unix_socket_abstract.sh triggers an AppArmor WARN

Bug #1378123 reported by Tyler Hicks
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
John Johansen
Vivid
Won't Fix
Undecided
Unassigned
Wily
Won't Fix
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned

Bug Description

Running the unix_socket_abstract.sh regression test script in a loop results in an AppArmor WARN message in the logs. On my test system, it typically takes between 1 and 3 runs of unix_socket_abstract.sh before the WARN is hit. It does not seem to occur with the unix_socket_pathname.sh or unix_socket_unnamed.sh tests.

Here's the script I used:

---
#!/bin/sh

dmesg -C
while ! dmesg -c | grep "AppArmor WARN"; do
        bash unix_socket_abstract.sh
done
---

The following back trace is emitted in the logs:

[ 1365.017477] ------------[ cut here ]------------
[ 1365.017486] WARNING: CPU: 0 PID: 26026 at /build/buildd/linux-3.16.0/security/apparmor/label.c:1767 __aa_labelset_update_all+0x6f5/0x7f0()
[ 1365.017487] AppArmor WARN __label_update: ((__aa_label_remove_and_insert((&(((label)->ent[(label)->size - 1])->ns)->labels), label, l) != l)):
[ 1365.017489] Modules linked in: bnep rfcomm bluetooth 6lowpan_iphc kvm_intel kvm vmwgfx ttm drm_kms_helper serio_raw drm i2c_piix4 pvpanic parport_pc ppdev mac_hid lp parport psmouse pata_acpi floppy
[ 1365.017505] CPU: 0 PID: 26026 Comm: apparmor_parser Tainted: G W 3.16.0-20-generic #27-Ubuntu
[ 1365.017507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[ 1365.017509] 0000000000000009 ffff88002dd23d88 ffffffff8177f053 ffff88002dd23dd0
[ 1365.017511] ffff88002dd23dc0 ffffffff8106fcfd ffff880036602900 0000000000000000
[ 1365.017513] ffff88003acaed00 0000000000000002 ffff88003e02a0a0 ffff88002dd23e20
[ 1365.017516] Call Trace:
[ 1365.017522] [<ffffffff8177f053>] dump_stack+0x45/0x56
[ 1365.017527] [<ffffffff8106fcfd>] warn_slowpath_common+0x7d/0xa0
[ 1365.017530] [<ffffffff8106fd6c>] warn_slowpath_fmt+0x4c/0x50
[ 1365.017533] [<ffffffff8133f00e>] ? __aa_label_remove_and_insert+0x7e/0x1a0
[ 1365.017536] [<ffffffff81342c95>] __aa_labelset_update_all+0x6f5/0x7f0
[ 1365.017539] [<ffffffff812fc5ca>] ? securityfs_remove+0x9a/0xb0
[ 1365.017542] [<ffffffff81338213>] aa_remove_profiles+0x143/0x4f0
[ 1365.017545] [<ffffffff8132f43e>] profile_remove+0x3e/0x70
[ 1365.017550] [<ffffffff811e02c7>] vfs_write+0xb7/0x1f0
[ 1365.017552] [<ffffffff811df439>] ? do_sys_open+0x1b9/0x280
[ 1365.017555] [<ffffffff811e0e76>] SyS_write+0x46/0xb0
[ 1365.017558] [<ffffffff817870ad>] system_call_fastpath+0x1a/0x1f
[ 1365.017560] ---[ end trace 1e09e2c565d9ef95 ]---

This occurs in an amd64 utopic vm:

$ uname -a
Linux sec-utopic-amd64 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:35:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Tyler Hicks (tyhicks)
description: updated
Revision history for this message
Laurent Salle (lsalle) wrote :
Download full text (5.2 KiB)

The "AppArmor WARN __label_update" warnings are occuring on a production system:

$ uname -a
Linux svbom 3.19.0-18-generic #18-Ubuntu SMP Tue May 19 18:31:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.04
DISTRIB_CODENAME=vivid
DISTRIB_DESCRIPTION="Ubuntu 15.04"

Two dmesg excerpts:

--
[56434.648170] br3: port 6(vnet18) entered disabled state
[56434.648212] device vnet18 left promiscuous mode
[56434.648215] br3: port 6(vnet18) entered disabled state
[56435.050149] ------------[ cut here ]------------
[56435.050155] WARNING: CPU: 6 PID: 24903 at /build/buildd/linux-3.19.0/security/apparmor/label.c:1767 __aa_labelset_update_all+0x710/0x800()
[56435.050156] AppArmor WARN __label_update: ((__aa_label_remove_and_insert((&(((label)->ent[(label)->size - 1])->ns)->labels), label, l) != l)):
[56435.050157] Modules linked in:
[56435.050159] joydev hid_generic usbhid hid vhost_net vhost macvtap macvlan ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables bridge stp llc intel_rapl iosf_mbi x86_pkg_temp_thermal ipmi_ssif intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel hpilo lpc_ich aes_x86_64 lrw ie31200_edac gf128mul shpchp glue_helper 8250_fintek ipmi_si ablk_helper edac_core ipmi_msghandler cryptd mac_hid acpi_power_meter serio_raw lp parport autofs4 tg3 ahci ptp psmouse libahci pps_core hpsa
[56435.050182] CPU: 6 PID: 24903 Comm: apparmor_parser Tainted: G W 3.19.0-18-generic #18-Ubuntu
[56435.050183] Hardware name: HP ProLiant DL320e Gen8 v2, BIOS P80 09/01/2013
[56435.050184] ffffffff81ad2178 ffff8806d006bd38 ffffffff817c27cd 0000000000000007
[56435.050186] ffff8806d006bd88 ffff8806d006bd78 ffffffff8107593a ffff8806f4267408
[56435.050187] ffff88060a74dd00 0000000000000000 ffff8806b55f6e00 0000000000000002
[56435.050188] Call Trace:
[56435.050192] [<ffffffff817c27cd>] dump_stack+0x45/0x57
[56435.050195] [<ffffffff8107593a>] warn_slowpath_common+0x8a/0xc0
[56435.050196] [<ffffffff810759b6>] warn_slowpath_fmt+0x46/0x50
[56435.050199] [<ffffffff81358b65>] ? __aa_label_remove_and_insert+0x85/0x1a0
[56435.050200] [<ffffffff8135c8f0>] __aa_labelset_update_all+0x710/0x800
[56435.050203] [<ffffffff8131518a>] ? securityfs_remove+0x9a/0xb0
[56435.050205] [<ffffffff81351bf8>] aa_remove_profiles+0x148/0x500
[56435.050206] [<ffffffff81348b1a>] ? aa_simple_write_to_buffer+0x7a/0xa0
[56435.050208] [<ffffffff81348b7e>] profile_remove+0x3e/0x70
[56435.050210] [<ffffffff811f38a7>] vfs_write+0xb7/0x1f0
[56435.050212] [<ffffffff811f2a29>] ? do_sys_open+0x1b9/0x280
[56435.050214] [<ffffffff811f44b6>] SyS_write+0x46/0xb0
[56435.050216] [<ffffffff817c990d>] system_call_fastpath+0x16/0x1b
[56435.050217] ---[ end trace 00bcc1692506d99a ]---
--

--
[61376.416886] br3: port 7(vnet20) entered disabled state
[61376.416934] device vnet20 left promiscuous mode
[61376.416937] br3: port 7(vnet20) entered disabled state
[61376.706953] ------------[ cut here ]------------
[61376.706969] WARNING: CPU: 3 PID: 33012 at /build/buildd/linux-3.19.0/security/apparmor/label.c:1767 __aa_labelset_update_all+0x710/0x800()
[6...

Read more...

Tyler Hicks (tyhicks)
tags: added: aa-kernel
Dave Chiluk (chiluk)
tags: added: sts
Revision history for this message
Tyler Hicks (tyhicks) wrote :

I can't reproduce this issue on Xenial (4.4.0-28.47-generic). It may be fixed there or maybe I'm just not winning the race (condition).

Revision history for this message
Tyler Hicks (tyhicks) wrote :

I was able to hit this in 14.04 with linux-generic-lts-wily installed:

  $ cat /proc/version_signature
  Ubuntu 4.2.0-41.48~14.04.1-generic 4.2.8-ckt11

The 14.04 apparmor_parser doesn't support unix rules, so you need to check out lp:apparmor, build libapparmor and the parser and the unix_socket regression tests before using the reproducer in the bug description.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

I cannot reproduce this with linux-generic-lts-xenial. I think it is safe to say that this bug was fixed in 16.04.

Changed in linux (Ubuntu Vivid):
status: New → Confirmed
Changed in linux (Ubuntu Wily):
status: New → Confirmed
Changed in linux (Ubuntu Xenial):
status: New → Fix Released
Changed in linux (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
John Johansen (jjohansen) wrote :

This should be fixed in Xenial, there is a large patchset (30 or so patches) that can be SRUed to vivids 3.16 kernel

Revision history for this message
Dave Chiluk (chiluk) wrote :

Thanks guys, I really think the solution here will be to move onto the lts-xenial kernel as all others lts- kernels will be end of life shortly.

Dave Chiluk (chiluk)
Changed in linux (Ubuntu Wily):
status: Confirmed → Won't Fix
Changed in linux (Ubuntu Vivid):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.