------- Comment From cha...@us.ibm.com 2018-05-11 22:17 EDT------- Before the first warning occurred about the NULL label and then later the BUG_ON() we see a message raised from ida_remove_warning()
[13222.731255] Using 'aes-generic' as fallback implementation. [13222.731258] Using 'ctr(p8_aes)' as fallback implementation. [13244.117851] ida_remove called for id=19 which is not allocated. [13244.117872] AppArmor WARN aa_file_perm: ((!flabel)): and we also have this in the dmesg log and so not clear if this is related to the AppArmor code issues we encounter afterwards: [13244.118303] CPU: 10 PID: 18397 Comm: chgrp Not tainted 4.4.0-124-generic #148-Ubuntu [13244.118309] 00000100067a4810 c00000000162aa60 c000000359d518d0 c000000000b09ce4 GPR24: c0000003ff9de880 00000003fee10000 [13244.118309] task: c00000035be322c0 ti: c00000035b5c0000 task.ti: c00000035b5c0000 [13244.118313] c000000359d512a0 0000000000000040 GPR28: c0000003ffdde880 c0000003ef780810 0000000000000000 c000000001766ab8 [13244.118314] NIP: c0000000004fd8c8 LR: c0000000004923e4 CTR: c0000000004fd880 [13244.118316] REGS: c00000035b5c3860 TRAP: 0700 Not tainted (4.4.0-124-generic) [13244.118391] MSR: 8000000000029033 [13244.118391] NIP [c000000000590870] ida_remove+0x1e0/0x250 [13244.118394] LR [c00000000059086c] ida_remove+0x1dc/0x250 [13244.118395] Call Trace: [13244.118397] [c0000003ec0ffa20] [c00000000059086c] ida_remove+0x1dc/0x250 [13244.118398] < [13244.118399] (unreliable) [13244.118401] [c0000003ec0ffaa0] [c00000000005a318] __destroy_context+0x48/0xc0 [13244.118404] [c0000003ec0ffad0] [c00000000005a4f0] destroy_context+0xb0/0xe0 [13244.118407] [c0000003ec0ffb00] [c0000000000b3488] __mmdrop+0x68/0x190 [13244.118408] SF [13244.118408] [13244.118412] ,EE,ME,IR,DR,RI,LE> CR: 24004248 XER: 00000000 [13244.118421] CFAR: c0000000004923e0 SOFTE: 1 GPR00: c0000000004923e4 c00000035b5c3ae0 c0000000015fa700 c0000000fcd01a00 GPR04: 0000000000000001 ffffffffffffffc0 c0000000fcd01b00 00000003fe8d0000 [13244.118422] [c0000003ec0ffb80] [c0000000000f0db8] finish_task_switch+0x308/0x350 [13244.118457] GPR08: c00000000163a700 0000000000000001 0000000000000000 0000000000000000 GPR12: c0000000004fd880 c000000007b06400 0000000000000000 0000000000000000 GPR16: 0000000000000013 0000000000000000 00003fffb7501468 0000000000000000 GPR20: 00003fffb74ff7e0 [13244.118458] [c0000003ec0ffc30] [c000000000b09ce4] __schedule+0x314/0x990 [13244.118458] 0000000000000000 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1770784 Title: ISST-LTE:KVM:Ubuntu1804:BostonLC:boslcp4g4:ubuntu1604:P8 compat: guest crashes in apparmor_file_alloc_security() Status in linux package in Ubuntu: New Bug description: Test was running an Ubuntu 16.04 guest with a Ubuntu 18.04 host when the guest dumped a vmcore. According to the dump, the crash is actually a BUG_ON() raised from apparmor_file_alloc_security() having called aa_begin_current_label() which calls aa_current_raw_label() that in turn calls aa_cred_raw_label() where the BUG_ON() resides: static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) { struct aa_task_ctx *ctx = cred_ctx(cred); BUG_ON(!ctx || !ctx->label); return ctx->label; } Now, the warnings we previously had seen raised from aa_file_perm() may have been related since rcu_dereference() as fctx->label is NULL. fctx = file_ctx(file); rcu_read_lock(); flabel = rcu_dereference(fctx->label); AA_BUG(!flabel); KERNEL: /usr/lib/debug/boot/vmlinux-4.4.0-124-generic DUMPFILE: dump.201805110830 [PARTIAL DUMP] CPUS: 32 DATE: Fri May 11 06:30:35 2018 UPTIME: 03:40:43 LOAD AVERAGE: 102.77, 103.38, 100.54 TASKS: 862 NODENAME: boslcp4g4 RELEASE: 4.4.0-124-generic VERSION: #148-Ubuntu SMP Wed May 2 13:02:22 UTC 2018 MACHINE: ppc64le (2134 Mhz) MEMORY: 16 GB PANIC: "kernel BUG at /build/linux-VRGJAN/linux-4.4.0/security/apparmor/include/context.h:69!" PID: 18397 COMMAND: "chgrp" TASK: c00000035be322c0 [THREAD_INFO: c00000035b5c0000] CPU: 10 STATE: TASK_RUNNING (PANIC) crash> bt PID: 18397 TASK: c00000035be322c0 CPU: 10 COMMAND: "chgrp" #0 [c00000035b5c3430] crash_kexec at c000000000176274 #1 [c00000035b5c35d0] die at c000000000020ef8 #2 [c00000035b5c3660] _exception at c000000000021244 #3 [c00000035b5c37f0] program_check_common at c000000000006208 Program Check [700] exception frame: R0: c0000000004923e4 R1: c00000035b5c3ae0 R2: c0000000015fa700 R3: c0000000fcd01a00 R4: 0000000000000001 R5: ffffffffffffffc0 R6: c0000000fcd01b00 R7: 00000003fe8d0000 R8: c00000000163a700 R9: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: c0000000004fd880 R13: c000000007b06400 R14: 0000000000000000 R15: 0000000000000000 R16: 0000000000000013 R17: 0000000000000000 R18: 00003fffb7501468 R19: 0000000000000000 R20: 00003fffb74ff7e0 R21: 0000000000000000 R22: 0000000000000000 R23: 00003fffdf3cbd40 R24: ffffffff90000001 R25: 0000000000000041 R26: fffffffffffff000 R27: c00000035b5c3dd0 R28: c0000000016342f8 R29: c0000000fcd01a00 R30: c0000000fcd01a00 R31: 0000000000000000 NIP: c0000000004fd8c8 MSR: 8000000000029033 OR3: c0000000004923e0 CTR: c0000000004fd880 LR: c0000000004923e4 XER: 0000000000000000 CCR: 0000000024004248 MQ: 0000000000000001 DAR: c000000328004288 DSISR: c00000035b5c39e0 Syscall Result: 0000000000000000 #4 [c00000035b5c3ae0] apparmor_file_alloc_security at c0000000004fd8c8 [Link Register] [c00000035b5c3ae0] security_file_alloc at c0000000004923e4 #5 [c00000035b5c3b50] security_file_alloc at c0000000004923e4 (unreliable) #6 [c00000035b5c3b90] get_empty_filp at c0000000002e7010 #7 [c00000035b5c3c10] path_openat at c0000000002faa2c #8 [c00000035b5c3c90] do_filp_open at c0000000002fc9bc #9 [c00000035b5c3db0] do_sys_open at c0000000002e3150 #10 [c00000035b5c3e30] system_call at c000000000009484 System Call [c01] exception frame: R0: 0000000000000005 R1: 00003fffdf3cb8c0 R2: 00003fffb7507e00 R3: 00000100270514b0 R4: 0000000000080000 R5: 00003fffb7501ef8 R6: 0000000000000008 R7: ffffffff90000001 R8: 00003fffdf3cbd40 R9: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 00003fffb750a190 NIP: 00003fffb74dbdac MSR: 800000000280f033 OR3: 00000100270514b0 CTR: 0000000000000000 LR: 00003fffb74b7034 XER: 0000000000000000 CCR: 0000000044004442 MQ: 0000000000000001 DAR: 00003fffb7480000 DSISR: 0000000040000000 Syscall Result: fffffffffffffffe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1770784/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp