Package: lsof Version: 4.86+dfsg-1 Severity: minor Dear Maintainer,
I just updated a web server to latest 3.14 stable kernel, 3.14.62, which includes a patch tightening up ptrace permissions. Now the use of "/usr/bin/lsof -w -l +d /var/lib/php5" by /etc/cron.d/php5 to clean up sessions causes a kernel WARN_ON to be spammed to the log. Feb 29 13:36:14 www kernel: [48425.679328] ------------[ cut here ]------------ Feb 29 13:36:14 www kernel: [48425.679753] WARNING: CPU: 0 PID: 13503 at kernel/ptrace.c:233 __ptrace_may_access+0x13a/0x150() Feb 29 13:36:14 www kernel: [48425.680540] denying ptrace access check without PTRACE_MODE_*CREDS Feb 29 13:36:14 www kernel: [48425.681090] Modules linked in: nfsv3 nfsd auth_rpcgss oid_registry nfs_acl nfs lockd sunrpc ipv6 xt_nat iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter ip_tables floppy virtio_balloon virtio_net Feb 29 13:36:14 www kernel: [48425.683176] CPU: 0 PID: 13503 Comm: lsof Tainted: G W 3.14.62-fysh-kvmguest #6 Feb 29 13:36:14 www kernel: [48425.683891] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 Feb 29 13:36:14 www kernel: [48425.684415] 0000000000000286 0000000000000000 ffffffff8850ade4 0000000000000007 Feb 29 13:36:14 www kernel: [48425.684536] ffff88051bf1fd88 0000000000000009 ffffffff8803fe81 0000000000000001 Feb 29 13:36:14 www kernel: [48425.684536] ffff8805fd8b50a0 0000000000000001 0000000000000000 00007ffa0012ee50 Feb 29 13:36:14 www kernel: [48425.684536] Call Trace: Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff8850ade4>] ? dump_stack+0x5e/0x7a Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff8803fe81>] ? warn_slowpath_common+0x81/0xb0 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff8803ff65>] ? warn_slowpath_fmt+0x45/0x50 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff8804816a>] ? __ptrace_may_access+0x13a/0x150 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff880490a2>] ? ptrace_may_access+0x32/0x60 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff8803d31d>] ? mm_access+0x7d/0xc0 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff88188ce8>] ? m_start+0x78/0x1e0 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff881388f7>] ? do_filp_open+0x47/0xb0 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff8814aaff>] ? seq_read+0x10f/0x380 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff88128b75>] ? vfs_read+0xa5/0x180 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff88128dfb>] ? SyS_read+0x4b/0xb0 Feb 29 13:36:14 www kernel: [48425.684536] [<ffffffff88517add>] ? system_call_fastpath+0x1a/0x1f Feb 29 13:36:14 www kernel: [48425.692738] ---[ end trace f8d6c7c51a5bfc2a ]--- Some 58 times for a single run of that command! I'm guessing that the version of lsof in wheezy doesn't do some credentials setting that would prevent this WARN_ON. Yes, I'm aware I should really get around to upgrading this server to Jessie. -- System Information: Debian Release: 7.9 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.14.62 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lsof depends on: ii libc6 2.13-38+deb7u10 ii perl 5.14.2-21+deb7u2 ii perl-modules [libperl4-corelibs-perl] 5.14.2-21+deb7u2 lsof recommends no packages. lsof suggests no packages. -- debconf-show failed
