** Description changed: SRU Justification: [Impact] Profile loads containing the attach_disconnected.path policy flag can cause the kernel to panic if such a profile is loaded into the kernel and subsequently replaced or removed. [Fix] Apply attached patch UBUNTU: SAUCE: apparmor5.0.0 [94/93]: apparmor: prevent pro file->disconnected double free in aa_free_profile [Test Plan] - download attached file "test file that can trigger this bug" (trigger- - lp2120233.profile). + download attached file trigger-lp2120233.profile and run the following script. + The loop is not necessarily needed to trigger the bug, it will often trigger + immediately. However because it is a double free, unless memory debugging is enable it may not trigger immediately. Looping however can reliably trigger it. - $ sudo apparmor_parser -r trigger-lp2120233.profile - $ sudo apparmor_parser -R trigger-lp2120233.profile + for i in 1 2 3 4 5; do ; + sudo apparmor_parser -r trigger-lp2120233.profile + sudo apparmor_parser -R trigger-lp2120233.profile + done The apparmor_parser -R step will trigger the a kernel ops/panic. If the kernel is patched there shouldn't be an oops. [Where problems could occur] - This can be caused by: + The bug can be triggered by any action that replaces a profile with the + attach_disconnected.path policy flag. Currently this would be: - the lsof profile in apparmor 5.0 - custom created profiles containing the attach_disconnected.path policy flag. Once a profile with the above flag is set. Any action causing profile replacement/removal of the profile will trigger the bug. This includes - - manually replacing/removing profiles via apparmor parser + - manually replacing/removing profiles via the apparmor_parser - systemctl restart apparmor - - upgrading apparmor_5.0.0~alpha1-0ubuntu1 to apparmor_5.0.0~alpha1-0ubuntu2 + - upgrading apparmor_5.0.0~alpha1-0ubuntu1 to an apparmor_package that is + not aware of the issue. - release upgrading between plucky & questing if a profile with the problematic attach_disconnected.path policy flag has been loaded (not the case with default policy). + - running the qa-regression-testing suit [Other Info] + + Installing, or upgrading the kernel should not cause the bug to trigger. + + Shutting down, or reboot the system should not trigger the bug because + apparmor does not unload profiles during systemctl stop apparmor. This bug can be triggered by the qa-regression-testing suit. If a profile containing attach_disconnected.path is present in /etc/apparmor.d/ even when the profile is disabled because the qa- regression-testing suit will attempt to enable and test all disabled profiles. There is a separate fix being applied to qa-regression-testing to ensure it doesn't trigger this bug. + + ------------------------------------------------- [Original Bug Description] Boot questing with current kernel 6.14 and apparmor 5.0.0~alpha1-0ubuntu1 Issue "sudo systemctl apparmor reload" (or restart) Experience kernel panic. ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: linux-image-6.15.0-4-generic 6.15.0-4.4 ProcVersionSignature: Ubuntu 6.15.0-4.4-generic 6.15.0 Uname: Linux 6.15.0-4-generic x86_64 AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Aug 9 16:14 seq crw-rw---- 1 root audio 116, 33 Aug 9 16:14 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.33.1-0ubuntu1 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: N/A CasperMD5CheckResult: unknown CloudArchitecture: x86_64 CloudBuildName: server CloudID: lxd CloudName: lxd CloudPlatform: lxd CloudSerial: 20250802 CloudSubPlatform: LXD socket API v. 1.0 (/dev/lxd/sock) Date: Sat Aug 9 16:14:22 2025 Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Lsusb-t: /: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 480M /: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 5000M MachineType: QEMU Standard PC (Q35 + ICH9, 2009) PciMultimedia: ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color ProcFB: 0 virtio_gpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.15.0-4-generic root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyS0 RelatedPackageVersions: linux-restricted-modules-6.15.0-4-generic N/A linux-backports-modules-6.15.0-4-generic N/A linux-firmware N/A RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 2/2/2022 dmi.bios.release: 0.0 dmi.bios.vendor: EDK II dmi.bios.version: unknown dmi.board.name: LXD dmi.board.vendor: Canonical Ltd. dmi.board.version: pc-q35-8.2 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-q35-8.2 dmi.modalias: dmi:bvnEDKII:bvrunknown:bd2/2/2022:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-8.2:rvnCanonicalLtd.:rnLXD:rvrpc-q35-8.2:cvnQEMU:ct1:cvrpc-q35-8.2:sku: dmi.product.name: Standard PC (Q35 + ICH9, 2009) dmi.product.version: pc-q35-8.2 dmi.sys.vendor: QEMU
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2120233 Title: kernel panic when reloading apparmor 5.0.0 profiles To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2120233/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
