Ubuntu
linux package

I'm using 140 apparmor HAT profiles with apache2 and mod_apparmor, when I tried to restart apparmor with apparmor_restart the kernel traced out, the process hanged, I wasnt even able to kill it with kill -9

Bug #273928 reported by Muranyi Gergely
8
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Invalid
Undecided
Unassigned
linux (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: linux-image-2.6.24-19-server

lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04

I'm using:
linux-image-2.6.24-19-server 2.6.24-19.41 Linux kernel image for version 2.6.24 on x86
ii apparmor 2.1+1075-0ubuntu9.1 User-space parser utility for AppArmor
ii apparmor-docs 2.1+1075-0ubuntu9.1 Documentation for AppArmor
ii apparmor-profiles 2.1+1075-0ubuntu9.1 Profiles for AppArmor Security policies
ii apparmor-utils 2.1+1075-0ubuntu9.1 Utilities for controlling AppArmor
ii libapache2-mod-apparmor 2.1+1075-0ubuntu9.1 changehat AppArmor library as an Apache modu
ii libapparmor1 2.1+1075-0ubuntu9.1 changehat AppArmor library
ii apache2-mpm-prefork 2.2.8-1ubuntu0.3 Traditional model for Apache HTTPD
ii apache2-prefork-dev 2.2.8-1ubuntu0.3 development headers for apache2
ii apache2-utils 2.2.8-1ubuntu0.3 utility programs for webservers
ii apache2.2-common 2.2.8-1ubuntu0.3 Next generation, scalable, extendable web se
ii libapache2-mod-apparmor 2.1+1075-0ubuntu9.1 changehat AppArmor library as an Apache modu
ii libapache2-mod-log-sql 1.100-11.1 Use SQL to store/write your apache queries l
ii libapache2-mod-log-sql-mysql 1.100-11.1 Use SQL to store/write your apache queries l
ii libapache2-mod-log-sql-ssl 1.100-11.1 Use SQL to store/write your apache queries l
ii libapache2-mod-php5 5.2.4-2ubuntu5.3 server-side, HTML-embedded scripting languag

here is the trace, it happened after executing /etc/init.d/apparmor restart
apparmor restart hung, not able to be killed with kill -9

[ 796.418069] Pid: 6201, comm: apparmor_parser Not tainted (2.6.24-19-server #1)
[ 796.418074] EIP: 0060:[<c032fc6d>] EFLAGS: 00000287 CPU: 1
[ 796.418081] EIP is at __write_lock_failed+0x9/0x1c
[ 796.418085] EAX: f7c06020 EBX: f4ddff40 ECX: 00000000 EDX: f8a9df28
[ 796.418089] ESI: f7c06000 EDI: f52a9300 EBP: 00004f29 ESP: f4ddff00
[ 796.418091] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 796.418093] CR0: 8005003b CR2: 08050460 CR3: 34549000 CR4: 000006b0
[ 796.418097] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 796.418100] DR6: ffff0ff0 DR7: 00000400
[ 796.418103] [<c032ff6e>] _write_lock+0xe/0x10
[ 796.418109] [<c020d1d1>] aa_replace_profile+0xa1/0x3c0
[ 796.418125] [<c020c2b0>] aa_simple_write_to_buffer+0xc0/0xe0
[ 796.418131] [<c01989ab>] do_filp_open+0x4b/0x60
[ 796.418136] [<c0123feb>] check_pgt_cache+0x1b/0x20
[ 796.418144] [<c020c61b>] aa_profile_replace+0x3b/0x60
[ 796.418148] [<c020c5e0>] aa_profile_replace+0x0/0x60
[ 796.418151] [<c019ab69>] vfs_write+0xb9/0x170
[ 796.418156] [<c019b291>] sys_write+0x41/0x70
[ 796.418162] [<c010839a>] sysenter_past_esp+0x6b/0xa1
[ 796.418169] [<c0330000>] _spin_lock_irqsave+0x10/0x50

Revision history for this message
Kees Cook (kees) wrote :

Please try this with the latest -6 linux kernel. If it still fails, please attach any non-standard profiles you are using and steps to reproduce the problem. I haven't seen these failures and haven't been able to recreate them.

Changed in linux:
status: New → Incomplete
Changed in apparmor:
status: New → Incomplete
Revision history for this message
Javier Jardón (jjardon) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in linux:
status: Incomplete → Invalid
Changed in apparmor:
status: Incomplete → Invalid
Revision history for this message
kamu (kamu-kvark) wrote :
Download full text (6.8 KiB)

Hi,

I'm experiencing the same error with the newest kernel. I have this issue when apparmor is reloading apache rules.

= Changed Local Profiles =

The following local profiles were changed. Would you like to save them?

 [1 - /usr/sbin/apache2]

(S)ave Changes / [(V)iew Changes] / Abo(r)t
Writing updated profile for /usr/sbin/apache2.

It never returns the prompt, and the follow appears in /var/log/messages:

Feb 21 23:05:49 kernel: [ 4425.325653] CPU 0:
Feb 21 23:05:49 kernel: [ 4425.325655] Modules linked in: af_packet tun ipv6 iptable_filter ip_tables x_tables quota_v2 parport_pc lp parport loop container button iTCO_wdt iTCO_vendor_support ev
dev pcspkr shpchp pci_hotplug ext3 jbd mbcache sg sr_mod cdrom sd_mod ata_generic usbhid hid ata_piix pata_acpi libata scsi_mod tg3 ehci_hcd uhci_hcd usbcore raid10 raid456 async_xor async_memcpy async_t
x xor raid1 raid0 multipath linear md_mod thermal processor fan fbcon tileblit font bitblit softcursor fuse
Feb 21 23:05:49 kernel: [ 4425.325699] Pid: 16690, comm: apparmor_parser Not tainted 2.6.24-23-server #1
Feb 21 23:05:49 kernel: [ 4425.325702] RIP: 0010:[<ffffffff80354f49>] [<ffffffff80354f49>] __write_lock_failed+0x9/0x20
Feb 21 23:05:49 kernel: [ 4425.325716] RSP: 0018:ffff81000bec3e58 EFLAGS: 00000287
Feb 21 23:05:49 kernel: [ 4425.325718] RAX: ffff810000fa3c00 RBX: ffff81003ec05080 RCX: ffff81000ff6600c
Feb 21 23:05:49 kernel: [ 4425.325720] RDX: ffffc20000516128 RSI: 0000000000000008 RDI: ffff81003ec050bc
Feb 21 23:05:49 kernel: [ 4425.325723] RBP: ffffc2000050f000 R08: 000000000000066f R09: 0000000000000be2
Feb 21 23:05:49 kernel: [ 4425.325725] R10: 0000000000000be3 R11: ffff81001c3ac000 R12: 0000000000000023
Feb 21 23:05:49 kernel: [ 4425.325728] R13: ffff81000bec3e88 R14: ffffffff80338d24 R15: ffffffff8054a829
Feb 21 23:05:49 kernel: [ 4425.325731] FS: 00007f00a3ceb6f0(0000) GS:ffffffff805c5000(0000) knlGS:0000000000000000
Feb 21 23:05:49 kernel: [ 4425.325734] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Feb 21 23:05:49 kernel: [ 4425.325736] CR2: 0000000000409fa0 CR3: 000000000b95e000 CR4: 00000000000006e0
Feb 21 23:05:49 kernel: [ 4425.325738] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Feb 21 23:05:49 kernel: [ 4425.325741] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Feb 21 23:05:49 kernel: [ 4425.325743]
Feb 21 23:05:49 kernel: [ 4425.325743] Call Trace:
Feb 21 23:05:49 kernel: [ 4425.325751] [<ffffffff804718ce>] _write_lock+0xe/0x10
Feb 21 23:05:49 kernel: [ 4425.325773] [<ffffffff80338fea>] aa_replace_profile+0xca/0x420
Feb 21 23:05:49 kernel: [ 4425.325824] [<ffffffff80338270>] aa_profile_replace+0x40/0x70
Feb 21 23:05:49 kernel: [ 4425.325828] [<ffffffff802b5a3d>] vfs_write+0xed/0x190
Feb 21 23:05:49 kernel: [ 4425.325832] [<ffffffff802b6143>] sys_write+0x53/0x90
Feb 21 23:05:49 kernel: [ 4425.325838] [<ffffffff8020c39e>] system_call+0x7e/0x83
Feb 21 23:05:49 kernel: [ 4425.325844]

Some background info:

# uname -a
Linux 2.6.24-23-server #1 SMP Mon Jan 26 01:36:05 UTC 2009 x86_64 GNU/Linux

# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Pentium(R) D...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.