apparmor_parser hangs indefinitely when called by multiple threads
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
John Johansen | ||
Yakkety |
Won't Fix
|
Undecided
|
John Johansen | ||
Zesty |
Fix Released
|
Undecided
|
John Johansen |
Bug Description
This bug surfaced when starting ~50 LXC container with LXD in parallel multiple times:
# Create the containers
for c in c foo{1..50}; do lxc launch images:
# Exectute this loop multiple times until you observe errors.
for c in c foo{1..50}; do lxc restart $c & done
After this you can
ps aux | grep apparmor
and you should see output similar to:
root 19774 0.0 0.0 12524 1116 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19775 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19776 0.0 0.0 13592 3224 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19778 0.0 0.0 13592 3384 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19780 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19782 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19783 0.0 0.0 13592 3388 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19784 0.0 0.0 13592 3252 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19794 0.0 0.0 12524 1208 pts/1 S+ 20:14 0:00 apparmor_parser -RWL /var/lib/
root 19795 0.0 0.0 13592 3256 pts/1 D+ 20:14 0:00 apparmor_parser -RWL /var/lib/
apparmor_parser remains stuck even after all LXC/LXD commands have exited.
dmesg output yields lines like:
[41902.815174] audit: type=1400 audit(148019108
and cat /proc/12545/stack shows:
[<ffffffff8c9b9
21:19 brauner [<ffffffff8c9ac
21:19 brauner [<ffffffff8c831
21:19 brauner [<ffffffff8c832
21:19 brauner [<ffffffff8c833
21:19 brauner [<ffffffff8ce95
21:19 brauner [<fffffffffffff
This looks like a potential kernel bug.
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux (Ubuntu Yakkety): | |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux (Ubuntu Zesty): | |
assignee: | nobody → John Johansen (jjohansen) |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Yakkety): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Xenial): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Yakkety): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Yakkety): | |
status: | Fix Released → Triaged |
no longer affects: | apparmor (Ubuntu) |
no longer affects: | linux (Ubuntu Xenial) |
Note that due to a race-condition in low-level LXC that will deadlock when trying to restart a bunch of containers in parallel, you should install the LXC PPA development version when trying to reproduce this bug with LXD.