pkey_mprotect is not permitted

Bug #1996217 reported by Bram Stolk
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
New
Undecided
Unassigned
snapd (Ubuntu)
New
Undecided
Unassigned

Bug Description

I installed chromium snap from edge channel:

$ snap refresh --amend --channel edge chromium
chromium (edge) 109.0.5396.2 from Canonical✓ refreshed
$ chromium
Trace/breakpoint trap (core dumped)

======
STRACE
======

When I run it through strace, the last system calls are:

...
mprotect(0x560c91e2d000, 8187904, PROT_READ) = 0
mprotect(0x7f9013377000, 4096, PROT_READ) = 0
munmap(0x7f9012e3e000, 91649) = 0
set_tid_address(0x7f9010ae0110) = 55209
set_robust_list(0x7f9010ae0120, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f9012e1bbf0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f9012e29420}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f9012e1bc90, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9012e29420}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
futex(0x7f9012e3d0c8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getrandom("\x74\xd0\x85\x97\x19\x76\xcf\x4a", 8, 0) = 8
getrandom("\x0b\x28\x11\x02\x4b\x2b\x50\xce", 8, 0) = 8
mmap(0x27d400000000, 17179869184, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x27d400000000
mmap(0x2e43fffff000, 17179873280, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2e43fffff000
pkey_mprotect(0x27d400201000, 4096, PROT_READ|PROT_WRITE, 0) = -1 EPERM (Operation not permitted)
--- SIGTRAP {si_signo=SIGTRAP, si_code=SI_KERNEL} ---
+++ killed by SIGTRAP (core dumped) +++
error: signal: trace/breakpoint trap

=======
JOURNAL
=======

And the journal entries during launch:

Nov 10 08:24:02 workpc systemd[1949]: Started Application launched by gnome-shell.
Nov 10 08:24:02 workpc systemd[1949]: Started VTE child process 54818 launched by gnome-terminal-server process 40213.
Nov 10 08:24:09 workpc systemd[1949]: Started snap.chromium.chromium.414af9f4-295b-44f0-976c-4abb39846b28.scope.
Nov 10 08:24:09 workpc audit[54829]: AVC apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=54829 comm="snap-confine" capability=12 capname="net_admin"
Nov 10 08:24:09 workpc kernel: audit: type=1400 audit(1668097449.379:548): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=54829 comm="snap-confine" capability=12 capname="net_admin"
Nov 10 08:24:09 workpc kernel: audit: type=1400 audit(1668097449.379:549): apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=54829 comm="snap-confine" capability=38 capname="perfmon"
Nov 10 08:24:09 workpc audit[54829]: AVC apparmor="DENIED" operation="capable" class="cap" profile="/usr/lib/snapd/snap-confine" pid=54829 comm="snap-confine" capability=38 capname="perfmon"
Nov 10 08:24:09 workpc audit[54829]: SECCOMP auid=1000 uid=1000 gid=1000 ses=2 subj=snap.chromium.chromium pid=54829 comm="chrome" exe="/snap/chromium/2184/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e syscall=329 compat=0 ip=0x7f3259ae573d code=0x50000
Nov 10 08:24:09 workpc kernel: traps: chrome[54829] trap int3 ip:558e4009f96e sp:7fff421fe9f0 error:0 in chrome[558e3fecb000+a1b2000]
Nov 10 08:24:09 workpc kernel: audit: type=1326 audit(1668097449.439:550): auid=1000 uid=1000 gid=1000 ses=2 subj=snap.chromium.chromium pid=54829 comm="chrome" exe="/snap/chromium/2184/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e syscall=329 compat=0 ip=0x7f3259ae573d code=0x50000

============
SNAPPY DEBUG
============

$ snappy-debug
INFO: Following '/var/log/syslog'. If have dropped messages, use:
INFO: $ sudo journalctl --output=short --follow --all | sudo snappy-debug
= Seccomp =
Time: Nov 10 09:48:03
Log: auid=1000 uid=1000 gid=1000 ses=2 subj=snap.chromium.chromium pid=60371 comm="chrome" exe="/snap/chromium/2184/usr/lib/chromium-browser/chrome" sig=0 arch=c000003e 329(pkey_mprotect) compat=0 ip=0x7f739326773d code=0x50000
Syscall: pkey_mprotect

=====
SPECS
=====

OS: Ubuntu 22.10

Kernel: 5.19.0-21-generic

CPU: 12600k

snap: 109.0.5396.2 2184 latest/edge canonical✓
---
ProblemType: Bug
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: stolk 2044 F.... wireplumber
 /dev/snd/controlC1: stolk 2044 F.... wireplumber
 /dev/snd/seq: stolk 2041 F.... pipewire
CRDA: N/A
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
DistroRelease: Ubuntu 22.10
InstallationDate: Installed on 2022-08-26 (76 days ago)
InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Alpha amd64 (20220825)
MachineType: ASUS System Product Name
Package: linux (not installed)
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.19.0-21-generic root=/dev/mapper/vgubuntu-root ro quiet splash intel_pstate=passive vt.handoff=7
ProcVersionSignature: Ubuntu 5.19.0-21.21-generic 5.19.7
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
 linux-restricted-modules-5.19.0-21-generic N/A
 linux-backports-modules-5.19.0-21-generic N/A
 linux-firmware 20220923.gitf09bebf3-0ubuntu1
RfKill:

Tags: kinetic wayland-session
Uname: Linux 5.19.0-21-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dialout dip lpadmin lxd plugdev sambashare sbuild sudo
_MarkForUpload: True
dmi.bios.date: 01/13/2022
dmi.bios.release: 10.8
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1008
dmi.board.asset.tag: Default string
dmi.board.name: PRIME Z690M-PLUS D4
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor: Default string
dmi.chassis.version: Default string
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1008:bd01/13/2022:br10.8:svnASUS:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnPRIMEZ690M-PLUSD4:rvrRev1.xx:cvnDefaultstring:ct3:cvrDefaultstring:skuSKU:
dmi.product.family: To be filled by O.E.M.
dmi.product.name: System Product Name
dmi.product.sku: SKU
dmi.product.version: System Version
dmi.sys.vendor: ASUS

tags: added: snap
Revision history for this message
Nathan Teodosio (nteodosio) wrote :

I'm targeting this to Linux too as I suspect it's kernel related. I may be wrong.

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1996217

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Bram Stolk (b-stolk) wrote : AlsaInfo.txt

apport information

description: updated
tags: added: apport-collected kinetic wayland-session
description: updated
Revision history for this message
Bram Stolk (b-stolk) wrote : CurrentDmesg.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : IwConfig.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : Lspci.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : Lspci-vt.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : Lsusb.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : Lsusb-t.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : Lsusb-v.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : ProcCpuinfo.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : ProcCpuinfoMinimal.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : ProcEnviron.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : ProcInterrupts.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : ProcModules.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : UdevDb.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : WifiSyslog.txt

apport information

Revision history for this message
Bram Stolk (b-stolk) wrote : acpidump.txt

apport information

no longer affects: linux (Ubuntu)
summary: - SIGTRAP on launch 109.0.5396.2-2184
+ pkey_mprotect is not permitted
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.