Network connections altered after upgrade, unable to reconnect

[neuralpancake]

Network/tor drops connection immediately after update/upgrade, three separate builds, separate machines. Tor connection drops, wireless gui disappears. Unable to reconnect. ifconfig can bring wireless device wlp2s0 up/down, iwlist wlp2s0 scanning shows available networks.

cat /sys/class/net/wlp2s0/carrier == 0 ;; kernel driver bug? Shouldn't this be 1 w/ ifconfig wlp2s0 up?

systemctl status sys-devices-pci-net-wlp2s0.device: Loaded: loaded Active: active (plugged)

nmcli general STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN disconnected none enabled enabled enabled enabled

------------- UPDATE ---------------

wireless device is erroneously reconfigured as an ethernet device after upgrade.

nmcli device show (fresh install, prior to update/upgrade)

GENERAL.DEVICE: wlp2s0 GENERAL.TYPE: wifi GENERAL.MTU: 0 GENERAL.STATE: 30 (disconnected)

(post update/network crash) GENERAL.DEVICE: wlp2s0 GENERAL.TYPE: ethernet GENERAL.MTU: 1500 GENERAL.STATE: 20

Linux subgraph #1 SMP 4.8.15-grsec-amd64 Debian 9 GNOME Shell 3.22.2

Related to recent changes to net-tools? Actively trying to find fix/workaround ...

[dma]

This is confirmed. ugh. Something upstream caused this. We are investigating it.

[neuralpancake]

@dma: Thanks, investigating this end as well, will post anything found here.

[mckinney-subgraph]

@neuralpancake We suspect this is a problem with some packages that were updated in Debian over the weekend. Specifically, we think it is one of the following: network-manager 1.6.0-1 systemd 232-15

Can you run apt-cache policy network-manager systemd and report the results?

If you haven't run an update since you initially encountered the issue then maybe this will help to isolate the bad package (unless you got both packages). Regardless, I think a bug report will need to be filed with Debian. We can do this or you can if you want.

[neuralpancake]

@mckinney-subgraph: Thanks for responding. I have both packages. I haven't run an update since the initial update/upgrade yesterday from a fresh install. I'm in the midst of another fire over here; maybe if someone on your end has 5 they can file the bug report? Otherwise I can get to it later, let me know.

Results:

network-manager:
     Installed: 1.6.0-1
     Candidate: 1.6.0-1
      Version table:
  *** 1.6.0-1 500
            500 http://httpredir.debian.org/debian stretch/main amd64 Packages
            100 /var/lib/dpkg/status
 systemd:
     Installed: 232-15
     Candidate: 232-15
     Version table:
  *** 232-15 500
              500 http://httredir.debian.org/debian stretch/main amd64 Packages
              100 /var/lib/dpkg/status

Finally, this may or may not be related but after update/upgrade syslog is also reporting some excitement w/ the kernel and paxrat:

Feb 7 01:55:25 subgraph kernel: [ 5202.246333] PAX: terminating task: 
 /usr/lib/jvm/java-8-openjdk- amd64/jre/bin/java(java):2358, uid/euid: 0/0, 
 PC: 0000037185000060,
 SP: 000003719d7d9428
Feb 7 01:55:25 subgraph kernel: [ 5202.246336] PAX: bytes at PC: 
 85 f6 0f 84 11 00 00 00 0f ae f0  0f ae 3f 48 83 c7 40 ff ce
Feb 7 01:55:25 subgraph kernel: [ 5202.246349] PAX: byte at SP-8: 
 000003719d7d9460 000003719c15dbfb 0000000000000006 000003719d7d94d0
 000003719d7d9460 000003719c5037a8 0000000000000006 ffffffffffffffff 
 000003719d7d9a00 000003719c5d44ab 0000000000000063
Feb 7 01:55:25 subgraph kernel: [ 5202.246546] grsec: denied resource overstep by 
 requesting 4096 for RLIMIT_CORE against limit 0 for 
 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java[java:2358] uid/euid:0/0 gid/egid:0/0, 
 parent /var/lib/dpkg/info/openjdk-8-jre-headless:amd64.postinst[openjdk-8-jree-h:2292] 
 uid/euid:0/0 gid/egid:0/0

Further down:

Feb 7 01:57:56 subgraph paxrat[8782]: 2017/02/07 01:57:56 Setting 'mr' PaX flags via 
 xattr on /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java

snip

Feb 7 01:57:57 subgraph paxrat[8782]: 2017/02/07 01:57:57 
 /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java does not exist, cannot set flags

This might need to be opened as a separate issue.

[mckinney-subgraph]

Debian bug report: Wireless network interface detected as ethernet - Bug 854611

The bug was also forwarded upstream: Bug 778355 - Wireless network interface detected as ethernet and not brought up

[neuralpancake]

@mckinney-subgraph: Excellent, thanks. Hurry up and wait mode on for that bit of it.

[xSmurf]

@neuralpancake @all... I have tracked this down to the apparmor profile for NetworkManager... One can temporarily put the profile in complain mode to regain wireless networking:

sudo apparmor_parser -rC /etc/apparmor.d/usr.sbin.NetworkManager
sudo systemctl restart NetworkManager.service

And until it is pushed to the package, here is an updated profile that can be used: /etc/apparmor.d/usr.sbin.NetworkManager

[neuralpancake]

@xSmurf: Excellent! Thanks for figuring this out. Will test on my machines now.

Update: Yep, that works on everything here.

[mckinney-subgraph]

We have updated the apparmor-profiles-subgraph package to 1.4 to address this issue. The package can be obtained via apt-get upgrade (or dist-upgrade).

People that are currently without wifi access can put the Network Manager profile into complain mode and restart Network Manager to regain wifi access so that they can apply the upgrade:

$ sudo aa-complain /usr/sbin/NetworkManager
$ sudo systemctl restart NetworkManager.service
$ sudo apt-get update
$ sudo apt-get dist-upgrade

After the update you will want to re-enable the AppArmor policy and restart Network Manager so it properly detects your wifi card:

$ sudo aa-enforce /usr/sbin/NetworkManager
$ sudo systemctl restart NetworkManager.service

Alternately, if you have a working ethernet interface, you don't have to put the Network Manager AppArmor policy into complain mode, the following should suffice:

$ sudo apt-get update
$ sudo apt-get dist-upgrade
$ sudo systemctl restart NetworkManager.service

Please let us know if you encounter further difficulties or have problems getting wifi back following these instructions.

Thanks @xSmurf and everybody else who helped with this !

[neuralpancake]

Nice work everybody! This fixes everything on my end. Unless somebody jumps in and objects, I'm closing this as resolved.