This bug was fixed in the package linux - 4.10.0-8.10
---------------
linux (4.10.0-8.10) zesty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1664217
* [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
(LP: #1663687)
- scsi: storvsc: Enable tracking of queue depth
- scsi: storvsc: Remove the restriction on max segment size
- scsi: storvsc: Enable multi-queue support
- scsi: storvsc: use tagged SRB requests if supported by the device
- scsi: storvsc: properly handle SRB_ERROR when sense message is present
- scsi: storvsc: properly set residual data length on errors
* Ubuntu16.10-KVM:Big configuration with multiple guests running SRIOV VFs
caused KVM host hung and all KVM guests down. (LP: #1651248)
- KVM: PPC: Book 3S: XICS cleanup: remove XICS_RM_REJECT
- KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
- KVM: PPC: Book 3S: XICS: Fix potential issue with duplicate IRQ resends
- KVM: PPC: Book 3S: XICS: Implement ICS P/Q states
- KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend
* overlay: mkdir fails if directory exists in lowerdir in a user namespace
(LP: #1531747)
- SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
* CVE-2016-1575 (LP: #1534961)
- SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
* CVE-2016-1576 (LP: #1535150)
- SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs
* Miscellaneous Ubuntu changes
- SAUCE: md/raid6 algorithms: scale test duration for speedier boots
- SAUCE: Import aufs driver
- d-i: Build message-modules udeb for arm64
- rebase to v4.10-rc8
* Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: aufs -- remove .readlink assignment"
- Revert "UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support
setattr_prepare()"
- Revert "UBUNTU: SAUCE: aufs -- Add flags argument to aufs_rename()"
- Revert "UBUNTU: SAUCE: aufs -- Convert to use xattr handlers"
- Revert "UBUNTU: SAUCE: Import aufs driver"
[ Upstream Kernel Changes ]
* rebase to v4.10-rc8
-- Tim Gardner <tim.gard...@canonical.com> Mon, 06 Feb 2017 08:34:24
-0700
** Changed in: linux (Ubuntu Zesty)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1575
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1576
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1645037
Title:
apparmor_parser hangs indefinitely when called by multiple threads
Status in apparmor package in Ubuntu:
Triaged
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Status in linux source package in Zesty:
Fix Released
Bug description:
This bug surfaced when starting ~50 LXC container with LXD in parallel
multiple times:
# Create the containers
for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done
# Exectute this loop multiple times until you observe errors.
for c in c foo{1..50}; do lxc restart $c & done
After this you can
ps aux | grep apparmor
and you should see output similar to:
root 19774 0.0 0.0 12524 1116 pts/1 S+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
root 19775 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
root 19776 0.0 0.0 13592 3224 pts/1 D+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
root 19778 0.0 0.0 13592 3384 pts/1 D+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
root 19780 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
root 19782 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
root 19783 0.0 0.0 13592 3388 pts/1 D+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
root 19784 0.0 0.0 13592 3252 pts/1 D+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
root 19794 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo25
root 19795 0.0 0.0 13592 3256 pts/1 D+ 20:14 0:00
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache
/var/lib/lxd/security/apparmor/profiles/lxd-foo25
apparmor_parser remains stuck even after all LXC/LXD commands have
exited.
dmesg output yields lines like:
[41902.815174] audit: type=1400 audit(1480191089.678:43):
apparmor="STATUS" operation="profile_load" profile="unconfined" name
="lxd-foo30_</var/lib/lxd>" pid=12545 comm="apparmor_parser"
and cat /proc/12545/stack shows:
[<ffffffff8c9b9378>] aa_remove_profiles+0x88/0x270
21:19 brauner [<ffffffff8c9ac3e4>] profile_remove+0x144/0x2e0
21:19 brauner [<ffffffff8c8319b8>] __vfs_write+0x18/0x40
21:19 brauner [<ffffffff8c832108>] vfs_write+0xb8/0x1b0
21:19 brauner [<ffffffff8c833565>] SyS_write+0x55/0xc0
21:19 brauner [<ffffffff8ce952f6>] entry_SYSCALL_64_fastpath+0x1e/0xa8
21:19 brauner [<ffffffffffffffff>] 0xffffffffffffffff
This looks like a potential kernel bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1645037/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
