This bug is awaiting verification that the linux- nvidia-6.14/6.14.0-1011.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux- nvidia-6.14' to 'verification-done-noble-linux-nvidia-6.14'. If the problem still exists, change the tag 'verification-needed-noble-linux- nvidia-6.14' to 'verification-failed-noble-linux-nvidia-6.14'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-noble-linux-nvidia-6.14-v2 verification-needed-noble-linux-nvidia-6.14 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2120233 Title: kernel panic when reloading apparmor 5.0.0 profiles Status in linux package in Ubuntu: Fix Released Status in linux source package in Plucky: Fix Released Status in linux source package in Questing: Fix Released Bug description: SRU Justification: [Impact] Profile loads containing the attach_disconnected.path policy flag can cause the kernel to panic if such a profile is loaded into the kernel and subsequently replaced or removed. [Fix] Apply attached patch UBUNTU: SAUCE: apparmor5.0.0 [94/93]: apparmor: prevent pro file->disconnected double free in aa_free_profile [Test Plan] download attached file trigger-lp2120233.profile and run the following script. The loop is not necessarily needed to trigger the bug, it will often trigger immediately. However because it is a double free, unless memory debugging is enable it may not trigger immediately. Looping however can reliably trigger it. for i in 1 2 3 4 5; do ; sudo apparmor_parser -r trigger-lp2120233.profile sudo apparmor_parser -R trigger-lp2120233.profile done The apparmor_parser -R step will trigger the a kernel ops/panic. If the kernel is patched there shouldn't be an oops. [Where problems could occur] The bug can be triggered by any action that replaces a profile with the attach_disconnected.path policy flag. Currently this would be: - the lsof profile in apparmor 5.0 - custom created profiles containing the attach_disconnected.path policy flag. Once a profile with the above flag is set. Any action causing profile replacement/removal of the profile will trigger the bug. This includes - manually replacing/removing profiles via the apparmor_parser - systemctl restart apparmor - upgrading apparmor_5.0.0~alpha1-0ubuntu1 to an apparmor_package that is not aware of the issue. - release upgrading between plucky & questing if a profile with the problematic attach_disconnected.path policy flag has been loaded (not the case with default policy). - running the qa-regression-testing suit [Other Info] Installing, or upgrading the kernel should not cause the bug to trigger. Shutting down, or reboot the system should not trigger the bug because apparmor does not unload profiles during systemctl stop apparmor. This bug can be triggered by the qa-regression-testing suit. If a profile containing attach_disconnected.path is present in /etc/apparmor.d/ even when the profile is disabled because the qa- regression-testing suit will attempt to enable and test all disabled profiles. There is a separate fix being applied to qa-regression-testing to ensure it doesn't trigger this bug. ------------------------------------------------- [Original Bug Description] Boot questing with current kernel 6.14 and apparmor 5.0.0~alpha1-0ubuntu1 Issue "sudo systemctl apparmor reload" (or restart) Experience kernel panic. ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: linux-image-6.15.0-4-generic 6.15.0-4.4 ProcVersionSignature: Ubuntu 6.15.0-4.4-generic 6.15.0 Uname: Linux 6.15.0-4-generic x86_64 AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Aug 9 16:14 seq crw-rw---- 1 root audio 116, 33 Aug 9 16:14 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.33.1-0ubuntu1 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: N/A CasperMD5CheckResult: unknown CloudArchitecture: x86_64 CloudBuildName: server CloudID: lxd CloudName: lxd CloudPlatform: lxd CloudSerial: 20250802 CloudSubPlatform: LXD socket API v. 1.0 (/dev/lxd/sock) Date: Sat Aug 9 16:14:22 2025 Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Lsusb-t: /: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 480M /: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/8p, 5000M MachineType: QEMU Standard PC (Q35 + ICH9, 2009) PciMultimedia: ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color ProcFB: 0 virtio_gpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.15.0-4-generic root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyS0 RelatedPackageVersions: linux-restricted-modules-6.15.0-4-generic N/A linux-backports-modules-6.15.0-4-generic N/A linux-firmware N/A RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 2/2/2022 dmi.bios.release: 0.0 dmi.bios.vendor: EDK II dmi.bios.version: unknown dmi.board.name: LXD dmi.board.vendor: Canonical Ltd. dmi.board.version: pc-q35-8.2 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-q35-8.2 dmi.modalias: dmi:bvnEDKII:bvrunknown:bd2/2/2022:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-8.2:rvnCanonicalLtd.:rnLXD:rvrpc-q35-8.2:cvnQEMU:ct1:cvrpc-q35-8.2:sku: dmi.product.name: Standard PC (Q35 + ICH9, 2009) dmi.product.version: pc-q35-8.2 dmi.sys.vendor: QEMU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2120233/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
