Package: chrony
Version: 4.6.1-3+deb13u1
Severity: normal
The /etc/network/if-up.d/chrony hook can fail at boot when it runs
in the brief window between chronyd forking (creating
/run/chrony/chronyd.pid) and chronyd finishing initialization (opening
its command socket). In that window, `chronyc onoffline` returns
non-zero, `set -e` aborts the script before reaching `exit 0`, and
because ifup invokes if-up.d via `run-parts --exit-on-error`, the
whole ifup call fails. networking.service exits with status 1, the
interface is not registered in /run/network/ifstate, and no dhclient
daemon remains to handle DHCP renewals.
Current script (/etc/network/if-up.d/chrony):
#!/bin/sh
set -e
[ -x /usr/sbin/chronyd ] || exit 0
if [ -e /run/chrony/chronyd.pid ]; then
chronyc onoffline > /dev/null 2>&1
fi
exit 0
The pid file exists during chronyd startup, so the guard does not
prevent the race. The `> /dev/null 2>&1` only suppresses output, not
the exit status, and `set -e` aborts on non-zero exits inside an
`if` body (only the condition itself is exempt).
This is a narrower variant of #868491 (fixed in 3.0-4+deb9u1 by
removing the chronyc `burst` call). The remaining `chronyc onoffline`
call has the same failure mode whenever chronyd is mid-startup.
Reproduction: intermittent race, occurred once in ~6 boots on a
Debian 13 (trixie) VMware VM (vmxnet3, chrony 4.6.1-3+deb13u1).
chrony.service and networking.service both start during basic.target,
and on the failing boot chronyd finished initialization ~7ms after
the if-up.d hook ran.
Relevant boot journal excerpt (timestamps abbreviated, May 14 01:50:48):
.352 systemd: Starting chrony.service
.449 dhclient: DHCPACK of 172.18.0.23
.519 chronyd: chronyd version 4.6.1 starting
.542 chronyd: Frequency read from /var/lib/chrony/chrony.drift
.546 ifup[782]: run-parts: /etc/network/if-up.d/chrony exited with
return code 1
.547 ifup[623]: ifup: failed to bring up eth0
.553 systemd: Started chrony.service <- chronyd ready 7ms too late
.639 systemd: networking.service: Main process exited, status=1/FAILURE
.702 systemd: Failed to start networking.service - Raise network interfaces.
Suggested fix: make the chronyc call non-fatal. chronyd's built-in
netlink monitoring picks up the route change shortly after anyway,
so the hook's nudge is best-effort.
--- /etc/network/if-up.d/chrony.orig
+++ /etc/network/if-up.d/chrony
@@ -4,7 +4,7 @@
[ -x /usr/sbin/chronyd ] || exit 0
if [ -e /run/chrony/chronyd.pid ]; then
- chronyc onoffline > /dev/null 2>&1
+ chronyc onoffline > /dev/null 2>&1 || true
fi
exit 0
-- System Information:
Debian Release: 13 (trixie)
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.86+deb13-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian
6.12.86-1 (2026-05-08)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages chrony depends on:
ii chrony 4.6.1-3+deb13u1
