Ubuntu 16.04 1.4.1 Upgrade from 1.2.10 unable to start after upgrade

Linux
#1

Failure message:

tailscaled.service: Failed at step SECCOMP spawning /usr/sbin/tailscaled: Invalid argument
tailscaled.service: Control process exited, code=exited status=228
Failed to start Tailscale node agent.

Package: tailscale
Version: 1.4.1
Section: net
Priority: extra
Architecture: armhf
Maintainer: Tailscale Inc info@tailscale.com
Installed-Size: 22047
Replaces: tailscale-relay
Depends: iptables, iproute2
Conflicts: tailscale-relay
Homepage: https://www.tailscale.com
Description: The easiest, most secure, cross platform way to use WireGuard + oauth2 + 2FA/SSO
Description-md5: 462dd30b4d95dc4099c71a8cf1301155
Filename: pool/tailscale_1.4.1_armhf.deb

#2

I just created a new 16.04 Xenial VM but couldn’t reproduce.

What do you see for:

root@brad-xenial-scratch:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.7 LTS
Release: 16.04
Codename: xenial

root@brad-xenial-scratch:~# uname -a
Linux brad-xenial-scratch 4.4.0-193-generic #224-Ubuntu SMP Tue Oct 6 17:15:28 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
#3

Oh, I just noticed:

Is this on a Raspberry Pi? Still curious about the other questions.

But also: is the systemd crash looping? What does systemctl status tailscaled and journalctl -u tailscaled --since="24 hours ago" say?

#4

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04 LTS
Release: 16.04
Codename: xenial

4.9.58-armada375 #1 SMP Thu Nov 2 14:45:09 CET 2017 armv7l armv7l armv7l GNU/Linux

No it is not a PI, a remote storage VM.

I downgraded to 1.2.10, so I will reinstall 1.4.1 and let it sit over night.

#5

In 1.4 we’ve locked down the systemd unit a bunch. Sounds like your system (kernel?) doesn’t like the restrictions. Logs would be interesting. Maybe we missed something’s we need to allow that only matters on ARM.

You could also try removing the restrictions in the service file which would almost certainly work, but would be tedious to maintain.

#6

tailscaled.service - Tailscale node agent
Loaded: loaded (/lib/systemd/system/tailscaled.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Mon 2021-02-01 06:34:07 CET; 9h ago
Docs: Docs - Tailscale
Process: 26491 ExecStartPre=/usr/sbin/tailscaled --cleanup (code=exited, status=228/SECCOMP)
Main PID: 25639 (code=exited, status=0/SUCCESS)

Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Unit entered failed state.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Failed with result ‘exit-code’.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Service hold-off time over, scheduling restart.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Stopped Tailscale node agent.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Start request repeated too quickly.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Failed to start Tailscale node agent.

#7

Filtered for the start attempt after upgrade to 1.4.1

Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: Starting Tailscale node agent…
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Control process exited, code=exited status=228
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: Failed to start Tailscale node agent.
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Unit entered failed state.
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Failed with result ‘exit-code’.
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Service hold-off time over, scheduling restart.
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: Stopped Tailscale node agent.
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: Starting Tailscale node agent…
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[26472]: tailscaled.service: Failed at step SECCOMP spawning /usr/sbin/tailscaled: Invalid argument
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Control process exited, code=exited status=228
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: Failed to start Tailscale node agent.
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Unit entered failed state.
Feb 01 06:34:06 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Failed with result ‘exit-code’.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Service hold-off time over, scheduling restart.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Stopped Tailscale node agent.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Starting Tailscale node agent…
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Control process exited, code=exited status=228
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Failed to start Tailscale node agent.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Unit entered failed state.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Failed with result ‘exit-code’.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Service hold-off time over, scheduling restart.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Stopped Tailscale node agent.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Starting Tailscale node agent…
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Control process exited, code=exited status=228
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Failed to start Tailscale node agent.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Unit entered failed state.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Failed with result ‘exit-code’.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Service hold-off time over, scheduling restart.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Stopped Tailscale node agent.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Starting Tailscale node agent…
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[26491]: tailscaled.service: Failed at step SECCOMP spawning /usr/sbin/tailscaled: Invalid argument
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Control process exited, code=exited status=228
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Failed to start Tailscale node agent.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Unit entered failed state.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Failed with result ‘exit-code’.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Service hold-off time over, scheduling restart.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Stopped Tailscale node agent.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: tailscaled.service: Start request repeated too quickly.
Feb 01 06:34:07 ns557773.ip-54-39-62.net systemd[1]: Failed to start Tailscale node agent.

#8

Are you using a cloud provider that we can use to try and replicate this and debug?

Scaleway or Packet.net or something?

Or AWS Graviton?

#9

It’s Soyoustart/OHV Does not look like they offer anything like it anymore.

tailscaled does launch ok just from the prompt:

root@ns557773:/lib/systemd/system# tailscaled
logtail started
Program starting: v1.4.1-tdde7ba4ec-gb807661ab, Go 1.15.7-ts02f50cd: []string{“tailscaled”}
LogID: 8f3cc53fdf7ecf95b54406bea6621722ee20ffdc65d8e110fec94de02642257c
logpolicy: using system state directory “/var/lib/tailscale”
Starting userspace wireguard engine with tun device “tailscale0”
CreateTUN ok.
link state: interfaces.State{defaultRoute=eth0 ifs={eth0:[54.39.62.137]} v4=true v6global=false}
Creating wireguard device…
Creating router…
etc…

#10

Got the 1.4.2 package installed, no issue starting. Thx

#11