BUG: unable to handle kernel NULL pointer dereference
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
The latest update from the Xenial InRelease repository makes the following processes consume 100% CPU:
thermald (1.5-2ubuntu2)
imap (Dovecot 1:2.2.22-1ubuntu2)
imap-login (Dovecot 1:2.2.22-1ubuntu2)
and eventualy (after 1-2 minutes) render the system completely unresponsive.
"NMI watchdog: Watchdog detected hard LOCKUP on cpu 0".
I was able to recreate the problem on my test system, so whatever is missing in this report should be easy to simulate on another system. All apparmor profiles are standard.
# aa-status
apparmor module is loaded.
49 profiles are loaded.
13 profiles are in enforce mode.
/sbin/dhclient
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/sbin/clamd
/usr/sbin/mysqld
/usr/sbin/named
/usr/sbin/ntpd
/usr/
36 profiles are in complain mode.
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/sbin/identd
/usr/sbin/mdnsd
/usr/sbin/nmbd
/usr/sbin/nscd
/usr/sbin/smbd
/usr/
/usr/
/usr/
/{usr/,}bin/ping
klogd
syslog-ng
syslogd
25 processes have profiles defined.
5 processes are in enforce mode.
/usr/
/usr/sbin/clamd (3080)
/usr/sbin/mysqld (3767)
/usr/sbin/named (3634)
/usr/sbin/ntpd (3468)
20 processes are in complain mode.
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
0 processes are unconfined but have a profile defined.
# uname -r
4.4.0-34-generic
# apt-get install apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
apparmor-
The following packages will be upgraded:
apparmor
1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 446 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Get:1 http://
Fetched 446 kB in 0s (4,172 kB/s)
Preconfiguring packages ...
(Reading database ... 115108 files and directories currently installed.)
Preparing to unpack .../apparmor_
Unpacking apparmor (2.10.95-
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up apparmor (2.10.95-
Installing new version of config file /etc/apparmor.
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
/var/log/kern.log:
Aug 19 22:52:05 beta kernel: [714135.698652] audit: type=1400 audit(147163992
Aug 19 22:52:05 beta kernel: [714135.761699] audit: type=1400 audit(147163992
Aug 19 22:52:06 beta kernel: [714135.854113] audit: type=1400 audit(147163992
Aug 19 22:52:06 beta kernel: [714135.854450] audit: type=1400 audit(147163992
Aug 19 22:52:06 beta kernel: [714135.854834] audit: type=1400 audit(147163992
Aug 19 22:52:06 beta kernel: [714135.855118] audit: type=1400 audit(147163992
Aug 19 22:52:06 beta kernel: [714135.859237] audit: type=1400 audit(147163992
Aug 19 22:52:06 beta kernel: [714135.971474] audit: type=1400 audit(147163992
Aug 19 22:52:06 beta kernel: [714136.022994] audit: type=1400 audit(147163992
Aug 19 22:52:06 beta kernel: [714136.023132] ------------[ cut here ]------------
Aug 19 22:52:06 beta kernel: [714136.023191] WARNING: CPU: 1 PID: 9281 at /build/
Aug 19 22:52:06 beta kernel: [714136.023193] AppArmor WARN profile_cmp: ((!b)):
Aug 19 22:52:06 beta kernel: [714136.023197] Modules linked in: udp_diag tcp_diag inet_diag nfnetlink_queue nfnetlink_log nfnetlink bluetooth xt_recent binfmt_misc btrfs xor raid6_pq ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs libcrc32c vmw_vsock_
Aug 19 22:52:06 beta kernel: [714136.023318] CPU: 1 PID: 9281 Comm: apparmor_parser Not tainted 4.4.0-34-generic #53-Ubuntu
Aug 19 22:52:06 beta kernel: [714136.023320] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/14/2014
Aug 19 22:52:06 beta kernel: [714136.023322] 0000000000000086 0000000008f1575b ffff880008b87c00 ffffffff813f11b3
Aug 19 22:52:06 beta kernel: [714136.023324] ffff880008b87c48 ffffffff81cf08e8 ffff880008b87c38 ffffffff81081102
Aug 19 22:52:06 beta kernel: [714136.023326] ffff88003c0a8400 0000000000000000 0000000000000009 0000000000000000
Aug 19 22:52:06 beta kernel: [714136.023328] Call Trace:
Aug 19 22:52:06 beta kernel: [714136.023346] [<ffffffff813f1
Aug 19 22:52:06 beta kernel: [714136.023360] [<ffffffff81081
Aug 19 22:52:06 beta kernel: [714136.023362] [<ffffffff81081
Aug 19 22:52:06 beta kernel: [714136.023369] [<ffffffff813ff
Aug 19 22:52:06 beta kernel: [714136.023371] [<ffffffff81390
Aug 19 22:52:06 beta kernel: [714136.023373] [<ffffffff81391
Aug 19 22:52:06 beta kernel: [714136.023376] [<ffffffff81395
Aug 19 22:52:06 beta kernel: [714136.023379] [<ffffffff81388
Aug 19 22:52:06 beta kernel: [714136.023388] [<ffffffff811ec
Aug 19 22:52:06 beta kernel: [714136.023391] [<ffffffff8137d
Aug 19 22:52:06 beta kernel: [714136.023393] [<ffffffff8137d
Aug 19 22:52:06 beta kernel: [714136.023401] [<ffffffff8120c
Aug 19 22:52:06 beta kernel: [714136.023403] [<ffffffff8120d
Aug 19 22:52:06 beta kernel: [714136.023406] [<ffffffff8120c
Aug 19 22:52:06 beta kernel: [714136.023408] [<ffffffff8120e
Aug 19 22:52:06 beta kernel: [714136.023421] [<ffffffff8182d
Aug 19 22:52:06 beta kernel: [714136.023423] ---[ end trace 9f21e4366b6b8d2d ]---
Aug 19 22:52:06 beta kernel: [714136.023437] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
Aug 19 22:52:06 beta kernel: [714136.023531] IP: [<ffffffff81390
Aug 19 22:52:06 beta kernel: [714136.023596] PGD 35afe067 PUD 3d556067 PMD 0
Aug 19 22:52:06 beta kernel: [714136.023694] Oops: 0000 [#1] SMP
Aug 19 22:52:06 beta kernel: [714136.023755] Modules linked in: udp_diag tcp_diag inet_diag nfnetlink_queue nfnetlink_log nfnetlink bluetooth xt_recent binfmt_misc btrfs xor raid6_pq ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs libcrc32c vmw_vsock_
Aug 19 22:52:06 beta kernel: [714136.024610] CPU: 1 PID: 9281 Comm: apparmor_parser Tainted: G W 4.4.0-34-generic #53-Ubuntu
Aug 19 22:52:06 beta kernel: [714136.024689] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/14/2014
Aug 19 22:52:06 beta kernel: [714136.024737] task: ffff880026688cc0 ti: ffff880008b84000 task.ti: ffff880008b84000
Aug 19 22:52:06 beta kernel: [714136.024770] RIP: 0010:[<
Aug 19 22:52:06 beta kernel: [714136.024823] RSP: 0018:ffff880008
Aug 19 22:52:06 beta kernel: [714136.025096] RAX: 0000000000000000 RBX: ffff88003c0a8400 RCX: 0000000000000006
Aug 19 22:52:06 beta kernel: [714136.025170] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
Aug 19 22:52:06 beta kernel: [714136.025281] RBP: ffff880008b87cc0 R08: 000000005b2d2d2d R09: 00000000000084d1
Aug 19 22:52:06 beta kernel: [714136.025355] R10: 69666f7270204e52 R11: 00000000000084d1 R12: 0000000000000000
Aug 19 22:52:06 beta kernel: [714136.025425] R13: 0000000000000009 R14: 0000000000000000 R15: ffff88003503d050
Aug 19 22:52:06 beta kernel: [714136.025497] FS: 00007fc95d22774
Aug 19 22:52:06 beta kernel: [714136.025572] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 19 22:52:06 beta kernel: [714136.025634] CR2: 0000000000000038 CR3: 0000000017d43000 CR4: 00000000000406e0
Aug 19 22:52:06 beta kernel: [714136.025794] Stack:
Aug 19 22:52:06 beta kernel: [714136.025837] 000000000000000a ffff88003503d0a0 ffff880008b87d08 ffffffff81391843
Aug 19 22:52:06 beta kernel: [714136.025916] 000000013475e830 ffff88000000000a ffff88003503d050 ffff88003c0a8760
Aug 19 22:52:06 beta kernel: [714136.025994] ffff88003b6f4cc8 ffff88003503d000 ffff88003b6f4cc0 ffff880008b87d98
Aug 19 22:52:06 beta kernel: [714136.026072] Call Trace:
Aug 19 22:52:06 beta kernel: [714136.027329] [<ffffffff81391
Aug 19 22:52:06 beta kernel: [714136.028403] [<ffffffff81395
Aug 19 22:52:06 beta kernel: [714136.029473] [<ffffffff81388
Aug 19 22:52:06 beta kernel: [714136.030541] [<ffffffff811ec
Aug 19 22:52:06 beta kernel: [714136.031622] [<ffffffff8137d
Aug 19 22:52:06 beta kernel: [714136.032684] [<ffffffff8137d
Aug 19 22:52:06 beta kernel: [714136.033699] [<ffffffff8120c
Aug 19 22:52:06 beta kernel: [714136.034714] [<ffffffff8120d
Aug 19 22:52:06 beta kernel: [714136.035728] [<ffffffff8120c
Aug 19 22:52:06 beta kernel: [714136.036643] [<ffffffff8120e
Aug 19 22:52:06 beta kernel: [714136.037570] [<ffffffff8182d
Aug 19 22:52:06 beta kernel: [714136.038633] Code: 00 55 48 85 ff 48 89 e5 41 54 53 49 89 f4 48 89 fb 0f 84 8b 00 00 00 4d 85 e4 0f 84 aa 00 00 00 48 83 7b 38 00 0f 84 c9 00 00 00 <49> 83 7c 24 38 00 0f 84 e8 00 00 00 48 83 7b 08 00 0f 84 07 01
Aug 19 22:52:06 beta kernel: [714136.041564] RIP [<ffffffff81390
Aug 19 22:52:06 beta kernel: [714136.042473] RSP <ffff880008b87cb0>
Aug 19 22:52:06 beta kernel: [714136.043290] CR2: 0000000000000038
Aug 19 22:52:06 beta kernel: [714136.045634] ---[ end trace 9f21e4366b6b8d2e ]---
# ps -ef | grep dpkg
root 9208 1 0 22:52 ? 00:00:00 /usr/bin/dpkg --status-fd 41 --configure apparmor:amd64
root 9209 9208 0 22:52 ? 00:00:00 /usr/bin/perl -w /usr/share/
root 9216 9209 0 22:52 ? 00:00:00 /bin/sh /var/lib/
This will leave apparmor in a "half configured" state, which means that the kernel would crash next time the system is patched. To circumvent this problem, comment out the following line in /var/lib/ dpkg/info/ apparmor. postinst: d_profiles || true
#load_configure
and finish the upgrade
# apt-get upgrade apparmor
-or-
# dpkg --configure -a
depending on the system's state.
I don't know what side effects this may cause, though.
PS. disabling all profiles does not prevent the kernel from crashing, so the profiles themselves are evidently not the problem.