[Touch-packages] [Bug 1830502] Re: apparmor uses excessive memory leading to oom kill
** Also affects: apparmor Importance: Undecided Status: New ** Changed in: apparmor Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1830502 Title: apparmor uses excessive memory leading to oom kill Status in AppArmor: Confirmed Status in apparmor package in Ubuntu: Confirmed Bug description: When attempting to load the profile from comment #7, apparmor uses excessive amounts of memory leading to being killed by the OOM killer and thus the apparmor.service failing. Original bug description: On Ubuntu 18.04.2 LTS Desktop, after running out of space on my disk, my system was unable to finish booting and I had to go into recovery mode and remove a number of files before the system would boot. After doing so I discovered that now the apparmor.service systemd unit always fails to start. I see this in dmesg: [ 1066.975360] Out of memory: Kill process 6799 (apparmor_parser) score 796 or sacrifice child [ 1066.975364] Killed process 6799 (apparmor_parser) total-vm:15057348kB, anon-rss:15046148kB, file-rss:0kB, shmem-rss:0kB [ 1067.406595] oom_reaper: reaped process 6799 (apparmor_parser), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Whenever apparmor.service is attempted to be started by systemd, i.e. either on boot, or later with `systemctl start apparmor`. The log from journalctl doesn't show any actual issues with any profiles just this: -- Reboot -- May 25 17:00:58 systemd[1]: Starting AppArmor initialization... May 25 17:00:58 apparmor[1521]: * Starting AppArmor profiles May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:01:40 apparmor[1521]:...fail! May 25 17:01:40 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:01:40 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:01:40 systemd[1]: Failed to start AppArmor initialization. May 25 17:04:53 systemd[1]: Starting AppArmor initialization... May 25 17:04:53 apparmor[4747]: * Starting AppArmor profiles May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:05:25 apparmor[4747]:...fail! May 25 17:05:25 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:05:25 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:05:25 systemd[1]: Failed to start AppArmor initialization. I can see that apparmor profiles are active after doing this (using aa-status), but it's still troubling that apparmor runs into an issue without actually saying what the error is. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1830502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1830502] Re: apparmor uses excessive memory leading to oom kill
@Ivan, we are going to fix snapd for the excessive memory usage. AppArmor upstream already uses expr-simplify by default and newer release of Ubuntu use parser.conf to set -O no-expr-simplify so users can manage the setting like any other conffile. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1830502 Title: apparmor uses excessive memory leading to oom kill Status in apparmor package in Ubuntu: Confirmed Bug description: When attempting to load the profile from comment #7, apparmor uses excessive amounts of memory leading to being killed by the OOM killer and thus the apparmor.service failing. Original bug description: On Ubuntu 18.04.2 LTS Desktop, after running out of space on my disk, my system was unable to finish booting and I had to go into recovery mode and remove a number of files before the system would boot. After doing so I discovered that now the apparmor.service systemd unit always fails to start. I see this in dmesg: [ 1066.975360] Out of memory: Kill process 6799 (apparmor_parser) score 796 or sacrifice child [ 1066.975364] Killed process 6799 (apparmor_parser) total-vm:15057348kB, anon-rss:15046148kB, file-rss:0kB, shmem-rss:0kB [ 1067.406595] oom_reaper: reaped process 6799 (apparmor_parser), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Whenever apparmor.service is attempted to be started by systemd, i.e. either on boot, or later with `systemctl start apparmor`. The log from journalctl doesn't show any actual issues with any profiles just this: -- Reboot -- May 25 17:00:58 systemd[1]: Starting AppArmor initialization... May 25 17:00:58 apparmor[1521]: * Starting AppArmor profiles May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:01:40 apparmor[1521]:...fail! May 25 17:01:40 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:01:40 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:01:40 systemd[1]: Failed to start AppArmor initialization. May 25 17:04:53 systemd[1]: Starting AppArmor initialization... May 25 17:04:53 apparmor[4747]: * Starting AppArmor profiles May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:05:25 apparmor[4747]:...fail! May 25 17:05:25 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:05:25 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:05:25 systemd[1]: Failed to start AppArmor initialization. I can see that apparmor profiles are active after doing this (using aa-status), but it's still troubling that apparmor runs into an issue without actually saying what the error is. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1830502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1830502] Re: apparmor uses excessive memory leading to oom kill
The biggest problem is that it isn't easily disabled because it is hardcoded in the script instead of being in /etc/apparmor/parser.conf. Instead of hardcoding, it would had been better to just update that conffile and let dpkg update it if the user didn't change it (which is highly likely) or on new installs. In /lib/apparmor/functions we have this: # LP: #1383858 - expr tree simplification is too slow for some # policy on 32bit ARM, so disable it for now cache_extra_args= if [ -d "$PROFILES_CACHE_VAR" ] && [ "$pdir" = "$PROFILES_VAR" ]; then cache_extra_args="-O no-expr-simplify" fi So now for machines with 2Gib of RAM and Snaps, Ubuntu 18.04 has become unusable. I know the minimum requirements are 4Gib but it did actually work fine with 2Gib before so it is a bit sad to loose that capability. My suggestion is to just revert that change and do it in parser.conf instead, so at least we have the option to easily modify it to retain some 2Gib support. Thanks a lot for considering this!!! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1830502 Title: apparmor uses excessive memory leading to oom kill Status in apparmor package in Ubuntu: Confirmed Bug description: When attempting to load the profile from comment #7, apparmor uses excessive amounts of memory leading to being killed by the OOM killer and thus the apparmor.service failing. Original bug description: On Ubuntu 18.04.2 LTS Desktop, after running out of space on my disk, my system was unable to finish booting and I had to go into recovery mode and remove a number of files before the system would boot. After doing so I discovered that now the apparmor.service systemd unit always fails to start. I see this in dmesg: [ 1066.975360] Out of memory: Kill process 6799 (apparmor_parser) score 796 or sacrifice child [ 1066.975364] Killed process 6799 (apparmor_parser) total-vm:15057348kB, anon-rss:15046148kB, file-rss:0kB, shmem-rss:0kB [ 1067.406595] oom_reaper: reaped process 6799 (apparmor_parser), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Whenever apparmor.service is attempted to be started by systemd, i.e. either on boot, or later with `systemctl start apparmor`. The log from journalctl doesn't show any actual issues with any profiles just this: -- Reboot -- May 25 17:00:58 systemd[1]: Starting AppArmor initialization... May 25 17:00:58 apparmor[1521]: * Starting AppArmor profiles May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:01:40 apparmor[1521]:...fail! May 25 17:01:40 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:01:40 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:01:40 systemd[1]: Failed to start AppArmor initialization. May 25 17:04:53 systemd[1]: Starting AppArmor initialization... May 25 17:04:53 apparmor[4747]: * Starting AppArmor profiles May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:05:25 apparmor[4747]:...fail! May 25 17:05:25 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:05:25 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:05:25 systemd[1]: Failed to start AppArmor initialization. I can see that apparmor profiles are active after doing this (using aa-status), but it's still troubling that apparmor runs into an issue without actually saying what the error is. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1830502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1830502] Re: apparmor uses excessive memory leading to oom kill
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1830502 Title: apparmor uses excessive memory leading to oom kill Status in apparmor package in Ubuntu: Confirmed Bug description: When attempting to load the profile from comment #7, apparmor uses excessive amounts of memory leading to being killed by the OOM killer and thus the apparmor.service failing. Original bug description: On Ubuntu 18.04.2 LTS Desktop, after running out of space on my disk, my system was unable to finish booting and I had to go into recovery mode and remove a number of files before the system would boot. After doing so I discovered that now the apparmor.service systemd unit always fails to start. I see this in dmesg: [ 1066.975360] Out of memory: Kill process 6799 (apparmor_parser) score 796 or sacrifice child [ 1066.975364] Killed process 6799 (apparmor_parser) total-vm:15057348kB, anon-rss:15046148kB, file-rss:0kB, shmem-rss:0kB [ 1067.406595] oom_reaper: reaped process 6799 (apparmor_parser), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Whenever apparmor.service is attempted to be started by systemd, i.e. either on boot, or later with `systemctl start apparmor`. The log from journalctl doesn't show any actual issues with any profiles just this: -- Reboot -- May 25 17:00:58 systemd[1]: Starting AppArmor initialization... May 25 17:00:58 apparmor[1521]: * Starting AppArmor profiles May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:01:40 apparmor[1521]:...fail! May 25 17:01:40 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:01:40 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:01:40 systemd[1]: Failed to start AppArmor initialization. May 25 17:04:53 systemd[1]: Starting AppArmor initialization... May 25 17:04:53 apparmor[4747]: * Starting AppArmor profiles May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:05:25 apparmor[4747]:...fail! May 25 17:05:25 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:05:25 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:05:25 systemd[1]: Failed to start AppArmor initialization. I can see that apparmor profiles are active after doing this (using aa-status), but it's still troubling that apparmor runs into an issue without actually saying what the error is. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1830502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1830502] Re: apparmor uses excessive memory leading to oom kill
@Sergio: your issue is different. It is being killed during a kernel operation (sys_write) due to a vmalloc failure, where this bug is occurring during a userspace compile. Please open a new bug -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1830502 Title: apparmor uses excessive memory leading to oom kill Status in apparmor package in Ubuntu: New Bug description: When attempting to load the profile from comment #7, apparmor uses excessive amounts of memory leading to being killed by the OOM killer and thus the apparmor.service failing. Original bug description: On Ubuntu 18.04.2 LTS Desktop, after running out of space on my disk, my system was unable to finish booting and I had to go into recovery mode and remove a number of files before the system would boot. After doing so I discovered that now the apparmor.service systemd unit always fails to start. I see this in dmesg: [ 1066.975360] Out of memory: Kill process 6799 (apparmor_parser) score 796 or sacrifice child [ 1066.975364] Killed process 6799 (apparmor_parser) total-vm:15057348kB, anon-rss:15046148kB, file-rss:0kB, shmem-rss:0kB [ 1067.406595] oom_reaper: reaped process 6799 (apparmor_parser), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Whenever apparmor.service is attempted to be started by systemd, i.e. either on boot, or later with `systemctl start apparmor`. The log from journalctl doesn't show any actual issues with any profiles just this: -- Reboot -- May 25 17:00:58 systemd[1]: Starting AppArmor initialization... May 25 17:00:58 apparmor[1521]: * Starting AppArmor profiles May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:01:40 apparmor[1521]:...fail! May 25 17:01:40 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:01:40 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:01:40 systemd[1]: Failed to start AppArmor initialization. May 25 17:04:53 systemd[1]: Starting AppArmor initialization... May 25 17:04:53 apparmor[4747]: * Starting AppArmor profiles May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:05:25 apparmor[4747]:...fail! May 25 17:05:25 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:05:25 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:05:25 systemd[1]: Failed to start AppArmor initialization. I can see that apparmor profiles are active after doing this (using aa-status), but it's still troubling that apparmor runs into an issue without actually saying what the error is. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1830502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1830502] Re: apparmor uses excessive memory leading to oom kill
Hi, running the snapd tests on i386 I see the following error that could be related to this. It is failing with pc-kernel on beta and candidate but I coun't reproduce it with the version on stable. > snap list Name VersionRev Tracking Publisher Notes core 16-2.39.1 7122 beta canonical* core pc 16.04-0.10 34candidate canonical* gadget pc-kernel 4.4.0-149.175 219 candidate canonical* kernel Logs: May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: vmap allocation for size 73728 failed: use vmalloc= to increase size. May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: vmalloc: allocation failure: 68497 bytes May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: apparmor_parser: page allocation failure: order:0, mode:0x24000c2 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: CPU: 1 PID: 23415 Comm: apparmor_parser Not tainted 4.4.0-149-generic #175-Ubuntu May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: c1b15967 70e2bd9c 0286 d0cf7e00 c13c12ef c1a1ce6c 0001 d0cf7e30 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: c11821b6 c1a1b220 f479a700 024000c2 d0cf7e44 c1a1ce6c d0cf7e18 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: 70e2bd9c 00010b91 d0cf7e60 c11ba86f 024000c2 c1a1ce6c May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: Call Trace: May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] dump_stack+0x58/0x79 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] warn_alloc_failed+0xd6/0x110 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] __vmalloc_node_range+0x1ef/0x210 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] __vmalloc_node+0x66/0x70 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] ? __aa_kvmalloc+0x28/0x60 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] vmalloc+0x38/0x40 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] ? __aa_kvmalloc+0x28/0x60 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] __aa_kvmalloc+0x28/0x60 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] aa_simple_write_to_buffer+0x34/0x90 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] policy_update+0x73/0x230 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] ? security_file_permission+0x3e/0xd0 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] profile_replace+0x98/0xe0 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] ? policy_update+0x230/0x230 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] __vfs_write+0x22/0x50 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] vfs_write+0x8c/0x1b0 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] SyS_write+0x51/0xb0 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] do_fast_syscall_32+0x9f/0x190 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: [] sysenter_past_esp+0x3d/0x61 May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: Mem-Info: May 30 03:57:34 localhost.localdomain snapd[23208]: May 30 03:57:33 localhost.localdomain kernel: active_anon:10318 inactive_anon:1512 isolated_anon:0 May 30 03:57:34 localhost.localdomain snapd[23208]: active_file:77754 inactive_file:23998 isolated_file:0 May 30 03:57:34 localhost.localdomain snapd[23208]: unevictable:0 dirty:551 writeback:0 unstable:0 May 30 03:57:34 localhost.localdomain snapd[23208]: slab_reclaimable:7394 slab_unreclaimable:13711 May 30 03:57:34
[Touch-packages] [Bug 1830502] Re: apparmor uses excessive memory leading to oom kill
** Summary changed: - apparmor fails to start with no parser errors + apparmor uses excessive memory leading to oom kill ** Description changed: + When attempting to load the profile from comment #7, apparmor uses + excessive amounts of memory leading to being killed by the OOM killer + and thus the apparmor.service failing. + + Original bug description: + On Ubuntu 18.04.2 LTS Desktop, after running out of space on my disk, my system was unable to finish booting and I had to go into recovery mode and remove a number of files before the system would boot. After doing so I discovered that now the apparmor.service systemd unit always fails to start. I see this in dmesg: [ 1066.975360] Out of memory: Kill process 6799 (apparmor_parser) score 796 or sacrifice child [ 1066.975364] Killed process 6799 (apparmor_parser) total-vm:15057348kB, anon-rss:15046148kB, file-rss:0kB, shmem-rss:0kB [ 1067.406595] oom_reaper: reaped process 6799 (apparmor_parser), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Whenever apparmor.service is attempted to be started by systemd, i.e. either on boot, or later with `systemctl start apparmor`. The log from journalctl doesn't show any actual issues with any profiles just this: -- Reboot -- May 25 17:00:58 systemd[1]: Starting AppArmor initialization... May 25 17:00:58 apparmor[1521]: * Starting AppArmor profiles May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:01:40 apparmor[1521]:...fail! May 25 17:01:40 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:01:40 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:01:40 systemd[1]: Failed to start AppArmor initialization. May 25 17:04:53 systemd[1]: Starting AppArmor initialization... May 25 17:04:53 apparmor[4747]: * Starting AppArmor profiles May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:05:25 apparmor[4747]:...fail! May 25 17:05:25 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:05:25 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:05:25 systemd[1]: Failed to start AppArmor initialization. I can see that apparmor profiles are active after doing this (using aa- status), but it's still troubling that apparmor runs into an issue without actually saying what the error is. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1830502 Title: apparmor uses excessive memory leading to oom kill Status in apparmor package in Ubuntu: New Bug description: When attempting to load the profile from comment #7, apparmor uses excessive amounts of memory leading to being killed by the OOM killer and thus the apparmor.service failing. Original bug description: On Ubuntu 18.04.2 LTS Desktop, after running out of space on my disk, my system was unable to finish booting and I had to go into recovery mode and remove a number of files before the system would boot. After doing so I discovered that now the apparmor.service systemd unit always fails to start. I see this in dmesg: [ 1066.975360] Out of memory: Kill process 6799 (apparmor_parser) score 796 or sacrifice child [ 1066.975364] Killed process 6799 (apparmor_parser) total-vm:15057348kB, anon-rss:15046148kB, file-rss:0kB, shmem-rss:0kB [ 1067.406595] oom_reaper: reaped process 6799 (apparmor_parser), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB Whenever apparmor.service is attempted to be started by systemd, i.e. either on boot, or later with `systemctl start apparmor`. The log from journalctl doesn't show any actual issues with any profiles just this: -- Reboot -- May 25 17:00:58 systemd[1]: Starting AppArmor initialization... May 25 17:00:58 apparmor[1521]: * Starting AppArmor profiles May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:00:58 apparmor[1521]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd May 25 17:01:40 apparmor[1521]:...fail! May 25 17:01:40 systemd[1]: apparmor.service: Main process exited, code=exited, status=123/n/a May 25 17:01:40 systemd[1]: apparmor.service: Failed with result 'exit-code'. May 25 17:01:40 systemd[1]: Failed to start AppArmor initialization. May 25 17:04:53 systemd[1]: Starting AppArmor initialization... May 25 17:04:53 apparmor[4747]: * Starting AppArmor profiles May 25 17:04:53 apparmor[4747]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox May 25 17:04:53
