Ubuntu
apparmor package

apparmor fd_inheritance regression test causes kernel to crash on touch kernel backports

Bug #1423810 reported by Steve Beattie on 2015-02-20
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
krillin
New
Undecided
Unassigned
vegetahd
New
Undecided
Unassigned
apparmor (Ubuntu)
Triaged
Medium
John Johansen
linux-flo (Ubuntu)
In Progress
Medium
John Johansen
linux-goldfish (Ubuntu)
In Progress
Medium
John Johansen
linux-mako (Ubuntu)
In Progress
Medium
John Johansen
linux-manta (Ubuntu)
In Progress
Medium
John Johansen
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

On krillin with vivid-proposed, running the fd_inheritance test from the apparmor regression tests causes the kernel to crash and spontaneously reboot the device:

phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ logger "running fd_inheritance tests now"
phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ sudo sh -c 'VERBOSE=1 bash fd_inheritance.sh'
ok: fd inheritance; unconfined -> unconfined
ok: fd inheritance; confined -> unconfined
ok: fd inheritance; confined (bad perm) -> unconfined
ok: fd inheritance; confined (no perm) -> unconfined
ok: fd inheritance; unconfined -> confined
ok: fd inheritance; unconfined -> confined (no perm)
ok: fd inheritance; confined -> confined
ok: fd inheritance; confined (bad perm) -> confined
ok: fd inheritance; confined (no perm) -> confined
ok: fd inheritance; confined -> confined (bad perm)
[device reboots here]

This is what syslog sees before it falls over, though nothing after the logger invocation makes it to the disk:
Feb 20 03:51:47 ubuntu-phablet phablet: running fd_inheritance tests now
Feb 20 03:52:05 ubuntu-phablet kernel: [ 489.942611]type=1400 audit(1424404325.798:141): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7449 comm="apparmor_parser"
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.272023]type=1400 audit(1424404326.128:142): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7477 comm="apparmor_parser"
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.305028]type=1400 audit(1424404326.158:143): apparmor="DENIED" operation="open" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7483 comm="fd_inheritance" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.573275]type=1400 audit(1424404326.428:144): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7505 comm="apparmor_parser"
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.606454]type=1400 audit(1424404326.468:145): apparmor="DENIED" operation="open" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7510 comm="fd_inheritance" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.886149]type=1400 audit(1424404326.748:146): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7536 comm="apparmor_parser"
Feb 20 03:52:06 ubuntu-phablet kernel: [ 490.916538]type=1400 audit(1424404326.778:147): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7537 comm="apparmor_parser"
Feb 20 03:52:07 ubuntu-phablet kernel: [ 491.226336]type=1400 audit(1424404327.088:148): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7568 comm="apparmor_parser"
Feb 20 03:52:07 ubuntu-phablet kernel: [ 491.734888]type=1400 audit(1424404327.588:149): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7612 comm="apparmor_parser"
Feb 20 03:52:07 ubuntu-phablet kernel: [ 491.786710]type=1400 audit(1424404327.648:150): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7613 comm="apparmor_parser"
Feb 20 03:52:07 ubuntu-phablet kernel: [ 491.787186]type=1400 audit(1424404327.648:151): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7613 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.354445]type=1400 audit(1424404328.208:152): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7658 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.354874]type=1400 audit(1424404328.208:153): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7658 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.398480]type=1400 audit(1424404328.258:154): apparmor="DENIED" operation="open" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7665 comm="fd_inheritance" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.889451]type=1400 audit(1424404328.748:155): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7704 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.889889]type=1400 audit(1424404328.748:156): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7704 comm="apparmor_parser"
Feb 20 03:52:08 ubuntu-phablet kernel: [ 492.933754]type=1400 audit(1424404328.788:157): apparmor="DENIED" operation="open" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7710 comm="fd_inheritance" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:09 ubuntu-phablet kernel: [ 493.453991]type=1400 audit(1424404329.308:158): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7749 comm="apparmor_parser"
Feb 20 03:52:09 ubuntu-phablet kernel: [ 493.454422]type=1400 audit(1424404329.308:159): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7749 comm="apparmor_parser"
Feb 20 03:52:09 ubuntu-phablet kernel: [ 493.498903]type=1400 audit(1424404329.358:160): apparmor="DENIED" operation="file_inherit" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7755 comm="fd_inheritor" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:09 ubuntu-phablet kernel: [ 493.500082]type=1400 audit(1424404329.358:161): apparmor="DENIED" operation="file_perm" profile="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" name="/tmp/sdtest.7416-27080-LFDs8z/file" pid=7755 comm="fd_inheritor" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 20 03:52:09 ubuntu-phablet kernel: [ 494.025605]type=1400 audit(1424404329.878:162): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritance" pid=7798 comm="apparmor_parser"
Feb 20 03:52:09 ubuntu-phablet kernel: [ 494.026398]type=1400 audit(1424404329.888:163): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/home/phablet/src/apparmor-2.9.1/tests/regression/apparmor/fd_inheritor" pid=7798 comm="apparmor_parser"

Note that because krillin is based on a 3.4 kernel, dmesg -w does not work to see anything emitted by the kernel before the spontaneous reboot.

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: apparmor 2.8.98-0ubuntu4
ProcVersionSignature: Error: [Errno 2] No such file or directory: '/proc/version_signature'
Uname: Linux 3.4.67 armv7l
ApportVersion: 2.16.1-0ubuntu2
Architecture: armhf
Date: Fri Feb 20 06:31:26 2015
InstallationDate: Installed on 2015-02-18 (1 days ago)
InstallationMedia: Ubuntu Vivid Vervet (development branch) - armhf (20150218-191234)
KernLog:

ProcKernelCmdline: console=ttyMT0,921600n1 vmalloc=496M slub_max_order=0 lcm=1-hx8389_qhd_dsi_vdo_truly fps=6658 bootprof.pl_t=2415 bootprof.lk_t=1678 printk.disable_uart=1 boot_reason=4 datapart=/dev/mmcblk0p7 systempart=/dev/mmcblk0p6 androidboot.serialno=JB050183 lcm=1-hx8389_qhd_dsi_vdo_truly fps=6658 bootprof.pl_t=2415 bootprof.lk_t=1678 printk.disable_uart=1 boot_reason=4 datapart=/dev/mmcblk0p7 systempart=/dev/mmcblk0p6 androidboot.serialno=JB050183
PstreeP: Error: [Errno 2] No such file or directory: '/usr/bin/pstree'
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)

Steve Beattie (sbeattie) wrote :
Steve Beattie (sbeattie) wrote :

Looks like the socketpair tests cause a similar issue:

phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ sudo sh -c 'VERBOSE=1 bash socketpair.sh'
[sudo] password for phablet:
ok: SOCKETPAIR (unconfined)
ok: SOCKETPAIR (unconfined bad con)
ok: SOCKETPAIR (unconfined bad mode)
ok: SOCKETPAIR (confined)
ok: SOCKETPAIR (confined bad con)
ok: SOCKETPAIR (confined bad mode)
ok: SOCKETPAIR (complain)
ok: SOCKETPAIR (complain bad mode)
ok: SOCKETPAIR (complain)
ok: SOCKETPAIR (confined exec transition)
ok: SOCKETPAIR (confined exec transition, crosscheck rejection)
ok: SOCKETPAIR (confined exec no transition)
ok: SOCKETPAIR (confined exec transition from complain)
ok: SOCKETPAIR (confined exec transition to complain)
[phone spontaneously reboots here]

Steve Beattie (sbeattie) wrote :

And the unix_fd_server test as well:

phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ sudo sh -c 'VERBOSE=1 bash unix_fd_server.sh'
[sudo] password for phablet:
ok: fd passing; unconfined -> unconfined
ok: fd passing; confined -> unconfined
ok: fd passing; confined (bad perm) -> unconfined
ok: fd passing; confined (no perm) -> unconfined
ok: fd passing; unconfined -> confined
ok: fd passing; unconfined -> confined (no perm)
ok: fd passing; confined -> confined
ok: fd passing; confined (bad perm) -> confined
ok: fd passing; confined (no perm) -> confined
ok: fd passing; confined -> confined (bad perm)

Steve Beattie (sbeattie) wrote :

... and the unix_socket_unamed test:

phablet@ubuntu-phablet:~/src/apparmor-2.9.1/tests/regression/apparmor$ sudo sh -c 'VERBOSE=1 bash unix_socket_unnamed.sh'
[sudo] password for phablet:
ok: AF_UNIX unnamed socket (stream); unconfined server
ok: AF_UNIX unnamed socket (stream); confined server (implicit perms)
ok: AF_UNIX unnamed socket (stream); confined server (explicit perms)
ok: AF_UNIX unnamed socket (stream); confined server (type)
ok: AF_UNIX unnamed socket (stream); confined server (addr)
ok: AF_UNIX unnamed socket (stream); confined server (peer label w/ implicit perms)
ok: AF_UNIX unnamed socket (stream); confined server (peer label w/ explicit perms)
ok: AF_UNIX unnamed socket (stream); confined server (type, addr)
ok: AF_UNIX unnamed socket (stream); confined server (type, addr, peer label)
ok: AF_UNIX unnamed socket (stream); confined server (no unix rule)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: create)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: getopt)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: setopt)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: shutdown)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: read)
ok: AF_UNIX unnamed socket (stream); confined server (missing perm: write)
ok: AF_UNIX unnamed socket (stream); confined server (bad type)
ok: AF_UNIX unnamed socket (stream); confined server (bad addr)
ok: AF_UNIX unnamed socket (stream); confined server (bad peer label)
ok: AF_UNIX unnamed socket (stream); unconfined client
ok: AF_UNIX unnamed socket (stream); confined client (implicit perms)
ok: AF_UNIX unnamed socket (stream); confined client (explicit perms)
ok: AF_UNIX unnamed socket (stream); confined client (type)
ok: AF_UNIX unnamed socket (stream); confined client (peer label w/ implicit perms)
ok: AF_UNIX unnamed socket (stream); confined client (peer label w/ explicit perms)
ok: AF_UNIX unnamed socket (stream); confined client (peer addr)
ok: AF_UNIX unnamed socket (stream); confined client (peer label, peer addr)
ok: AF_UNIX unnamed socket (stream); confined client (type, peer label, peer addr)
ok: AF_UNIX unnamed socket (stream); confined client (no unix rule)
ok: AF_UNIX unnamed socket (stream); confined client (missing perm: getopt)
ok: AF_UNIX unnamed socket (stream); confined client (missing perm: setopt)
ok: AF_UNIX unnamed socket (stream); confined client (missing perm: getattr)

Steve Beattie (sbeattie) wrote :

While it's not surprising, I've confirmed that this issues affects ubuntu-rtm/14.09 on krillin as well.

John Johansen (jjohansen) wrote :

This only affects backport kernel based on the 3.5 or earlier kernels.

Jamie Strandboge (jdstrand) wrote :

Bug is in the various kernels. apparmor task is to track getting the patch into the backports tree.

Changed in linux-flo (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → John Johansen (jjohansen)
Changed in linux-goldfish (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → John Johansen (jjohansen)
Changed in linux-mako (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → John Johansen (jjohansen)
tags: added: aa-kernel
Changed in linux-manta (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → John Johansen (jjohansen)
Changed in apparmor (Ubuntu):
status: New → Triaged
assignee: nobody → John Johansen (jjohansen)
summary: - [krillin] apparmor fd_inheritance regression test causes kernel to crash
+ apparmor fd_inheritance regression test causes kernel to crash on touch
+ kernel backports
Jamie Strandboge (jdstrand) wrote :

Updated the summary since it said it was for krillin and the krillin task is being tracked in bug #1427825.

Alberto Salvia Novella (es20490446e) on 2015-03-06
Changed in apparmor (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers