Hi Stefano, I got the coredump file, it reports the `fork` syscall is bad: Program terminated with signal SIGSYS, Bad system call. #0 __GI__Fork () at ../sysdeps/nptl/_Fork.c:50 50 return pid; (gdb) bt #0 __GI__Fork () at ../sysdeps/nptl/_Fork.c:50 #1 0x00007f8c04fdc02a in __libc_fork () at fork.c:73 #2 0x00007f8c05009f8b in daemon (nochdir=0, noclose=0) at daemon.c:48 #3 0x000000000040c1e9 in main (argc=1, argv=0x7ffd10b5cd78) at passt.c:368 quit) Looks like the seccomp is still badly configured. I have little knowledge about the seccomp. I have tried to add the fork like this, but it doesn't work. --- a/passt.c +++ b/passt.c @@ -278,7 +278,7 @@ static void pid_file(struct ctx *c) { * #syscalls prlimit64 epoll_ctl epoll_create1 epoll_wait accept4 accept listen * #syscalls socket bind connect getsockopt setsockopt recvfrom sendto shutdown * #syscalls openat fstat fcntl lseek clone setsid exit_group getpid - * #syscalls clock_gettime newfstatat + * #syscalls clock_gettime newfstatat fork * #syscalls:pasta rt_sigreturn */ int main(int argc, char **argv) Thanks, Feng Li On Fri, Oct 29, 2021 at 11:33 AM Li Feng <fengli(a)smartx.com> wrote:Hi Stefano, The previous test has included the fix. This is my repo HEAD: * 2c7431f - (HEAD -> master, origin/master, origin/HEAD) README: Feature list, links to lists, bugs, chat (6 days ago) <Stefano Brivio> * a77c5ef - README, perf_report: Markdown and CSS fixes (7 days ago) <Stefano Brivio> * 94c7c1d - slirp4netns.sh: Fix up usage, exit 0 on --help (7 days ago) <Stefano Brivio> * 1fc6416 - seccomp: Add newfstatat to list of allowed syscalls (7 days ago) <Stefano Brivio> * d36e429 - netlink: Fix length of address attribute (7 days ago) <Stefano Brivio> My OS is Fedora 35, x64 version. I will try to dig it when I have some time. Thanks, Feng Li On Thu, Oct 28, 2021 at 3:30 PM Stefano Brivio <sbrivio(a)redhat.com> wrote: > > Hi Feng Li, > > On Thu, 28 Oct 2021 12:25:29 +0800 > Li Feng <fengli(a)smartx.com> wrote: > > > Add cc. > > Sorry, I missed your email. It looks like on Mailman3, if I'm the owner > of a list, I'm not automatically a member receiving posts from the list > itself -- added myself as member, too. > > > On Tue, Oct 26, 2021 at 1:28 PM Li Feng <fengli(a)smartx.com> wrote: > > > > > > Hi, > > > I just tested the master code, the passt just exited without any error. > > > > > > ``` > > > $ ./passt > > > Outbound interface: ens192 > > > ARP: > > > address: 00:50:56:be:9d:1f > > > DHCP: > > > assign: 192.168.64.217 > > > mask: 255.255.240.0 > > > router: 192.168.64.1 > > > search: > > > . > > > UNIX domain socket bound at /tmp/passt_1.socket > > > > > > You can now start qrap: > > > ./qrap 5 kvm ... -net socket,fd=5 -net nic,model=virtio > > > or directly qemu, patched with: > > > qemu/0001-net-Allow-also-UNIX-domain-sockets-to-be-used-as-net.patch > > > as follows: > > > kvm ... -net socket,connect=/tmp/passt_1.socket -net nic,model=virtio > > > 21-10-26 13:23:43 root@192.168.64.217:~/passt(master✗) > > passt will fork into background as soon as it gets a connection. Can > you retry running it as: > > ./passt -f -d > > so we can see if something strange is going on (-f stands for > --foreground, -d for --debug)? Because: > > > > ``` > > > Another terminal: > > > ``` > > > $ bash x.sh > > > recv: Connection reset by peer > > > Probe of /tmp/passt_1.socket failed > > > connect: No such file or directory > > > Probe of /tmp/passt_2.socket failed > > > connect: No such file or directory > > > Probe of /tmp/passt_3.socket failed > > > ... > > > ``` > > ...well, this shouldn't happen. It's probing /tmp/passt_1.socket and > failing to get an answer. > > This just happened to another user, in that case seccomp was > terminating passt because on his system daemon() called a different set > of syscalls compared to my system: > > https://passt.top/passt/commit/?id=1fc6416cf9446cbf75818fd61772610e74709065 > > and I expect some more issues like these at the beginning, I didn't > test it on different distributions yet. > > By the way, I'm working on adding tests for a few distributions right > now, so that we can catch those early. > > -- > Stefano >