Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1615144
Title:
BUG: unable to handle kernel NULL pointer dereference
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
The latest update from the Xenial InRelease repository makes the
following processes consume 100% CPU:
thermald (1.5-2ubuntu2)
imap (Dovecot 1:2.2.22-1ubuntu2)
imap-login (Dovecot 1:2.2.22-1ubuntu2)
and eventualy (after 1-2 minutes) render the system completely unresponsive.
"NMI watchdog: Watchdog detected hard LOCKUP on cpu 0".
I was able to recreate the problem on my test system, so whatever is
missing in this report should be easy to simulate on another system.
All apparmor profiles are standard.
# aa-status
apparmor module is loaded.
49 profiles are loaded.
13 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/freshclam
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/chromium-browser/chromium-browser//browser_java
/usr/lib/chromium-browser/chromium-browser//browser_openjdk
/usr/lib/chromium-browser/chromium-browser//sanitized_helper
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/clamd
/usr/sbin/mysqld
/usr/sbin/named
/usr/sbin/ntpd
/usr/sbin/tcpdump
36 profiles are in complain mode.
/usr/lib/chromium-browser/chromium-browser
/usr/lib/chromium-browser/chromium-browser//chromium_browser_sandbox
/usr/lib/chromium-browser/chromium-browser//lsb_release
/usr/lib/chromium-browser/chromium-browser//xdgsettings
/usr/lib/dovecot/anvil
/usr/lib/dovecot/auth
/usr/lib/dovecot/config
/usr/lib/dovecot/deliver
/usr/lib/dovecot/dict
/usr/lib/dovecot/dovecot-lda
/usr/lib/dovecot/dovecot-lda///usr/sbin/sendmail
/usr/lib/dovecot/imap
/usr/lib/dovecot/imap-login
/usr/lib/dovecot/lmtp
/usr/lib/dovecot/log
/usr/lib/dovecot/managesieve
/usr/lib/dovecot/managesieve-login
/usr/lib/dovecot/pop3
/usr/lib/dovecot/pop3-login
/usr/lib/dovecot/ssl-params
/usr/sbin/avahi-daemon
/usr/sbin/dnsmasq
/usr/sbin/dnsmasq//libvirt_leaseshelper
/usr/sbin/dovecot
/usr/sbin/identd
/usr/sbin/mdnsd
/usr/sbin/nmbd
/usr/sbin/nscd
/usr/sbin/smbd
/usr/sbin/smbldap-useradd
/usr/sbin/smbldap-useradd///etc/init.d/nscd
/usr/{sbin/traceroute,bin/traceroute.db}
/{usr/,}bin/ping
klogd
syslog-ng
syslogd
25 processes have profiles defined.
5 processes are in enforce mode.
/usr/bin/freshclam (2942)
/usr/sbin/clamd (3080)
/usr/sbin/mysqld (3767)
/usr/sbin/named (3634)
/usr/sbin/ntpd (3468)
20 processes are in complain mode.
/usr/lib/dovecot/anvil (3827)
/usr/lib/dovecot/auth (3845)
/usr/lib/dovecot/auth (4503)
/usr/lib/dovecot/config (3830)
/usr/lib/dovecot/imap (6139)
/usr/lib/dovecot/imap (6952)
/usr/lib/dovecot/imap-login (3826)
/usr/lib/dovecot/imap-login (3832)
/usr/lib/dovecot/imap-login (6048)
/usr/lib/dovecot/imap-login (7924)
/usr/lib/dovecot/imap-login (12248)
/usr/lib/dovecot/imap-login (12740)
/usr/lib/dovecot/imap-login (12816)
/usr/lib/dovecot/imap-login (14112)
/usr/lib/dovecot/imap-login (14508)
/usr/lib/dovecot/imap-login (14533)
/usr/lib/dovecot/log (3828)
/usr/lib/dovecot/managesieve-login (12794)
/usr/lib/dovecot/ssl-params (4498)
/usr/sbin/dovecot (3816)
0 processes are unconfined but have a profile defined.
# uname -r
4.4.0-34-generic
# apt-get install apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
apparmor-profiles-extra apparmor-docs apparmor-utils
The following packages will be upgraded:
apparmor
1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 446 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Get:1 http://se.archive.ubuntu.com/ubuntu xenial-updates/main amd64 apparmor
amd64 2.10.95-0ubuntu2.2 [446 kB]
Fetched 446 kB in 0s (4,172 kB/s)
Preconfiguring packages ...
(Reading database ... 115108 files and directories currently installed.)
Preparing to unpack .../apparmor_2.10.95-0ubuntu2.2_amd64.deb ...
Unpacking apparmor (2.10.95-0ubuntu2.2) over (2.10.95-0ubuntu2) ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up apparmor (2.10.95-0ubuntu2.2) ...
Installing new version of config file
/etc/apparmor.d/abstractions/dbus-session-strict ...
update-rc.d: warning: start and stop actions are no longer supported; falling
back to defaults
/var/log/kern.log:
Aug 19 22:52:05 beta kernel: [714135.698652] audit: type=1400
audit(1471639925.925:2053): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="/{usr/,}bin/ping" pid=9270 comm="apparmor_parser"
Aug 19 22:52:05 beta kernel: [714135.761699] audit: type=1400
audit(1471639925.985:2054): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="klogd" pid=9273 comm="apparmor_parser"
Aug 19 22:52:06 beta kernel: [714135.854113] audit: type=1400
audit(1471639926.081:2055): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="/sbin/dhclient" pid=9271 comm="apparmor_parser"
Aug 19 22:52:06 beta kernel: [714135.854450] audit: type=1400
audit(1471639926.081:2056): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action"
pid=9271 comm="apparmor_parser"
Aug 19 22:52:06 beta kernel: [714135.854834] audit: type=1400
audit(1471639926.081:2057): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=9271
comm="apparmor_parser"
Aug 19 22:52:06 beta kernel: [714135.855118] audit: type=1400
audit(1471639926.081:2058): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=9271
comm="apparmor_parser"
Aug 19 22:52:06 beta kernel: [714135.859237] audit: type=1400
audit(1471639926.085:2059): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="syslogd" pid=9275 comm="apparmor_parser"
Aug 19 22:52:06 beta kernel: [714135.971474] audit: type=1400
audit(1471639926.197:2060): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="syslog-ng" pid=9277 comm="apparmor_parser"
Aug 19 22:52:06 beta kernel: [714136.022994] audit: type=1400
audit(1471639926.249:2061): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="/usr/lib/dovecot/anvil" pid=9281
comm="apparmor_parser"
Aug 19 22:52:06 beta kernel: [714136.023132] ------------[ cut here
]------------
Aug 19 22:52:06 beta kernel: [714136.023191] WARNING: CPU: 1 PID: 9281 at
/build/linux-5vkMGy/linux-4.4.0/security/apparmor/label.c:142
profile_cmp+0xed/0x180()
Aug 19 22:52:06 beta kernel: [714136.023193] AppArmor WARN profile_cmp:
((!b)):
Aug 19 22:52:06 beta kernel: [714136.023197] Modules linked in: udp_diag
tcp_diag inet_diag nfnetlink_queue nfnetlink_log nfnetlink bluetooth xt_recent
binfmt_misc btrfs xor raid6_pq ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs
libcrc32c vmw_vsock_vmci_transport vsock ppdev coretemp crct10dif_pclmul
crc32_pclmul vmw_balloon cryptd joydev input_leds serio_raw 8250_fintek
parport_pc shpchp vmw_vmci i2c_piix4 mac_hid ip6t_REJECT nf_reject_ipv6
nf_log_ipv6 xt_hl nf_conntrack_ipv6 nf_defrag_ipv6 ip6t_rt ipt_REJECT
nf_reject_ipv4 xt_comment nf_log_ipv4 nf_log_common xt_LOG xt_multiport
xt_limit xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_addrtype xt_conntrack
ip6table_filter ip6_tables nf_conntrack_netbios_ns nf_conntrack_broadcast
nf_nat_ftp nf_nat nf_conntrack_ftp nf_conntrack iptable_filter ip_tables
x_tables lp parport autofs4 psmouse vmxnet3 vmwgfx ttm vmw_pvscsi
drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops pata_acpi drm
floppy fjes
Aug 19 22:52:06 beta kernel: [714136.023318] CPU: 1 PID: 9281 Comm:
apparmor_parser Not tainted 4.4.0-34-generic #53-Ubuntu
Aug 19 22:52:06 beta kernel: [714136.023320] Hardware name: VMware, Inc.
VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/14/2014
Aug 19 22:52:06 beta kernel: [714136.023322] 0000000000000086
0000000008f1575b ffff880008b87c00 ffffffff813f11b3
Aug 19 22:52:06 beta kernel: [714136.023324] ffff880008b87c48
ffffffff81cf08e8 ffff880008b87c38 ffffffff81081102
Aug 19 22:52:06 beta kernel: [714136.023326] ffff88003c0a8400
0000000000000000 0000000000000009 0000000000000000
Aug 19 22:52:06 beta kernel: [714136.023328] Call Trace:
Aug 19 22:52:06 beta kernel: [714136.023346] [<ffffffff813f11b3>]
dump_stack+0x63/0x90
Aug 19 22:52:06 beta kernel: [714136.023360] [<ffffffff81081102>]
warn_slowpath_common+0x82/0xc0
Aug 19 22:52:06 beta kernel: [714136.023362] [<ffffffff8108119c>]
warn_slowpath_fmt+0x5c/0x80
Aug 19 22:52:06 beta kernel: [714136.023369] [<ffffffff813ffc40>] ?
u32_swap+0x10/0x10
Aug 19 22:52:06 beta kernel: [714136.023371] [<ffffffff8139072d>]
profile_cmp+0xed/0x180
Aug 19 22:52:06 beta kernel: [714136.023373] [<ffffffff81391843>]
aa_vec_unique+0x163/0x240
Aug 19 22:52:06 beta kernel: [714136.023376] [<ffffffff81395ab7>]
__aa_labelset_update_subtree+0x687/0x820
Aug 19 22:52:06 beta kernel: [714136.023379] [<ffffffff8138897b>]
aa_replace_profiles+0x59b/0xb70
Aug 19 22:52:06 beta kernel: [714136.023388] [<ffffffff811ecf4e>] ?
__kmalloc+0x22e/0x250
Aug 19 22:52:06 beta kernel: [714136.023391] [<ffffffff8137d69f>]
policy_update+0x9f/0x1f0
Aug 19 22:52:06 beta kernel: [714136.023393] [<ffffffff8137d803>]
profile_replace+0x13/0x20
Aug 19 22:52:06 beta kernel: [714136.023401] [<ffffffff8120c9d8>]
__vfs_write+0x18/0x40
Aug 19 22:52:06 beta kernel: [714136.023403] [<ffffffff8120d369>]
vfs_write+0xa9/0x1a0
Aug 19 22:52:06 beta kernel: [714136.023406] [<ffffffff8120c2ff>] ?
do_sys_open+0x1bf/0x2a0
Aug 19 22:52:06 beta kernel: [714136.023408] [<ffffffff8120e025>]
SyS_write+0x55/0xc0
Aug 19 22:52:06 beta kernel: [714136.023421] [<ffffffff8182def2>]
entry_SYSCALL_64_fastpath+0x16/0x71
Aug 19 22:52:06 beta kernel: [714136.023423] ---[ end trace 9f21e4366b6b8d2d
]---
Aug 19 22:52:06 beta kernel: [714136.023437] BUG: unable to handle kernel
NULL pointer dereference at 0000000000000038
Aug 19 22:52:06 beta kernel: [714136.023531] IP: [<ffffffff8139066f>]
profile_cmp+0x2f/0x180
Aug 19 22:52:06 beta kernel: [714136.023596] PGD 35afe067 PUD 3d556067 PMD 0
Aug 19 22:52:06 beta kernel: [714136.023694] Oops: 0000 [#1] SMP
Aug 19 22:52:06 beta kernel: [714136.023755] Modules linked in: udp_diag
tcp_diag inet_diag nfnetlink_queue nfnetlink_log nfnetlink bluetooth xt_recent
binfmt_misc btrfs xor raid6_pq ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs
libcrc32c vmw_vsock_vmci_transport vsock ppdev coretemp crct10dif_pclmul
crc32_pclmul vmw_balloon cryptd joydev input_leds serio_raw 8250_fintek
parport_pc shpchp vmw_vmci i2c_piix4 mac_hid ip6t_REJECT nf_reject_ipv6
nf_log_ipv6 xt_hl nf_conntrack_ipv6 nf_defrag_ipv6 ip6t_rt ipt_REJECT
nf_reject_ipv4 xt_comment nf_log_ipv4 nf_log_common xt_LOG xt_multiport
xt_limit xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_addrtype xt_conntrack
ip6table_filter ip6_tables nf_conntrack_netbios_ns nf_conntrack_broadcast
nf_nat_ftp nf_nat nf_conntrack_ftp nf_conntrack iptable_filter ip_tables
x_tables lp parport autofs4 psmouse vmxnet3 vmwgfx ttm vmw_pvscsi
drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops pata_acpi drm
floppy fjes
Aug 19 22:52:06 beta kernel: [714136.024610] CPU: 1 PID: 9281 Comm:
apparmor_parser Tainted: G W 4.4.0-34-generic #53-Ubuntu
Aug 19 22:52:06 beta kernel: [714136.024689] Hardware name: VMware, Inc.
VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/14/2014
Aug 19 22:52:06 beta kernel: [714136.024737] task: ffff880026688cc0 ti:
ffff880008b84000 task.ti: ffff880008b84000
Aug 19 22:52:06 beta kernel: [714136.024770] RIP: 0010:[<ffffffff8139066f>]
[<ffffffff8139066f>] profile_cmp+0x2f/0x180
Aug 19 22:52:06 beta kernel: [714136.024823] RSP: 0018:ffff880008b87cb0
EFLAGS: 00010086
Aug 19 22:52:06 beta kernel: [714136.025096] RAX: 0000000000000000 RBX:
ffff88003c0a8400 RCX: 0000000000000006
Aug 19 22:52:06 beta kernel: [714136.025170] RDX: 0000000000000000 RSI:
0000000000000000 RDI: 0000000000000009
Aug 19 22:52:06 beta kernel: [714136.025281] RBP: ffff880008b87cc0 R08:
000000005b2d2d2d R09: 00000000000084d1
Aug 19 22:52:06 beta kernel: [714136.025355] R10: 69666f7270204e52 R11:
00000000000084d1 R12: 0000000000000000
Aug 19 22:52:06 beta kernel: [714136.025425] R13: 0000000000000009 R14:
0000000000000000 R15: ffff88003503d050
Aug 19 22:52:06 beta kernel: [714136.025497] FS: 00007fc95d227740(0000)
GS:ffff88003fd00000(0000) knlGS:0000000000000000
Aug 19 22:52:06 beta kernel: [714136.025572] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Aug 19 22:52:06 beta kernel: [714136.025634] CR2: 0000000000000038 CR3:
0000000017d43000 CR4: 00000000000406e0
Aug 19 22:52:06 beta kernel: [714136.025794] Stack:
Aug 19 22:52:06 beta kernel: [714136.025837] 000000000000000a
ffff88003503d0a0 ffff880008b87d08 ffffffff81391843
Aug 19 22:52:06 beta kernel: [714136.025916] 000000013475e830
ffff88000000000a ffff88003503d050 ffff88003c0a8760
Aug 19 22:52:06 beta kernel: [714136.025994] ffff88003b6f4cc8
ffff88003503d000 ffff88003b6f4cc0 ffff880008b87d98
Aug 19 22:52:06 beta kernel: [714136.026072] Call Trace:
Aug 19 22:52:06 beta kernel: [714136.027329] [<ffffffff81391843>]
aa_vec_unique+0x163/0x240
Aug 19 22:52:06 beta kernel: [714136.028403] [<ffffffff81395ab7>]
__aa_labelset_update_subtree+0x687/0x820
Aug 19 22:52:06 beta kernel: [714136.029473] [<ffffffff8138897b>]
aa_replace_profiles+0x59b/0xb70
Aug 19 22:52:06 beta kernel: [714136.030541] [<ffffffff811ecf4e>] ?
__kmalloc+0x22e/0x250
Aug 19 22:52:06 beta kernel: [714136.031622] [<ffffffff8137d69f>]
policy_update+0x9f/0x1f0
Aug 19 22:52:06 beta kernel: [714136.032684] [<ffffffff8137d803>]
profile_replace+0x13/0x20
Aug 19 22:52:06 beta kernel: [714136.033699] [<ffffffff8120c9d8>]
__vfs_write+0x18/0x40
Aug 19 22:52:06 beta kernel: [714136.034714] [<ffffffff8120d369>]
vfs_write+0xa9/0x1a0
Aug 19 22:52:06 beta kernel: [714136.035728] [<ffffffff8120c2ff>] ?
do_sys_open+0x1bf/0x2a0
Aug 19 22:52:06 beta kernel: [714136.036643] [<ffffffff8120e025>]
SyS_write+0x55/0xc0
Aug 19 22:52:06 beta kernel: [714136.037570] [<ffffffff8182def2>]
entry_SYSCALL_64_fastpath+0x16/0x71
Aug 19 22:52:06 beta kernel: [714136.038633] Code: 00 55 48 85 ff 48 89 e5 41
54 53 49 89 f4 48 89 fb 0f 84 8b 00 00 00 4d 85 e4 0f 84 aa 00 00 00 48 83 7b
38 00 0f 84 c9 00 00 00 <49> 83 7c 24 38 00 0f 84 e8 00 00 00 48 83 7b 08 00 0f
84 07 01
Aug 19 22:52:06 beta kernel: [714136.041564] RIP [<ffffffff8139066f>]
profile_cmp+0x2f/0x180
Aug 19 22:52:06 beta kernel: [714136.042473] RSP <ffff880008b87cb0>
Aug 19 22:52:06 beta kernel: [714136.043290] CR2: 0000000000000038
Aug 19 22:52:06 beta kernel: [714136.045634] ---[ end trace 9f21e4366b6b8d2e
]---
# ps -ef | grep dpkg
root 9208 1 0 22:52 ? 00:00:00 /usr/bin/dpkg --status-fd 41
--configure apparmor:amd64
root 9209 9208 0 22:52 ? 00:00:00 /usr/bin/perl -w
/usr/share/debconf/frontend /var/lib/dpkg/info/apparmor.postinst configure
2.10.95-0ubuntu2
root 9216 9209 0 22:52 ? 00:00:00 /bin/sh
/var/lib/dpkg/info/apparmor.postinst configure 2.10.95-0ubuntu2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1615144/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
