Apparmor Seg Fault

[anon-lestat]

• xuname:
  Void 5.3.18_1 x86_64-musl GenuineIntel uptodate rDDFFF
• package:
  apparmor-3.0.1_1

Expected behavior

aa-status:
Apparmor module is loaded
Lists all the profiles

Actual behavior

aa-status:
Apparmor module is loaded
Segmentation fault

Steps to reproduce the behavior

1. Install apparmor
2. Add "apparmor=1 security=apparmor" to grub kernel commandline
3. Set apparmor to enforce

[ericonr]

Does it happen with complain?

It's been a while since I touched my apparmor stuff (I just leave it on), but I can test locally later.

@paper42 or @CameronNemo have you experienced anything similar?

[paper42]

There is a deleted post on reddit about this issue, archive.org doesn't have it. I can not reproduce it on my musl machine (tested both complain or enforce mode).

[anon-lestat]

Yes it still happens with complain

[anon-lestat]

And i know about the deleted post. I said im not the first one while i was asking for help on matrix because i saw it.

[anon-lestat]

sorry that was an accident

[CameronNemo]

why is your kernel so old? 5.3???

[anon-lestat]

I wanted something more LTS but both 4.14 and 4.19 broke some things so i chose 5.3....but i just realised after double checking 5.4 is the lts one and im an actual moron.

[anon-lestat]

Im now running 5.4
uname -r:
5.4.91_1
Apparmor issue didnt go away

[ericonr]

Ok, I can't reproduce this here. Have you tried running xbps-pkgdb -a to see if all your package files are okay?

What I would ask is that you install the debug packages necessary for apparmor (xbps-install gdb $(xdbg apparmor)) and then try to grab a backtrace. You can do that by running sudo gdb aa-status then inside GDB run run, wait for the segfault, then run backtrace full and post the results here.

[anon-lestat]

#0  printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fffffffe518, nl_arg=nl_arg@entry=0x7fffffffe560, 
    nl_type=nl_type@entry=0x7fffffffe530) at src/stdio/vfprintf.c:454
        a = <optimized out>
        z = <optimized out>
        s = 0x0
        l10n = 0
        fl = <optimized out>
        w = <optimized out>
        p = <optimized out>
        xp = <optimized out>
        arg = {i = 33, f = <invalid float value>, p = 0x21}
        argpos = <optimized out>
        st = <optimized out>
        ps = <optimized out>
        cnt = 0
        l = 0
        i = <optimized out>
        buf = "\300\344\377\377\377\177\000\000T\323\372\367\000\000\000\000\000\000\000\000\377\177\000\000\230\344\377\377\377\177\000\000\000\000\000\000\377\177\000\000\030\000"
        prefix = <optimized out>
        t = <optimized out>
        pl = <optimized out>
        wc = L"\x7fff\xf7fad354"
        ws = <optimized out>
        mb = "\377\177\000"
#1  0x00007ffff7fad2c7 in vfprintf (f=f@entry=0x7fffffffe6b0, fmt=0x0, ap=<optimized out>) at src/stdio/vfprintf.c:668
        ap2 = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffe8f0, reg_save_area = 0x7fffffffe830}}
        nl_type = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
        nl_arg = {{i = 18446744073709551615, f = -1.93101025304530566367e-2401, p = 0xffffffffffffffff}, {i = 18446744073709551615, 
            f = 2.20338791586994160014e-4927, p = 0xffffffffffffffff}, {i = 3904954456024969263, f = <invalid float value>, 
            p = 0x36312f636f72702f}, {i = 8029199473495269679, f = <invalid float value>, p = 0x6f6d72617070612f}, {
            i = 140737488348532, f = <invalid float value>, p = 0x7fffffffe574}, {i = 0, f = <invalid float value>, p = 0x0}, {
            i = 140733193388032, f = <invalid float value>, p = 0x7fff00000000}, {i = 140737354129360, f = <invalid float value>, 
            p = 0x7ffff7ffdfd0 <internal_buf>}, {i = 140737488349536, f = <invalid float value>, p = 0x7fffffffe960}, {i = 34, 
            f = <invalid float value>, p = 0x22}}
        internal_buf = "\350\367UUUU\000\000{\365UUUU\000\000\360\350\377\377\377\177\000\000\372\000\373\367\377\177\000\000!\343\377\367\377\177", '\000' <repeats 41 times>
        saved_buf = 0x0
        olderr = <optimized out>
        ret = <optimized out>
        __need_unlock = <optimized out>
#2  0x00007ffff7fb00fa in vsnprintf (s=s@entry=0x0, n=n@entry=0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fffffffe7c0)
    at src/stdio/vsnprintf.c:54
        buf = ""

i checked the packages with xbps-pkgdb and its all dandy

[ericonr]

Is that all that was printed?

Actually, please use the following commands inside GDB: set logging on, run, backtrace full, disassemble, info registers, then quit. Then copy the full contents of gdb.txt.

[anon-lestat]

Starting program: /usr/bin/aa-status 

Program received signal SIGSEGV, Segmentation fault.
printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fffffffe508, 
    nl_arg=nl_arg@entry=0x7fffffffe550, nl_type=nl_type@entry=0x7fffffffe520)
    at src/stdio/vfprintf.c:454
454	src/stdio/vfprintf.c: No such file or directory.
#0  printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fffffffe508, 
    nl_arg=nl_arg@entry=0x7fffffffe550, nl_type=nl_type@entry=0x7fffffffe520)
    at src/stdio/vfprintf.c:454
        a = <optimized out>
        z = <optimized out>
        s = 0x0
        l10n = 0
        fl = <optimized out>
        w = <optimized out>
        p = <optimized out>
        xp = <optimized out>
        arg = {i = 32, f = <invalid float value>, p = 0x20}
        argpos = <optimized out>
        st = <optimized out>
        ps = <optimized out>
        cnt = 0
        l = 0
        i = <optimized out>
        buf = "\260\344\377\377\377\177\000\000T\323\372\367\000\000\000\000\000\000\000\000\377\177\000\000\210\344\377\377\377\177\000\000\000\000\000\000\377\177\000\000\030\000"
        prefix = <optimized out>
        t = <optimized out>
        pl = <optimized out>
        wc = L"\x7fff\xf7fad354"
        ws = <optimized out>
        mb = "\377\177\000"
#1  0x00007ffff7fad2c7 in vfprintf (f=f@entry=0x7fffffffe6a0, fmt=0x0, ap=<optimized out>)
    at src/stdio/vfprintf.c:668
        ap2 = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffe8e0, 
            reg_save_area = 0x7fffffffe820}}
        nl_type = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
        nl_arg = {{i = 18446744073709551615, f = -1.88655366864991849622e+3529, 
            p = 0xffffffffffffffff}, {i = 18446744073709551615, 
            f = 2.20338791586994160014e-4927, p = 0xffffffffffffffff}, {i = 3617568504803389487, 
            f = <invalid float value>, p = 0x32342f636f72702f}, {i = 8245929780767125601, 
            f = <invalid float value>, p = 0x726f6d7261707061}, {i = 140737488348640, 
            f = <invalid float value>, p = 0x7fffffffe5e0}, {i = 0, f = <invalid float value>, 
            p = 0x0}, {i = 140733193388032, f = <invalid float value>, p = 0x7fff00000000}, {
            i = 140737354129360, f = <invalid float value>, p = 0x7ffff7ffdfd0 <internal_buf>}, {
            i = 140737488349520, f = <invalid float value>, p = 0x7fffffffe950}, {i = 33, 
            f = <invalid float value>, p = 0x21}}
        internal_buf = "\350\367UUUU\000\000{\365UUUU\000\000\340\350\377\377\377\177\000\000\372\000\373\367\377\177\000\000 \343\377\367\377\177", '\000' <repeats 41 times>
        saved_buf = 0x0
        olderr = <optimized out>
        ret = <optimized out>
        __need_unlock = <optimized out>
#2  0x00007ffff7fb00fa in vsnprintf (s=s@entry=0x0, n=n@entry=0, fmt=fmt@entry=0x0, 
    ap=ap@entry=0x7fffffffe7b0) at src/stdio/vsnprintf.c:54
        buf = ""
        dummy = ""
        c = {s = 0x7fffffffe797 "", n = 0}
        f = {flags = 0, rpos = 0x0, rend = 0x0, close = 0x0, wend = 0x0, wpos = 0x0, 
          mustbezero_1 = 0x0, wbase = 0x0, read = 0x0, write = 0x7ffff7faffa0 <sn_write>, 
          seek = 0x0, buf = 0x7fffffffe796 "", buf_size = 0, prev = 0x0, next = 0x0, fd = 0, 
          pipe_pid = 0, lockcount = 0, mode = 0, lock = -1, lbf = -1, cookie = 0x7fffffffe690, 
          off = 0, getln_buf = 0x0, mustbezero_2 = 0x0, shend = 0x0, shlim = 0, shcnt = 0, 
          prev_locked = 0x0, next_locked = 0x0, locale = 0x0}
#3  0x00007ffff7faada3 in vasprintf (s=0x7fffffffe8e0, fmt=0x0, ap=0x7fffffffe800)
    at src/stdio/vasprintf.c:10
        ap2 = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffe8e0, 
            reg_save_area = 0x7fffffffe820}}
        l = <optimized out>
#4  0x0000555555559e8b in ?? ()
No symbol table info available.
#5  0x000055555555821a in ?? ()
No symbol table info available.
#6  0x000055555555879e in ?? ()
No symbol table info available.
#7  0x0000555555558926 in ?? ()
No symbol table info available.
#8  0x00005555555568c9 in ?? ()
No symbol table info available.
#9  0x0000555555557691 in ?? ()
No symbol table info available.
#10 0x0000555555556436 in ?? ()
No symbol table info available.
#11 0x00007ffff7f6aa7a in libc_start_main_stage2 (main=0x555555556400, argc=1, 
    argv=0x7fffffffebc8) at src/env/__libc_start_main.c:94
        envp = 0x7fffffffebd8
#12 0x00005555555564f8 in ?? ()
No symbol table info available.
#13 0x0000000000000001 in ?? ()
No symbol table info available.
#14 0x00007fffffffedfd in ?? ()
No symbol table info available.
#15 0x0000000000000000 in ?? ()
No symbol table info available.
rax            0x0                 0
rbx            0x7fffffffe550      140737488348496
rcx            0x7fffffffe550      140737488348496
rdx            0x7fffffffe508      140737488348424
rsi            0x0                 0
rdi            0x0                 0
rbp            0x0                 0x0
rsp            0x7fffffffe3f0      0x7fffffffe3f0
r8             0x7fffffffe520      140737488348448
r9             0x0                 0
r10            0x0                 0
r11            0x246               582
r12            0x7fffffffe800      140737488349184
r13            0x0                 0
r14            0x0                 0
r15            0x7fffffffe8e0      140737488349408
rip            0x7ffff7fac3ff      0x7ffff7fac3ff <printf_core+79>
eflags         0x10246             [ PF ZF IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0

[ericonr]

Is apparmor-dbg definitely installed? I think I should be able to see the complete list of callers...

[anon-lestat]

theres no such package in the repository. The command u gave me installed gdb

[ericonr]

Ok, sorry; you needed a few more things for that command to work the way I intended. What you should do, then, is run:

xbps-install void-repo-debug
xbps-install -S apparmor-dbg

[anon-lestat]

Starting program: /usr/bin/aa-status 

Program received signal SIGSEGV, Segmentation fault.
printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fffffffe508, 
    nl_arg=nl_arg@entry=0x7fffffffe550, nl_type=nl_type@entry=0x7fffffffe520)
    at src/stdio/vfprintf.c:454
454	src/stdio/vfprintf.c: No such file or directory.
#0  printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fffffffe508, 
    nl_arg=nl_arg@entry=0x7fffffffe550, nl_type=nl_type@entry=0x7fffffffe520)
    at src/stdio/vfprintf.c:454
        a = <optimized out>
        z = <optimized out>
        s = 0x0
        l10n = 0
        fl = <optimized out>
        w = <optimized out>
        p = <optimized out>
        xp = <optimized out>
        arg = {i = 32, f = <invalid float value>, p = 0x20}
        argpos = <optimized out>
        st = <optimized out>
        ps = <optimized out>
        cnt = 0
        l = 0
        i = <optimized out>
        buf = "\260\344\377\377\377\177\000\000T\323\372\367\000\000\000\000\000\000\000\000\377\177\000\000\210\344\377\377\377\177\000\000\000\000\000\000\377\177\000\000\030\000"
        prefix = <optimized out>
        t = <optimized out>
        pl = <optimized out>
        wc = L"\x7fff\xf7fad354"
        ws = <optimized out>
        mb = "\377\177\000"
#1  0x00007ffff7fad2c7 in vfprintf (f=f@entry=0x7fffffffe6a0, fmt=0x0, 
    ap=<optimized out>) at src/stdio/vfprintf.c:668
        ap2 = {{gp_offset = 16, fp_offset = 48, 
            overflow_arg_area = 0x7fffffffe8e0, 
            reg_save_area = 0x7fffffffe820}}
        nl_type = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
        nl_arg = {{i = 18446744073709551615, f = 1.70346137468171616451e+535, 
            p = 0xffffffffffffffff}, {i = 18446744073709551615, 
            f = 2.20338791586994160014e-4927, p = 0xffffffffffffffff}, {
            i = 4049914069030957103, f = <invalid float value>, 
            p = 0x38342f636f72702f}, {i = 8245929780767125601, 
            f = <invalid float value>, p = 0x726f6d7261707061}, {
            i = 140737488348640, f = <invalid float value>, 
            p = 0x7fffffffe5e0}, {i = 0, f = <invalid float value>, p = 0x0}, {
            i = 140733193388032, f = <invalid float value>, 
            p = 0x7fff00000000}, {i = 140737354129360, 
            f = <invalid float value>, p = 0x7ffff7ffdfd0 <internal_buf>}, {
            i = 140737488349520, f = <invalid float value>, 
            p = 0x7fffffffe950}, {i = 33, f = <invalid float value>, p = 0x21}}
        internal_buf = "\350\367UUUU\000\000{\365UUUU\000\000\340\350\377\377\377\177\000\000\372\000\373\367\377\177\000\000 \343\377\367\377\177", '\000' <repeats 41 times>
        saved_buf = 0x0
        olderr = <optimized out>
        ret = <optimized out>
        __need_unlock = <optimized out>
#2  0x00007ffff7fb00fa in vsnprintf (s=s@entry=0x0, n=n@entry=0, 
    fmt=fmt@entry=0x0, ap=ap@entry=0x7fffffffe7b0) at src/stdio/vsnprintf.c:54
        buf = ""
        dummy = ""
        c = {s = 0x7fffffffe797 "", n = 0}
        f = {flags = 0, rpos = 0x0, rend = 0x0, close = 0x0, wend = 0x0, 
          wpos = 0x0, mustbezero_1 = 0x0, wbase = 0x0, read = 0x0, 
          write = 0x7ffff7faffa0 <sn_write>, seek = 0x0, 
          buf = 0x7fffffffe796 "", buf_size = 0, prev = 0x0, next = 0x0, 
          fd = 0, pipe_pid = 0, lockcount = 0, mode = 0, lock = -1, lbf = -1, 
          cookie = 0x7fffffffe690, off = 0, getln_buf = 0x0, 
          mustbezero_2 = 0x0, shend = 0x0, shlim = 0, shcnt = 0, 
          prev_locked = 0x0, next_locked = 0x0, locale = 0x0}
#3  0x00007ffff7faada3 in vasprintf (s=0x7fffffffe8e0, fmt=0x0, 
    ap=0x7fffffffe800) at src/stdio/vasprintf.c:10
        ap2 = {{gp_offset = 16, fp_offset = 48, 
Quit

[ericonr]

This seems to be missing some information again :/

[anon-lestat]

i did what u told me man :d

[ericonr]

Run the steps from here : #28127 (comment)

[anon-lestat]

thats what i did tho

[paper42]

I managed to reproduce this on 5.4 kernel on musl:

Core was generated by `aa-status'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fff782de018, nl_arg=nl_arg@entry=0x7fff782de060, nl_type=nl_type@entry=0x7fff782de030) at src/stdio/vfprintf.c:454
454	src/stdio/vfprintf.c: No such file or directory.
#0  printf_core (f=f@entry=0x0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fff782de018, nl_arg=nl_arg@entry=0x7fff782de060, nl_type=nl_type@entry=0x7fff782de030) at src/stdio/vfprintf.c:454
#1  0x00007f2d71f482c7 in vfprintf (f=f@entry=0x7fff782de1b0, fmt=0x0, ap=<optimized out>) at src/stdio/vfprintf.c:668
#2  0x00007f2d71f4b0fa in vsnprintf (s=s@entry=0x0, n=n@entry=0, fmt=fmt@entry=0x0, ap=ap@entry=0x7fff782de2c0) at src/stdio/vsnprintf.c:54
#3  0x00007f2d71f45da3 in vasprintf (s=s@entry=0x7fff782de3f0, fmt=0x0, ap=ap@entry=0x7fff782de310) at src/stdio/vasprintf.c:10
#4  0x000056039bf95c7b in _aa_asprintf (strp=strp@entry=0x7fff782de3f0, fmt=<optimized out>) at private.c:180
#5  0x000056039bf9407a in procattr_path (attr=0x56039bf9a57b "current", pid=1) at kernel.c:262
#6  procattr_open (tid=tid@entry=1, attr=attr@entry=0x56039bf9a57b "current", flags=flags@entry=0) at kernel.c:272
#7  0x000056039bf9456e in aa_getprocattr_raw (tid=tid@entry=1, attr=attr@entry=0x56039bf9a57b "current", buf=buf@entry=0x56039bf9fc60 "", len=len@entry=128, mode=mode@entry=0x7fff782de520) at kernel.c:408
#8  0x000056039bf946f6 in aa_getprocattr (mode=<optimized out>, label=<optimized out>, attr=<optimized out>, tid=<optimized out>) at kernel.c:501
#9  aa_getprocattr (tid=1, attr=attr@entry=0x56039bf9a57b "current", label=label@entry=0x7fff782de518, mode=mode@entry=0x7fff782de520) at kernel.c:479
#10 0x000056039bf928b1 in get_processes (profiles=0x56039df5b020, n=58, processes=processes@entry=0x7fff782de5c8, nprocesses=nprocesses@entry=0x7fff782de5b8) at aa_status.c:246
#11 0x000056039bf93531 in detailed_output (json=json@entry=0x0) at aa_status.c:453
#12 0x000056039bf93c31 in cmd_verbose (command=<optimized out>) at aa_status.c:588
#13 0x000056039bf92426 in main (argc=<optimized out>, argv=0x7fff782de6d8) at aa_status.c:660

[ericonr]

Ah, so kernel version matters. Thanks!

[anon-lestat]

are yall just gonna force me to use the latest kernel lol

[CameronNemo]

454 src/stdio/vfprintf.c: No such file or directory.

Is vfprintf the missing file, or the file where the ENOENT error is returned in?

[ericonr]

That's just GDB saying it can't find the source for musl's vfprintf. So yes, it is the missing file. The actual error is a segfault.

@anon-lestat no one was telling you to do that; we were just gathering information on what environment is being used that breaks apparmor. Void does still support multiple LTS kernels.

[anon-lestat]

ah cool

[ericonr]

Ok this is stupid. In all cases asprintf is passed a NULL instead of a format string, but for some reason glibc just goes on obliviously while musl segfaults (it is undefined behavior). If you check the aa-status output on glibc, it will be lacking information.