[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4249 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/581525/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Tags added: testcase -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/581525/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
This bug was fixed in the package linux - 2.6.32-28.55 --- linux (2.6.32-28.55) lucid-proposed; urgency=low * Another version bump because of abi check failure * Tracking Bug - LP: #699885 linux (2.6.32-28.54) lucid-proposed; urgency=low * Another version bump because of upload failure linux (2.6.32-28.53) lucid-proposed; urgency=low * Another version bump because of upload failure linux (2.6.32-28.52) lucid-proposed; urgency=low [ Steve Conklin ] * (removed old tracking bug link) linux (2.6.32-28.51) lucid-proposed; urgency=low [ Steve Conklin ] * bumped version due to build fail linux (2.6.32-28.50) lucid-proposed; urgency=low [ Tim Gardner ] * SAUCE: Change nodelayacct boot parameter polarity. - LP: #493156 * [Config] CONFIG_TASK_DELAY_ACCT=y - LP: #493156 [ Upstream Kernel Changes ] * ipc: initialize structure memory to zero for compat functions * tcp: Increase TCP_MAXSEG socket option minimum. - CVE-2010-4165 * perf_events: Fix perf_counter_mmap() hook in mprotect() - CVE-2010-4169 * af_unix: limit unix_tot_inflight - CVE-2010-4249 * AppArmor: fix the upper bound check for the next/check table - LP: #581525 * NFS: Fix panic after nfs_umount() - LP: #683938 * block: Ensure physical block size is unsigned int - LP: #688669 * block: limit vec count in bio_kmalloc() and bio_alloc_map_data() - LP: #688669 * block: take care not to overflow when calculating total iov length - LP: #688669 * block: check for proper length of iov entries in blk_rq_map_user_iov() - LP: #688669 * jme: Fix PHY power-off error - LP: #688669 * irda: Fix parameter extraction stack overflow - LP: #688669 * irda: Fix heap memory corruption in iriap.c - LP: #688669 * i2c-pca-platform: Change device name of request_irq - LP: #688669 * microblaze: Fix build with make 3.82 - LP: #688669 * Staging: asus_oled: fix up some sysfs attribute permissions - LP: #688669 * Staging: asus_oled: fix up my fixup for some sysfs attribute permissions - LP: #688669 * Staging: line6: fix up some sysfs attribute permissions - LP: #688669 * hpet: fix unwanted interrupt due to stale irq status bit - LP: #688669 * hpet: unmap unused I/O space - LP: #688669 * olpc_battery: Fix endian neutral breakage for s16 values - LP: #688669 * percpu: fix list_head init bug in __percpu_counter_init() - LP: #688669 * um: remove PAGE_SIZE alignment in linker script causing kernel segfault. - LP: #688669 * um: fix global timer issue when using CONFIG_NO_HZ - LP: #688669 * numa: fix slab_node(MPOL_BIND) - LP: #688669 * hwmon: (lm85) Fix ADT7468 frequency table - LP: #688669 * mm: fix return value of scan_lru_pages in memory unplug - LP: #688669 * mm: fix is_mem_section_removable() page_order BUG_ON check - LP: #688669 * ssb: b43-pci-bridge: Add new vendor for BCM4318 - LP: #688669 * sgi-xpc: XPC fails to discover partitions with all nasids above 128 - LP: #688669 * xen: ensure that all event channels start off bound to VCPU 0 - LP: #688669 * xen: don't bother to stop other cpus on shutdown/reboot - LP: #688669 * sys_semctl: fix kernel stack leakage - LP: #688669 * net: NETIF_F_HW_CSUM does not imply FCoE CRC offload - LP: #688669 * drivers/char/vt_ioctl.c: fix VT_OPENQRY error value - LP: #688669 * viafb: use proper register for colour when doing fill ops - LP: #688669 * eCryptfs: Clear LOOKUP_OPEN flag when creating lower file - LP: #688669 * md/raid1: really fix recovery looping when single good device fails. - LP: #688669 * md: fix return value of rdev_size_change() - LP: #688669 * x86: AMD Northbridge: Verify NB's node is online - LP: #688669 * tty: prevent DOS in the flush_to_ldisc - LP: #688669 * TTY: restore tty_ldisc_wait_idle - LP: #688669 * tty_ldisc: Fix BUG() on hangup - LP: #688669 * TTY: ldisc, fix open flag handling - LP: #688669 * KVM: VMX: fix vmx null pointer dereference on debug register access - LP: #688669 - CVE-2010-0435 * KVM: x86: fix information leak to userland - LP: #688669 * firewire: cdev: fix information leak - LP: #688669 * firewire: core: fix an information leak - LP: #688669 * firewire: ohci: fix buffer overflow in AR split packet handling - LP: #688669 * firewire: ohci: fix race in AR split packet handling - LP: #688669 * ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and Headphone controls - LP: #669279, #688669 * ALSA: HDA: Add an extra DAC for Realtek ALC887-VD - LP: #688669 * ALSA: hda: Use "alienware" model quirk for another SSID - LP: #683695, #688669 * netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem pages - LP: #688669 * latencytop: fix per task accumulator - LP: #688669 * mm/vfs: revalidate page
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
I have verified that the proposed kernel catches bad policy loads, causing them to fail and outputs the expected AppArmor DFA next/check upper bounds error message in dmesg. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Branch linked: lp:ubuntu/lucid-proposed/linux-ec2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Tags added: verification-done ** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Accepted linux into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: linux (Ubuntu Lucid) Status: In Progress => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.04.1
---
apparmor (2.5.1-0ubuntu0.10.04.1) lucid-proposed; urgency=low
* Backport 2.5.1-0ubuntu0.10.10.1 from maverick for userspace tools to work
with newer kernels (LP: #660077)
NOTE: user-tmp now uses 'owner' match, so non-default profiles will have
to be adjusted when 2 separately confined applications that both use the
user-tmp abstraction depend on being able to cooperatively share files
with each other in /tmp or /var/tmp.
* remove the following patches (features not appropriate for SRU):
- 0002-add-chromium-browser.patch
- 0003-local-includes.patch
- 0004-ubuntu-abstractions-updates.patch
* debian/rules (this makes it the same as what was shipped in 10.04 LTS
release):
- don't ship aa-update-browser and its man page (requires
0004-ubuntu-abstractions-updates.patch)
- don't ship apparmor.d/local/ (requires 0003-local-includes.patch)
- don't use dh_apparmor (not in Ubuntu 10.04 LTS)
- don't ship chromium profile
* remove debian/profiles/chromium-browser
* remove debian/aa-update-browser*
* debian/apparmor-profiles.postinst: revert to that in lucid release
(requires dh_apparmor and 0002-add-chromium-browser.patch)
* remove debian/apparmor-profiles.postrm: doesn't make sense without
0002-add-chromium-browser.patch
* debian/control:
- revert Build-Depends on debhelper (>= 5)
- revert Standards-Version to 3.8.4
- revert Vcs-Bzr
- use Conflicts/Replaces version that was in Ubuntu 10.04 LTS
* debian/patches/0011-lucid-compat-dbus.patch: move /var/lib/dbus/machine-id
back into dbus, since profiles on 10.04 LTS expect it there
* debian/patches/0012-lucid-compat-kde.patch: add kde4-config to kde
abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to
be there
apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low
* New upstream release (LP: #660077)
- The following patches were refreshed:
+ 0001-fix-release.patch
+ 0003-local-includes.patch
+ 0004-ubuntu-abstractions-updates.patch
+ 0008-lp648900.patch: renamed as 0005-lp648900.patch
- The following patches were dropped (included upstream):
+ 0005-lp601583.patch
+ 0006-network-interface-enumeration.patch
+ 0007-gnome-updates.patch
* debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head
of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211)
* debian/patches/0007-honor-cflags.patch: have the parser makefile honor
CFLAGS environment variable. Brings back missing symbols for the retracer
* debian/patches/0008-lp652674.patch: fix warnings for messages without
denied or requested masks (LP: #652674)
* debian/apparmor.init: fix path to aa-status (LP: #654841)
* debian/apport/source_apparmor.py: apport hook should use
root_command_hook() for running apparmor_status (LP: #655529)
* debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber
cmdline details (LP: #657091)
* debian/{rules,control}: move apache2 abstractions into the base package
so we can put apache2 profiles into the -profiles package without
aa-logprof bailing out. Patch by Marc Deslauriers.
(LP: #539441)
* debian/patches/0009-sensible-browser-pix.patch: use Pix with
sensible-browser
* debian/patches/0010-ubuntu-buildd.patch: skip parser caching test if
the AppArmor securityfs introspection directory is not mounted, as
is the case on Ubuntu buildds.
apparmor (2.5.1~rc1-0ubuntu2) maverick; urgency=low
* abstractions/ubuntu-email: adjustment for ever-changing thunderbird path
(LP: #648900)
apparmor (2.5.1~rc1-0ubuntu1) maverick; urgency=low
[ Jamie Strandboge ]
* New upstream RC release (revision 1413). In addition to getting the tools
to work with the maverick kernel, this update fixes:
- LP: #619521
- LP: #633369
- LP: #626451
- LP: #581525
- LP: #623467 (link and unlink still need to be addressed)
* Dropped the following patches, included upstream:
- 0002-lp615177.patch
- 0004-ubuntu-pux.patch
- 0006-kde4-config-pux.patch
- 0007-lp605835.patch
- 0012-lp625041.patch
- 0013-lp623586.patch
* Update the following patches:
- rename 0010-fix-release.patch as 0001-fix-release.patch since this will
likely always need to be here
- rename 0005-add-chromium-browser.patch as
0002-add-chromium-browser.patch
- rename 0001-local-includes.patch as 0003-local-includes.patch and update
to use r1493 (from trunk) of local/README file. This can be dropped in
2.6.
- collect the ubuntu abstractions updates pulled from trunk into
0004-ubuntu-abstractions-updates.patch. This can be dropped in 2.6.
- rename 0008-lp601583.patch as 0005-lp601583.patch. This can be dropped
in 2.5.1 final.
* fix up some lintian warnings:
- debian/cont
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Tags added: verification-done ** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Using John's test case 4.1, if in install the linux-image-generic-lts-backport-maverick without upgrading AppArmor, I can reproduce the bug easily by just rebooting. The dhclient3, guest-session and evince profiles all cause errors like this in dmesg: [5.020139] type=1400 audit(1292354133.218:10): apparmor="STATUS" operation="profile_load" name="/usr/bin/evince-previewer" pid=586 comm="apparmor_parser" [5.045714] AppArmor DFA next/check upper bounds error fixed, upgrade user space tools [5.066967] AppArmor DFA next/check upper bounds error fixed, upgrade user space tools [5.067433] AppArmor DFA next/check upper bounds error fixed, upgrade user space tools [5.076746] AppArmor DFA next/check upper bounds error fixed, upgrade user space tools Without rebooting, I can continue to generate them with: $ sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.evince After installing 2.5.1-0ubuntu0.10.04.1 from lucid-proposed, I no longer see the error messages on boot or with apparmor_parser. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Accepted apparmor into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: apparmor (Ubuntu Lucid) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/581525 Title: Lucid: system becomes unstable randomly, seems related with apparmor -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Description changed: + SRU Justification (apparmor) + + 1. impact of the bug is medium for stable releases. There are two parts + to this bug: the kernel side OOPSing when a the parser generates invalid + tables, and the parser generating correct tables. The lucid kernel + should receive the fix sometime in the future, but the userspace should + also be fixed. + + The kernel bug was a broken test in verifying the dfa next/check table + size (so the userspace bug was not caught when it should have been). + This means that it can at times reference beyond the dfa table (by at + most 255 entries). + + The userspace bug is that the next/check table is not correctly padded + with 0 entries, so that it is impossible to reference beyond the end of + the table when in the states that use the end of the table for their + references. + + + 2. This has been addressed during the maverick development cycle. + + 3. This is r1392 from the apparmor-2.5 branch. The commit mistakenly + references a different bug (599450), but the text is: "Changes the table + resizing so that there is always sufficient high entries in the table, + preventing bounds violations from occurring." + + 4. TEST CASE: there are multiple possible test cases + 4.1 Load a profile against a patched kernel (the maverick kernel can be used for this or a patched Lucid Kernel). The kernel will reject the profile with the following message in the logs + AppArmor DFA next/check upper bounds error fixed, upgrade user space tools + + 4.2 The dfa verifier can be run against a profiles dfa in user space, + but the checker is not part of the distro or easy to use atm as it + requires manually extracting the tables from the profile. The full + userspace profile verifier isn't available yet. + + 4.3 A profile can be compiled using the parser pre and post patching, and compared using a hex editor. The components of the profile that are changed are the size of the table and at the end of dfa table several 0 entries padding out the table. To do this choose a small profile eg. usr.sbin.tcpdump and run + ./apparmor_parser -S >out.file + ./apparmor_parser-patched -S >out.file2 + + The dfa table generated starts with the string aadfa\0 followed by a 4 + byte (little endian blob size - this will differ), follow by the actual + table header with various table size (some of these will change) and + then the actual tables which almost fill the rest of the profile. + Towards the end of the profile there should be extra 0's. And then the + closing data of the profile which should not change. The data within + the profile should not change beyond the couple of size entries and the + 0 padding at the end. + + + 5. The regression potential is considered low as the patch just pads out the table to make sure there are no bounds violations. The patch was pushed in maverick during its development cycle and showed no regressions. This is an important reliability fix for people who are affected (this has affected at least one Canonical server). + + Hi, Since last week I am experiencing a problem which seems related to apparmor. Kernel is crashing at aa_dfa_match_len+0xd9/0xf0, and a trace like the the following appears on my system logs: - - May 17 01:57:04 mplaptop kernel: [ 6430.314093] PGD 1002063 PUD 0 - May 17 01:57:04 mplaptop kernel: [ 6430.314101] CPU 1 + May 17 01:57:04 mplaptop kernel: [ 6430.314093] PGD 1002063 PUD 0 + May 17 01:57:04 mplaptop kernel: [ 6430.314101] CPU 1 May 17 01:57:04 mplaptop kernel: [ 6430.314103] Modules linked in: xts gf128mul binfmt_misc ppdev vboxnetadp vboxnetflt vboxdrv sha256_generic cryptd aes_x86_64 aes_generic dm_crypt joydev snd_hda_codec_realtek ipt_REJECT ipt_LOG xt_limit xt_tcpudp ipt_addrtype xt_state dell_wmi arc4 snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm ip6table_filter ip6_tables snd_seq_dummy nf_nat_irc snd_seq_oss nf_conntrack_irc snd_seq_midi nf_nat_ftp snd_rawmidi nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 snd_seq_midi_event nf_conntrack_ftp snd_seq nf_conntrack iwlagn iptable_filter snd_timer snd_seq_device iwlcore ip_tables snd uvcvideo videodev v4l1_compat v4l2_compat_ioctl32 x_tables mac80211 sdhci_pci dell_laptop dcdbas sdhci led_class nvidia(P) soundcore snd_page_alloc cfg80211 psmouse serio_raw uinput lp parport usbhid hid fbcon tileblit font bitblit ohci1394 softcursor ieee1394 r8169 mii ahci vga16fb vgastate intel_agp video output May 17 01:57:04 mplaptop kernel: [ 6430.314159] Pid: 5065, comm: gnome-panel Tainted: P D2.6.32-22-generic #33-Ubuntu Vostro1710 May 17 01:57:04 mplaptop kernel: [ 6430.314161] RIP: 0010:[] [] aa_dfa_match_len+0xd9/0xf0 May 17 01:57:04 mplaptop kernel: [ 6430.314170] RSP: 0018:880116649d20 EFLAGS: 00010216 May 17 01:57:04 mplaptop kernel: [ 6430.314172] RAX: 0039 RBX: 880051285a8c RCX: 0039 May 17 01:57:04 mplaptop kernel: [ 6430.314174] RDX: fff
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
SRU Justification (apparmor) 1. impact of the bug is medium for stable releases. There are two parts to this bug: the kernel side OOPSing when a the parser generates invalid tables, and the parser generating correct tables. The lucid kernel should receive the fix sometime in the future, but the userspace should also be fixed. 2. This has been addressed during the maverick development cycle. 3. This is r1392 from the apparmor-2.5 branch. The commit mistakenly references a different bug (599450), but the text is: "Changes the table resizing so that there is always sufficient high entries in the table, preventing bounds violations from occurring." 4. TEST CASE: jjohansen will document the test case in a separate comment 5. The regression potential is considered low as the patch just pads out the table to make sure there are no bounds violations. The patch was pushed in maverick during its development cycle and showed no regressions. This is an important reliability fix for people who are affected (this has affected at least one Canonical server). -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Changed in: apparmor (Ubuntu Lucid) Assignee: Kees Cook (kees) => Jamie Strandboge (jdstrand) -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Package changed: linux-meta (Ubuntu) => linux (Ubuntu) ** Also affects: apparmor (Ubuntu Maverick) Importance: Undecided Status: Fix Released ** Also affects: linux (Ubuntu Maverick) Importance: Undecided Assignee: John Johansen (jjohansen) Status: In Progress ** Also affects: apparmor (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Lucid) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Maverick) Milestone: lucid-updates => ubuntu-10.10 ** Changed in: apparmor (Ubuntu Lucid) Status: New => In Progress ** Changed in: apparmor (Ubuntu Lucid) Milestone: None => lucid-updates ** Changed in: linux (Ubuntu Lucid) Milestone: None => lucid-updates ** Changed in: linux (Ubuntu Lucid) Status: New => In Progress ** Changed in: linux (Ubuntu Lucid) Assignee: (unassigned) => John Johansen (jjohansen) ** Changed in: linux (Ubuntu Maverick) Status: In Progress => Fix Released ** Changed in: apparmor (Ubuntu Maverick) Assignee: (unassigned) => John Johansen (jjohansen) ** Changed in: apparmor (Ubuntu Lucid) Assignee: (unassigned) => Kees Cook (kees) ** Changed in: apparmor (Ubuntu Maverick) Milestone: None => ubuntu-10.10 -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Changed in: apparmor (Ubuntu) Status: Fix Committed => Fix Released -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Branch linked: lp:ubuntu/apparmor -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Gabriel, yes the error could actually occur if any profile contained regexs (firefox), however certain profile patterns would trigger the bug more than others. ** Also affects: linux-meta (Ubuntu) Importance: Undecided Status: New ** Changed in: linux-meta (Ubuntu) Status: New => In Progress ** Changed in: linux-meta (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) ** Changed in: linux-meta (Ubuntu) Milestone: None => lucid-updates -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Changed in: apparmor (Ubuntu) Status: New => Fix Committed -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Thank you for the fixed kernel. I don't have any special profiles except those that come with standard packages. Random, non-contained processes were being killed in aa_dfa_match_len. dlocate /etc/apparmor |sed 's#:.*##' |uniq evince tcpdump apparmor-profiles cups dhcp3-client gdm-guest-session apparmor-utils apparmor libvirt-bin firefox ntp With the new kernel, on apparmor reload, I get the "next/check upper bounds error fixed" message 37 times, and the crashes don't reappear. -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Sorry John, even after turning on the debug parameter, I don't get any messages from AppArmor when trying to start origami. -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Seth, can you turn on AppArmor debugging as root > echo 1 > /sys/module/apparmor/parameters/debug And see what apparmor outputs to dmesg when you try that -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
John, thanks for this updated kernel; I received 39 or so "AppArmor DFA
next/check upper bounds error fixed, upgrade user space tools" per
/etc/init.d/apparmor reload command.
I was able to re-install my /home/sarnold/Local/io/** profile with no
obvious problems: both the Io interpreter appears to run fine and grotty
was _not_ mistakenly attached. :) So great success there.
I also put my /etc/init.d/origami profile back in place and continued
development of the profile. (This made my machine very unstable before;
no system stability issues yet. Good work.)
I'm getting some very funny errors though:
5013 execve("/bin/bash", ["sh", "-", "/bin/bash", "-c", "/bin/bash -c
\"cd /var/lib/origam"...], [/* 12 vars */]) = -1 ENOENT (No such file or
directory)
This error is _not_ accompanied by any AppArmor log messages. It is a
silent fail. Removing the AppArmor profile allows origami to start as
normal.
I'll attach my /etc/init.d/origami profile, maybe it'll be obvious to
you.
** Attachment added: "This /etc/init.d/origami profile causes
/etc/init.d/origami start to fail with execve(/bin/bash) = -1 ENOENT"
http://launchpadlibrarian.net/51670148/etc.init.d.origami
--
Lucid: system becomes unstable randomly, seems related with apparmor
https://bugs.launchpad.net/bugs/581525
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Thanks John, it seems to work: ... Jul 10 02:36:38 metalpain-laptop kernel: [ 69.287814] AppArmor DFA next/check upper bounds error fixed, upgrade user space tools ... Jul 10 02:36:38 metalpain-laptop kernel: [ 69.292180] type=1505 audit(1278722198.248:54): operation="profile_replace" pid=1416 name="/usr/share/gdm/guest-session/Xsession" Jul 10 02:36:38 metalpain-laptop kernel: [ 70.019802] AppArmor DFA next/check upper bounds error fixed, upgrade user space tools Jul 10 02:36:38 metalpain-laptop kernel: [ 70.024396] AppArmor DFA next/check upper bounds error fixed, upgrade user space tools ... but the system remains stable (note I have not tested it too much yet). I hope this fix gets merged on official kernel asap. Thank you very much. -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Alright I have finally got some test kernels up Lucid http://kernel.ubuntu.com/~jj/linux-image-2.6.32-24-generic_2.6.32-24.38~jj_amd64.deb http://kernel.ubuntu.com/~jj/linux-image-2.6.32-24-generic_2.6.32-24.38~jj_i386.deb Maverick http://kernel.ubuntu.com/~jj/linux-image-2.6.35-7-generic_2.6.35-7.12~jj_amd64.deb http://kernel.ubuntu.com/~jj/linux-image-2.6.35-7-generic_2.6.35-7.12~jj_i386.deb Verify that you get a warning message about fixing next/check bounds error, and then test that the system is stable for you. There will be followup builds of the tools that should remove the next/check bounds error warning and also make the shipped distro kernels stable (this bug has 2 parts kernel had broken bounds check, and user space wasn't setting up the bounds correctly. -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
John, great!!! Thank you so much for taking care of this, I am awaiting for your test packages. -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Alright I think I have finally tracked this one down, and we should have some packages for testing soon. This is a user space fix to make the table actually work but will also get a kernel side test to ensure the table is properly bounded at load time. What is happening is the created dfa is not being properly padded on the one side of the table, so that indexing can reference memory outside the bounds of the table. This is pretty much limited to the small profile with regex dfas. -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
John, my profiles were already attached, please refer to first comment on the thread. Cheers, Vreixo -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Okay, thank you for the profiles, from what I have been able to gather replacement maybe involved in triggering this. I will set up a fresh install and try replicating it again. Vrexio, if you could attach your custom profiles that would be helpful. Seth The comm output is coming back in Maverick -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
On Wed, Jun 23, 2010 at 6:39 AM, John Johansen
wrote:
> this is really distirbing, this is the first I have heard of problems
> with children profiles, what problems where you having with child
> profiles? Where they problems with enforcement, or problems with the
> tools and development?
Most of the profiles I write I do by hand. I've had enough cases of
the tools missing entries, or re-suggesting entries that I had done in
a previous pass, and all the new children null-complain-profile
replacements, that for the most part doing things by hand is faster.
(But I'm not sure I've tried them under 10.04.)
When I used child profiles for /etc/init.d/ushare, they appeared to
work perfectly:
$ cat /etc/apparmor.d/etc.init.d.ushare
# Last Modified: Wed Mar 3 22:29:57 2010
#include
/etc/init.d/ushare {
#include
capability sys_tty_config,
owner /bin/dash ix,
owner /bin/readlink rix,
owner /etc/init.d/ushare rix,
owner /etc/default/rcS r,
owner /etc/lsb-base-logging.sh r,
owner /etc/ushare.conf r,
owner /sbin/start-stop-daemon cx,
owner /sbin/usplash_write px,
owner /usr/bin/expr cx,
owner /usr/bin/tput px,
owner /bin/touch cx,
owner /var/run/ushare.pid r,
profile /sbin/start-stop-daemon {
#include
capability sys_ptrace,
owner /dev/tty rw,
owner /var/run/ushare.pid rw,
owner /usr/bin/ushare px,
}
profile /usr/bin/expr {
#include
}
profile /bin/touch {
#include
owner /var/run/ushare.pid w,
}
profile /usr/bin/tput {
#include
capability sys_tty_config,
}
}
However, my system was _very_ unstable with my /etc/init.d/origami
profile loaded:
$ cat etc.init.d.origami
# Last Modified: Wed Mar 3 22:04:49 2010
#include
/etc/init.d/origami {
#include
#include
capability dac_override,
network inet dgram,
network inet stream,
/bin/pidof cx,
/bin/ps cx,
/bin/su cx,
/sbin/killall5 cx,
/usr/bin/taskset cx,
/bin/bash ix,
/bin/dash ix,
/bin/grep mrix,
/bin/sleep mrix,
/bin/which mrix,
/dev/tty rw,
/etc/hosts r,
/etc/init.d/origami r,
/etc/nsswitch.conf r,
/etc/resolv.conf r,
/proc/sys/kernel/pid_max r,
/proc/tty/drivers r,
/proc/uptime r,
/proc/version r,
/tmp/fah/ rw,
/tmp/fah/** rw,
/tmp/fah/f* k,
/usr/bin/cut mrix,
/usr/bin/expr mrix,
/usr/bin/getent mrix,
/usr/bin/wc mrix,
/var/lib/origami/** r,
owner /var/lib/origami/foldingathome/CPU*/* r,
owner /var/lib/origami/foldingathome/CPU*/Core_78.exe mwix,
owner /var/lib/origami/foldingathome/CPU*/Core_78.fah wk,
owner /var/lib/origami/foldingathome/CPU*/Core_b4.fah wk,
owner /var/lib/origami/foldingathome/CPU*/FAHlog-Prev.txt wk,
owner /var/lib/origami/foldingathome/CPU*/FAHlog.txt w,
owner /var/lib/origami/foldingathome/CPU*/FaH mix,
owner /var/lib/origami/foldingathome/CPU*/FahCore_78.exe mwkix,
owner /var/lib/origami/foldingathome/CPU*/FahCore_b4.exe mwkix,
owner /var/lib/origami/foldingathome/CPU*/MyFolding.html w,
owner /var/lib/origami/foldingathome/CPU*/client.cfg wk,
owner /var/lib/origami/foldingathome/CPU*/machinedependent.dat w,
owner /var/lib/origami/foldingathome/CPU*/queue.dat w,
owner /var/lib/origami/foldingathome/CPU*/unitinfo.txt w,
owner /var/lib/origami/foldingathome/CPU*/work/ w,
owner /var/lib/origami/foldingathome/CPU*/work/** wk,
owner /var/lib/origami/foldingathome/fah6 mrix,
owner /var/lib/origami/foldingathome/mpiexec mrix,
profile /sbin/killall5 {
#include
capability kill,
capability sys_ptrace,
/proc/ r,
/proc/[0-9]*/cmdline r,
/proc/[0-9]*/stat r,
/proc/[0-9]*/status r,
/proc/version r,
/proc/uptime r,
}
profile /bin/pidof {
#include
capability sys_ptrace,
/proc/ r,
/proc/[0-9]*/cmdline r,
/proc/[0-9]*/stat r,
/proc/[0-9]*/status r,
/proc/version r,
/proc/uptime r,
}
profile /bin/ps {
#include
capability sys_ptrace,
/proc/ r,
/proc/[0-9]*/cmdline r,
/proc/[0-9]*/stat r,
/proc/[0-9]*/status r,
/proc/version r,
/proc/uptime r,
}
profile /bin/su {
#include
capability setgid,
capability setuid,
owner /etc/default/locale r,
owner /etc/environment r,
owner /etc/group r,
owner /etc/host.conf r,
owner /etc/login.defs r,
owner /etc/pam.d/common-account r,
owner /etc/pam.d/common-auth r,
owner /etc/pam.d/common-password r,
owner /etc/pam.d/common-session r,
owner /etc/pam.d/other r,
owner /etc/pam.d/su r,
owner /etc/passwd r,
owner /etc/security/limits.conf r,
owner /etc/security/pam_env.conf r,
owner /etc/shadow r,
owner /etc/shells r,
owner /lib/security/pam_*.so m,
owner /var/log/lastlog rwk,
owner /var/log/wtmp rwk,
owner /var/run/utmp rwk,
}
profile /usr/bin/taskset {
#include
}
}
I was changing a previous all-in-one-big-pile profile into much
smaller pieces. You can see that it obviously still had more work to
go;
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
> I just discovered a profile for: > /home/sarnold/Local/Io/** > was being attached to /usr/bin/grotty. I've also experienced the same issue. Sometimes profiles are attached to completely different processes. It seems some kind of bug on profile loading. I doubt there is a problem with profile syntax itself, as they work most times. However, sometimes they just throw the error I've pasted above, and system becomes unusable. I think it is something related with profile loading, as it happens either at boot time or when I am working on profile definition. Problems at boot time happen around 20-30% of time, which is imho a really high frequency. Maybe it is some kind of race condition, as it does not happen always. I work regularly on 3 PCs, all of them with Lucid and apparmor enabled with default configuration. No problems at all. However, in my laptop, also an Ubuntu Lucid, but with custom profiles, problems happen frequently, as reported above. This bug is making me crazy! -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
> I think there's something broken with regexps in profile names. mmm, now you are saying this... It might be a problem with profiles that end with "*". I would swear my problems appeared after creating the /usr/bin/totem* profile... but I don't remember. I will try to test without it. -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Seth, this is really distirbing, this is the first I have heard of problems with children profiles, what problems where you having with child profiles? Where they problems with enforcement, or problems with the tools and development? Also did your problems with the /home/sarnold/Local/Io/** profile occur when just enforcing the profile? ie. did you see problems if you loaded the profile and didn't replace it/do development on it? -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
Vreixo, Johannes, I just discovered a profile for: /home/sarnold/Local/Io/** was being attached to /usr/bin/grotty. I think there's something broken with regexps in profile names. (But my firefox profile appears to be working fine, and has for .. six weeks? eight weeks? with the profile name /usr/lib/firefox-3.5.*/firefox.) I also had trouble with my /etc/init.d/origami profile when I significantly tightened it up, using child profiles. Perhaps child profiles also give AppArmor trouble. (My one other profile with child profiles only executes them once, at boot, so they weren't getting nearly as much use as my origami profile, when I was actively developing it.) I hope this can help you guys find problem profiles and remove them. My system appears to stable again, now that I've removed the offending profiles. (It was very easy for me to stop running the confined programs, too, since it's just Folding at Home, far from a critical service for me, and the Io Language interpreter, something I was just playing with anyway.) -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
This is the profile I was working on the second time my kernel dumped stack. (It's not done yet.) Linux haig 2.6.32-22-generic #36-Ubuntu SMP Thu Jun 3 19:31:57 UTC 2010 x86_64 GNU/Linux ** Attachment added: "origami initscript profile" http://launchpadlibrarian.net/50730840/etc.init.d.origami -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
I triggered this bug again while refining my /etc/init.d/origami profile. (I am breaking apart the giant profile into one profile with several child profiles.) This time, I used /etc/init.d/apparmor restart to recompile and load policies. I successfully changed policy several times before the stacktrace. ** Attachment added: "/var/log/messages including kernel stack traces" http://launchpadlibrarian.net/50730710/examples.desktop -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
I'm pretty sure I triggered this bug today: Jun 20 23:58:04 haig kernel: [18128.952910] type=1505 audit(1277103484.764:181): operation="profile_load" pid=19615 name="/home/sarnold/Local/io/build/_build/binaries/io" Jun 20 23:59:06 haig kernel: [18190.703695] type=1505 audit(1277103546.554:182): operation="profile_load" pid=19630 name="/home/sarnold/Local/io/**" Jun 20 23:59:12 haig kernel: [18196.757170] PGD 1002063 PUD 0 Jun 20 23:59:12 haig kernel: [18196.757176] CPU 1 Jun 20 23:59:12 haig kernel: [18196.757177] Modules linked in: usb_storage nls_cp437 cifs binfmt_misc ppdev lp parport kvm_intel kvm snd_hda_codec_atihdmi coretemp snd_hda_codec_realtek fbcon tileblit font bitblit softcursor snd_hda_intel it87 hwmon_vid i2c_i801 i2c_dev snd_seq_dummy snd_seq_oss vga16fb snd_seq_midi vgastate snd_rawmidi snd_hda_codec snd_seq_midi_event snd_seq snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_device snd_timer radeon ttm drm_kms_helper drm i2c_algo_bit snd soundcore snd_page_alloc serio_raw hid_apple usbhid hid ohci1394 ieee1394 pata_jmicron r8169 mii ahci Jun 20 23:59:12 haig kernel: [18196.757203] Pid: 19634, comm: bash Not tainted 2.6.32-22-generic #36-Ubuntu EX58-UD5 Jun 20 23:59:12 haig kernel: [18196.757205] RIP: 0010:[] [] aa_dfa_match_len+0xd9/0xf0 Jun 20 23:59:12 haig kernel: [18196.757207] RSP: :8801551f3d20 EFLAGS: 00010202 Jun 20 23:59:12 haig kernel: [18196.757209] RAX: 6573 RBX: 8801491ba28c RCX: 6573 Jun 20 23:59:12 haig kernel: [18196.757210] RDX: 8801a66d61fe RSI: 4841b77f RDI: 8801a66d61fe Jun 20 23:59:12 haig kernel: [18196.757212] RBP: 8801551f3d38 R08: R09: 88014fc2810c Jun 20 23:59:12 haig kernel: [18196.757213] R10: 8801a6901f0c R11: 8801a66d61ff R12: 88014fc28a0c Jun 20 23:59:12 haig kernel: [18196.757215] R13: 8801a66d61f2 R14: 8801a66d61f2 R15: Jun 20 23:59:12 haig kernel: [18196.757216] FS: 7f4b43417700() GS:88002824() knlGS: Jun 20 23:59:12 haig kernel: [18196.757218] CS: 0010 DS: ES: CR0: 80050033 Jun 20 23:59:12 haig kernel: [18196.757220] CR2: 8801e045f00a CR3: 000155212000 CR4: 26e0 Jun 20 23:59:12 haig kernel: [18196.757221] DR0: DR1: DR2: Jun 20 23:59:12 haig kernel: [18196.757223] DR3: DR6: 0ff0 DR7: 0400 Jun 20 23:59:12 haig kernel: [18196.757225] Process bash (pid: 19634, threadinfo 8801551f2000, task 8801a91b8000) Jun 20 23:59:12 haig kernel: [18196.757227] 880165507660 0001 8801a66d61f2 8801551f3d68 Jun 20 23:59:12 haig kernel: [18196.757229] <0> 8127dcaa 8801551f3db8 88014fdebc00 Jun 20 23:59:12 haig kernel: [18196.757232] <0> 8801afc18228 8801551f3db8 8127e7e3 8801551f3db8 Jun 20 23:59:12 haig kernel: [18196.757237] [] aa_dfa_match+0x3a/0x50 Jun 20 23:59:12 haig kernel: [18196.757239] [] aa_find_attach+0x93/0xf0 Jun 20 23:59:12 haig kernel: [18196.757241] [] apparmor_bprm_set_creds+0x36b/0x530 Jun 20 23:59:12 haig kernel: [18196.757245] [] ? up_write+0xe/0x10 Jun 20 23:59:12 haig kernel: [18196.757248] [] security_bprm_set_creds+0x13/0x20 Jun 20 23:59:12 haig kernel: [18196.757251] [] prepare_binprm+0xb1/0x110 Jun 20 23:59:12 haig kernel: [18196.757253] [] do_execve+0x1ac/0x300 Jun 20 23:59:12 haig kernel: [18196.757256] [] ? strncpy_from_user+0x4a/0x90 Jun 20 23:59:12 haig kernel: [18196.757259] [] sys_execve+0x4a/0x80 Jun 20 23:59:12 haig kernel: [18196.757262] [] stub_execve+0x6a/0xc0 Jun 20 23:59:12 haig kernel: [18196.757286] RSP Jun 20 23:59:12 haig kernel: [18196.757288] ---[ end trace 14de455de885a441 ]--- I had immediately beforehand generated a profile for /home/sarnold/Local/io/build/_build/binaries/io using the aa-autodep program, which created and loaded the profile in complain mode. I hand-edited the file to remove the flags=(complain), changed the attach path to /home/sarnold/Local/io/** slightly modified the rules, and ran apparmor_parser --replace . I did not remove the more-specific profile first. I figured it would be harmless. :) I don't think anything happened right away; but my next attempt to execute a command failed with that kernel log. You get to voyeuristically watch me try to repair my system with the rest of the comm entries in my attached /var/log/messages. "shutdown -r now" failed me. Twice. I couldn't execute most programs I tried, but already running programs seemed to execute fine, and I had access to a surprising array of commands: init-spawned getty, bash, sudo, ls, echo, and cat all worked well enough for me to use /proc/sysrq-trigger to force a clean-ish reboot. I am guessing that perhaps I was unable to page in new executables, but programs already paged in could work fine. Just a big guess, given tha
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
I'm suffering this issue continuously, and the stack trace always shows aa_dfa_match, so I think this is an apparmor bug. ** Package changed: linux (Ubuntu) => apparmor (Ubuntu) -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
I'm experiencing the same. Didn't do any config changes for apparmor. After using the computer some time, suddenly no processes can be spawned any more, because all fail with a message similar to the one above. Any hints how this could be debugged? -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Tags added: kj-triage -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 581525] Re: Lucid: system becomes unstable randomly, seems related with apparmor
** Attachment added: "Non standard profiles I am using" http://launchpadlibrarian.net/4857/apparmor.d.tar.gz -- Lucid: system becomes unstable randomly, seems related with apparmor https://bugs.launchpad.net/bugs/581525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
