Bug #2040192 “AppArmor spams kernel log with assert when auditin...” : Bugs : linux package : Ubuntu

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-10-24: Missing required logs.

#1

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 2040192

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete
Changed in linux (Ubuntu Mantic):
status:	New → Incomplete

Roxana Nicolescu (roxanan) on 2023-10-27

Changed in linux (Ubuntu):
status:	Incomplete → Invalid
Changed in linux (Ubuntu Mantic):
status:	Incomplete → Fix Committed
assignee:	nobody → John Johansen (jjohansen)

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-11-01:

#2

This bug is awaiting verification that the linux/6.5.0-12.12 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux' to 'verification-done-mantic-linux'. If the problem still exists, change the tag 'verification-needed-mantic-linux' to 'verification-failed-mantic-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-v2 verification-needed-mantic-linux

Revision history for this message

John Johansen (jjohansen) wrote on 2023-11-02:

#3

Tested and the assert is now gone.

tags:

added: verification-done-mantic-linux
removed: verification-needed-mantic-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-12-05:

#4

This bug is awaiting verification that the linux-laptop/6.5.0-1007.10 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux-laptop' to 'verification-done-mantic-linux-laptop'. If the problem still exists, change the tag 'verification-needed-mantic-linux-laptop' to 'verification-failed-mantic-linux-laptop'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-laptop-v2 verification-needed-mantic-linux-laptop

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-12-05:

#5

This bug is awaiting verification that the linux-azure/6.5.0-1010.10 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux-azure' to 'verification-done-mantic-linux-azure'. If the problem still exists, change the tag 'verification-needed-mantic-linux-azure' to 'verification-failed-mantic-linux-azure'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-azure-v2 verification-needed-mantic-linux-azure

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-12-05:

#6

This bug is awaiting verification that the linux-gcp/6.5.0-1010.10 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux-gcp' to 'verification-done-mantic-linux-gcp'. If the problem still exists, change the tag 'verification-needed-mantic-linux-gcp' to 'verification-failed-mantic-linux-gcp'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-gcp-v2 verification-needed-mantic-linux-gcp

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-12-05:

#7

This bug is awaiting verification that the linux-hwe-6.5/6.5.0-14.14~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-hwe-6.5' to 'verification-done-jammy-linux-hwe-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-hwe-6.5' to 'verification-failed-jammy-linux-hwe-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-hwe-6.5-v2 verification-needed-jammy-linux-hwe-6.5

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-12-12:

#8

This bug is awaiting verification that the linux-nvidia-6.5/6.5.0-1007.7 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-done-jammy-linux-nvidia-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-failed-jammy-linux-nvidia-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-6.5-v2 verification-needed-jammy-linux-nvidia-6.5

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-01-04:

#9

Download full text (32.3 KiB)

This bug was fixed in the package linux - 6.6.0-14.14

---------------
linux (6.6.0-14.14) noble; urgency=medium

* noble/linux: 6.6.0-14.14 -proposed tracker (LP: #2045243)

  * Noble update: v6.6.3 upstream stable release (LP: #2045244)
    - locking/ww_mutex/test: Fix potential workqueue corruption
    - btrfs: abort transaction on generation mismatch when marking eb as dirty
    - lib/generic-radix-tree.c: Don't overflow in peek()
    - x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN
    - perf/core: Bail out early if the request AUX area is out of bound
    - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
    - selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
    - clocksource/drivers/timer-imx-gpt: Fix potential memory leak
    - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
    - srcu: Only accelerate on enqueue time
    - smp,csd: Throw an error if a CSD lock is stuck for too long
    - cpu/hotplug: Don't offline the last non-isolated CPU
    - workqueue: Provide one lock class key per work_on_cpu() callsite
    - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
    - wifi: plfxlc: fix clang-specific fortify warning
    - wifi: ath12k: Ignore fragments from uninitialized peer in dp
    - wifi: mac80211_hwsim: fix clang-specific fortify warning
    - wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
    - atl1c: Work around the DMA RX overflow issue
    - bpf: Detect IP == ksym.end as part of BPF program
    - wifi: ath9k: fix clang-specific fortify warnings
    - wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
    - wifi: ath10k: fix clang-specific fortify warning
    - wifi: ath12k: fix possible out-of-bound write in
      ath12k_wmi_ext_hal_reg_caps()
    - ACPI: APEI: Fix AER info corruption when error status data has multiple
      sections
    - net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI
    - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023)
    - wifi: mt76: fix clang-specific fortify warnings
    - net: annotate data-races around sk->sk_tx_queue_mapping
    - net: annotate data-races around sk->sk_dst_pending_confirm
    - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register()
    - wifi: ath10k: Don't touch the CE interrupt registers after power up
    - net: sfp: add quirk for FS's 2.5G copper SFP
    - vsock: read from socket's error queue
    - bpf: Ensure proper register state printing for cond jumps
    - wifi: iwlwifi: mvm: fix size check for fw_link_id
    - Bluetooth: btusb: Add date->evt_skb is NULL check
    - Bluetooth: Fix double free in hci_conn_cleanup
    - ACPI: EC: Add quirk for HP 250 G7 Notebook PC
    - tsnep: Fix tsnep_request_irq() format-overflow warning
    - gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010
    - platform/chrome: kunit: initialize lock for fake ec_dev
    - of: address: Fix address translation when address-size is greater than 2
    - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
    - drm/gma500: Fix call trace when psb_gem_mm_init() fails
    - drm/amdkfd: rateli...

This bug was fixed in the package linux - 6.6.0-14.14

---------------
linux (6.6.0-14.14) noble; urgency=medium

* noble/linux: 6.6.0-14.14 -proposed tracker (LP: #2045243)

* Noble update: v6.6.3 upstream stable release (LP: #2045244)
    - locking/ww_mutex/test: Fix potential workqueue corruption
    - btrfs: abort transaction on generation mismatch when marking eb as dirty
    - lib/generic-radix-tree.c: Don't overflow in peek()
    - x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN
    - perf/core: Bail out early if the request AUX area is out of bound
    - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
    - selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
    - clocksource/drivers/timer-imx-gpt: Fix potential memory leak
    - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
    - srcu: Only accelerate on enqueue time
    - smp,csd: Throw an error if a CSD lock is stuck for too long
    - cpu/hotplug: Don't offline the last non-isolated CPU
    - workqueue: Provide one lock class key per work_on_cpu() callsite
    - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
    - wifi: plfxlc: fix clang-specific fortify warning
    - wifi: ath12k: Ignore fragments from uninitialized peer in dp
    - wifi: mac80211_hwsim: fix clang-specific fortify warning
    - wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
    - atl1c: Work around the DMA RX overflow issue
    - bpf: Detect IP == ksym.end as part of BPF program
    - wifi: ath9k: fix clang-specific fortify warnings
    - wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
    - wifi: ath10k: fix clang-specific fortify warning
    - wifi: ath12k: fix possible out-of-bound write in
      ath12k_wmi_ext_hal_reg_caps()
    - ACPI: APEI: Fix AER info corruption when error status data has multiple
      sections
    - net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI
    - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023)
    - wifi: mt76: fix clang-specific fortify warnings
    - net: annotate data-races around sk->sk_tx_queue_mapping
    - net: annotate data-races around sk->sk_dst_pending_confirm
    - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register()
    - wifi: ath10k: Don't touch the CE interrupt registers after power up
    - net: sfp: add quirk for FS's 2.5G copper SFP
    - vsock: read from socket's error queue
    - bpf: Ensure proper register state printing for cond jumps
    - wifi: iwlwifi: mvm: fix size check for fw_link_id
    - Bluetooth: btusb: Add date->evt_skb is NULL check
    - Bluetooth: Fix double free in hci_conn_cleanup
    - ACPI: EC: Add quirk for HP 250 G7 Notebook PC
    - tsnep: Fix tsnep_request_irq() format-overflow warning
    - gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010
    - platform/chrome: kunit: initialize lock for fake ec_dev
    - of: address: Fix address translation when address-size is greater than 2
    - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
    - drm/gma500: Fix call trace when psb_gem_mm_init() fails
    - drm/amdkfd: ratelimited SQ interrupt messages
    - drm/komeda: drop all currently held locks if deadlock happens
    - drm/amd/display: Blank phantom OTG before enabling
    - drm/amd/display: Don't lock phantom pipe on disabling
    - drm/amd/display: add seamless pipe topology transition check
    - drm/edid: Fixup h/vsync_end instead of h/vtotal
    - md: don't rely on 'mddev->pers' to be set in mddev_suspend()
    - drm/amdgpu: not to save bo in the case of RAS err_event_athub
    - drm/amdkfd: Fix a race condition of vram buffer unref in svm code
    - drm/amdgpu: update retry times for psp vmbx wait
    - drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments
    - drm/amd/display: use full update for clip size increase of large plane
      source
    - string.h: add array-wrappers for (v)memdup_user()
    - kernel: kexec: copy user-array safely
    - kernel: watch_queue: copy user-array safely
    - drm_lease.c: copy user-array safely
    - drm: vmwgfx_surface.c: copy user-array safely
    - drm/msm/dp: skip validity check for DP CTS EDID checksum
    - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
    - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
    - drm/amdgpu: Fix potential null pointer derefernce
    - drm/panel: fix a possible null pointer dereference
    - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
    - drm/radeon: fix a possible null pointer dereference
    - drm/amdgpu/vkms: fix a possible null pointer dereference
    - drm/panel: st7703: Pick different reset sequence
    - drm/amdkfd: Fix shift out-of-bounds issue
    - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
    - drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not supported
    - drm/amd/display: fix num_ways overflow error
    - drm/amd: check num of link levels when update pcie param
    - soc: qcom: pmic: Fix resource leaks in a device_for_each_child_node() loop
    - arm64: dts: rockchip: Add NanoPC T6 PCIe e-key support
    - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size
    - selftests/efivarfs: create-read: fix a resource leak
    - ASoC: mediatek: mt8188-mt6359: support dynamic pinctrl
    - ASoC: soc-card: Add storage for PCI SSID
    - ASoC: SOF: Pass PCI SSID to machine driver
    - ASoC: Intel: sof_sdw: Copy PCI SSID to struct snd_soc_card
    - ASoC: cs35l56: Use PCI SSID as the firmware UID
    - crypto: pcrypt - Fix hungtask for PADATA_RESET
    - ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware
    - RDMA/hfi1: Use FIELD_GET() to extract Link Width
    - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
    - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
    - fs/jfs: Add check for negative db_l2nbperpage
    - fs/jfs: Add validity check for db_maxag and db_agpref
    - jfs: fix array-index-out-of-bounds in dbFindLeaf
    - jfs: fix array-index-out-of-bounds in diAlloc
    - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
    - ARM: 9320/1: fix stack depot IRQ stack filter
    - ALSA: hda: Fix possible null-ptr-deref when assigning a stream
    - gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound
    - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
    - PCI: mvebu: Use FIELD_PREP() with Link Width
    - atm: iphase: Do PCI error checks on own line
    - PCI: Do error check on own line to split long "if" conditions
    - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
    - PCI: Use FIELD_GET() to extract Link Width
    - PCI: Extract ATS disabling to a helper function
    - PCI: Disable ATS for specific Intel IPU E2000 devices
    - PCI: dwc: Add dw_pcie_link_set_max_link_width()
    - PCI: dwc: Add missing PCI_EXP_LNKCAP_MLW handling
    - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller
    - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
    - ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk
    - crypto: hisilicon/qm - prevent soft lockup in receive loop
    - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
    - exfat: support handle zero-size directory
    - mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs
    - iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()
    - thunderbolt: Apply USB 3.x bandwidth quirk only in software connection
      manager
    - tty: vcc: Add check for kstrdup() in vcc_probe()
    - dt-bindings: phy: qcom,snps-eusb2-repeater: Add magic tuning overrides
    - phy: qualcomm: phy-qcom-eusb2-repeater: Use regmap_fields
    - phy: qualcomm: phy-qcom-eusb2-repeater: Zero out untouched tuning regs
    - usb: dwc3: core: configure TX/RX threshold for DWC3_IP
    - usb: ucsi: glink: use the connector orientation GPIO to provide switch
      events
    - soundwire: dmi-quirks: update HP Omen match
    - f2fs: fix error path of __f2fs_build_free_nids
    - f2fs: fix error handling of __get_node_page
    - usb: host: xhci: Avoid XHCI resume delay if SSUSB device is not present
    - usb: gadget: f_ncm: Always set current gadget in ncm_bind()
    - 9p/trans_fd: Annotate data-racy writes to file::f_flags
    - 9p: v9fs_listxattr: fix %s null argument warning
    - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
    - i2c: i801: Add support for Intel Birch Stream SoC
    - i2c: fix memleak in i2c_new_client_device()
    - i2c: sun6i-p2wi: Prevent potential division by zero
    - virtio-blk: fix implicit overflow on virtio_max_dma_size
    - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.
    - media: gspca: cpia1: shift-out-of-bounds in set_flicker
    - media: vivid: avoid integer overflow
    - media: ipu-bridge: increase sensor_name size
    - gfs2: ignore negated quota changes
    - gfs2: fix an oops in gfs2_permission
    - media: cobalt: Use FIELD_GET() to extract Link Width
    - media: ccs: Fix driver quirk struct documentation
    - media: imon: fix access to invalid resource for the second interface
    - drm/amd/display: Avoid NULL dereference of timing generator
    - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
    - kgdb: Flush console before entering kgdb on panic
    - riscv: VMAP_STACK overflow detection thread-safe
    - i2c: dev: copy userspace array safely
    - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
    - drm/qxl: prevent memory leak
    - ALSA: hda/realtek: Add quirk for ASUS UX7602ZM
    - drm/amdgpu: fix software pci_unplug on some chips
    - pwm: Fix double shift bug
    - mtd: rawnand: tegra: add missing check for platform_get_irq()
    - wifi: iwlwifi: Use FW rate for non-data frames
    - sched/core: Optimize in_task() and in_interrupt() a bit
    - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests
    - samples/bpf: syscall_tp_user: Fix array out-of-bound access
    - dt-bindings: serial: fix regex pattern for matching serial node children
    - SUNRPC: ECONNRESET might require a rebind
    - mtd: rawnand: intel: check return value of devm_kasprintf()
    - mtd: rawnand: meson: check return value of devm_kasprintf()
    - drm/i915/mtl: avoid stringop-overflow warning
    - NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking
    - SUNRPC: Add an IS_ERR() check back to where it was
    - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
    - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
    - RISC-V: hwprobe: Fix vDSO SIGSEGV
    - riscv: provide riscv-specific is_trap_insn()
    - gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
    - drm/i915/tc: Fix -Wformat-truncation in intel_tc_port_init
    - riscv: split cache ops out of dma-noncoherent.c
    - vdpa_sim_blk: allocate the buffer zeroed
    - vhost-vdpa: fix use after free in vhost_vdpa_probe()
    - gcc-plugins: randstruct: Only warn about true flexible arrays
    - bpf: handle ldimm64 properly in check_cfg()
    - bpf: fix precision backtracking instruction iteration
    - bpf: fix control-flow graph checking in privileged mode
    - net: set SOCK_RCU_FREE before inserting socket into hashtable
    - ipvlan: add ipvlan_route_v6_outbound() helper
    - tty: Fix uninit-value access in ppp_sync_receive()
    - net: ti: icssg-prueth: Add missing icss_iep_put to error path
    - net: ti: icssg-prueth: Fix error cleanup on failing pruss_request_mem_region
    - xen/events: avoid using info_for_irq() in xen_send_IPI_one()
    - net: hns3: fix add VLAN fail issue
    - net: hns3: add barrier in vf mailbox reply process
    - net: hns3: fix incorrect capability bit display for copper port
    - net: hns3: fix out-of-bounds access may occur when coalesce info is read via
      debugfs
    - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
    - net: hns3: fix VF reset fail issue
    - net: hns3: fix VF wrong speed and duplex issue
    - tipc: Fix kernel-infoleak due to uninitialized TLV value
    - net: mvneta: fix calls to page_pool_get_stats
    - ppp: limit MRU to 64K
    - xen/events: fix delayed eoi list handling
    - blk-mq: make sure active queue usage is held for bio_integrity_prep()
    - ptp: annotate data-race around q->head and q->tail
    - bonding: stop the device in bond_setup_by_slave()
    - net: ethernet: cortina: Fix max RX frame define
    - net: ethernet: cortina: Handle large frames
    - net: ethernet: cortina: Fix MTU max setting
    - af_unix: fix use-after-free in unix_stream_read_actor()
    - netfilter: nf_conntrack_bridge: initialize err to 0
    - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
    - netfilter: nf_tables: bogus ENOENT when destroying element which does not
      exist
    - net: stmmac: fix rx budget limit check
    - net: stmmac: avoid rx queue overrun
    - pds_core: use correct index to mask irq
    - pds_core: fix up some format-truncation complaints
    - gve: Fixes for napi_poll when budget is 0
    - io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval
    - Revert "net/mlx5: DR, Supporting inline WQE when possible"
    - net/mlx5: Free used cpus mask when an IRQ is released
    - net/mlx5: Decouple PHC .adjtime and .adjphase implementations
    - net/mlx5e: fix double free of encap_header
    - net/mlx5e: fix double free of encap_header in update funcs
    - net/mlx5e: Fix pedit endianness
    - net/mlx5e: Don't modify the peer sent-to-vport rules for IPSec offload
    - net/mlx5e: Avoid referencing skb after free-ing in drop path of
      mlx5e_sq_xmit_wqe
    - net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
    - net/mlx5e: Update doorbell for port timestamping CQ before the software
      counter
    - net/mlx5: Increase size of irq name buffer
    - net/mlx5e: Reduce the size of icosq_str
    - net/mlx5e: Check return value of snprintf writing to fw_version buffer
    - net/mlx5e: Check return value of snprintf writing to fw_version buffer for
      representors
    - net: sched: do not offload flows with a helper in act_ct
    - macvlan: Don't propagate promisc change to lower dev in passthru
    - tools/power/turbostat: Fix a knl bug
    - tools/power/turbostat: Enable the C-state Pre-wake printing
    - scsi: ufs: core: Expand MCQ queue slot to DeviceQueueDepth + 1
    - cifs: spnego: add ';' in HOST_KEY_LEN
    - cifs: fix check of rc in function generate_smb3signingkey
    - perf/core: Fix cpuctx refcounting
    - i915/perf: Fix NULL deref bugs with drm_dbg() calls
    - perf: arm_cspmu: Reject events meant for other PMUs
    - drivers: perf: Check find_first_bit() return value
    - media: venus: hfi: add checks to perform sanity on queue pointers
    - perf intel-pt: Fix async branch flags
    - powerpc/perf: Fix disabling BHRB and instruction sampling
    - randstruct: Fix gcc-plugin performance mode to stay in group
    - spi: Fix null dereference on suspend
    - bpf: Fix check_stack_write_fixed_off() to correctly spill imm
    - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
    - scsi: mpt3sas: Fix loop logic
    - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
      selected registers
    - scsi: ufs: qcom: Update PHY settings only when scaling to higher gears
    - scsi: qla2xxx: Fix system crash due to bad pointer access
    - scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR
    - x86/shstk: Delay signal entry SSP write until after user accesses
    - crypto: x86/sha - load modules based on CPU features
    - x86/PCI: Avoid PME from D3hot/D3cold for AMD Rembrandt and Phoenix USB4
    - x86/apic/msi: Fix misconfigured non-maskable MSI quirk
    - x86/cpu/hygon: Fix the CPU topology evaluation for real
    - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
    - KVM: x86: Ignore MSR_AMD64_TW_CFG access
    - KVM: x86: Clear bit12 of ICR after APIC-write VM-exit
    - KVM: x86: Fix lapic timer interrupt lost after loading a snapshot.
    - mmc: sdhci-pci-gli: GL9755: Mask the replay timer timeout of AER
    - sched: psi: fix unprivileged polling against cgroups
    - audit: don't take task_lock() in audit_exe_compare() code path
    - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
    - proc: sysctl: prevent aliased sysctls from getting passed to init
    - tty/sysrq: replace smp_processor_id() with get_cpu()
    - tty: serial: meson: fix hard LOCKUP on crtscts mode
    - acpi/processor: sanitize _OSC/_PDC capabilities for Xen dom0
    - hvc/xen: fix console unplug
    - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
    - hvc/xen: fix event channel handling for secondary consoles
    - PCI/sysfs: Protect driver's D3cold preference from user space
    - mm/damon/sysfs: remove requested targets when online-commit inputs
    - mm/damon/sysfs: update monitoring target regions for online input commit
    - watchdog: move softlockup_panic back to early_param
    - iommufd: Fix missing update of domains_itree after splitting iopt_area
    - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
    - dm crypt: account large pages in cc->n_allocated_pages
    - mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation
    - mm/damon/ops-common: avoid divide-by-zero during region hotness calculation
    - mm/damon: implement a function for max nr_accesses safe calculation
    - mm/damon/core: avoid divide-by-zero during monitoring results update
    - mm/damon/sysfs-schemes: handle tried region directory allocation failure
    - mm/damon/sysfs-schemes: handle tried regions sysfs directory allocation
      failure
    - mm/damon/core.c: avoid unintentional filtering out of schemes
    - mm/damon/sysfs: check error from damon_sysfs_update_target()
    - parisc: Add nop instructions after TLB inserts
    - ACPI: resource: Do IRQ override on TongFang GMxXGxx
    - regmap: Ensure range selector registers are updated after cache sync
    - wifi: ath11k: fix temperature event locking
    - wifi: ath11k: fix dfs radar event locking
    - wifi: ath11k: fix htt pktlog locking
    - wifi: ath11k: fix gtk offload status event locking
    - wifi: ath12k: fix htt mlo-offset event locking
    - wifi: ath12k: fix dfs-radar and temperature event locking
    - mmc: meson-gx: Remove setting of CMD_CFG_ERROR
    - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
    - sched/core: Fix RQCF_ACT_SKIP leak
    - pmdomain: bcm: bcm2835-power: check if the ASB register is equal to enable
    - KEYS: trusted: tee: Refactor register SHM usage
    - KEYS: trusted: Rollback init_trusted() consistently
    - PCI: keystone: Don't discard .remove() callback
    - PCI: keystone: Don't discard .probe() callback
    - pmdomain: amlogic: Fix mask for the second NNA mem PD domain
    - arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
    - arm64: module: Fix PLT counting when CONFIG_RANDOMIZE_BASE=n
    - pmdomain: imx: Make imx pgc power domain also set the fwnode
    - parisc/agp: Use 64-bit LE values in SBA IOMMU PDIR table
    - parisc/pdc: Add width field to struct pdc_model
    - parisc/power: Add power soft-off when running on qemu
    - cpufreq: stats: Fix buffer overflow detection in trans_stats()
    - powercap: intel_rapl: Downgrade BIOS locked limits pr_warn() to pr_debug()
    - clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data
    - clk: visconti: Fix undefined behavior bug in struct visconti_pll_provider
    - integrity: powerpc: Do not select CA_MACHINE_KEYRING
    - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
    - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks
    - ksmbd: fix recursive locking in vfs helpers
    - ksmbd: handle malformed smb1 message
    - ksmbd: fix slab out of bounds write in smb_inherit_dacl()
    - mmc: vub300: fix an error code
    - mmc: sdhci_am654: fix start loop index for TAP value parsing
    - mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A
    - PCI: qcom-ep: Add dedicated callback for writing to DBI2 registers
    - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
    - PCI: kirin: Don't discard .remove() callback
    - PCI: exynos: Don't discard .remove() callback
    - PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card
    - wifi: wilc1000: use vmm_table as array in wilc struct
    - svcrdma: Drop connection after an RDMA Read error
    - rcu/tree: Defer setting of jiffies during stall reset
    - arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM
    - dt-bindings: timer: renesas,rz-mtu3: Fix overflow/underflow interrupt names
    - PM: hibernate: Use __get_safe_page() rather than touching the list
    - PM: hibernate: Clean up sync_read handling in snapshot_write_next()
    - rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects
    - btrfs: don't arbitrarily slow down delalloc if we're committing
    - thermal: intel: powerclamp: fix mismatch in get function for max_idle
    - arm64: dts: qcom: ipq5332: Fix hwlock index for SMEM
    - arm64: dts: qcom: ipq8074: Fix hwlock index for SMEM
    - firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit
    - ACPI: FPDT: properly handle invalid FPDT subtables
    - arm64: dts: qcom: ipq9574: Fix hwlock index for SMEM
    - arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size
    - leds: trigger: netdev: Move size check in set_device_name
    - mfd: qcom-spmi-pmic: Fix reference leaks in revid helper
    - mfd: qcom-spmi-pmic: Fix revid implementation
    - ima: annotate iint mutex to avoid lockdep false positive warnings
    - ima: detect changes to the backing overlay file
    - netfilter: nf_tables: remove catchall element in GC sync path
    - netfilter: nf_tables: split async and sync catchall in two functions
    - ASoC: soc-dai: add flag to mute and unmute stream during trigger
    - ASoC: codecs: wsa883x: make use of new mute_unmute_on_trigger flag
    - selftests/resctrl: Fix uninitialized .sa_flags
    - selftests/resctrl: Remove duplicate feature check from CMT test
    - selftests/resctrl: Move _GNU_SOURCE define into Makefile
    - selftests/resctrl: Refactor feature check to use resource and feature name
    - selftests/resctrl: Fix feature checks
    - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests
    - hid: lenovo: Resend all settings on reset_resume for compact keyboards
    - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
    - jbd2: fix potential data lost in recovering journal raced with synchronizing
      fs bdev
    - quota: explicitly forbid quota files from being encrypted
    - kernel/reboot: emergency_restart: Set correct system_state
    - scripts/gdb/vmalloc: disable on no-MMU
    - fs: use nth_page() in place of direct struct page manipulation
    - mips: use nth_page() in place of direct struct page manipulation
    - i2c: core: Run atomic i2c xfer when !preemptible
    - selftests/clone3: Fix broken test under !CONFIG_TIME_NS
    - tracing: Have the user copy of synthetic event address use correct context
    - driver core: Release all resources during unbind before updating device
      links
    - mcb: fix error handling for different scenarios when parsing
    - dmaengine: stm32-mdma: correct desc prep when channel running
    - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
    - s390/mm: add missing arch_set_page_dat() call to gmap allocations
    - s390/cmma: fix detection of DAT pages
    - mm/cma: use nth_page() in place of direct struct page manipulation
    - mm/hugetlb: use nth_page() in place of direct struct page manipulation
    - mm/memory_hotplug: use pfn math in place of direct struct page manipulation
    - mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long
    - mtd: cfi_cmdset_0001: Byte swap OTP info
    - cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails
    - i3c: master: cdns: Fix reading status register
    - i3c: master: svc: fix race condition in ibi work thread
    - i3c: master: svc: fix wrong data return when IBI happen during start frame
    - i3c: master: svc: fix ibi may not return mandatory data byte
    - i3c: master: svc: fix check wrong status register in irq handler
    - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen
    - i3c: master: svc: fix random hot join failure since timeout error
    - cxl/region: Fix x1 root-decoder granularity calculations
    - cxl/port: Fix delete_endpoint() vs parent unregistration race
    - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
    - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
    - drm/amd/display: enable dsc_clk even if dsc_pg disabled
    - torture: Make torture_hrtimeout_ns() take an hrtimer mode parameter
    - rcutorture: Fix stuttering races and other issues
    - selftests/resctrl: Remove bw_report and bm_type from main()
    - selftests/resctrl: Simplify span lifetime
    - selftests/resctrl: Make benchmark command const and build it with pointers
    - selftests/resctrl: Extend signal handler coverage to unmount on receiving
      signal
    - parisc: Prevent booting 64-bit kernels on PA1.x machines
    - parisc/pgtable: Do not drop upper 5 address bits of physical address
    - parisc/power: Fix power soft-off when running on qemu
    - parisc: fix mmap_base calculation when stack grows upwards
    - xhci: Enable RPM on controllers that support low-power states
    - smb3: fix creating FIFOs when mounting with "sfu" mount option
    - smb3: fix touch -h of symlink
    - smb3: allow dumping session and tcon id to improve stats analysis and
      debugging
    - smb3: fix caching of ctime on setxattr
    - smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
    - smb: client: fix use-after-free in smb2_query_info_compound()
    - smb: client: fix potential deadlock when releasing mids
    - smb: client: fix mount when dns_resolver key is not available
    - cifs: reconnect helper should set reconnect for the right channel
    - cifs: force interface update before a fresh session setup
    - cifs: do not reset chan_max if multichannel is not supported at mount
    - cifs: do not pass cifs_sb when trying to add channels
    - cifs: Fix encryption of cleared, but unset rq_iter data buffers
    - xfs: recovery should not clear di_flushiter unconditionally
    - btrfs: zoned: wait for data BG to be finished on direct IO allocation
    - ALSA: info: Fix potential deadlock at disconnection
    - ALSA: hda/realtek: Enable Mute LED on HP 255 G8
    - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
    - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
    - ALSA: hda/realtek: Enable Mute LED on HP 255 G10
    - ALSA: hda/realtek: Add quirks for HP Laptops
    - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
    - Revert "i2c: pxa: move to generic GPIO recovery"
    - lsm: fix default return value for vm_enough_memory
    - lsm: fix default return value for inode_getsecctx
    - sbsa_gwdt: Calculate timeout with 64-bit math
    - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
    - s390/ap: fix AP bus crash on early config change callback invocation
    - net: ethtool: Fix documentation of ethtool_sprintf()
    - net: dsa: lan9303: consequently nested-lock physical MDIO
    - net: phylink: initialize carrier state at creation
    - gfs2: don't withdraw if init_threads() got interrupted
    - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
    - f2fs: do not return EFSCORRUPTED, but try to run online repair
    - f2fs: set the default compress_level on ioctl
    - f2fs: avoid format-overflow warning
    - f2fs: split initial and dynamic conditions for extent_cache
    - media: lirc: drop trailing space from scancode transmit
    - media: sharp: fix sharp encoding
    - media: venus: hfi_parser: Add check to keep the number of codecs within
      range
    - media: venus: hfi: fix the check to handle session buffer requirement
    - media: venus: hfi: add checks to handle capabilities from firmware
    - media: ccs: Correctly initialise try compose rectangle
    - drm/mediatek/dp: fix memory leak on ->get_edid callback audio detection
    - drm/mediatek/dp: fix memory leak on ->get_edid callback error path
    - dm-bufio: fix no-sleep mode
    - dm-verity: don't use blocking calls from tasklets
    - nfsd: fix file memleak on client_opens_release
    - NFSD: Update nfsd_cache_append() to use xdr_stream
    - LoongArch: Mark __percpu functions as always inline
    - tracing: fprobe-event: Fix to check tracepoint event and return
    - swiotlb: do not free decrypted pages if dynamic
    - swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC
    - riscv: Using TOOLCHAIN_HAS_ZIHINTPAUSE marco replace zihintpause
    - riscv: put interrupt entries into .irqentry.text
    - riscv: mm: Update the comment of CONFIG_PAGE_OFFSET
    - riscv: correct pt_level name via pgtable_l5/4_enabled
    - riscv: kprobes: allow writing to x0
    - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2
    - mm: fix for negative counter: nr_file_hugepages
    - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
    - mptcp: deal with large GSO size
    - mptcp: add validity check for sending RM_ADDR
    - mptcp: fix setsockopt(IP_TOS) subflow locking
    - selftests: mptcp: fix fastclose with csum failure
    - r8169: fix network lost after resume on DASH systems
    - r8169: add handling DASH when DASH is disabled
    - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER
    - media: qcom: camss: Fix pm_domain_on sequence in probe
    - media: qcom: camss: Fix vfe_get() error jump
    - media: qcom: camss: Fix VFE-17x vfe_disable_output()
    - media: qcom: camss: Fix VFE-480 vfe_disable_output()
    - media: qcom: camss: Fix missing vfe_lite clocks check
    - media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3
    - media: qcom: camss: Fix invalid clock enable bit disjunction
    - media: qcom: camss: Fix csid-gen2 for test pattern generator
    - Revert "HID: logitech-dj: Add support for a new lightspeed receiver
      iteration"
    - Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
    - ext4: fix race between writepages and remount
    - ext4: no need to generate from free list in mballoc
    - ext4: make sure allocate pending entry not fail
    - ext4: apply umask if ACL support is disabled
    - ext4: correct offset of gdb backup in non meta_bg group to update_backups
    - ext4: mark buffer new if it is unwritten to avoid stale data exposure
    - ext4: correct return value of ext4_convert_meta_bg
    - ext4: correct the start block of counting reserved clusters
    - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
    - ext4: add missed brelse in update_backups
    - ext4: properly sync file size update after O_SYNC direct IO
    - ext4: fix racy may inline data check in dio write
    - drm/amd/pm: Handle non-terminated overdrive commands.
    - drm: bridge: it66121: ->get_edid callback must not return err pointers
    - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block
    - drm/amd/display: Add Null check for DPP resource
    - drm/i915/mtl: Support HBR3 rate with C10 phy and eDP in MTL
    - drm/i915: Bump GLK CDCLK frequency when driving multiple pipes
    - drm/i915: Fix potential spectre vulnerability
    - drm/i915: Flush WC GGTT only on required platforms
    - drm/amd/pm: Fix error of MACO flag setting code
    - drm/amdgpu/smu13: drop compute workload workaround
    - drm/amdgpu: don't use pci_is_thunderbolt_attached()
    - drm/amdgpu: fix GRBM read timeout when do mes_self_test
    - drm/amdgpu: add a retry for IP discovery init
    - drm/amdgpu: don't use ATRM for external devices
    - drm/amdgpu: fix error handling in amdgpu_vm_init
    - drm/amdgpu: fix error handling in amdgpu_bo_list_get()
    - drm/amdgpu: lower CS errors to debug severity
    - drm/amdgpu: Fix possible null pointer dereference
    - drm/amd/display: Guard against invalid RPTR/WPTR being set
    - drm/amd/display: Fix DSC not Enabled on Direct MST Sink
    - drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()
    - drm/amd/display: Enable fast plane updates on DCN3.2 and above
    - drm/amd/display: Clear dpcd_sink_ext_caps if not set
    - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
    - Linux 6.6.3

-- Paolo Pisati <paolo.pisati@canonical.com>  Thu, 30 Nov 2023 09:57:53 +0100

Changed in linux (Ubuntu):
status:	Invalid → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-01-11:

#10

This bug is awaiting verification that the linux-lowlatency-hwe-6.5/6.5.0-14.14.1~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-lowlatency-hwe-6.5' to 'verification-done-jammy-linux-lowlatency-hwe-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-lowlatency-hwe-6.5' to 'verification-failed-jammy-linux-lowlatency-hwe-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-lowlatency-hwe-6.5-v2 verification-needed-jammy-linux-lowlatency-hwe-6.5

Revision history for this message

Georgia Garcia (georgiag) wrote on 2024-01-12:

#11

Verification passed for linux azure. I ran the AppArmor QA Regression Tests [1] and the specific prompting tests [2] which were able to reproduce the issue before.

georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-azure #10-Ubuntu SMP Mon Nov 20 20:14:42 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

georgia@sec-mantic-amd64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root

georgia@sec-mantic-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
.....
----------------------------------------------------------------------
Ran 62 tests in 1300.394s

OK (skipped=3)

[1] https://launchpad.net/qa-regression-testing
[2] https://gitlab.com/georgiag/apparmor/-/tree/prompt-regression-tests

tags:

added: verification-done-mantic-linux-azure
removed: verification-needed-mantic-linux-azure

Revision history for this message

Georgia Garcia (georgiag) wrote on 2024-01-12:

#12

Verification passed for linux gcp. I ran the AppArmor QA Regression Tests [1] and the specific prompting tests [2] which were able to reproduce the issue before.

georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-1010-gcp #10-Ubuntu SMP Fri Nov 17 21:33:36 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

georgia@sec-mantic-amd64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root

georgia@sec-mantic-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
.....
----------------------------------------------------------------------
Ran 62 tests in 1325.124s

OK (skipped=3)

[1] https://launchpad.net/qa-regression-testing
[2] https://gitlab.com/georgiag/apparmor/-/tree/prompt-regression-tests

tags:

added: verification-done-mantic-linux-gcp
removed: verification-needed-mantic-linux-gcp

Revision history for this message

Georgia Garcia (georgiag) wrote on 2024-01-12:

#13

Verification passed for jammy-linux-hwe-6.5. I ran the AppArmor QA Regression Tests [1] and the specific prompting tests [2] which were able to reproduce the issue before.

georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 20 18:15:30 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

georgia@sec-jammy-amd64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root

georgia@sec-jammy-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py

.....
----------------------------------------------------------------------
Ran 62 tests in 1360.734s

OK (skipped=2)

[1] https://launchpad.net/qa-regression-testing
[2] https://gitlab.com/georgiag/apparmor/-/tree/prompt-regression-tests

tags:

added: verification-done-jammy-linux-hwe-6.5
removed: verification-needed-jammy-linux-hwe-6.5

Revision history for this message

Georgia Garcia (georgiag) wrote on 2024-01-12:

#14

Verification passed for jammy-linux-lowlatency-hwe-6.5. I ran the AppArmor QA Regression Tests [1] and the specific prompting tests [2] which were able to reproduce the issue before.

georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-14-lowlatency #14.1~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 22 16:24:11 UTC x86_64 x86_64 x86_64 GNU/Linux

georgia@sec-jammy-amd64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
[sudo] password for georgia:
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root

georgia@sec-jammy-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
.....
----------------------------------------------------------------------
Ran 62 tests in 1366.317s

OK (skipped=2)

[1] https://launchpad.net/qa-regression-testing
[2] https://gitlab.com/georgiag/apparmor/-/tree/prompt-regression-tests

tags:

added: verification-done-jammy-linux-lowlatency-hwe-6.5
removed: verification-needed-jammy-linux-lowlatency-hwe-6.5

Revision history for this message

Georgia Garcia (georgiag) wrote on 2024-01-12:

#15

Verification passed for jammy-linux-nvidia-6.5. I ran the AppArmor QA Regression Tests [1] and the specific prompting tests [2] which were able to reproduce the issue before.

georgia@sec-jammy-amd64:~$ uname -a
Linux sec-jammy-amd64 6.5.0-1007-nvidia #7-Ubuntu SMP PREEMPT_DYNAMIC Wed Dec 6 01:27:37 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

georgia@sec-jammy-amd64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root

georgia@sec-jammy-amd64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
.....
----------------------------------------------------------------------
Ran 62 tests in 1435.853s

OK (skipped=2)

[1] https://launchpad.net/qa-regression-testing
[2] https://gitlab.com/georgiag/apparmor/-/tree/prompt-regression-tests

tags:

added: verification-done-jammy-linux-nvidia-6.5
removed: verification-needed-jammy-linux-nvidia-6.5

Revision history for this message

Georgia Garcia (georgiag) wrote on 2024-01-16:

#16

Download full text (5.2 KiB)

Verification passed for mantic-linux-laptop. I ran the AppArmor QA Regression Tests [1] and the specific prompting tests [2] which were able to reproduce the issue before. The QA Regression Tests that failed were due to a timeout because I'm emulating in my machine, but they pass when the timeout is increased.

georgia@sec-mantic-arm64:~$ uname -a
Linux sec-mantic-arm64 6.5.0-1007-laptop #10-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov
22 20:27:28 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux

georgia@sec-mantic-arm64:~/apparmor/tests/regression/apparmor$ sudo ./prompt.sh
xpass: PROMPT (allow (rule link file l)) - root
xpass: PROMPT (allow (flag link file l)) - root
xpass: PROMPT (allow (rule mmap_exec file rwm)) - root
xpass: PROMPT (allow (flag mmap_exec file rwm)) - root
xpass: PROMPT (allow (rule lock file rwk)) - root
xpass: PROMPT (allow (flag lock file rwk)) - root
xpass: PROMPT (allow (rule exec file rix)) - root
xpass: PROMPT (allow (flag exec file rix)) - root
xpass: PROMPT (allow (rule exec file ux)) - root
xpass: PROMPT (allow (flag exec file ux)) - root

georgia@sec-mantic-arm64:~/qrt-test-apparmor$ sudo ./test-apparmor.py
ERROR: test_dbus (__main__.ApparmorTest.test_dbus)
Test dbus apparmor activation from dbus-tests
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/georgia/qrt-test-apparmor/./test-apparmor.py", line 719, in test_dbus
    rc, report = testlib.cmd(['/usr/lib/dbus-1.0/installed-tests/dbus/test-apparmor-activation.sh'],
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/georgia/qrt-test-apparmor/testlib.py", line 471, in cmd
    out, outerr = sp.communicate(input, timeout=timeout)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 1209, in communicate
    stdout, stderr = self._communicate(input, endtime, timeout)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 2109, in _communicate
    self._check_timeout(endtime, orig_timeout, stdout, stderr)
  File "/usr/lib/python3.11/subprocess.py", line 1253, in _check_timeout
    raise TimeoutExpired(
subprocess.TimeoutExpired: Command '['/usr/lib/dbus-1.0/installed-tests/dbus/test-apparmor-activation.sh']' timed out after 5 seconds

---------------------------------------------------------------------

running attach_disconnected
Fatal Error (unix_fd_server): Unable to run test sub-executable

PASSED: aa_exec access at_secure introspect capabilities changeprofile onexec changehat changehat_fork changehat_misc chdir clone coredump deleted e2e environ exec exec_qual fchdir fd_inheritance fork i18n link link_subset mkdir mmap mount mult_mount named_pipe namespaces net_raw open openat pipe pivot_root posix_ipc ptrace pwrite query_label regex rename readdir rw socketpair swap sd_flags setattr symlink syscall sysv_ipc tcp unix_fd_server unix_socket_pathname unix_socket_abstract unix_socket_unnamed unix_socket_autobind unlink userns xattrs xattrs_profile longpath nfs dbus_eavesdrop dbus_message dbus_service dbus_unrequested_reply io_uri...

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Undecided	Unassigned
	Mantic	Fix Committed	Undecided	John Johansen

Ubuntu
linux package

AppArmor spams kernel log with assert when auditing

Bug Description

Other bug subscribers

Remote bug watches

Ubuntulinux package

AppArmor spams kernel log with assert when auditing

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package