unix_socket_abstract.sh triggers an AppArmor WARN
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
John Johansen | ||
Vivid |
Won't Fix
|
Undecided
|
Unassigned | ||
Wily |
Won't Fix
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Running the unix_socket_
Here's the script I used:
---
#!/bin/sh
dmesg -C
while ! dmesg -c | grep "AppArmor WARN"; do
bash unix_socket_
done
---
The following back trace is emitted in the logs:
[ 1365.017477] ------------[ cut here ]------------
[ 1365.017486] WARNING: CPU: 0 PID: 26026 at /build/
[ 1365.017487] AppArmor WARN __label_update: ((__aa_
[ 1365.017489] Modules linked in: bnep rfcomm bluetooth 6lowpan_iphc kvm_intel kvm vmwgfx ttm drm_kms_helper serio_raw drm i2c_piix4 pvpanic parport_pc ppdev mac_hid lp parport psmouse pata_acpi floppy
[ 1365.017505] CPU: 0 PID: 26026 Comm: apparmor_parser Tainted: G W 3.16.0-20-generic #27-Ubuntu
[ 1365.017507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[ 1365.017509] 0000000000000009 ffff88002dd23d88 ffffffff8177f053 ffff88002dd23dd0
[ 1365.017511] ffff88002dd23dc0 ffffffff8106fcfd ffff880036602900 0000000000000000
[ 1365.017513] ffff88003acaed00 0000000000000002 ffff88003e02a0a0 ffff88002dd23e20
[ 1365.017516] Call Trace:
[ 1365.017522] [<ffffffff8177f
[ 1365.017527] [<ffffffff8106f
[ 1365.017530] [<ffffffff8106f
[ 1365.017533] [<ffffffff8133f
[ 1365.017536] [<ffffffff81342
[ 1365.017539] [<ffffffff812fc
[ 1365.017542] [<ffffffff81338
[ 1365.017545] [<ffffffff8132f
[ 1365.017550] [<ffffffff811e0
[ 1365.017552] [<ffffffff811df
[ 1365.017555] [<ffffffff811e0
[ 1365.017558] [<ffffffff81787
[ 1365.017560] ---[ end trace 1e09e2c565d9ef95 ]---
This occurs in an amd64 utopic vm:
$ uname -a
Linux sec-utopic-amd64 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:35:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
description: | updated |
tags: | added: aa-kernel |
tags: | added: sts |
Changed in linux (Ubuntu Wily): | |
status: | Confirmed → Won't Fix |
Changed in linux (Ubuntu Vivid): | |
status: | Confirmed → Won't Fix |
The "AppArmor WARN __label_update" warnings are occuring on a production system:
$ uname -a RELEASE= 15.04 CODENAME= vivid DESCRIPTION= "Ubuntu 15.04"
Linux svbom 3.19.0-18-generic #18-Ubuntu SMP Tue May 19 18:31:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_
DISTRIB_
DISTRIB_
Two dmesg excerpts:
-- buildd/ linux-3. 19.0/security/ apparmor/ label.c: 1767 __aa_labelset_ update_ all+0x710/ 0x800() label_remove_ and_insert( (&(((label) ->ent[( label)- >size - 1])->ns)->labels), label, l) != l)): temp_thermal ipmi_ssif intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel hpilo lpc_ich aes_x86_64 lrw ie31200_edac gf128mul shpchp glue_helper 8250_fintek ipmi_si ablk_helper edac_core ipmi_msghandler cryptd mac_hid acpi_power_meter serio_raw lp parport autofs4 tg3 ahci ptp psmouse libahci pps_core hpsa 7cd>] dump_stack+ 0x45/0x57 93a>] warn_slowpath_ common+ 0x8a/0xc0 9b6>] warn_slowpath_ fmt+0x46/ 0x50 b65>] ? __aa_label_ remove_ and_insert+ 0x85/0x1a0 8f0>] __aa_labelset_ update_ all+0x710/ 0x800 18a>] ? securityfs_ remove+ 0x9a/0xb0 bf8>] aa_remove_ profiles+ 0x148/0x500 b1a>] ? aa_simple_ write_to_ buffer+ 0x7a/0xa0 b7e>] profile_ remove+ 0x3e/0x70 8a7>] vfs_write+ 0xb7/0x1f0 a29>] ? do_sys_ open+0x1b9/ 0x280 4b6>] SyS_write+0x46/0xb0 90d>] system_ call_fastpath+ 0x16/0x1b
[56434.648170] br3: port 6(vnet18) entered disabled state
[56434.648212] device vnet18 left promiscuous mode
[56434.648215] br3: port 6(vnet18) entered disabled state
[56435.050149] ------------[ cut here ]------------
[56435.050155] WARNING: CPU: 6 PID: 24903 at /build/
[56435.050156] AppArmor WARN __label_update: ((__aa_
[56435.050157] Modules linked in:
[56435.050159] joydev hid_generic usbhid hid vhost_net vhost macvtap macvlan ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables bridge stp llc intel_rapl iosf_mbi x86_pkg_
[56435.050182] CPU: 6 PID: 24903 Comm: apparmor_parser Tainted: G W 3.19.0-18-generic #18-Ubuntu
[56435.050183] Hardware name: HP ProLiant DL320e Gen8 v2, BIOS P80 09/01/2013
[56435.050184] ffffffff81ad2178 ffff8806d006bd38 ffffffff817c27cd 0000000000000007
[56435.050186] ffff8806d006bd88 ffff8806d006bd78 ffffffff8107593a ffff8806f4267408
[56435.050187] ffff88060a74dd00 0000000000000000 ffff8806b55f6e00 0000000000000002
[56435.050188] Call Trace:
[56435.050192] [<ffffffff817c2
[56435.050195] [<ffffffff81075
[56435.050196] [<ffffffff81075
[56435.050199] [<ffffffff81358
[56435.050200] [<ffffffff8135c
[56435.050203] [<ffffffff81315
[56435.050205] [<ffffffff81351
[56435.050206] [<ffffffff81348
[56435.050208] [<ffffffff81348
[56435.050210] [<ffffffff811f3
[56435.050212] [<ffffffff811f2
[56435.050214] [<ffffffff811f4
[56435.050216] [<ffffffff817c9
[56435.050217] ---[ end trace 00bcc1692506d99a ]---
--
-- buildd/ linux-3. 19.0/security/ apparmor/ label.c: 1767 __aa_labelset_ update_ all+0x710/ 0x800()
[61376.416886] br3: port 7(vnet20) entered disabled state
[61376.416934] device vnet20 left promiscuous mode
[61376.416937] br3: port 7(vnet20) entered disabled state
[61376.706953] ------------[ cut here ]------------
[61376.706969] WARNING: CPU: 3 PID: 33012 at /build/
[6...