[Kernel-packages] [Bug 1770784] Comment bridged from LTC Bugzilla
--- Comment From cha...@us.ibm.com 2018-06-25 18:49 EDT--- Closing bug as unreproducible as we haven't received further accounts of the original issue and it is possible that any of the firmware, hardware or kernel updates resolved it or prevented its return. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1770784 Title: ISST-LTE:KVM:Ubuntu1804:BostonLC:boslcp4g4:ubuntu1604:P8 compat: guest crashes in apparmor_file_alloc_security() Status in The Ubuntu-power-systems project: Incomplete Status in linux package in Ubuntu: New Bug description: Test was running an Ubuntu 16.04 guest with a Ubuntu 18.04 host when the guest dumped a vmcore. According to the dump, the crash is actually a BUG_ON() raised from apparmor_file_alloc_security() having called aa_begin_current_label() which calls aa_current_raw_label() that in turn calls aa_cred_raw_label() where the BUG_ON() resides: static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) { struct aa_task_ctx *ctx = cred_ctx(cred); BUG_ON(!ctx || !ctx->label); return ctx->label; } Now, the warnings we previously had seen raised from aa_file_perm() may have been related since rcu_dereference() as fctx->label is NULL. fctx = file_ctx(file); rcu_read_lock(); flabel = rcu_dereference(fctx->label); AA_BUG(!flabel); KERNEL: /usr/lib/debug/boot/vmlinux-4.4.0-124-generic DUMPFILE: dump.201805110830 [PARTIAL DUMP] CPUS: 32 DATE: Fri May 11 06:30:35 2018 UPTIME: 03:40:43 LOAD AVERAGE: 102.77, 103.38, 100.54 TASKS: 862 NODENAME: boslcp4g4 RELEASE: 4.4.0-124-generic VERSION: #148-Ubuntu SMP Wed May 2 13:02:22 UTC 2018 MACHINE: ppc64le (2134 Mhz) MEMORY: 16 GB PANIC: "kernel BUG at /build/linux-VRGJAN/linux-4.4.0/security/apparmor/include/context.h:69!" PID: 18397 COMMAND: "chgrp" TASK: c0035be322c0 [THREAD_INFO: c0035b5c] CPU: 10 STATE: TASK_RUNNING (PANIC) crash> bt PID: 18397 TASK: c0035be322c0 CPU: 10 COMMAND: "chgrp" #0 [c0035b5c3430] crash_kexec at c0176274 #1 [c0035b5c35d0] die at c0020ef8 #2 [c0035b5c3660] _exception at c0021244 #3 [c0035b5c37f0] program_check_common at c0006208 Program Check [700] exception frame: R0: c04923e4R1: c0035b5c3ae0R2: c15fa700 R3: c000fcd01a00R4: 0001R5: ffc0 R6: c000fcd01b00R7: 0003fe8dR8: c163a700 R9: 0001R10: R11: R12: c04fd880R13: c7b06400R14: R15: R16: 0013R17: R18: 3fffb7501468R19: R20: 3fffb74ff7e0 R21: R22: R23: 3fffdf3cbd40 R24: 9001R25: 0041R26: f000 R27: c0035b5c3dd0R28: c16342f8R29: c000fcd01a00 R30: c000fcd01a00R31: NIP: c04fd8c8MSR: 80029033OR3: c04923e0 CTR: c04fd880LR: c04923e4XER: CCR: 24004248MQ: 0001DAR: c00328004288 DSISR: c0035b5c39e0 Syscall Result: #4 [c0035b5c3ae0] apparmor_file_alloc_security at c04fd8c8 [Link Register] [c0035b5c3ae0] security_file_alloc at c04923e4 #5 [c0035b5c3b50] security_file_alloc at c04923e4 (unreliable) #6 [c0035b5c3b90] get_empty_filp at c02e7010 #7 [c0035b5c3c10] path_openat at c02faa2c #8 [c0035b5c3c90] do_filp_open at c02fc9bc #9 [c0035b5c3db0] do_sys_open at c02e3150 #10 [c0035b5c3e30] system_call at c0009484 System Call [c01] exception frame: R0: 0005R1: 3fffdf3cb8c0R2: 3fffb7507e00 R3: 0100270514b0R4: 0008R5: 3fffb7501ef8 R6: 0008R7: 9001R8: 3fffdf3cbd40 R9: R10: R11: R12: R13: 3fffb750a190 NIP: 3fffb74dbdacMSR: 8280f033OR3: 0100270514b0 CTR: LR: 3fffb74b7034XER: CCR: 44004442MQ: 0001DAR: 3fffb748 DSISR: 4000 Syscall Result: fffe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1770784/+subscriptions -- Mailing list:
[Kernel-packages] [Bug 1770784] Comment bridged from LTC Bugzilla
--- Comment From cha...@us.ibm.com 2018-05-29 14:59 EDT--- Are we still seeing this issue reproduced or could this be related to some other bug that has also been seen? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1770784 Title: ISST-LTE:KVM:Ubuntu1804:BostonLC:boslcp4g4:ubuntu1604:P8 compat: guest crashes in apparmor_file_alloc_security() Status in The Ubuntu-power-systems project: Triaged Status in linux package in Ubuntu: New Bug description: Test was running an Ubuntu 16.04 guest with a Ubuntu 18.04 host when the guest dumped a vmcore. According to the dump, the crash is actually a BUG_ON() raised from apparmor_file_alloc_security() having called aa_begin_current_label() which calls aa_current_raw_label() that in turn calls aa_cred_raw_label() where the BUG_ON() resides: static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) { struct aa_task_ctx *ctx = cred_ctx(cred); BUG_ON(!ctx || !ctx->label); return ctx->label; } Now, the warnings we previously had seen raised from aa_file_perm() may have been related since rcu_dereference() as fctx->label is NULL. fctx = file_ctx(file); rcu_read_lock(); flabel = rcu_dereference(fctx->label); AA_BUG(!flabel); KERNEL: /usr/lib/debug/boot/vmlinux-4.4.0-124-generic DUMPFILE: dump.201805110830 [PARTIAL DUMP] CPUS: 32 DATE: Fri May 11 06:30:35 2018 UPTIME: 03:40:43 LOAD AVERAGE: 102.77, 103.38, 100.54 TASKS: 862 NODENAME: boslcp4g4 RELEASE: 4.4.0-124-generic VERSION: #148-Ubuntu SMP Wed May 2 13:02:22 UTC 2018 MACHINE: ppc64le (2134 Mhz) MEMORY: 16 GB PANIC: "kernel BUG at /build/linux-VRGJAN/linux-4.4.0/security/apparmor/include/context.h:69!" PID: 18397 COMMAND: "chgrp" TASK: c0035be322c0 [THREAD_INFO: c0035b5c] CPU: 10 STATE: TASK_RUNNING (PANIC) crash> bt PID: 18397 TASK: c0035be322c0 CPU: 10 COMMAND: "chgrp" #0 [c0035b5c3430] crash_kexec at c0176274 #1 [c0035b5c35d0] die at c0020ef8 #2 [c0035b5c3660] _exception at c0021244 #3 [c0035b5c37f0] program_check_common at c0006208 Program Check [700] exception frame: R0: c04923e4R1: c0035b5c3ae0R2: c15fa700 R3: c000fcd01a00R4: 0001R5: ffc0 R6: c000fcd01b00R7: 0003fe8dR8: c163a700 R9: 0001R10: R11: R12: c04fd880R13: c7b06400R14: R15: R16: 0013R17: R18: 3fffb7501468R19: R20: 3fffb74ff7e0 R21: R22: R23: 3fffdf3cbd40 R24: 9001R25: 0041R26: f000 R27: c0035b5c3dd0R28: c16342f8R29: c000fcd01a00 R30: c000fcd01a00R31: NIP: c04fd8c8MSR: 80029033OR3: c04923e0 CTR: c04fd880LR: c04923e4XER: CCR: 24004248MQ: 0001DAR: c00328004288 DSISR: c0035b5c39e0 Syscall Result: #4 [c0035b5c3ae0] apparmor_file_alloc_security at c04fd8c8 [Link Register] [c0035b5c3ae0] security_file_alloc at c04923e4 #5 [c0035b5c3b50] security_file_alloc at c04923e4 (unreliable) #6 [c0035b5c3b90] get_empty_filp at c02e7010 #7 [c0035b5c3c10] path_openat at c02faa2c #8 [c0035b5c3c90] do_filp_open at c02fc9bc #9 [c0035b5c3db0] do_sys_open at c02e3150 #10 [c0035b5c3e30] system_call at c0009484 System Call [c01] exception frame: R0: 0005R1: 3fffdf3cb8c0R2: 3fffb7507e00 R3: 0100270514b0R4: 0008R5: 3fffb7501ef8 R6: 0008R7: 9001R8: 3fffdf3cbd40 R9: R10: R11: R12: R13: 3fffb750a190 NIP: 3fffb74dbdacMSR: 8280f033OR3: 0100270514b0 CTR: LR: 3fffb74b7034XER: CCR: 44004442MQ: 0001DAR: 3fffb748 DSISR: 4000 Syscall Result: fffe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1770784/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe :
[Kernel-packages] [Bug 1770784] Comment bridged from LTC Bugzilla
--- Comment From cdead...@us.ibm.com 2018-05-13 12:26 EDT--- could this similar/same as issue #1235? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1770784 Title: ISST-LTE:KVM:Ubuntu1804:BostonLC:boslcp4g4:ubuntu1604:P8 compat: guest crashes in apparmor_file_alloc_security() Status in linux package in Ubuntu: New Bug description: Test was running an Ubuntu 16.04 guest with a Ubuntu 18.04 host when the guest dumped a vmcore. According to the dump, the crash is actually a BUG_ON() raised from apparmor_file_alloc_security() having called aa_begin_current_label() which calls aa_current_raw_label() that in turn calls aa_cred_raw_label() where the BUG_ON() resides: static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) { struct aa_task_ctx *ctx = cred_ctx(cred); BUG_ON(!ctx || !ctx->label); return ctx->label; } Now, the warnings we previously had seen raised from aa_file_perm() may have been related since rcu_dereference() as fctx->label is NULL. fctx = file_ctx(file); rcu_read_lock(); flabel = rcu_dereference(fctx->label); AA_BUG(!flabel); KERNEL: /usr/lib/debug/boot/vmlinux-4.4.0-124-generic DUMPFILE: dump.201805110830 [PARTIAL DUMP] CPUS: 32 DATE: Fri May 11 06:30:35 2018 UPTIME: 03:40:43 LOAD AVERAGE: 102.77, 103.38, 100.54 TASKS: 862 NODENAME: boslcp4g4 RELEASE: 4.4.0-124-generic VERSION: #148-Ubuntu SMP Wed May 2 13:02:22 UTC 2018 MACHINE: ppc64le (2134 Mhz) MEMORY: 16 GB PANIC: "kernel BUG at /build/linux-VRGJAN/linux-4.4.0/security/apparmor/include/context.h:69!" PID: 18397 COMMAND: "chgrp" TASK: c0035be322c0 [THREAD_INFO: c0035b5c] CPU: 10 STATE: TASK_RUNNING (PANIC) crash> bt PID: 18397 TASK: c0035be322c0 CPU: 10 COMMAND: "chgrp" #0 [c0035b5c3430] crash_kexec at c0176274 #1 [c0035b5c35d0] die at c0020ef8 #2 [c0035b5c3660] _exception at c0021244 #3 [c0035b5c37f0] program_check_common at c0006208 Program Check [700] exception frame: R0: c04923e4R1: c0035b5c3ae0R2: c15fa700 R3: c000fcd01a00R4: 0001R5: ffc0 R6: c000fcd01b00R7: 0003fe8dR8: c163a700 R9: 0001R10: R11: R12: c04fd880R13: c7b06400R14: R15: R16: 0013R17: R18: 3fffb7501468R19: R20: 3fffb74ff7e0 R21: R22: R23: 3fffdf3cbd40 R24: 9001R25: 0041R26: f000 R27: c0035b5c3dd0R28: c16342f8R29: c000fcd01a00 R30: c000fcd01a00R31: NIP: c04fd8c8MSR: 80029033OR3: c04923e0 CTR: c04fd880LR: c04923e4XER: CCR: 24004248MQ: 0001DAR: c00328004288 DSISR: c0035b5c39e0 Syscall Result: #4 [c0035b5c3ae0] apparmor_file_alloc_security at c04fd8c8 [Link Register] [c0035b5c3ae0] security_file_alloc at c04923e4 #5 [c0035b5c3b50] security_file_alloc at c04923e4 (unreliable) #6 [c0035b5c3b90] get_empty_filp at c02e7010 #7 [c0035b5c3c10] path_openat at c02faa2c #8 [c0035b5c3c90] do_filp_open at c02fc9bc #9 [c0035b5c3db0] do_sys_open at c02e3150 #10 [c0035b5c3e30] system_call at c0009484 System Call [c01] exception frame: R0: 0005R1: 3fffdf3cb8c0R2: 3fffb7507e00 R3: 0100270514b0R4: 0008R5: 3fffb7501ef8 R6: 0008R7: 9001R8: 3fffdf3cbd40 R9: R10: R11: R12: R13: 3fffb750a190 NIP: 3fffb74dbdacMSR: 8280f033OR3: 0100270514b0 CTR: LR: 3fffb74b7034XER: CCR: 44004442MQ: 0001DAR: 3fffb748 DSISR: 4000 Syscall Result: fffe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1770784/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1770784] Comment bridged from LTC Bugzilla
--- Comment From nevd...@us.ibm.com 2018-05-13 12:11 EDT--- This Canonical bug suggests they may have seen it before,but unfortunately it was closed without a patch because it wasn't repeatable in a later release. The bug suggests the change occurred between 4.4 and 4.6-rcsomething. https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1580943 I did a git blame on rbtree.c and there were no interesting changes introduced during that time. I did the same with mmap.c and found many ... but none that claimed to be addressing this problem. Discussions here (https://lkml.org/lkml/2016/2/16/625) suggest it might be related to transparent huge pages (THP). Although none of this points to a specific solution, it does suggest this problem has been seen before. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1770784 Title: ISST-LTE:KVM:Ubuntu1804:BostonLC:boslcp4g4:ubuntu1604:P8 compat: guest crashes in apparmor_file_alloc_security() Status in linux package in Ubuntu: New Bug description: Test was running an Ubuntu 16.04 guest with a Ubuntu 18.04 host when the guest dumped a vmcore. According to the dump, the crash is actually a BUG_ON() raised from apparmor_file_alloc_security() having called aa_begin_current_label() which calls aa_current_raw_label() that in turn calls aa_cred_raw_label() where the BUG_ON() resides: static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) { struct aa_task_ctx *ctx = cred_ctx(cred); BUG_ON(!ctx || !ctx->label); return ctx->label; } Now, the warnings we previously had seen raised from aa_file_perm() may have been related since rcu_dereference() as fctx->label is NULL. fctx = file_ctx(file); rcu_read_lock(); flabel = rcu_dereference(fctx->label); AA_BUG(!flabel); KERNEL: /usr/lib/debug/boot/vmlinux-4.4.0-124-generic DUMPFILE: dump.201805110830 [PARTIAL DUMP] CPUS: 32 DATE: Fri May 11 06:30:35 2018 UPTIME: 03:40:43 LOAD AVERAGE: 102.77, 103.38, 100.54 TASKS: 862 NODENAME: boslcp4g4 RELEASE: 4.4.0-124-generic VERSION: #148-Ubuntu SMP Wed May 2 13:02:22 UTC 2018 MACHINE: ppc64le (2134 Mhz) MEMORY: 16 GB PANIC: "kernel BUG at /build/linux-VRGJAN/linux-4.4.0/security/apparmor/include/context.h:69!" PID: 18397 COMMAND: "chgrp" TASK: c0035be322c0 [THREAD_INFO: c0035b5c] CPU: 10 STATE: TASK_RUNNING (PANIC) crash> bt PID: 18397 TASK: c0035be322c0 CPU: 10 COMMAND: "chgrp" #0 [c0035b5c3430] crash_kexec at c0176274 #1 [c0035b5c35d0] die at c0020ef8 #2 [c0035b5c3660] _exception at c0021244 #3 [c0035b5c37f0] program_check_common at c0006208 Program Check [700] exception frame: R0: c04923e4R1: c0035b5c3ae0R2: c15fa700 R3: c000fcd01a00R4: 0001R5: ffc0 R6: c000fcd01b00R7: 0003fe8dR8: c163a700 R9: 0001R10: R11: R12: c04fd880R13: c7b06400R14: R15: R16: 0013R17: R18: 3fffb7501468R19: R20: 3fffb74ff7e0 R21: R22: R23: 3fffdf3cbd40 R24: 9001R25: 0041R26: f000 R27: c0035b5c3dd0R28: c16342f8R29: c000fcd01a00 R30: c000fcd01a00R31: NIP: c04fd8c8MSR: 80029033OR3: c04923e0 CTR: c04fd880LR: c04923e4XER: CCR: 24004248MQ: 0001DAR: c00328004288 DSISR: c0035b5c39e0 Syscall Result: #4 [c0035b5c3ae0] apparmor_file_alloc_security at c04fd8c8 [Link Register] [c0035b5c3ae0] security_file_alloc at c04923e4 #5 [c0035b5c3b50] security_file_alloc at c04923e4 (unreliable) #6 [c0035b5c3b90] get_empty_filp at c02e7010 #7 [c0035b5c3c10] path_openat at c02faa2c #8 [c0035b5c3c90] do_filp_open at c02fc9bc #9 [c0035b5c3db0] do_sys_open at c02e3150 #10 [c0035b5c3e30] system_call at c0009484 System Call [c01] exception frame: R0: 0005R1: 3fffdf3cb8c0R2: 3fffb7507e00 R3: 0100270514b0R4: 0008R5: 3fffb7501ef8 R6: 0008R7: 9001R8: 3fffdf3cbd40 R9: R10: R11: R12: R13:
[Kernel-packages] [Bug 1770784] Comment bridged from LTC Bugzilla
--- Comment From cha...@us.ibm.com 2018-05-11 22:17 EDT--- Before the first warning occurred about the NULL label and then later the BUG_ON() we see a message raised from ida_remove_warning() [13222.731255] Using 'aes-generic' as fallback implementation. [13222.731258] Using 'ctr(p8_aes)' as fallback implementation. [13244.117851] ida_remove called for id=19 which is not allocated. [13244.117872] AppArmor WARN aa_file_perm: ((!flabel)): and we also have this in the dmesg log and so not clear if this is related to the AppArmor code issues we encounter afterwards: [13244.118303] CPU: 10 PID: 18397 Comm: chgrp Not tainted 4.4.0-124-generic #148-Ubuntu [13244.118309] 0100067a4810 c162aa60 c00359d518d0 c0b09ce4 GPR24: c003ff9de880 0003fee1 [13244.118309] task: c0035be322c0 ti: c0035b5c task.ti: c0035b5c [13244.118313] c00359d512a0 0040 GPR28: c003ffdde880 c003ef780810 c1766ab8 [13244.118314] NIP: c04fd8c8 LR: c04923e4 CTR: c04fd880 [13244.118316] REGS: c0035b5c3860 TRAP: 0700 Not tainted (4.4.0-124-generic) [13244.118391] MSR: 80029033 [13244.118391] NIP [c0590870] ida_remove+0x1e0/0x250 [13244.118394] LR [c059086c] ida_remove+0x1dc/0x250 [13244.118395] Call Trace: [13244.118397] [c003ec0ffa20] [c059086c] ida_remove+0x1dc/0x250 [13244.118398] < [13244.118399] (unreliable) [13244.118401] [c003ec0ffaa0] [c005a318] __destroy_context+0x48/0xc0 [13244.118404] [c003ec0ffad0] [c005a4f0] destroy_context+0xb0/0xe0 [13244.118407] [c003ec0ffb00] [c00b3488] __mmdrop+0x68/0x190 [13244.118408] SF [13244.118408] [13244.118412] ,EE,ME,IR,DR,RI,LE> CR: 24004248 XER: [13244.118421] CFAR: c04923e0 SOFTE: 1 GPR00: c04923e4 c0035b5c3ae0 c15fa700 c000fcd01a00 GPR04: 0001 ffc0 c000fcd01b00 0003fe8d [13244.118422] [c003ec0ffb80] [c00f0db8] finish_task_switch+0x308/0x350 [13244.118457] GPR08: c163a700 0001 GPR12: c04fd880 c7b06400 GPR16: 0013 3fffb7501468 GPR20: 3fffb74ff7e0 [13244.118458] [c003ec0ffc30] [c0b09ce4] __schedule+0x314/0x990 [13244.118458] -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1770784 Title: ISST-LTE:KVM:Ubuntu1804:BostonLC:boslcp4g4:ubuntu1604:P8 compat: guest crashes in apparmor_file_alloc_security() Status in linux package in Ubuntu: New Bug description: Test was running an Ubuntu 16.04 guest with a Ubuntu 18.04 host when the guest dumped a vmcore. According to the dump, the crash is actually a BUG_ON() raised from apparmor_file_alloc_security() having called aa_begin_current_label() which calls aa_current_raw_label() that in turn calls aa_cred_raw_label() where the BUG_ON() resides: static inline struct aa_label *aa_cred_raw_label(const struct cred *cred) { struct aa_task_ctx *ctx = cred_ctx(cred); BUG_ON(!ctx || !ctx->label); return ctx->label; } Now, the warnings we previously had seen raised from aa_file_perm() may have been related since rcu_dereference() as fctx->label is NULL. fctx = file_ctx(file); rcu_read_lock(); flabel = rcu_dereference(fctx->label); AA_BUG(!flabel); KERNEL: /usr/lib/debug/boot/vmlinux-4.4.0-124-generic DUMPFILE: dump.201805110830 [PARTIAL DUMP] CPUS: 32 DATE: Fri May 11 06:30:35 2018 UPTIME: 03:40:43 LOAD AVERAGE: 102.77, 103.38, 100.54 TASKS: 862 NODENAME: boslcp4g4 RELEASE: 4.4.0-124-generic VERSION: #148-Ubuntu SMP Wed May 2 13:02:22 UTC 2018 MACHINE: ppc64le (2134 Mhz) MEMORY: 16 GB PANIC: "kernel BUG at /build/linux-VRGJAN/linux-4.4.0/security/apparmor/include/context.h:69!" PID: 18397 COMMAND: "chgrp" TASK: c0035be322c0 [THREAD_INFO: c0035b5c] CPU: 10 STATE: TASK_RUNNING (PANIC) crash> bt PID: 18397 TASK: c0035be322c0 CPU: 10 COMMAND: "chgrp" #0 [c0035b5c3430] crash_kexec at c0176274 #1 [c0035b5c35d0] die at c0020ef8 #2 [c0035b5c3660] _exception at c0021244 #3 [c0035b5c37f0] program_check_common at c0006208 Program Check [700] exception frame: R0: c04923e4R1: c0035b5c3ae0R2: c15fa700 R3: c000fcd01a00R4: 0001R5: ffc0 R6: c000fcd01b00R7: 0003fe8dR8: c163a700 R9: 0001R10: R11: