Info from release sync: Fixed in 6.17 (but it didn't have the bug link).
Since https://launchpad.net/ubuntu/+source/linux/6.17.0-3.3 is in
-release and https://launchpad.net/ubuntu/+source/linux/6.17.0-4.4 soon
to follow this should be considered done in questing.
** Changed in: linux (Ubuntu Questing)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2120233
Title:
kernel panic when reloading apparmor 5.0.0 profiles
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Plucky:
Fix Committed
Status in linux source package in Questing:
Fix Released
Bug description:
SRU Justification:
[Impact]
Profile loads containing the attach_disconnected.path policy flag can
cause the kernel to panic if such a profile is loaded into the kernel
and subsequently replaced or removed.
[Fix]
Apply attached patch
UBUNTU: SAUCE: apparmor5.0.0 [94/93]: apparmor: prevent pro
file->disconnected double free in aa_free_profile
[Test Plan]
download attached file trigger-lp2120233.profile and run the following script.
The loop is not necessarily needed to trigger the bug, it will often trigger
immediately. However because it is a double free, unless memory debugging is
enable it may not trigger immediately. Looping however can reliably trigger it.
for i in 1 2 3 4 5; do ;
sudo apparmor_parser -r trigger-lp2120233.profile
sudo apparmor_parser -R trigger-lp2120233.profile
done
The apparmor_parser -R step will trigger the a kernel ops/panic. If
the kernel is patched there shouldn't be an oops.
[Where problems could occur]
The bug can be triggered by any action that replaces a profile with the
attach_disconnected.path policy flag. Currently this would be:
- the lsof profile in apparmor 5.0
- custom created profiles containing the attach_disconnected.path policy flag.
Once a profile with the above flag is set. Any action causing profile
replacement/removal of the profile will trigger the bug. This includes
- manually replacing/removing profiles via the apparmor_parser
- systemctl restart apparmor
- upgrading apparmor_5.0.0~alpha1-0ubuntu1 to an apparmor_package that is
not aware of the issue.
- release upgrading between plucky & questing if a profile with the
problematic attach_disconnected.path policy flag has been loaded (not the case
with default policy).
- running the qa-regression-testing suit
[Other Info]
Installing, or upgrading the kernel should not cause the bug to
trigger.
Shutting down, or reboot the system should not trigger the bug because
apparmor does not unload profiles during systemctl stop apparmor.
This bug can be triggered by the qa-regression-testing suit. If a
profile containing attach_disconnected.path is present in
/etc/apparmor.d/ even when the profile is disabled because the qa-
regression-testing suit will attempt to enable and test all disabled
profiles.
There is a separate fix being applied to qa-regression-testing to
ensure it doesn't trigger this bug.
-------------------------------------------------
[Original Bug Description]
Boot questing with current kernel 6.14 and apparmor
5.0.0~alpha1-0ubuntu1
Issue "sudo systemctl apparmor reload" (or restart)
Experience kernel panic.
ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: linux-image-6.15.0-4-generic 6.15.0-4.4
ProcVersionSignature: Ubuntu 6.15.0-4.4-generic 6.15.0
Uname: Linux 6.15.0-4-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Aug 9 16:14 seq
crw-rw---- 1 root audio 116, 33 Aug 9 16:14 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.33.1-0ubuntu1
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CRDA: N/A
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudBuildName: server
CloudID: lxd
CloudName: lxd
CloudPlatform: lxd
CloudSerial: 20250802
CloudSubPlatform: LXD socket API v. 1.0 (/dev/lxd/sock)
Date: Sat Aug 9 16:14:22 2025
Lsusb:
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Lsusb-t:
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 480M
/: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 5000M
MachineType: QEMU Standard PC (Q35 + ICH9, 2009)
PciMultimedia:
ProcEnviron:
LANG=C.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
ProcFB: 0 virtio_gpudrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.15.0-4-generic
root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyS0
RelatedPackageVersions:
linux-restricted-modules-6.15.0-4-generic N/A
linux-backports-modules-6.15.0-4-generic N/A
linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 2/2/2022
dmi.bios.release: 0.0
dmi.bios.vendor: EDK II
dmi.bios.version: unknown
dmi.board.name: LXD
dmi.board.vendor: Canonical Ltd.
dmi.board.version: pc-q35-8.2
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-q35-8.2
dmi.modalias:
dmi:bvnEDKII:bvrunknown:bd2/2/2022:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-8.2:rvnCanonicalLtd.:rnLXD:rvrpc-q35-8.2:cvnQEMU:ct1:cvrpc-q35-8.2:sku:
dmi.product.name: Standard PC (Q35 + ICH9, 2009)
dmi.product.version: pc-q35-8.2
dmi.sys.vendor: QEMU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2120233/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
