test profile that can trigger the bug.
** Description changed: - Boot questing with current kernel 6.14 and apparmor - 5.0.0~alpha1-0ubuntu1 + SRU Justification: + + [Impact] + + Profile loads containing the attach_disconnected.path policy flag can + cause the kernel to panic if such a profile is loaded into the kernel + and subsequently replaced or removed. + + [Fix] + + Apply attached patch + UBUNTU: SAUCE: apparmor5.0.0 [94/93]: apparmor: prevent pro file->disconnected double free in aa_free_profile + + [Test Plan] + + download attached file trigger-lp2120233.profile + $ sudo apparmor_parser -r trigger-lp2120233.profile + $ sudo apparmor_parser -R trigger-lp2120233.profile + + The apparmor_parser -R step will trigger the a kernel ops/panic. If the + kernel is patched there shouldn't be an oops. + + [Where problems could occur] + + This can be caused by: + - the lsof profile in apparmor 5.0 + - custom created profiles containing the attach_disconnected.path policy flag. + + Once a profile with the above flag is set. Any action causing profile + replacement/removal of the profile will trigger the bug. This includes + + - manually replacing/removing profiles via apparmor parser + - systemctl restart apparmor + - upgrading apparmor_5.0.0~alpha1-0ubuntu1 to apparmor_5.0.0~alpha1-0ubuntu2 + - release upgrading between plucky & questing if a profile with the problematic attach_disconnected.path policy flag has been loaded (not the case with default policy). + + + [Other Info] + + This bug can be triggered by the qa-regression-testing suit. If a + profile containing attach_disconnected.path is present in + /etc/apparmor.d/ even when the profile is disabled because the qa- + regression-testing suit will attempt to enable and test all disabled + profiles. + + There is a separate fix being applied to qa-regression-testing to ensure + it doesn't trigger this bug. + + + [Original Bug Description] + + + Boot questing with current kernel 6.14 and apparmor 5.0.0~alpha1-0ubuntu1 Issue "sudo systemctl apparmor reload" (or restart) Experience kernel panic. ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: linux-image-6.15.0-4-generic 6.15.0-4.4 ProcVersionSignature: Ubuntu 6.15.0-4.4-generic 6.15.0 Uname: Linux 6.15.0-4-generic x86_64 AlsaDevices: - total 0 - crw-rw---- 1 root audio 116, 1 Aug 9 16:14 seq - crw-rw---- 1 root audio 116, 33 Aug 9 16:14 timer + total 0 + crw-rw---- 1 root audio 116, 1 Aug 9 16:14 seq + crw-rw---- 1 root audio 116, 33 Aug 9 16:14 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.33.1-0ubuntu1 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: N/A CasperMD5CheckResult: unknown CloudArchitecture: x86_64 CloudBuildName: server CloudID: lxd CloudName: lxd CloudPlatform: lxd CloudSerial: 20250802 CloudSubPlatform: LXD socket API v. 1.0 (/dev/lxd/sock) Date: Sat Aug 9 16:14:22 2025 Lsusb: - Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub - Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub + Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub + Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Lsusb-t: - /: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 480M - /: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 5000M + /: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 480M + /: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 5000M MachineType: QEMU Standard PC (Q35 + ICH9, 2009) PciMultimedia: - + ProcEnviron: - LANG=C.UTF-8 - PATH=(custom, no user) - SHELL=/bin/bash - TERM=xterm-256color + LANG=C.UTF-8 + PATH=(custom, no user) + SHELL=/bin/bash + TERM=xterm-256color ProcFB: 0 virtio_gpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.15.0-4-generic root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyS0 RelatedPackageVersions: - linux-restricted-modules-6.15.0-4-generic N/A - linux-backports-modules-6.15.0-4-generic N/A - linux-firmware N/A + linux-restricted-modules-6.15.0-4-generic N/A + linux-backports-modules-6.15.0-4-generic N/A + linux-firmware N/A RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 2/2/2022 dmi.bios.release: 0.0 dmi.bios.vendor: EDK II dmi.bios.version: unknown dmi.board.name: LXD dmi.board.vendor: Canonical Ltd. dmi.board.version: pc-q35-8.2 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-q35-8.2 dmi.modalias: dmi:bvnEDKII:bvrunknown:bd2/2/2022:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-8.2:rvnCanonicalLtd.:rnLXD:rvrpc-q35-8.2:cvnQEMU:ct1:cvrpc-q35-8.2:sku: dmi.product.name: Standard PC (Q35 + ICH9, 2009) dmi.product.version: pc-q35-8.2 dmi.sys.vendor: QEMU ** Attachment added: "test profile that can trigger this bug" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2120233/+attachment/5898417/+files/trigger-lp2120233.profile ** Description changed: SRU Justification: [Impact] Profile loads containing the attach_disconnected.path policy flag can cause the kernel to panic if such a profile is loaded into the kernel and subsequently replaced or removed. [Fix] Apply attached patch UBUNTU: SAUCE: apparmor5.0.0 [94/93]: apparmor: prevent pro file->disconnected double free in aa_free_profile [Test Plan] - download attached file trigger-lp2120233.profile + download attached file "test file that can trigger this bug" (trigger- + lp2120233.profile). + $ sudo apparmor_parser -r trigger-lp2120233.profile $ sudo apparmor_parser -R trigger-lp2120233.profile The apparmor_parser -R step will trigger the a kernel ops/panic. If the kernel is patched there shouldn't be an oops. [Where problems could occur] This can be caused by: - the lsof profile in apparmor 5.0 - custom created profiles containing the attach_disconnected.path policy flag. Once a profile with the above flag is set. Any action causing profile replacement/removal of the profile will trigger the bug. This includes - manually replacing/removing profiles via apparmor parser - systemctl restart apparmor - upgrading apparmor_5.0.0~alpha1-0ubuntu1 to apparmor_5.0.0~alpha1-0ubuntu2 - release upgrading between plucky & questing if a profile with the problematic attach_disconnected.path policy flag has been loaded (not the case with default policy). - [Other Info] This bug can be triggered by the qa-regression-testing suit. If a profile containing attach_disconnected.path is present in /etc/apparmor.d/ even when the profile is disabled because the qa- regression-testing suit will attempt to enable and test all disabled profiles. There is a separate fix being applied to qa-regression-testing to ensure it doesn't trigger this bug. - [Original Bug Description] - - Boot questing with current kernel 6.14 and apparmor 5.0.0~alpha1-0ubuntu1 + Boot questing with current kernel 6.14 and apparmor + 5.0.0~alpha1-0ubuntu1 Issue "sudo systemctl apparmor reload" (or restart) Experience kernel panic. ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: linux-image-6.15.0-4-generic 6.15.0-4.4 ProcVersionSignature: Ubuntu 6.15.0-4.4-generic 6.15.0 Uname: Linux 6.15.0-4-generic x86_64 AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Aug 9 16:14 seq crw-rw---- 1 root audio 116, 33 Aug 9 16:14 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.33.1-0ubuntu1 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: N/A CasperMD5CheckResult: unknown CloudArchitecture: x86_64 CloudBuildName: server CloudID: lxd CloudName: lxd CloudPlatform: lxd CloudSerial: 20250802 CloudSubPlatform: LXD socket API v. 1.0 (/dev/lxd/sock) Date: Sat Aug 9 16:14:22 2025 Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Lsusb-t: /: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 480M /: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 5000M MachineType: QEMU Standard PC (Q35 + ICH9, 2009) PciMultimedia: ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color ProcFB: 0 virtio_gpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.15.0-4-generic root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyS0 RelatedPackageVersions: linux-restricted-modules-6.15.0-4-generic N/A linux-backports-modules-6.15.0-4-generic N/A linux-firmware N/A RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 2/2/2022 dmi.bios.release: 0.0 dmi.bios.vendor: EDK II dmi.bios.version: unknown dmi.board.name: LXD dmi.board.vendor: Canonical Ltd. dmi.board.version: pc-q35-8.2 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-q35-8.2 dmi.modalias: dmi:bvnEDKII:bvrunknown:bd2/2/2022:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-8.2:rvnCanonicalLtd.:rnLXD:rvrpc-q35-8.2:cvnQEMU:ct1:cvrpc-q35-8.2:sku: dmi.product.name: Standard PC (Q35 + ICH9, 2009) dmi.product.version: pc-q35-8.2 dmi.sys.vendor: QEMU -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2120233 Title: kernel panic when reloading apparmor 5.0.0 profiles To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2120233/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
