2016-11-26 20:38:36 |
Christian Brauner |
bug |
|
|
added bug |
2016-11-26 20:38:36 |
Christian Brauner |
attachment added |
|
dmesg.log https://bugs.launchpad.net/bugs/1645037/+attachment/4783575/+files/dmesg.log |
|
2016-11-26 20:39:56 |
Christian Brauner |
description |
This bug surfaced when starting ~50 LXC container with LXD in parallel multiple times:
# Create the containers
for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done
# Exectute this loop multiple times until you observe errors.
for c in c foo{1..50}; do lxc restart $c & done
After this you can
ps aux | grep apparmor
and you should see output similar to:
root 19774 0.0 0.0 12524 1116 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30
root 19775 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26
root 19776 0.0 0.0 13592 3224 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30
root 19778 0.0 0.0 13592 3384 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26
root 19780 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43
root 19782 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34
root 19783 0.0 0.0 13592 3388 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43
root 19784 0.0 0.0 13592 3252 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34
root 19794 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25
root 19795 0.0 0.0 13592 3256 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25
apparmor_parser remains stuck even after all LXC/LXD commands have exited.
dmesg output yields lines like:
[41902.815174] audit: type=1400 audit(1480191089.678:43): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lxd-foo30_</var/lib/lxd>" pid=12545 comm="apparmor_parser"
and cat /proc/12545/stack shows:
This bug surfaced when starting ~50 LXC container with LXD in parallel multiple times:
# Create the containers
for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done
# Exectute this loop multiple times until you observe errors.
for c in c foo{1..50}; do lxc restart $c & done
After this you can
ps aux | grep apparmor
and you should see output similar to:
root 19774 0.0 0.0 12524 1116 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30
root 19775 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26
root 19776 0.0 0.0 13592 3224 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30
root 19778 0.0 0.0 13592 3384 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26
root 19780 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43
root 19782 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34
root 19783 0.0 0.0 13592 3388 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43
root 19784 0.0 0.0 13592 3252 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34
root 19794 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25
root 19795 0.0 0.0 13592 3256 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25
apparmor_parser remains stuck even after all LXC/LXD commands have exited.
dmesg output yields lines like:
[41902.815174] audit: type=1400 audit(1480191089.678:43): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lxd-foo30_</var/lib/lxd>" pid=12545 comm="apparmor_parser"
and cat /proc/12545/stack shows:
[<ffffffff8c9b9378>] aa_remove_profiles+0x88/0x270
21:19 brauner [<ffffffff8c9ac3e4>] profile_remove+0x144/0x2e0
21:19 brauner [<ffffffff8c8319b8>] __vfs_write+0x18/0x40
21:19 brauner [<ffffffff8c832108>] vfs_write+0xb8/0x1b0
21:19 brauner [<ffffffff8c833565>] SyS_write+0x55/0xc0
21:19 brauner [<ffffffff8ce952f6>] entry_SYSCALL_64_fastpath+0x1e/0xa8
21:19 brauner [<ffffffffffffffff>] 0xffffffffffffffff
This looks like a potential kernel bug. |
This bug surfaced when starting ~50 LXC container with LXD in parallel multiple times:
# Create the containers
for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done
# Exectute this loop multiple times until you observe errors.
for c in c foo{1..50}; do lxc restart $c & done
After this you can
ps aux | grep apparmor
and you should see output similar to:
root 19774 0.0 0.0 12524 1116 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30
root 19775 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26
root 19776 0.0 0.0 13592 3224 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30
root 19778 0.0 0.0 13592 3384 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26
root 19780 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43
root 19782 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34
root 19783 0.0 0.0 13592 3388 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43
root 19784 0.0 0.0 13592 3252 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34
root 19794 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25
root 19795 0.0 0.0 13592 3256 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25
apparmor_parser remains stuck even after all LXC/LXD commands have exited.
dmesg output yields lines like:
[41902.815174] audit: type=1400 audit(1480191089.678:43): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lxd-foo30_</var/lib/lxd>" pid=12545 comm="apparmor_parser"
and cat /proc/12545/stack shows:
[<ffffffff8c9b9378>] aa_remove_profiles+0x88/0x270
21:19 brauner [<ffffffff8c9ac3e4>] profile_remove+0x144/0x2e0
21:19 brauner [<ffffffff8c8319b8>] __vfs_write+0x18/0x40
21:19 brauner [<ffffffff8c832108>] vfs_write+0xb8/0x1b0
21:19 brauner [<ffffffff8c833565>] SyS_write+0x55/0xc0
21:19 brauner [<ffffffff8ce952f6>] entry_SYSCALL_64_fastpath+0x1e/0xa8
21:19 brauner [<ffffffffffffffff>] 0xffffffffffffffff
This looks like a potential kernel bug. |
|
2016-11-26 20:46:28 |
Stéphane Graber |
affects |
apparmor |
apparmor (Ubuntu) |
|
2016-11-26 20:46:39 |
Stéphane Graber |
bug task added |
|
linux (Ubuntu) |
|
2016-11-26 20:46:55 |
Stéphane Graber |
nominated for series |
|
Ubuntu Zesty |
|
2016-11-26 20:46:55 |
Stéphane Graber |
bug task added |
|
apparmor (Ubuntu Zesty) |
|
2016-11-26 20:46:55 |
Stéphane Graber |
bug task added |
|
linux (Ubuntu Zesty) |
|
2016-11-26 20:46:55 |
Stéphane Graber |
nominated for series |
|
Ubuntu Yakkety |
|
2016-11-26 20:46:55 |
Stéphane Graber |
bug task added |
|
apparmor (Ubuntu Yakkety) |
|
2016-11-26 20:46:55 |
Stéphane Graber |
bug task added |
|
linux (Ubuntu Yakkety) |
|
2016-11-26 20:46:55 |
Stéphane Graber |
nominated for series |
|
Ubuntu Xenial |
|
2016-11-26 20:46:55 |
Stéphane Graber |
bug task added |
|
apparmor (Ubuntu Xenial) |
|
2016-11-26 20:46:55 |
Stéphane Graber |
bug task added |
|
linux (Ubuntu Xenial) |
|
2016-11-26 20:47:04 |
Stéphane Graber |
linux (Ubuntu Xenial): status |
New |
Triaged |
|
2016-11-26 20:47:06 |
Stéphane Graber |
linux (Ubuntu Yakkety): status |
New |
Triaged |
|
2016-11-26 20:47:09 |
Stéphane Graber |
linux (Ubuntu Zesty): status |
New |
Triaged |
|
2016-11-26 20:47:17 |
Stéphane Graber |
bug task deleted |
apparmor (Ubuntu Xenial) |
|
|
2016-11-26 20:47:19 |
Stéphane Graber |
bug task deleted |
apparmor (Ubuntu Yakkety) |
|
|
2016-11-26 20:47:23 |
Stéphane Graber |
bug task deleted |
apparmor (Ubuntu Zesty) |
|
|
2016-11-26 20:47:27 |
Stéphane Graber |
apparmor (Ubuntu): status |
New |
Triaged |
|
2016-11-26 20:47:34 |
Stéphane Graber |
apparmor (Ubuntu): assignee |
|
John Johansen (jjohansen) |
|
2016-11-27 06:32:48 |
Stéphane Graber |
bug |
|
|
added subscriber Ubuntu containers team |
2016-12-01 10:20:51 |
John Johansen |
linux (Ubuntu Xenial): assignee |
|
John Johansen (jjohansen) |
|
2016-12-01 10:20:56 |
John Johansen |
linux (Ubuntu Yakkety): assignee |
|
John Johansen (jjohansen) |
|
2016-12-01 10:21:01 |
John Johansen |
linux (Ubuntu Zesty): assignee |
|
John Johansen (jjohansen) |
|
2016-12-01 10:21:07 |
John Johansen |
linux (Ubuntu Zesty): status |
Triaged |
In Progress |
|
2016-12-01 10:21:13 |
John Johansen |
linux (Ubuntu Yakkety): status |
Triaged |
In Progress |
|
2016-12-01 10:21:19 |
John Johansen |
linux (Ubuntu Xenial): status |
Triaged |
In Progress |
|
2017-02-14 12:58:23 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2017-02-14 13:00:43 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Yakkety): status |
In Progress |
Fix Committed |
|
2017-02-21 03:06:26 |
Launchpad Janitor |
linux (Ubuntu Zesty): status |
In Progress |
Fix Released |
|
2017-02-21 03:06:26 |
Launchpad Janitor |
cve linked |
|
2016-1575 |
|
2017-02-21 03:06:26 |
Launchpad Janitor |
cve linked |
|
2016-1576 |
|
2017-02-27 17:14:43 |
Brad Figg |
tags |
|
verification-needed-xenial |
|
2017-02-27 17:16:31 |
Brad Figg |
tags |
verification-needed-xenial |
verification-needed-xenial verification-needed-yakkety |
|
2017-03-02 08:46:11 |
Launchpad Janitor |
linux (Ubuntu Yakkety): status |
Fix Committed |
Fix Released |
|
2017-03-02 08:47:54 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2017-03-28 09:27:55 |
Stefan Bader |
linux (Ubuntu Xenial): status |
Fix Released |
Triaged |
|
2017-03-28 09:28:04 |
Stefan Bader |
linux (Ubuntu Yakkety): status |
Fix Released |
Triaged |
|
2017-03-29 23:13:19 |
Launchpad Janitor |
linux (Ubuntu Yakkety): status |
Triaged |
Fix Released |
|
2017-03-29 23:13:19 |
Launchpad Janitor |
cve linked |
|
2017-7184 |
|
2017-03-30 09:17:25 |
Stefan Bader |
linux (Ubuntu Yakkety): status |
Fix Released |
Triaged |
|
2017-03-30 15:30:20 |
Steve Beattie |
cve unlinked |
2017-7184 |
|
|
2017-03-30 15:30:40 |
Steve Beattie |
cve unlinked |
2016-1575 |
|
|
2017-03-30 15:30:59 |
Steve Beattie |
cve unlinked |
2016-1576 |
|
|
2017-04-17 11:03:10 |
Dominique Poulain |
bug |
|
|
added subscriber Dominique Poulain |
2017-07-26 15:57:02 |
Andy Whitcroft |
linux (Ubuntu Yakkety): status |
Triaged |
Won't Fix |
|
2020-06-01 16:21:18 |
Stéphane Graber |
bug task deleted |
apparmor (Ubuntu) |
|
|
2020-06-01 16:21:34 |
Stéphane Graber |
bug task deleted |
linux (Ubuntu Xenial) |
|
|