Zerotier-cli shows 'Segmentation fault' on version 1.6.0

Additionally on Ubuntu 20.04 I don’t get an IP address when starting 1.6.0. I also see the segmentation fault when I run zerotier-cli as user, but not as root.

I have hit this on my CentOS 8 system as well. I get the following SELinux denial:

type=AVC msg=audit(1606126059.434:83): avc:  denied  { mmap_zero } for  pid=2009 comm="zerotier-one" scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=memprotect permissive=0

For which I am suggested the following by audit2why:

	The boolean mmap_low_allowed was set incorrectly. 
	Description:
	Control the ability to mmap a low area of the address space, as configured by /proc/sys/vm/mmap_min_addr.

	Allow access by executing:
	# setsebool -P mmap_low_allowed 1

Enabling that SELinux boolean made SIGSEGVs disappear.

It seems that this SELinux boolean default 0 value prevents a process from mmapping a virtual address lower than /proc/sys/vm/mmap_min_addr (which is 4096 in my CentOS system) for security reasons. So maybe the reason behind this is something trying to mmap a too low virtual address.

Regarding non-CentOS or non-Fedora operating systems, not sure if AppArmor can set a similar restriction.

1 Like

I have this same issue on CentOS Linux release 7.9.2009 (Core), in my case the VM is running on OpenVZ so I have no access to setsebool and there is no apparent selinux running in the VM. For 1.4.6 I have to run as root (/usr/sbin/zerotier-one -U) to get it to find the tun module.

segmentation fault on Ubuntu Groovy Desktop after fresh installation of ZeroTier.

WORKAROUND:

$sudo apt remove zerotier-one
$cat /etc/apt/preferences.d/zerotier-one 
Package: zerotier-one
Pin: version 1.4.6*
Pin-Priority: 1001
$sudo apt update
$sudo apt install zerotier-one

Happening to me. Fresh Ubuntu 20 install, it is not creating the ZT interface and, thus, no IP.

apt install zerotier-one=1.4.6 to downgrade until the next release

Did that, restarted ZeroTier, still not interface. Restarted VM, still the same. Is there some type of clean up required as well?

My issue was the node wasn’t joined to any network (duh!). All working fine now.

1.6.1 doesn’t fix the problem, for me.

@mrvanes you’re going to have to be more specific on what exactly your issue is. I can’t get it to segfault on Ubuntu no matter how hard I try. If you’re not getting a segfault, then you should be creating a new thread because it isn’t the same issue.

1.6.1 packages for Linux are now out and should fix all the Seg Fault issues.

I confirm that the issue is no longer reproducible for me on both Centos8 and Fedora33. I could set mmap_low_allowed SELinux boolean back to its default value 0 and I have no denials.

Thanks!!!

1 Like

I can confirm that it fixes segmentation faults, but it’s still broken on Ubuntu. New issue I guess.

sudo zerotier-cli listnetworks
Error connecting to the ZeroTier service: timed out

The same with join/leave but it seems to happen only when I’m on multiple networks.

For me (Raspberry Pi OS, latest level) 1.6.1 actually introduced the problem! Specifically and only on Raspberry Pi Zero. It works fine on Pi 3B and Pi 4B.

1.6.0 seemed OK

You’re going to have to be much more specific about what sort of behavior you’re seeing

Connection would not work; Zerotier Central showed all devices offline; any use of zerotier-cli produced the “segmentation fault” message.

I have downgraded to 1.4.6, rebooted, all now works

PS - have not downgraded Pi 3’s and Pi4 - they are working OK on 1.6.1

PPS - now upgraded one Pi Zero to 1.6.0 - that works just fine, connects, no error messages with zerotier-cli and Central shows device as online.

I second @david1
Today I tried to install zerotier-one on a Raspberry Pi Zero and a Raspberry Pi 1 and both got stuck with this message during install:
Waiting for identity generation
I found some hint the issue might be that these models are using an older ARM6 architecture and building from the git repo is possible that I indeed verified and running a locally built 1.6.1 version of zerotier now on Raspberry Pi Zero and 1.

Thank you. I can’t help wondering what has been changed between 1.6.0 and 1.6.1.

Can confirm. I’m getting segmentation faults on my Pi Zero on v1.6.1 with zerotier-cli. Downgraded to 1.4.6 and it works fine.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.