In reply to @jtojnar:matrix.org
can you reproduce with the script mentioned in the upstream issue?

In reply to @5m5z3q888q5prxkg:chat.lightnovel-dungeon.de
Which one?

Heya! (reposted from Nix/NixOS room)

I'm having trouble with tracker-extract-3.service on nixos. It's been crashing since nixos 23.05.20231011.bd1cde (October 12th).
https://gist.github.com/the-furry-hubofeverything/97e6dbbca82bcdfb6325626e7b88b40a

Looking at the time that it happened, and comparing that to the closest system profile change, I ran a diff-closure between unproblematic and the problematic system, and it resulted with:

[hubble@Gulo-Laptop:~]$ nix store diff-closures /nix/var/nix/profiles/system-395-link /nix/var/nix/profiles/system-396-link
nixos-system-Gulo-Laptop: 23.05.20231007.5a237ae → 23.05.20231011.bd1cde4
source: +417.8 KiB
tracker-miners: 3.5.0 → 3.5.3, -41.0 KiB

And looking at the latest commits at that time, tracker-miners was updated to patch CVE-2023-43641.
Is this related to the CVE? Is this a nixos bug or upstream?

In reply to @hubofeverything:bark.lgbt

Heya! (reposted from Nix/NixOS room)

I'm having trouble with tracker-extract-3.service on nixos. It's been crashing since nixos 23.05.20231011.bd1cde (October 12th).
https://gist.github.com/the-furry-hubofeverything/97e6dbbca82bcdfb6325626e7b88b40a

Looking at the time that it happened, and comparing that to the closest system profile change, I ran a diff-closure between unproblematic and the problematic system, and it resulted with:

[hubble@Gulo-Laptop:~]$ nix store diff-closures /nix/var/nix/profiles/system-395-link /nix/var/nix/profiles/system-396-link
nixos-system-Gulo-Laptop: 23.05.20231007.5a237ae → 23.05.20231011.bd1cde4
source: +417.8 KiB
tracker-miners: 3.5.0 → 3.5.3, -41.0 KiB

And looking at the latest commits at that time, tracker-miners was updated to patch CVE-2023-43641.
Is this related to the CVE? Is this a nixos bug or upstream?

In reply to @jtojnar:matrix.org
https://gitlab.freedesktop.org/mesa/mesa/-/issues/8198#note_1754876

In reply to @jtojnar:matrix.org
Hi, the security sandbox whitelists allowed system calls so if some dependency is updated it might start using one not on the whitelist

warning: core file may not match specified executable file.
[New LWP 5389]
[New LWP 5393]
[New LWP 5390]
[New LWP 5392]
[New LWP 5391]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/nix/store/whypqfa83z4bsn43n4byvmw80n4mg3r8-glibc-2.37-45/lib/libthread_db.so.1".
Core was generated by `/nix/store/mngainxz4xg8mzqgl4028lxij0jhqcpx-tracker-miners-3.5.3/libexec/tracke'.
Program terminated with signal SIGSYS, Bad system call.
#0  <signal handler called>
[Current thread is 1 (Thread 0x7fdb2921c840 (LWP 5389))]
(gdb) bt
#0  <signal handler called>
#1  0x00007fdb29db21ab in sched_get_priority_max () from /nix/store/whypqfa83z4bsn43n4byvmw80n4mg3r8-glibc-2.37-45/lib/libc.so.6
#2  0x00007fdb062e1cb5 in ?? () from /run/opengl-driver/lib/libcuda.so.1
#3  0x00007fdb067df0d2 in ?? () from /run/opengl-driver/lib/libcuda.so.1
#4  0x0000000000000000 in ?? ()

In reply to @jtojnar:matrix.org
Hi, the security sandbox whitelists allowed system calls so if some dependency is updated it might start using one not on the whitelist

Reading symbols from /nix/store/mngainxz4xg8mzqgl4028lxij0jhqcpx-tracker-miners-3.5.3/libexec/.tracker-extract-3-wrapped...
(No debugging symbols found in /nix/store/mngainxz4xg8mzqgl4028lxij0jhqcpx-tracker-miners-3.5.3/libexec/.tracker-extract-3-wrapped)


warning: core file may not match specified executable file.
[New LWP 5389]
[New LWP 5393]
[New LWP 5390]
[New LWP 5392]
[New LWP 5391]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/nix/store/whypqfa83z4bsn43n4byvmw80n4mg3r8-glibc-2.37-45/lib/libthread_db.so.1".
Core was generated by `/nix/store/mngainxz4xg8mzqgl4028lxij0jhqcpx-tracker-miners-3.5.3/libexec/tracke'.
Program terminated with signal SIGSYS, Bad system call.
#0  <signal handler called>
[Current thread is 1 (Thread 0x7fdb2921c840 (LWP 5389))]
(gdb) bt
#0  <signal handler called>
#1  0x00007fdb29db21ab in sched_get_priority_max () from /nix/store/whypqfa83z4bsn43n4byvmw80n4mg3r8-glibc-2.37-45/lib/libc.so.6
#2  0x00007fdb062e1cb5 in ?? () from /run/opengl-driver/lib/libcuda.so.1
#3  0x00007fdb067df0d2 in ?? () from /run/opengl-driver/lib/libcuda.so.1
#4  0x0000000000000000 in ?? ()

Reading symbols from /nix/store/mngainxz4xg8mzqgl4028lxij0jhqcpx-tracker-miners-3.5.3/libexec/.tracker-extract-3-wrapped...
(No debugging symbols found in /nix/store/mngainxz4xg8mzqgl4028lxij0jhqcpx-tracker-miners-3.5.3/libexec/.tracker-extract-3-wrapped)

warning: core file may not match specified executable file.
[New LWP 5389]
[New LWP 5393]
[New LWP 5390]
[New LWP 5392]
[New LWP 5391]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/nix/store/whypqfa83z4bsn43n4byvmw80n4mg3r8-glibc-2.37-45/lib/libthread_db.so.1".
Core was generated by `/nix/store/mngainxz4xg8mzqgl4028lxij0jhqcpx-tracker-miners-3.5.3/libexec/tracke'.
Program terminated with signal SIGSYS, Bad system call.
#0  <signal handler called>
[Current thread is 1 (Thread 0x7fdb2921c840 (LWP 5389))]
(gdb) bt
#0  <signal handler called>
#1  0x00007fdb29db21ab in sched_get_priority_max () from /nix/store/whypqfa83z4bsn43n4byvmw80n4mg3r8-glibc-2.37-45/lib/libc.so.6
#2  0x00007fdb062e1cb5 in ?? () from /run/opengl-driver/lib/libcuda.so.1
#3  0x00007fdb067df0d2 in ?? () from /run/opengl-driver/lib/libcuda.so.1
#4  0x0000000000000000 in ?? ()