oops on karmic when reloading apparmor

Bug #408454 reported by Marc Deslauriers on 2009-08-03
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Linux
Invalid
Undecided
Unassigned
linux (Ubuntu)
High
John Johansen

Bug Description

Binary package hint: apparmor

Running the following on karmic:

AppArmor: 2.3.1+1403-0ubuntu7
Kernel: 2.6.31-4.23

When reloading apparmor with /etc/init.d/apparmor force-reload, I get the following:

[ 351.396672] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 351.396689] IP: [<ffffffff8140718a>] next_profile+0x1a/0xd0
[ 351.396730] PGD c00a067 PUD 299b067 PMD 0
[ 351.396733] Oops: 0000 [#1] SMP
[ 351.396735] last sysfs file: /sys/devices/pci0000:00/0000:00:05.0/class
[ 351.396744] CPU 0
[ 351.396748] Modules linked in: binfmt_misc ppdev lp parport psmouse serio_raw virtio_console i2c_piix4 virtio_balloon pcspkr virtio_pci virtio_ring virtio e1000 floppy fbcon tileblit font bitblit softcursor i915 drm i2c_algo_bit video output intel_agp
[ 351.396770] Pid: 3128, comm: cat Not tainted 2.6.31-4-generic #23-Ubuntu
[ 351.396772] RIP: 0010:[<ffffffff8140718a>] [<ffffffff8140718a>] next_profile+0x1a/0xd0
[ 351.396776] RSP: 0018:ffff8800029d1e48 EFLAGS: 00010287
[ 351.396778] RAX: fffffffffffffff0 RBX: ffff8800029e4080 RCX: 0000000000000002
[ 351.396779] RDX: ffff880017420030 RSI: ffff880017420010 RDI: ffff880017420010
[ 351.396781] RBP: ffff8800029d1e58 R08: 0000000000000073 R09: 0000000000001000
[ 351.396786] R10: 00007fff4e6662f0 R11: 0000000000000246 R12: ffff880006e1ec00
[ 351.396787] R13: ffff880017420010 R14: 00000000000001dc R15: ffff8800029d1ea8
[ 351.396794] FS: 00007fee8678f6f0(0000) GS:ffff8800019bf000(0000) knlGS:0000000000000000
[ 351.396796] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 351.396798] CR2: 0000000000000000 CR3: 000000001585d000 CR4: 00000000000006b0
[ 351.396807] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 351.396814] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 351.396816] Process cat (pid: 3128, threadinfo ffff8800029d0000, task ffff8800092b2d60)
[ 351.396817] Stack:
[ 351.396818] ffff8800029d1e68 ffff8800029e4080 ffff8800029d1e68 ffffffff81407250
[ 351.396824] <0> ffff8800029d1ee8 ffffffff8113506a ffff88000299b068 0000000001bd3000
[ 351.396827] <0> ffff8800029e40b8 ffff8800029d1f48 0000000000008000 0000000000000000
[ 351.396830] Call Trace:
[ 351.396834] [<ffffffff81407250>] p_next+0x10/0x20
[ 351.396855] [<ffffffff8113506a>] seq_read+0x24a/0x3f0
[ 351.396871] [<ffffffff81118475>] vfs_read+0xb5/0x1a0
[ 351.396888] [<ffffffff8151fd64>] ? do_page_fault+0x194/0x370
[ 351.396891] [<ffffffff81118a7c>] sys_read+0x4c/0x80
[ 351.396904] [<ffffffff81011fc2>] system_call_fastpath+0x16/0x1b
[ 351.396906] Code: 00 48 c7 c2 9e 1a 71 81 eb d8 0f 1f 80 00 00 00 00 55 48 8d 57 20 48 89 e5 53 48 83 ec 08 48 8b 47 20 48 39 c2 74 35 48 83 e8 10 <48> 8b 50 10 0f 18 0a 48 83 c4 08 5b c9 c3 0f 1f 84 00 00 00 00
[ 351.396927] RIP [<ffffffff8140718a>] next_profile+0x1a/0xd0
[ 351.396930] RSP <ffff8800029d1e48>
[ 351.396932] CR2: 0000000000000000
[ 351.396945] ---[ end trace 56cefc00c0a9a772 ]---
[ 357.766102] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 357.766107] IP: [<ffffffff8140718a>] next_profile+0x1a/0xd0
[ 357.766120] PGD c00b067 PUD 1585c067 PMD 0
[ 357.766124] Oops: 0000 [#2] SMP
[ 357.766126] last sysfs file: /sys/devices/pci0000:00/0000:00:05.0/class
[ 357.766129] CPU 0
[ 357.766131] Modules linked in: binfmt_misc ppdev lp parport psmouse serio_raw virtio_console i2c_piix4 virtio_balloon pcspkr virtio_pci virtio_ring virtio e1000 floppy fbcon tileblit font bitblit softcursor i915 drm i2c_algo_bit video output intel_agp
[ 357.766148] Pid: 3137, comm: aa-status Tainted: G D 2.6.31-4-generic #23-Ubuntu
[ 357.766150] RIP: 0010:[<ffffffff8140718a>] [<ffffffff8140718a>] next_profile+0x1a/0xd0
[ 357.766154] RSP: 0018:ffff880006dc7e48 EFLAGS: 00010287
[ 357.766189] RAX: fffffffffffffff0 RBX: ffff8800029e4000 RCX: 0000000000000002
[ 357.766192] RDX: ffff880017420030 RSI: ffff880017420010 RDI: ffff880017420010
[ 357.766193] RBP: ffff880006dc7e58 R08: 0000000000000073 R09: 0000000000001000
[ 357.766195] R10: 0000000000000000 R11: 0000000000000246 R12: ffff880006e1e540
[ 357.766197] R13: ffff880017420010 R14: 00000000000001dc R15: ffff880006dc7ea8
[ 357.766205] FS: 00007f9b898cb6f0(0000) GS:ffff8800019bf000(0000) knlGS:0000000000000000
[ 357.766208] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 357.766209] CR2: 0000000000000000 CR3: 000000001585e000 CR4: 00000000000006b0
[ 357.766217] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 357.766232] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 357.766234] Process aa-status (pid: 3137, threadinfo ffff880006dc6000, task ffff8800092b2d60)
[ 357.766236] Stack:
[ 357.766237] ffff880006dc7e68 ffff8800029e4000 ffff880006dc7e68 ffffffff81407250
[ 357.766240] <0> ffff880006dc7ee8 ffffffff8113506a 0000000000000000 0000000001a83c50
[ 357.766243] <0> ffff8800029e4038 ffff880006dc7f48 0000000000001000 0000000000000000
[ 357.766247] Call Trace:
[ 357.766251] [<ffffffff81407250>] p_next+0x10/0x20
[ 357.766255] [<ffffffff8113506a>] seq_read+0x24a/0x3f0
[ 357.766259] [<ffffffff81118475>] vfs_read+0xb5/0x1a0
[ 357.766261] [<ffffffff81118a7c>] sys_read+0x4c/0x80
[ 357.766264] [<ffffffff8112693b>] ? sys_fcntl+0x6b/0x90
[ 357.766269] [<ffffffff81011fc2>] system_call_fastpath+0x16/0x1b
[ 357.766270] Code: 00 48 c7 c2 9e 1a 71 81 eb d8 0f 1f 80 00 00 00 00 55 48 8d 57 20 48 89 e5 53 48 83 ec 08 48 8b 47 20 48 39 c2 74 35 48 83 e8 10 <48> 8b 50 10 0f 18 0a 48 83 c4 08 5b c9 c3 0f 1f 84 00 00 00 00
[ 357.766294] RIP [<ffffffff8140718a>] next_profile+0x1a/0xd0
[ 357.766297] RSP <ffff880006dc7e48>
[ 357.766298] CR2: 0000000000000000
[ 357.766301] ---[ end trace 56cefc00c0a9a773 ]---

If I do a reload a second time, the machine hangs.

Jamie Strandboge (jdstrand) wrote :

I'm seeing this on an i386 machine, but not my amd64.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Marc Deslauriers (mdeslaur) wrote :

This bug is a blocker for my spec:

https://wiki.ubuntu.com/SecurityTeam/Specifications/ApacheAppArmorSpec

This bug seems to be fixed by John Johansen's test kernel (/home/jj/linux-image-2.6.31-6-generic_2.6.31-6.26_amd64.deb).

(I have not tried on i386...)

Changed in apparmor (Ubuntu):
status: Confirmed → In Progress
Changed in linux:
status: New → In Progress
Jamie Strandboge (jdstrand) wrote :

I tested John's updated kernel on my i386 and it works great, no more oops. :)

Jamie Strandboge (jdstrand) wrote :

I tested John's newly updated -9 kernel on i386 and amd64 and no oops.

affects: apparmor (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
importance: Undecided → High
tags: added: regression-potential
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.31-10.30

---------------
linux (2.6.31-10.30) karmic; urgency=low

  [ Amit Kucheria ]

  * [Config] Enable CONFIG_USB_DEVICEFS
    - LP: #417748
  * [Config] Populate the config-update template a bit more

  [ Andy Whitcroft ]

  * rebase to v2.6.31-rc9
  * [Config] update configs following rebase to v2.6.31-rc9
  * [Config] update ports configs following rebase to v2.6.31-rc9

  [ Colin Ian King ]

  * SAUCE: wireless: hostap, fix oops due to early probing interrupt
    - LP: #254837

  [ Jerone Young ]

  * [Upstream] ACPI: Add Thinkpad T400 & Thinkpad T500 to OSI(Linux)
    white-list
    - LP: #281732
  * [Upstream] ACPI: Add Thinkpad X200, X200s, X200t to OSI(Linux)
    white-list
    - LP: #281732
  * [Upstream] ACPI: Add Thinkpad X300 & Thinkpad X301 to OSI(Linux)
    white-list
    - LP: #281732
  * [Upstream] ACPI: Add Thinkpad R400 & Thinkpad R500 to OSI(Linux)
    white-list
    - LP: #281732
  * [Upstream] ACPI: Add Thinkpad W500, W700, & W700ds to OSI(Linux)
    white-list
    - LP: #281732

  [ John Johansen ]

  * SAUCE: AppArmor: Fix profile attachment for regexp based profile names
    - LP: #419308
  * SAUCE: AppArmor: Return the correct error codes on profile
    addition/removal
    - LP: #408473
  * SAUCE: AppArmor: Fix OOPS in profile listing, and display full list
    - LP: #408454
  * SAUCE: AppArmor: Fix mapping of pux to new internal permission format
    - LP: #419222
  * SAUCE: AppArmor: Fix change_profile failure
    - LP: #401931
  * SAUCE: AppArmor: Tell git to ignore generated include files
    - LP: #419505

  [ Stefan Bader ]

  * [Upstream] acpi: video: Loosen strictness of video bus detection code
    - LP: #333386
  * SAUCE: Remove ov511 driver from ubuntu subdirectory

  [ Tim Gardner ]

  * [Config] Exclude char-modules from non-x86 udeb creation
  * SAUCE: Notify the ACPI call chain of AC events
  * [Config] CONFIG_SATA_VIA=m
    - LP: #403385
  * [Config] Build in all phylib support modules.
  * [Config] Don't fail when sub-flavour files are missing
    - LP: #423426
  * [Config] Set CONFIG_LSM_MMAP_MIN_ADDR=0
    - LP: #423513

  [ Upstream ]

  * Rebased against v2.6.31-rc9

 -- Andy Whitcroft <email address hidden> Mon, 07 Sep 2009 11:33:45 +0100

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Changed in linux:
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers