kernel-packages team mailing list archive

Thread
Date
[Bug 1378123] Re: unix_socket_abstract.sh triggers an AppArmor WARN

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Laurent Salle <lsalle@xxxxxxxxxxxxx>
Date: Mon, 25 May 2015 10:46:11 -0000
Reply-to: Bug 1378123 <1378123@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
The "AppArmor WARN __label_update" warnings are occuring on a production
system:

$ uname -a
Linux svbom 3.19.0-18-generic #18-Ubuntu SMP Tue May 19 18:31:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.04
DISTRIB_CODENAME=vivid
DISTRIB_DESCRIPTION="Ubuntu 15.04"

Two dmesg excerpts:

--
[56434.648170] br3: port 6(vnet18) entered disabled state
[56434.648212] device vnet18 left promiscuous mode
[56434.648215] br3: port 6(vnet18) entered disabled state
[56435.050149] ------------[ cut here ]------------
[56435.050155] WARNING: CPU: 6 PID: 24903 at /build/buildd/linux-3.19.0/security/apparmor/label.c:1767 __aa_labelset_update_all+0x710/0x800()
[56435.050156] AppArmor WARN __label_update: ((__aa_label_remove_and_insert((&(((label)->ent[(label)->size - 1])->ns)->labels), label, l) != l)): 
[56435.050157] Modules linked in:
[56435.050159]  joydev hid_generic usbhid hid vhost_net vhost macvtap macvlan ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables bridge stp llc intel_rapl iosf_mbi x86_pkg_temp_thermal ipmi_ssif intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel hpilo lpc_ich aes_x86_64 lrw ie31200_edac gf128mul shpchp glue_helper 8250_fintek ipmi_si ablk_helper edac_core ipmi_msghandler cryptd mac_hid acpi_power_meter serio_raw lp parport autofs4 tg3 ahci ptp psmouse libahci pps_core hpsa
[56435.050182] CPU: 6 PID: 24903 Comm: apparmor_parser Tainted: G        W      3.19.0-18-generic #18-Ubuntu
[56435.050183] Hardware name: HP ProLiant DL320e Gen8 v2, BIOS P80 09/01/2013
[56435.050184]  ffffffff81ad2178 ffff8806d006bd38 ffffffff817c27cd 0000000000000007
[56435.050186]  ffff8806d006bd88 ffff8806d006bd78 ffffffff8107593a ffff8806f4267408
[56435.050187]  ffff88060a74dd00 0000000000000000 ffff8806b55f6e00 0000000000000002
[56435.050188] Call Trace:
[56435.050192]  [<ffffffff817c27cd>] dump_stack+0x45/0x57
[56435.050195]  [<ffffffff8107593a>] warn_slowpath_common+0x8a/0xc0
[56435.050196]  [<ffffffff810759b6>] warn_slowpath_fmt+0x46/0x50
[56435.050199]  [<ffffffff81358b65>] ? __aa_label_remove_and_insert+0x85/0x1a0
[56435.050200]  [<ffffffff8135c8f0>] __aa_labelset_update_all+0x710/0x800
[56435.050203]  [<ffffffff8131518a>] ? securityfs_remove+0x9a/0xb0
[56435.050205]  [<ffffffff81351bf8>] aa_remove_profiles+0x148/0x500
[56435.050206]  [<ffffffff81348b1a>] ? aa_simple_write_to_buffer+0x7a/0xa0
[56435.050208]  [<ffffffff81348b7e>] profile_remove+0x3e/0x70
[56435.050210]  [<ffffffff811f38a7>] vfs_write+0xb7/0x1f0
[56435.050212]  [<ffffffff811f2a29>] ? do_sys_open+0x1b9/0x280
[56435.050214]  [<ffffffff811f44b6>] SyS_write+0x46/0xb0
[56435.050216]  [<ffffffff817c990d>] system_call_fastpath+0x16/0x1b
[56435.050217] ---[ end trace 00bcc1692506d99a ]---
--

--
[61376.416886] br3: port 7(vnet20) entered disabled state
[61376.416934] device vnet20 left promiscuous mode
[61376.416937] br3: port 7(vnet20) entered disabled state
[61376.706953] ------------[ cut here ]------------
[61376.706969] WARNING: CPU: 3 PID: 33012 at /build/buildd/linux-3.19.0/security/apparmor/label.c:1767 __aa_labelset_update_all+0x710/0x800()
[61376.706970] AppArmor WARN __label_update: ((__aa_label_remove_and_insert((&(((label)->ent[(label)->size - 1])->ns)->labels), label, l) != l)): 
[61376.706971] Modules linked in:
[61376.706972]  joydev hid_generic usbhid hid vhost_net vhost macvtap macvlan ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables bridge stp llc intel_rapl iosf_mbi x86_pkg_temp_thermal ipmi_ssif intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel hpilo lpc_ich aes_x86_64 lrw ie31200_edac gf128mul shpchp glue_helper 8250_fintek ipmi_si ablk_helper edac_core ipmi_msghandler cryptd mac_hid acpi_power_meter serio_raw lp parport autofs4 tg3 ahci ptp psmouse libahci pps_core hpsa
[61376.706995] CPU: 3 PID: 33012 Comm: apparmor_parser Tainted: G        W      3.19.0-18-generic #18-Ubuntu
[61376.706996] Hardware name: HP ProLiant DL320e Gen8 v2, BIOS P80 09/01/2013
[61376.706997]  ffffffff81ad2178 ffff88052380fd38 ffffffff817c27cd 0000000000000007
[61376.706998]  ffff88052380fd88 ffff88052380fd78 ffffffff8107593a ffff8806f4267408
[61376.706999]  ffff880609de6300 0000000000000000 ffff88060a6ce800 0000000000000002
[61376.707001] Call Trace:
[61376.707005]  [<ffffffff817c27cd>] dump_stack+0x45/0x57
[61376.707007]  [<ffffffff8107593a>] warn_slowpath_common+0x8a/0xc0
[61376.707009]  [<ffffffff810759b6>] warn_slowpath_fmt+0x46/0x50
[61376.707012]  [<ffffffff81358b65>] ? __aa_label_remove_and_insert+0x85/0x1a0
[61376.707013]  [<ffffffff8135c8f0>] __aa_labelset_update_all+0x710/0x800
[61376.707015]  [<ffffffff8131518a>] ? securityfs_remove+0x9a/0xb0
[61376.707017]  [<ffffffff81351bf8>] aa_remove_profiles+0x148/0x500
[61376.707019]  [<ffffffff81348b1a>] ? aa_simple_write_to_buffer+0x7a/0xa0
[61376.707020]  [<ffffffff81348b7e>] profile_remove+0x3e/0x70
[61376.707023]  [<ffffffff811f38a7>] vfs_write+0xb7/0x1f0
[61376.707024]  [<ffffffff811f2a29>] ? do_sys_open+0x1b9/0x280
[61376.707026]  [<ffffffff811f44b6>] SyS_write+0x46/0xb0
[61376.707028]  [<ffffffff817c990d>] system_call_fastpath+0x16/0x1b
[61376.707029] ---[ end trace 00bcc1692506d99b ]---
--

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1378123

Title:
  unix_socket_abstract.sh triggers an AppArmor WARN

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  Running the unix_socket_abstract.sh regression test script in a loop
  results in an AppArmor WARN message in the logs. On my test system, it
  typically takes between 1 and 3 runs of unix_socket_abstract.sh before
  the WARN is hit. It does not seem to occur with the
  unix_socket_pathname.sh or unix_socket_unnamed.sh tests.

  Here's the script I used:

  ---
  #!/bin/sh

  dmesg -C
  while ! dmesg -c | grep "AppArmor WARN"; do
          bash unix_socket_abstract.sh
  done
  ---

  The following back trace is emitted in the logs:

  [ 1365.017477] ------------[ cut here ]------------
  [ 1365.017486] WARNING: CPU: 0 PID: 26026 at /build/buildd/linux-3.16.0/security/apparmor/label.c:1767 __aa_labelset_update_all+0x6f5/0x7f0()
  [ 1365.017487] AppArmor WARN __label_update: ((__aa_label_remove_and_insert((&(((label)->ent[(label)->size - 1])->ns)->labels), label, l) != l)):
  [ 1365.017489] Modules linked in: bnep rfcomm bluetooth 6lowpan_iphc kvm_intel kvm vmwgfx ttm drm_kms_helper serio_raw drm i2c_piix4 pvpanic parport_pc ppdev mac_hid lp parport psmouse pata_acpi floppy
  [ 1365.017505] CPU: 0 PID: 26026 Comm: apparmor_parser Tainted: G        W     3.16.0-20-generic #27-Ubuntu
  [ 1365.017507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
  [ 1365.017509]  0000000000000009 ffff88002dd23d88 ffffffff8177f053 ffff88002dd23dd0
  [ 1365.017511]  ffff88002dd23dc0 ffffffff8106fcfd ffff880036602900 0000000000000000
  [ 1365.017513]  ffff88003acaed00 0000000000000002 ffff88003e02a0a0 ffff88002dd23e20
  [ 1365.017516] Call Trace:
  [ 1365.017522]  [<ffffffff8177f053>] dump_stack+0x45/0x56
  [ 1365.017527]  [<ffffffff8106fcfd>] warn_slowpath_common+0x7d/0xa0
  [ 1365.017530]  [<ffffffff8106fd6c>] warn_slowpath_fmt+0x4c/0x50
  [ 1365.017533]  [<ffffffff8133f00e>] ? __aa_label_remove_and_insert+0x7e/0x1a0
  [ 1365.017536]  [<ffffffff81342c95>] __aa_labelset_update_all+0x6f5/0x7f0
  [ 1365.017539]  [<ffffffff812fc5ca>] ? securityfs_remove+0x9a/0xb0
  [ 1365.017542]  [<ffffffff81338213>] aa_remove_profiles+0x143/0x4f0
  [ 1365.017545]  [<ffffffff8132f43e>] profile_remove+0x3e/0x70
  [ 1365.017550]  [<ffffffff811e02c7>] vfs_write+0xb7/0x1f0
  [ 1365.017552]  [<ffffffff811df439>] ? do_sys_open+0x1b9/0x280
  [ 1365.017555]  [<ffffffff811e0e76>] SyS_write+0x46/0xb0
  [ 1365.017558]  [<ffffffff817870ad>] system_call_fastpath+0x1a/0x1f
  [ 1365.017560] ---[ end trace 1e09e2c565d9ef95 ]---

  This occurs in an amd64 utopic vm:

  $ uname -a
  Linux sec-utopic-amd64 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:35:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1378123/+subscriptions
References

[Bug 1378123] [NEW] unix_socket_abstract.sh triggers an AppArmor WARN
From: Tyler Hicks, 2014-10-06