[Kernel-packages] [Bug 1770784] Comment bridged from LTC Bugzilla

Fri, 11 May 2018 19:26:08 -0700 

------- Comment From cha...@us.ibm.com 2018-05-11 22:17 EDT-------
Before the first warning occurred about the NULL label and then later the 
BUG_ON() we see a message raised from ida_remove_warning()

[13222.731255] Using 'aes-generic' as fallback implementation.
[13222.731258] Using 'ctr(p8_aes)' as fallback implementation.
[13244.117851] ida_remove called for id=19 which is not allocated.
[13244.117872] AppArmor WARN aa_file_perm: ((!flabel)):

and we also have this in the dmesg log and so not clear if this is
related to the AppArmor code issues we encounter afterwards:

[13244.118303] CPU: 10 PID: 18397 Comm: chgrp Not tainted 4.4.0-124-generic 
#148-Ubuntu
[13244.118309] 00000100067a4810 c00000000162aa60 c000000359d518d0 
c000000000b09ce4
GPR24: c0000003ff9de880 00000003fee10000
[13244.118309] task: c00000035be322c0 ti: c00000035b5c0000 task.ti: 
c00000035b5c0000
[13244.118313] c000000359d512a0 0000000000000040
GPR28: c0000003ffdde880 c0000003ef780810 0000000000000000 c000000001766ab8
[13244.118314] NIP: c0000000004fd8c8 LR: c0000000004923e4 CTR: c0000000004fd880
[13244.118316] REGS: c00000035b5c3860 TRAP: 0700   Not tainted  
(4.4.0-124-generic)
[13244.118391] MSR: 8000000000029033
[13244.118391] NIP [c000000000590870] ida_remove+0x1e0/0x250
[13244.118394] LR [c00000000059086c] ida_remove+0x1dc/0x250
[13244.118395] Call Trace:
[13244.118397] [c0000003ec0ffa20] [c00000000059086c] ida_remove+0x1dc/0x250
[13244.118398] <
[13244.118399]  (unreliable)
[13244.118401] [c0000003ec0ffaa0] [c00000000005a318] __destroy_context+0x48/0xc0
[13244.118404] [c0000003ec0ffad0] [c00000000005a4f0] destroy_context+0xb0/0xe0
[13244.118407] [c0000003ec0ffb00] [c0000000000b3488] __mmdrop+0x68/0x190
[13244.118408] SF
[13244.118408]
[13244.118412] ,EE,ME,IR,DR,RI,LE>  CR: 24004248  XER: 00000000
[13244.118421] CFAR: c0000000004923e0 SOFTE: 1
GPR00: c0000000004923e4 c00000035b5c3ae0 c0000000015fa700 c0000000fcd01a00
GPR04: 0000000000000001 ffffffffffffffc0 c0000000fcd01b00 00000003fe8d0000
[13244.118422] [c0000003ec0ffb80] [c0000000000f0db8] 
finish_task_switch+0x308/0x350
[13244.118457]
GPR08: c00000000163a700 0000000000000001 0000000000000000 0000000000000000
GPR12: c0000000004fd880 c000000007b06400 0000000000000000 0000000000000000
GPR16: 0000000000000013 0000000000000000 00003fffb7501468 0000000000000000
GPR20: 00003fffb74ff7e0
[13244.118458] [c0000003ec0ffc30] [c000000000b09ce4] __schedule+0x314/0x990
[13244.118458] 0000000000000000

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1770784

Title:
  ISST-LTE:KVM:Ubuntu1804:BostonLC:boslcp4g4:ubuntu1604:P8 compat: guest
  crashes in apparmor_file_alloc_security()

Status in linux package in Ubuntu:
  New

Bug description:
  Test was running an Ubuntu 16.04 guest with a Ubuntu 18.04 host when
  the guest dumped a vmcore.

  According to the dump, the crash is actually a BUG_ON() raised from
  apparmor_file_alloc_security() having called aa_begin_current_label()
  which calls aa_current_raw_label() that in turn calls
  aa_cred_raw_label() where the BUG_ON() resides:

    static inline struct aa_label *aa_cred_raw_label(const struct cred *cred)
    {
        struct aa_task_ctx *ctx = cred_ctx(cred);
        BUG_ON(!ctx || !ctx->label);
        return ctx->label;
    }

  Now, the warnings we previously had seen raised from aa_file_perm()
  may have been related since rcu_dereference() as fctx->label is NULL.

        fctx = file_ctx(file);
   
        rcu_read_lock();
        flabel  = rcu_dereference(fctx->label);
       AA_BUG(!flabel);

        KERNEL: /usr/lib/debug/boot/vmlinux-4.4.0-124-generic
      DUMPFILE: dump.201805110830  [PARTIAL DUMP]
          CPUS: 32
          DATE: Fri May 11 06:30:35 2018
        UPTIME: 03:40:43
  LOAD AVERAGE: 102.77, 103.38, 100.54
         TASKS: 862
      NODENAME: boslcp4g4
       RELEASE: 4.4.0-124-generic
       VERSION: #148-Ubuntu SMP Wed May 2 13:02:22 UTC 2018
       MACHINE: ppc64le  (2134 Mhz)
        MEMORY: 16 GB
         PANIC: "kernel BUG at 
/build/linux-VRGJAN/linux-4.4.0/security/apparmor/include/context.h:69!"
           PID: 18397
       COMMAND: "chgrp"
          TASK: c00000035be322c0  [THREAD_INFO: c00000035b5c0000]
           CPU: 10
         STATE: TASK_RUNNING (PANIC)

  
  crash> bt
  PID: 18397  TASK: c00000035be322c0  CPU: 10  COMMAND: "chgrp"
   #0 [c00000035b5c3430] crash_kexec at c000000000176274
   #1 [c00000035b5c35d0] die at c000000000020ef8
   #2 [c00000035b5c3660] _exception at c000000000021244
   #3 [c00000035b5c37f0] program_check_common at c000000000006208
   Program Check [700] exception frame:
   R0:  c0000000004923e4    R1:  c00000035b5c3ae0    R2:  c0000000015fa700
   R3:  c0000000fcd01a00    R4:  0000000000000001    R5:  ffffffffffffffc0
   R6:  c0000000fcd01b00    R7:  00000003fe8d0000    R8:  c00000000163a700
   R9:  0000000000000001    R10: 0000000000000000    R11: 0000000000000000
   R12: c0000000004fd880    R13: c000000007b06400    R14: 0000000000000000
   R15: 0000000000000000    R16: 0000000000000013    R17: 0000000000000000
   R18: 00003fffb7501468    R19: 0000000000000000    R20: 00003fffb74ff7e0
   R21: 0000000000000000    R22: 0000000000000000    R23: 00003fffdf3cbd40
   R24: ffffffff90000001    R25: 0000000000000041    R26: fffffffffffff000
   R27: c00000035b5c3dd0    R28: c0000000016342f8    R29: c0000000fcd01a00
   R30: c0000000fcd01a00    R31: 0000000000000000
   NIP: c0000000004fd8c8    MSR: 8000000000029033    OR3: c0000000004923e0
   CTR: c0000000004fd880    LR:  c0000000004923e4    XER: 0000000000000000
   CCR: 0000000024004248    MQ:  0000000000000001    DAR: c000000328004288
   DSISR: c00000035b5c39e0     Syscall Result: 0000000000000000
   #4 [c00000035b5c3ae0] apparmor_file_alloc_security at c0000000004fd8c8
   [Link Register] [c00000035b5c3ae0] security_file_alloc at c0000000004923e4
   #5 [c00000035b5c3b50] security_file_alloc at c0000000004923e4  (unreliable)
   #6 [c00000035b5c3b90] get_empty_filp at c0000000002e7010
   #7 [c00000035b5c3c10] path_openat at c0000000002faa2c
   #8 [c00000035b5c3c90] do_filp_open at c0000000002fc9bc
   #9 [c00000035b5c3db0] do_sys_open at c0000000002e3150
  #10 [c00000035b5c3e30] system_call at c000000000009484
   System Call [c01] exception frame:
   R0:  0000000000000005    R1:  00003fffdf3cb8c0    R2:  00003fffb7507e00
   R3:  00000100270514b0    R4:  0000000000080000    R5:  00003fffb7501ef8
   R6:  0000000000000008    R7:  ffffffff90000001    R8:  00003fffdf3cbd40
   R9:  0000000000000000    R10: 0000000000000000    R11: 0000000000000000
   R12: 0000000000000000    R13: 00003fffb750a190
   NIP: 00003fffb74dbdac    MSR: 800000000280f033    OR3: 00000100270514b0
   CTR: 0000000000000000    LR:  00003fffb74b7034    XER: 0000000000000000
   CCR: 0000000044004442    MQ:  0000000000000001    DAR: 00003fffb7480000
   DSISR: 0000000040000000     Syscall Result: fffffffffffffffe

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1770784/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to