Running tpm2-abrmd dumps core

[ghost]

Hello! I'm trying to run tpm2-abrmd on Arch (a little bit exotic machine-HP Spectre x360 with 8705G) dumps core. Journal gives:

апр 18 10:54:24 SpectreArch systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon... апр 18 10:54:24 SpectreArch tpm2-abrmd[2208]: WARNING:tcti:src/tss2-tcti/tcti-device.c:254:tcti_device_receive() Got EOF instead of> апр 18 10:54:24 SpectreArch tpm2-abrmd[2208]: Tss2_Sys_Startup returned unexpected RC: 0xa0008 апр 18 10:54:24 SpectreArch tpm2-abrmd[2208]: access_broker_sent_tpm_startup failed: 0xa0008 апр 18 10:54:24 SpectreArch tpm2-abrmd[2208]: Failed to GetCapability: TPM2_CAP_TPM_PROPERTIES, TPM2_PT_FIXED: 0x80007 апр 18 10:54:24 SpectreArch systemd[1]: tpm2-abrmd.service: Main process exited, code=killed, status=5/TRAP апр 18 10:54:24 SpectreArch systemd[1]: tpm2-abrmd.service: Failed with result 'signal'. апр 18 10:54:24 SpectreArch systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon. апр 18 10:54:28 SpectreArch systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.

gdb traceback:

coredumpctl gdb
           PID: 2208 (tpm2-abrmd)
           UID: 977 (tss)
           GID: 977 (tss)
        Signal: 5 (TRAP)
     Timestamp: Thu 2019-04-18 10:54:24 +04 (12min ago)
  Command Line: /usr/bin/tpm2-abrmd
    Executable: /usr/bin/tpm2-abrmd
 Control Group: /system.slice/tpm2-abrmd.service
          Unit: tpm2-abrmd.service
         Slice: system.slice
       Boot ID: 1e90bc21b0dd4065a0bd0ea2c9d4af38
    Machine ID: 2eacdec89cd848c490e2abbe30d129ae
      Hostname: SpectreArch
       Storage: /var/lib/systemd/coredump/core.tpm2-abrmd.977.1e90bc21b0dd4065a0bd0ea2c9d4af38.2208.1555570464000000.lz4
       Message: Process 2208 (tpm2-abrmd) of user 977 dumped core.

                Stack trace of thread 2209:
                #0  0x00007f65bb210186 n/a (libglib-2.0.so.0)
                #1  0x00007f65bb204b3f g_log_default_handler (libglib-2.0.so.0)
                #2  0x00007f65bb2103c1 g_logv (libglib-2.0.so.0)
                #3  0x00007f65bb2105e0 g_log (libglib-2.0.so.0)
                #4  0x000055f89be7375c n/a (tpm2-abrmd)
                #5  0x000055f89be73d1f n/a (tpm2-abrmd)
                #6  0x000055f89be72529 n/a (tpm2-abrmd)
                #7  0x00007f65bb1f3c21 n/a (libglib-2.0.so.0)
                #8  0x00007f65bb121a9d start_thread (libpthread.so.0)
                #9  0x00007f65bb051af3 __clone (libc.so.6)

                Stack trace of thread 2208:
                #0  0x00007f65bb046bf1 __poll (libc.so.6)
                #1  0x00007f65bb218690 n/a (libglib-2.0.so.0)
                #2  0x00007f65bb2196d2 g_main_loop_run (libglib-2.0.so.0)
                #3  0x000055f89be72143 n/a (tpm2-abrmd)
                #4  0x00007f65baf7a223 __libc_start_main (libc.so.6)
                #5  0x000055f89be7224e n/a (tpm2-abrmd)

                Stack trace of thread 2210:
                #0  0x00007f65bb046bf1 __poll (libc.so.6)
                #1  0x00007f65bb218690 n/a (libglib-2.0.so.0)
                #2  0x00007f65bb21877e g_main_context_iteration (libglib-2.0.so.0)
                #3  0x00007f65bb2187d2 n/a (libglib-2.0.so.0)
                #4  0x00007f65bb1f3c21 n/a (libglib-2.0.so.0)
                #5  0x00007f65bb121a9d start_thread (libpthread.so.0)
                #6  0x00007f65bb051af3 __clone (libc.so.6)

                Stack trace of thread 2211:
                #0  0x00007f65bb046bf1 __poll (libc.so.6)
                #1  0x00007f65bb4060fd g_socket_condition_timed_wait (libgio-2.0.so.0)
                #2  0x00007f65bb408554 n/a (libgio-2.0.so.0)
                #3  0x00007f65bb42da77 g_input_stream_read (libgio-2.0.so.0)
                #4  0x00007f65bb45bbfb n/a (libgio-2.0.so.0)
                #5  0x00007f65bb45b784 g_buffered_input_stream_fill (libgio-2.0.so.0)
                #6  0x00007f65bb452b7a g_data_input_stream_read_line (libgio-2.0.so.0)
                #7  0x00007f65bb3b06b9 n/a (libgio-2.0.so.0)
                #8  0x00007f65bb3a4882 n/a (libgio-2.0.so.0)
                #9  0x00007f65bb45c51a n/a (libgio-2.0.so.0)
                #10 0x00007f65bb3f89a6 n/a (libgio-2.0.so.0)
                #11 0x00007f65bb1eccc6 n/a (libglib-2.0.so.0)
                #12 0x00007f65bb1f3c21 n/a (libglib-2.0.so.0)
                #13 0x00007f65bb121a9d start_thread (libpthread.so.0)
                #14 0x00007f65bb051af3 __clone (libc.so.6)

GNU gdb (GDB) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/tpm2-abrmd...(no debugging symbols found)...done.
[New LWP 2209]
[New LWP 2208]
[New LWP 2210]
[New LWP 2211]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `/usr/bin/tpm2-abrmd'.
Program terminated with signal SIGTRAP, Trace/breakpoint trap.
#0  0x00007f65bb210186 in ?? () from /usr/lib/libglib-2.0.so.0
[Current thread is 1 (Thread 0x7f65ba900700 (LWP 2209))]
(gdb) trace 
Tracepoint 1 at 0x7f65bb210186
(gdb) bt
#0  0x00007f65bb210186 in  () at /usr/lib/libglib-2.0.so.0
#1  0x00007f65bb204b3f in g_log_default_handler () at /usr/lib/libglib-2.0.so.0
#2  0x00007f65bb2103c1 in g_logv () at /usr/lib/libglib-2.0.so.0
#3  0x00007f65bb2105e0 in g_log () at /usr/lib/libglib-2.0.so.0
#4  0x000055f89be7375c in  ()
#5  0x000055f89be73d1f in  ()
#6  0x000055f89be72529 in  ()
#7  0x00007f65bb1f3c21 in  () at /usr/lib/libglib-2.0.so.0
#8  0x00007f65bb121a9d in start_thread () at /usr/lib/libpthread.so.0
#9  0x00007f65bb051af3 in clone () at /usr/lib/libc.so.6

It's sad, Arch doesn't have any official debug repos, so, there are no symbols. Is it possible to figure something out from this? Thanks!

[diabonas]

апр 18 10:54:24 SpectreArch tpm2-abrmd[2208]: WARNING:tcti:src/tss2-tcti/tcti-device.c:254:tcti_device_receive() Got EOF instead of> апр 18 10:54:24 SpectreArch tpm2-abrmd[2208]: Tss2_Sys_Startup returned unexpected RC: 0xa0008 апр 18 10:54:24 SpectreArch tpm2-abrmd[2208]: access_broker_sent_tpm_startup failed: 0xa0008

This sounds like the kernel 5.0 regression described on the linux-integrity mailing list and in https://github.com/tpm2-software/tpm2-tools/issues/1356. The fix is already in Linus' tree and should hopefully be also included in one of the stable 5.0.x releases soon. Until then, you can try replacing tpm2-tss with tpm2-tss-git from the AUR, where I included a temporary software-side fix for this problem.

[diabonas]

The regression was fixed in Linux 5.0.10, so after updating to linux 5.0.10.arch1-1 and restarting, the problem should be fixed.

[flihp]

Thanks for all the data in this thread. Saved me a bunch of time. So the root cause is the kernel doing something weird, but tabrmd should shut itself down as gracefully as possible. I know there's some technical debt buried in the error handing here: #385, #481 etc. Sounds like this needs to get some attention. Probably worthy of a 'minor' release once it gets cleaned up too.

[volker-raschek]

Hello, I have the same problem with kernel 5.4.8 on fedora.

System informations:

markus@morlk376:~$ uname -a
Linux morlk376 5.4.8-200.fc31.x86_64 #1 SMP Mon Jan 6 16:44:18 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

coredump:

markus@morlk376:~$ sudo coredumpctl gdb
           PID: 5284 (tpm2-abrmd)
           UID: 59 (tss)
           GID: 59 (tss)
        Signal: 5 (TRAP)
     Timestamp: Tue 2020-01-14 08:37:57 CET (5s ago)
  Command Line: /usr/sbin/tpm2-abrmd
    Executable: /usr/sbin/tpm2-abrmd
 Control Group: /system.slice/tpm2-abrmd.service
          Unit: tpm2-abrmd.service
         Slice: system.slice
       Boot ID: 5afb084f3999434ea32b70b9b93dbc78
    Machine ID: 509f1ef0f29442f29e7ade22619d12d2
      Hostname: morlk376
       Storage: /var/lib/systemd/coredump/core.tpm2-abrmd.59.5afb084f3999434ea32b70b9b93dbc78.5284.1578987477000000000000.lz4
       Message: Process 5284 (tpm2-abrmd) of user 59 dumped core.

                Stack trace of thread 5285:
                #0  0x00007f99ad87c755 _g_log_abort (libglib-2.0.so.0)
                #1  0x00007f99ad87d7d9 g_log_default_handler (libglib-2.0.so.0)
                #2  0x00007f99ad87da0b g_logv (libglib-2.0.so.0)
                #3  0x00007f99ad87dbf3 g_log (libglib-2.0.so.0)
                #4  0x000055857b5a8b8d access_broker_get_tpm_properties_fixed (tpm2-abrmd)
                #5  0x000055857b5a90bd access_broker_init_tpm (tpm2-abrmd)
                #6  0x000055857b5a711f init_thread_func (tpm2-abrmd)
                #7  0x00007f99ad89ffc2 g_thread_proxy (libglib-2.0.so.0)
                #8  0x00007f99ad7954e2 start_thread (libpthread.so.0)
                #9  0x00007f99ad6c4693 __clone (libc.so.6)

                Stack trace of thread 5284:
                #0  0x00007f99ad6b9a6f __poll (libc.so.6)
                #1  0x00007f99ad87680e g_main_context_iterate.isra.0 (libglib-2.0.so.0)
                #2  0x00007f99ad876b93 g_main_loop_run (libglib-2.0.so.0)
                #3  0x000055857b5a6c96 main (tpm2-abrmd)
                #4  0x00007f99ad5ea1a3 __libc_start_main (libc.so.6)
                #5  0x000055857b5a6d0e _start (tpm2-abrmd)

                Stack trace of thread 5286:
                #0  0x00007f99ad6b9a6f __poll (libc.so.6)
                #1  0x00007f99ad87680e g_main_context_iterate.isra.0 (libglib-2.0.so.0)
                #2  0x00007f99ad876943 g_main_context_iteration (libglib-2.0.so.0)
                #3  0x00007f99ad876991 glib_worker_main (libglib-2.0.so.0)
                #4  0x00007f99ad89ffc2 g_thread_proxy (libglib-2.0.so.0)
                #5  0x00007f99ad7954e2 start_thread (libpthread.so.0)
                #6  0x00007f99ad6c4693 __clone (libc.so.6)

                Stack trace of thread 5287:
                #0  0x00007f99ad6bf1ad syscall (libc.so.6)
                #1  0x00007f99ad8c2cb6 g_cond_wait_until (libglib-2.0.so.0)
                #2  0x00007f99ad847411 g_async_queue_pop_intern_unlocked (libglib-2.0.so.0)
                #3  0x00007f99ad8a085a g_thread_pool_thread_proxy (libglib-2.0.so.0)
                #4  0x00007f99ad89ffc2 g_thread_proxy (libglib-2.0.so.0)
                #5  0x00007f99ad7954e2 start_thread (libpthread.so.0)
                #6  0x00007f99ad6c4693 __clone (libc.so.6)

                Stack trace of thread 5288:
                #0  0x00007f99ad6b9a6f __poll (libc.so.6)
                #1  0x00007f99ad87680e g_main_context_iterate.isra.0 (libglib-2.0.so.0)
                #2  0x00007f99ad876b93 g_main_loop_run (libglib-2.0.so.0)
                #3  0x00007f99adac5a4a gdbus_shared_thread_func (libgio-2.0.so.0)
                #4  0x00007f99ad89ffc2 g_thread_proxy (libglib-2.0.so.0)
                #5  0x00007f99ad7954e2 start_thread (libpthread.so.0)
                #6  0x00007f99ad6c4693 __clone (libc.so.6)

GNU gdb (GDB) Fedora 8.3.50.20190824-26.fc31
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/tpm2-abrmd...
Reading symbols from .gnu_debugdata for /usr/sbin/tpm2-abrmd...
(No debugging symbols found in .gnu_debugdata for /usr/sbin/tpm2-abrmd)
[New LWP 5285]
[New LWP 5284]
[New LWP 5286]
[New LWP 5287]
[New LWP 5288]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/sbin/tpm2-abrmd'.
Program terminated with signal SIGTRAP, Trace/breakpoint trap.
#0  0x00007f99ad87c755 in _g_log_abort () from /lib64/libglib-2.0.so.0
[Current thread is 1 (Thread 0x7f99ad384700 (LWP 5285))]
Missing separate debuginfos, use: dnf debuginfo-install tpm2-abrmd-2.2.0-2.fc31.x86_64
(gdb) trace
Tracepoint 1 at 0x7f99ad87c755
(gdb) bt
#0  0x00007f99ad87c755 in _g_log_abort () from /lib64/libglib-2.0.so.0
#1  0x00007f99ad87d7d9 in g_log_default_handler () from /lib64/libglib-2.0.so.0
#2  0x00007f99ad87da0b in g_logv () from /lib64/libglib-2.0.so.0
#3  0x00007f99ad87dbf3 in g_log () from /lib64/libglib-2.0.so.0
#4  0x000055857b5a8b8d in access_broker_get_tpm_properties_fixed ()
#5  0x000055857b5a90bd in access_broker_init_tpm ()
#6  0x000055857b5a711f in init_thread_func ()
#7  0x00007f99ad89ffc2 in g_thread_proxy () from /lib64/libglib-2.0.so.0
#8  0x00007f99ad7954e2 in start_thread () from /lib64/libpthread.so.0
#9  0x00007f99ad6c4693 in clone () from /lib64/libc.so.6
(gdb) 

Firmware update

I have tried to upgrade the firmware via fwupdmgr. I receive a message that TPM is not updateable. Why is it not updateable?

markus@morlk376:~$ fwupdmgr get-updates
No upgrades for TPM 1.2: is not updatable

Any ideas why I can not update the tpm firmware and my system freeze when tpm2 runs into the error? Volker