls=0x7f74b978e700, child_tidptr=0x7f74b978e9d0) = 6093
[pid  6093] set_robust_list(0x7f74b978e9e0, 24 <unfinished ...>
[pid  6090] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  6093] <... set_robust_list resumed> ) = 0
[pid  6090] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  6093] sigaltstack({ss_sp=0xc82005a000, ss_flags=0, ss_size=32672} <unfinished ...>
[pid  6090] futex(0x721108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6093] <... sigaltstack resumed> , NULL) = 0
[pid  6092] <... munmap resumed> )      = 0
[pid  6093] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  6092] munmap(0x7f74b8000000, 16310272 <unfinished ...>
[pid  6093] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  6092] <... munmap resumed> )      = 0
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6093] futex(0xc820030d08, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6092] mprotect(0x7f74b4000000, 135168, PROT_READ|PROT_WRITE) = 0
[pid  6092] rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
[pid  6092] mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f74b878d000
[pid  6092] mprotect(0x7f74b878d000, 4096, PROT_NONE) = 0
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6092] clone( <unfinished ...>
[pid  6091] select(0, NULL, NULL, NULL, {0, 20}Process 6094 attached
 <unfinished ...>
[pid  6094] set_robust_list(0x7f74b8f8d9e0, 24 <unfinished ...>
[pid  6092] <... clone resumed> child_stack=0x7f74b8f8cfb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f74b8f8d9d0, tls=0x7f74b8f8d700, child_tidptr=0x7f74b8f8d9d0) = 6094
[pid  6094] <... set_robust_list resumed> ) = 0
[pid  6092] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  6094] sigaltstack({ss_sp=0xc820066000, ss_flags=0, ss_size=32672} <unfinished ...>
[pid  6092] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  6094] <... sigaltstack resumed> , NULL) = 0
[pid  6092] futex(0x721108, FUTEX_WAKE, 1 <unfinished ...>
[pid  6094] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  6090] <... futex resumed> )       = 0
[pid  6094] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  6092] <... futex resumed> )       = 1
[pid  6094] select(0, NULL, NULL, NULL, {0, 100} <unfinished ...>
[pid  6090] futex(0xc820030d08, FUTEX_WAKE, 1 <unfinished ...>
[pid  6092] futex(0xc820030908, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6090] <... futex resumed> )       = 1
[pid  6093] <... futex resumed> )       = 0
[pid  6090] futex(0x721108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] <... futex resumed> )       = -1 EAGAIN (Resource temporarily unavailable)
[pid  6093] futex(0x721108, FUTEX_WAKE, 1 <unfinished ...>
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6093] <... futex resumed> )       = 0
[pid  6093] futex(0xc820030d08, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6094] <... select resumed> )      = 0 (Timeout)
[pid  6094] futex(0xc820062108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6090] mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f74b874d000
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] futex(0xc820062108, FUTEX_WAKE, 1) = 1
[pid  6094] <... futex resumed> )       = 0
[pid  6094] select(0, NULL, NULL, NULL, {0, 100} <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] openat(AT_FDCWD, "/proc/sys/net/core/somaxconn", O_RDONLY|O_CLOEXEC <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] <... openat resumed> )      = 3
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] read(3, "128\n", 4096)      = 4
[pid  6094] <... select resumed> )      = 0 (Timeout)
[pid  6090] read(3,  <unfinished ...>
[pid  6094] futex(0xc820030d08, FUTEX_WAKE, 1 <unfinished ...>
[pid  6090] <... read resumed> "", 4092) = 0
[pid  6094] <... futex resumed> )       = 1
[pid  6090] close(3 <unfinished ...>
[pid  6094] futex(0xc820062108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6090] <... close resumed> )       = 0
[pid  6093] <... futex resumed> )       = 0
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6093] futex(0xc820030d08, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6090] socket(PF_INET, SOCK_STREAM, IPPROTO_TCP <unfinished ...>
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] <... socket resumed> )      = 3
[pid  6090] close(3)                    = 0
[pid  6090] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 3
[pid  6090] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0
[pid  6090] bind(3, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28 <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] <... bind resumed> )        = 0
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 4
[pid  6090] setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = 0
[pid  6090] bind(4, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid  6090] close(4)                    = 0
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] close(3 <unfinished ...>
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] <... close resumed> )       = 0
[pid  6090] futex(0xc820030d08, FUTEX_WAKE, 1) = 1
[pid  6093] <... futex resumed> )       = 0
[pid  6093] select(0, NULL, NULL, NULL, {0, 100} <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] getuid()                    = 1000
[pid  6090] getuid()                    = 1000
[pid  6090] getgid()                    = 1000
[pid  6090] stat("/proc/self/ns/user",  <unfinished ...>
[pid  6093] <... select resumed> )      = 0 (Timeout)
[pid  6090] <... stat resumed> {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
[pid  6093] futex(0xc820062108, FUTEX_WAKE, 1 <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6094] <... futex resumed> )       = 0
[pid  6093] <... futex resumed> )       = 1
[pid  6094] futex(0xc820062108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6093] futex(0x744540, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] stat("/usr/local/bin/whoami", 0xc82009e240) = -1 ENOENT (No such file or directory)
[pid  6090] stat("/usr/bin/whoami", {st_mode=S_IFREG|0755, st_size=27112, ...}) = 0
[pid  6090] openat(AT_FDCWD, "/dev/null", O_RDONLY|O_CLOEXEC) = 3
[pid  6090] pipe2( <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] <... pipe2 resumed> [4, 5], O_CLOEXEC) = 0
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] pipe2([6, 7], O_CLOEXEC)    = 0
[pid  6090] getpid()                    = 6090
[pid  6090] pipe2([8, 9], O_CLOEXEC)    = 0
[pid  6090] clone( <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] <... clone resumed> child_stack=0, flags=CLONE_NEWUSER|SIGCHLD) = -1 EPERM (Operation not permitted)
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] close(6)                    = 0
[pid  6090] close(7)                    = 0
[pid  6090] close(3)                    = 0
[pid  6090] close(5)                    = 0
[pid  6090] close(4)                    = 0
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] futex(0xc820062108, FUTEX_WAKE, 1) = 1
[pid  6094] <... futex resumed> )       = 0
[pid  6094] futex(0xc820062108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  6090] write(1, "--- FAIL: TestCloneNEWUSERAndRem"..., 170--- FAIL: TestCloneNEWUSERAndRemapNoRootDisableSetgroups (0.00s)
    exec_linux_test.go:45: Cmd failed with err fork/exec /usr/bin/whoami: operation not permitted, output: 
) = 170
[pid  6090] write(1, "FAIL\n", 5FAIL
 <unfinished ...>
[pid  6091] <... select resumed> )      = 0 (Timeout)
[pid  6090] <... write resumed> )       = 5
[pid  6091] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  6090] exit_group(1)               = ?
[pid  6094] <... futex resumed> )       = ? <unavailable>
[pid  6094] +++ exited with 1 +++
[pid  6092] +++ exited with 1 +++
[pid  6091] +++ exited with 1 +++
[pid  6093] +++ exited with 1 +++
+++ exited with 1 +++

The text was updated successfully, but these errors were encountered:

ianlancetaylor · 2015-06-17T19:33:26Z

Thanks for the strace.

It looks like it was the clone call itself that failed with EPERM. I'm not sure why that would happen.

Could you run "go test syscall -test.run=TestCloneNEWUSERAndRemapNoRootSetgroupsEnableSetgroups -test.v" and attach the output here? That runs a slightly different test, which I assume is passing for you. I'd like to find out why it passes.

ianlancetaylor · 2015-06-17T19:34:56Z

According to a man page, clone with CLONE_NEWUSER can fail with EPERM if "CLONE_NEWUSER was specified in flags, but either the effective user ID or the effective group ID of the caller does not have a mapping in the parent namespace (see user_namespaces(7))."

Are you running in some sort of VM?

Also, are you running with SELinux enabled?

ALTree · 2015-06-17T19:55:43Z

~/go/bin/go test syscall -test.run=TestCloneNEWUSERAndRemapNoRootSetgroupsEnableSetgroups -test.v
=== RUN   TestCloneNEWUSERAndRemapNoRootSetgroupsEnableSetgroups
--- PASS: TestCloneNEWUSERAndRemapNoRootSetgroupsEnableSetgroups (0.00s)
PASS
ok      syscall 0.002s

or should I run strace on it?

No, it's not a VM. It's a plain debian system, I never enabled SELinux and the debian package selinux-basics is not installed so I guess no, I don't have SELinux enabled.

ianlancetaylor · 2015-06-17T20:22:39Z

Hmmm, I was imagining that that test would be skipped. But evidently not. Yes, if you wouldn't mind, please do run strace -f on it. Thanks.

ALTree · 2015-06-17T20:29:49Z

$ strace -f ./syscall.test -test.run=TestCloneNEWUSERAndRemapNoRootSetgroupsEnableSetgroups

output:

execve("./syscall.test", ["./syscall.test", "-test.run=TestCloneNEWUSERAndRem"...], [/* 42 vars */]) = 0
brk(0)                                  = 0x7dc000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f439632f000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=104291, ...}) = 0
mmap(NULL, 104291, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4396315000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20o\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=137440, ...}) = 0
mmap(NULL, 2213008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f4395ef4000
mprotect(0x7f4395f0c000, 2093056, PROT_NONE) = 0
mmap(0x7f439610b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f439610b000
mmap(0x7f439610d000, 13456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f439610d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1729984, ...}) = 0
mmap(NULL, 3836448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f4395b4b000
mprotect(0x7f4395cea000, 2097152, PROT_NONE) = 0
mmap(0x7f4395eea000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19f000) = 0x7f4395eea000
mmap(0x7f4395ef0000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f4395ef0000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4396314000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4396312000
arch_prctl(ARCH_SET_FS, 0x7f4396312740) = 0
mprotect(0x7f4395eea000, 16384, PROT_READ) = 0
mprotect(0x7f439610b000, 4096, PROT_READ) = 0
mprotect(0x7f4396331000, 4096, PROT_READ) = 0
munmap(0x7f4396315000, 104291)          = 0
set_tid_address(0x7f4396312a10)         = 8784
set_robust_list(0x7f4396312a20, 24)     = 0
rt_sigaction(SIGRTMIN, {0x7f4395efa9f0, [], SA_RESTORER|SA_SIGINFO, 0x7f4395f038d0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f4395efaa80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f4395f038d0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
sched_getaffinity(0, 128, {f, 0, 0, 0, 0, 0, 0, 0}) = 64
mmap(0xc000000000, 65536, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
munmap(0xc000000000, 65536)             = 0
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43962d2000
mmap(0xc820000000, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc820000000
mmap(0xc81fff8000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc81fff8000
mmap(0xc000000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f439631f000
mmap(NULL, 1439992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4396172000
sigaltstack({ss_sp=0xc820002000, ss_flags=0, ss_size=32672}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGILL, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGILL, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGTRAP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTRAP, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGABRT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGABRT, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGBUS, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGBUS, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGFPE, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGFPE, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR1, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGSEGV, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSEGV, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGUSR2, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGPIPE, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGALRM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGALRM, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGSTKFLT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSTKFLT, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGCHLD, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGURG, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGURG, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGXCPU, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXCPU, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGXFSZ, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGXFSZ, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGVTALRM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGVTALRM, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGPROF, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPROF, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGWINCH, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGIO, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGIO, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGPWR, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPWR, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGSYS, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGSYS, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRTMIN, NULL, {0x7f4395efa9f0, [], SA_RESTORER|SA_SIGINFO, 0x7f4395f038d0}, 8) = 0
rt_sigaction(SIGRTMIN, NULL, {0x7f4395efa9f0, [], SA_RESTORER|SA_SIGINFO, 0x7f4395f038d0}, 8) = 0
rt_sigaction(SIGRTMIN, {0x7f4395efa9f0, [], SA_RESTORER|SA_STACK|SA_SIGINFO, 0x7f4395f038d0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, NULL, {0x7f4395efaa80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f4395f038d0}, 8) = 0
rt_sigaction(SIGRT_1, NULL, {0x7f4395efaa80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f4395f038d0}, 8) = 0
rt_sigaction(SIGRT_1, {0x7f4395efaa80, [], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x7f4395f038d0}, NULL, 8) = 0
rt_sigaction(SIGRT_2, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_2, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_3, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_3, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_4, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_4, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_5, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_5, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_6, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_6, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_7, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_7, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_8, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_8, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_9, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_9, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_10, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_10, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_11, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_11, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_12, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_12, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_13, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_13, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_14, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_14, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_15, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_15, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_16, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_16, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_17, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_17, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_18, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_18, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_19, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_19, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_20, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_20, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_21, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_21, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_22, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_22, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_23, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_23, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_24, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_24, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_25, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_25, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_26, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_26, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_27, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_27, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_28, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_28, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_29, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_29, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_30, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_30, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_31, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_31, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigaction(SIGRT_32, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_32, {0x45d120, ~[], SA_RESTORER|SA_STACK|SA_RESTART|SA_SIGINFO, 0x45d140}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
brk(0)                                  = 0x7dc000
brk(0x7fd000)                           = 0x7fd000
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f439534a000
mprotect(0x7f439534a000, 4096, PROT_NONE) = 0
clone(child_stack=0x7f4395b49fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f4395b4a9d0, tls=0x7f4395b4a700, child_tidptr=0x7f4395b4a9d0) = 8785
Process 8785 attached
[pid  8784] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  8785] set_robust_list(0x7f4395b4a9e0, 24 <unfinished ...>
[pid  8784] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  8785] <... set_robust_list resumed> ) = 0
[pid  8784] mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  8785] sigaltstack({ss_sp=0xc820042000, ss_flags=0, ss_size=32672}, NULL) = 0
[pid  8785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  8784] <... mmap resumed> )        = 0x7f4396132000
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1],  <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] <... rt_sigprocmask resumed> [], 8) = 0
[pid  8784] mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4394b49000
[pid  8784] mprotect(0x7f4394b49000, 4096, PROT_NONE <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] <... mprotect resumed> )    = 0
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] clone(Process 8786 attached
child_stack=0x7f4395348fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f43953499d0, tls=0x7f4395349700, child_tidptr=0x7f43953499d0) = 8786
[pid  8786] set_robust_list(0x7f43953499e0, 24 <unfinished ...>
[pid  8784] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  8786] <... set_robust_list resumed> ) = 0
[pid  8784] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  8786] sigaltstack({ss_sp=0xc820052000, ss_flags=0, ss_size=32672} <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] rt_sigprocmask(SIG_SETMASK, NULL,  <unfinished ...>
[pid  8786] <... sigaltstack resumed> , NULL) = 0
[pid  8784] <... rt_sigprocmask resumed> [], 8) = 0
[pid  8786] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  8784] rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1],  <unfinished ...>
[pid  8786] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  8784] <... rt_sigprocmask resumed> [], 8) = 0
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4394348000
[pid  8786] rt_sigprocmask(SIG_SETMASK, NULL,  <unfinished ...>
[pid  8784] mprotect(0x7f4394348000, 4096, PROT_NONE <unfinished ...>
[pid  8786] <... rt_sigprocmask resumed> [], 8) = 0
[pid  8784] <... mprotect resumed> )    = 0
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] clone( <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20}Process 8787 attached
 <unfinished ...>
[pid  8784] <... clone resumed> child_stack=0x7f4394b47fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f4394b489d0, tls=0x7f4394b48700, child_tidptr=0x7f4394b489d0) = 8787
[pid  8787] set_robust_list(0x7f4394b489e0, 24 <unfinished ...>
[pid  8784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  8787] <... set_robust_list resumed> ) = 0
[pid  8784] futex(0x721108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8787] sigaltstack({ss_sp=0xc82005a000, ss_flags=0, ss_size=32672}, NULL) = 0
[pid  8787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  8786] mmap(NULL, 134217728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0 <unfinished ...>
[pid  8787] futex(0xc820030d08, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8786] <... mmap resumed> )        = 0x7f438c348000
[pid  8786] munmap(0x7f438c348000, 63668224) = 0
[pid  8786] munmap(0x7f4394000000, 3440640 <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8786] <... munmap resumed> )      = 0
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8786] mprotect(0x7f4390000000, 135168, PROT_READ|PROT_WRITE) = 0
[pid  8786] rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
[pid  8786] mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f438f7ff000
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8786] mprotect(0x7f438f7ff000, 4096, PROT_NONE <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8786] <... mprotect resumed> )    = 0
[pid  8786] clone(Process 8788 attached
child_stack=0x7f438fffefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f438ffff9d0, tls=0x7f438ffff700, child_tidptr=0x7f438ffff9d0) = 8788
[pid  8788] set_robust_list(0x7f438ffff9e0, 24 <unfinished ...>
[pid  8786] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  8788] <... set_robust_list resumed> ) = 0
[pid  8786] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  8788] sigaltstack({ss_sp=0xc820066000, ss_flags=0, ss_size=32672} <unfinished ...>
[pid  8786] futex(0x721108, FUTEX_WAKE, 1 <unfinished ...>
[pid  8788] <... sigaltstack resumed> , NULL) = 0
[pid  8784] <... futex resumed> )       = 0
[pid  8788] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  8786] <... futex resumed> )       = 1
[pid  8788] <... rt_sigprocmask resumed> NULL, 8) = 0
[pid  8784] futex(0xc820030908, FUTEX_WAKE, 1 <unfinished ...>
[pid  8788] select(0, NULL, NULL, NULL, {0, 100} <unfinished ...>
[pid  8784] <... futex resumed> )       = 0
[pid  8786] futex(0xc820030908, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8784] futex(0x721108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8786] <... futex resumed> )       = -1 EAGAIN (Resource temporarily unavailable)
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8786] futex(0x721108, FUTEX_WAKE, 1 <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] <... futex resumed> )       = 0
[pid  8786] <... futex resumed> )       = 1
[pid  8786] futex(0xc820030908, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8788] <... select resumed> )      = 0 (Timeout)
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8788] futex(0xc820062108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8784] mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] <... mmap resumed> )        = 0x7f4394308000
[pid  8785] select(0, NULL, NULL, NULL, {0, 20}) = 0 (Timeout)
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] futex(0xc820062108, FUTEX_WAKE, 1) = 1
[pid  8788] <... futex resumed> )       = 0
[pid  8788] select(0, NULL, NULL, NULL, {0, 100} <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] openat(AT_FDCWD, "/proc/sys/net/core/somaxconn", O_RDONLY|O_CLOEXEC <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] <... openat resumed> )      = 3
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8788] <... select resumed> )      = 0 (Timeout)
[pid  8784] read(3,  <unfinished ...>
[pid  8788] futex(0xc820030908, FUTEX_WAKE, 1 <unfinished ...>
[pid  8784] <... read resumed> "128\n", 4096) = 4
[pid  8788] <... futex resumed> )       = 1
[pid  8784] read(3,  <unfinished ...>
[pid  8786] <... futex resumed> )       = 0
[pid  8784] <... read resumed> "", 4092) = 0
[pid  8788] futex(0xc820062108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8784] close(3 <unfinished ...>
[pid  8786] futex(0xc820030908, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8784] <... close resumed> )       = 0
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
[pid  8784] close(3)                    = 0
[pid  8784] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 3
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [1], 4 <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] <... setsockopt resumed> )  = 0
[pid  8784] bind(3, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid  8784] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 4
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4 <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] <... setsockopt resumed> )  = 0
[pid  8784] bind(4, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid  8784] close(4)                    = 0
[pid  8784] close(3)                    = 0
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] futex(0xc820030908, FUTEX_WAKE, 1 <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] <... futex resumed> )       = 1
[pid  8786] <... futex resumed> )       = 0
[pid  8786] select(0, NULL, NULL, NULL, {0, 100} <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] getuid()                    = 1000
[pid  8784] getuid()                    = 1000
[pid  8784] getgid( <unfinished ...>
[pid  8786] <... select resumed> )      = 0 (Timeout)
[pid  8784] <... getgid resumed> )      = 1000
[pid  8786] futex(0xc820062108, FUTEX_WAKE, 1 <unfinished ...>
[pid  8784] stat("/proc/self/ns/user",  <unfinished ...>
[pid  8788] <... futex resumed> )       = 0
[pid  8786] <... futex resumed> )       = 1
[pid  8788] futex(0xc820062108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] <... stat resumed> {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
[pid  8786] futex(0x744540, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] stat("/usr/local/bin/whoami", 0xc82009e1b0) = -1 ENOENT (No such file or directory)
[pid  8784] stat("/usr/bin/whoami",  <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] <... stat resumed> {st_mode=S_IFREG|0755, st_size=27112, ...}) = 0
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] openat(AT_FDCWD, "/dev/null", O_RDONLY|O_CLOEXEC) = 3
[pid  8784] openat(AT_FDCWD, "/dev/null", O_WRONLY|O_CLOEXEC) = 4
[pid  8784] openat(AT_FDCWD, "/dev/null", O_WRONLY|O_CLOEXEC) = 5
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] pipe2([6, 7], O_CLOEXEC)    = 0
[pid  8784] getpid()                    = 8784
[pid  8784] pipe2([8, 9], O_CLOEXEC)    = 0
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] clone( <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] <... clone resumed> child_stack=0, flags=CLONE_NEWUSER|SIGCHLD) = -1 EPERM (Operation not permitted)
[pid  8784] close(6)                    = 0
[pid  8784] close(7)                    = 0
[pid  8784] close(3)                    = 0
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] close(4 <unfinished ...>
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] <... close resumed> )       = 0
[pid  8784] close(5)                    = 0
[pid  8784] futex(0xc820062108, FUTEX_WAKE, 1) = 1
[pid  8788] <... futex resumed> )       = 0
[pid  8788] futex(0xc820062108, FUTEX_WAIT, 0, NULL <unfinished ...>
[pid  8785] <... select resumed> )      = 0 (Timeout)
[pid  8784] write(1, "PASS\n", 5 <unfinished ...>
PASS
[pid  8785] select(0, NULL, NULL, NULL, {0, 20} <unfinished ...>
[pid  8784] <... write resumed> )       = 5
[pid  8784] exit_group(0)               = ?
[pid  8786] +++ exited with 0 +++
[pid  8788] +++ exited with 0 +++
[pid  8785] +++ exited with 0 +++
[pid  8787] +++ exited with 0 +++
+++ exited with 0 +++

ianlancetaylor · 2015-06-17T23:16:17Z

Thanks. Of course. The test is looking for EPERM, and it gets an EPERM from the wrong place, so it passes for the wrong reason.

@LK4D4 Do you have any guess as to why clone(CLONE_NEWUSER) is failing with EPERM on this system? Any suggestions for what to look for to skip the test?

LK4D4 · 2015-06-17T23:37:46Z

@ianlancetaylor Only thing that I can think of on kernel 3.8+ is missing CAP_SYS_ADMIN for user or some kernel patch. Another unrealistic idea is that process becoming multithreaded earlier than it shoud.
@ALTree Could you try unshare -Ur command from unprivileged user on your system?

ALTree · 2015-06-18T11:34:10Z

$ unshare -Ur
unshare: unshare failed: Operation not permitted

@LK4D4

LK4D4 · 2015-06-18T20:02:25Z

Hmmm, this is definitely unexpected on vanilla 3.16 :/
ping @mrunalp Maybe you have some ideas?

minux · 2015-06-19T01:19:26Z

Do you have sysctl kernel.unprivileged_userns_clone? Perhaps the kernel has the disabling unprivileged user namespace by default patch applied.

ALTree · 2015-06-19T08:35:46Z

$ cat /proc/sys/kernel/unprivileged_userns_clone

says

If I set

echo 1 > /proc/sys/kernel/unprivileged_userns_clone

./all.bash passes.

I should add that I never set that var to 0, it was like that by default.

LK4D4 · 2015-06-19T17:54:31Z

Humm, we can test this file for skip. Not sure if it's available to read from unprivileged user. Also seems like this file was removed in some kernel version.

ianlancetaylor · 2015-06-19T20:50:48Z

@ALTree If you can, please try the patch in http://golang.org/cl/11269. Thanks.

ALTree · 2015-06-19T21:17:20Z

That fixed it.

$ cat /proc/sys/kernel/unprivileged_userns_clone

is always 0 and ./all.bash now passes.

kamoljan · 2015-09-04T09:59:57Z

Hi @ianlancetaylor !

is the patch merged with master or release-branch.go1.5?
This issue is still there

bradfitz · 2015-09-04T15:37:06Z

It was put in master (at rev 79d4d6e) but not in the 1.5 release branch.

ianlancetaylor · 2015-09-04T17:06:42Z

Fixes for tests do not go on release branches.

kamoljan · 2015-09-06T10:59:23Z

@bradfitz hi! Nope, I tried master as well, it doesn't work.

mwhudson · 2015-09-06T22:15:38Z

FWIW, I see this all the time when running in a chroot. I've never got around to looking into it, but, @kamoljan are you running inside a chroot?

kamoljan · 2015-09-07T03:19:41Z

@mwhudson no, I am not runing inside a chroot.
Btw, I can see from the patch it is checking /proc/sys/kernel/unprivileged_userns_clone dir.

However, in AWS EC2 (AMI) instance there is no such dir.

LK4D4 · 2015-09-08T06:01:53Z

@kamoljan Could you post strace -f pls, as @ALTree did above?
Also, could you try unshare -Ur from unprivileged user on your aws machine?

kamoljan · 2015-09-09T22:39:06Z

@LK4D4 I am sorry, I didn't notice your message.
I have terminated my aws machine already.
I will create a new one this weekend and let you know the result of unshare -Ur.

However, I have my `strace' output (I took it from my duplicate issue)

[pid 30505] select(0, NULL, NULL, NULL, {0, 100} <unfinished ...>
[pid 30502] write(1, "--- FAIL: TestCloneNEWUSERAndRem"..., 170--- FAIL:     TestCloneNEWUSERAndRemapNoRootDisableSetgroups (0.00s)
exec_linux_test.go:53: Cmd failed with err fork/exec /usr/bin/whoami: operation not permitted,    output:
 <unfinished ...>
[pid 30503] <... select resumed> )      = 0 (Timeout)

kamoljan · 2015-09-13T15:27:03Z

@LK4D4

here is strace -f

[pid 13968] +++ exited with 1 +++
[pid 13951] <... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, {ru_utime={408, 520000}, ru_stime={82, 180000}, ...}) = 13968
[pid 13951] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13968, si_status=1, si_utime=0, si_stime=0} ---
[pid 13951] rt_sigreturn() = 13968
[pid 13951] futex(0xbac920, FUTEX_WAKE, 1 <unfinished ...>
[pid 13962] <... futex resumed> ) = 0
[pid 13951] <... futex resumed> ) = 1
[pid 13962] sched_yield( <unfinished ...>
[pid 13951] unlinkat(AT_FDCWD, "/tmp/go-build037950849", 0 <unfinished ...>
[pid 13962] <... sched_yield resumed> ) = 0
[pid 13951] <... unlinkat resumed> ) = -1 EISDIR (Is a directory)
[pid 13962] futex(0xbac860, FUTEX_WAKE, 1 <unfinished ...>
[pid 13951] unlinkat(AT_FDCWD, "/tmp/go-build037950849", AT_REMOVEDIR <unfinished ...>
[pid 13962] <... futex resumed> ) = 0
[pid 13962] clock_gettime(CLOCK_MONOTONIC, <unfinished ...>
[pid 13951] <... unlinkat resumed> ) = 0
[pid 13962] <... clock_gettime resumed> {2087, 930110440}) = 0
[pid 13951] exit_group(1) = ?
[pid 13962] clock_gettime(CLOCK_REALTIME, <ptrace(SYSCALL):No such process>
[pid 13967] +++ exited with 1 +++
[pid 13966] +++ exited with 1 +++
[pid 13965] +++ exited with 1 +++
[pid 13964] +++ exited with 1 +++
[pid 13962] +++ exited with 1 +++
[pid 13963] +++ exited with 1 +++
[pid 13951] +++ exited with 1 +++
<... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 13951
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13951, si_status=1, si_utime=0, si_stime=0} ---
wait4(-1, 0x7fff091e6818, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn() = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x7fdc1c98f640}, {0x43b010, [], SA_RESTORER, 0x7fdc1c98f640}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
exit_group(1) = ?
+++ exited with 1 +++

ianlancetaylor added the OS-Linux label Jun 17, 2015

ianlancetaylor added this to the Go1.5 milestone Jun 17, 2015

ianlancetaylor self-assigned this Jun 17, 2015

ianlancetaylor closed this as completed in 79d4d6e Jun 20, 2015

bradfitz mentioned this issue Sep 4, 2015

./all.bash cannot pass test for syscall on AMI #12497

Closed

golang locked and limited conversation to collaborators Sep 22, 2016

gopherbot added the FrozenDueToAge label Sep 22, 2016

rsc unassigned ianlancetaylor Jun 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

syscall: TestCloneNEWUSERAndRemapNoRootDisableSetgroups failing with "operation not permitted" #11261

syscall: TestCloneNEWUSERAndRemapNoRootDisableSetgroups failing with "operation not permitted" #11261

ALTree commented Jun 17, 2015

ianlancetaylor commented Jun 17, 2015

ianlancetaylor commented Jun 17, 2015

ALTree commented Jun 17, 2015

ianlancetaylor commented Jun 17, 2015

ALTree commented Jun 17, 2015

ianlancetaylor commented Jun 17, 2015

LK4D4 commented Jun 17, 2015

ALTree commented Jun 18, 2015

LK4D4 commented Jun 18, 2015

minux commented Jun 19, 2015 via email

ALTree commented Jun 19, 2015

LK4D4 commented Jun 19, 2015

ianlancetaylor commented Jun 19, 2015

ALTree commented Jun 19, 2015

kamoljan commented Sep 4, 2015

bradfitz commented Sep 4, 2015

ianlancetaylor commented Sep 4, 2015

kamoljan commented Sep 6, 2015

mwhudson commented Sep 6, 2015

kamoljan commented Sep 7, 2015

LK4D4 commented Sep 8, 2015

kamoljan commented Sep 9, 2015

kamoljan commented Sep 13, 2015

syscall: TestCloneNEWUSERAndRemapNoRootDisableSetgroups failing with "operation not permitted" #11261

syscall: TestCloneNEWUSERAndRemapNoRootDisableSetgroups failing with "operation not permitted" #11261

Comments

ALTree commented Jun 17, 2015

ianlancetaylor commented Jun 17, 2015

ianlancetaylor commented Jun 17, 2015

ALTree commented Jun 17, 2015

ianlancetaylor commented Jun 17, 2015

ALTree commented Jun 17, 2015

ianlancetaylor commented Jun 17, 2015

LK4D4 commented Jun 17, 2015

ALTree commented Jun 18, 2015

LK4D4 commented Jun 18, 2015

minux commented Jun 19, 2015 via email

ALTree commented Jun 19, 2015

LK4D4 commented Jun 19, 2015

ianlancetaylor commented Jun 19, 2015

ALTree commented Jun 19, 2015

kamoljan commented Sep 4, 2015

bradfitz commented Sep 4, 2015

ianlancetaylor commented Sep 4, 2015

kamoljan commented Sep 6, 2015

mwhudson commented Sep 6, 2015

kamoljan commented Sep 7, 2015

LK4D4 commented Sep 8, 2015

kamoljan commented Sep 9, 2015

kamoljan commented Sep 13, 2015