root@zeus:~# uname -a
Linux zeus 4.4.0-22-generic #40+lp1581990 SMP Wed May 25 10:18:37 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
root@zeus:~# aa-status
apparmor module is loaded.
48 profiles are loaded.
12 profiles are in enforce mode.
/sbin/dhclient
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/chromium-browser/chromium-browser//browser_java
/usr/lib/chromium-browser/chromium-browser//browser_openjdk
/usr/lib/chromium-browser/chromium-browser//sanitized_helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/libvirt/virt-aa-helper
/usr/sbin/libvirtd
/usr/sbin/mysqld
/usr/sbin/ntpd
/usr/sbin/tcpdump
36 profiles are in complain mode.
/usr/lib/chromium-browser/chromium-browser
/usr/lib/chromium-browser/chromium-browser//chromium_browser_sandbox
/usr/lib/chromium-browser/chromium-browser//lsb_release
/usr/lib/chromium-browser/chromium-browser//xdgsettings
/usr/lib/dovecot/anvil
/usr/lib/dovecot/auth
/usr/lib/dovecot/config
/usr/lib/dovecot/deliver
/usr/lib/dovecot/dict
/usr/lib/dovecot/dovecot-auth
/usr/lib/dovecot/dovecot-lda
/usr/lib/dovecot/dovecot-lda///usr/sbin/sendmail
/usr/lib/dovecot/imap
/usr/lib/dovecot/imap-login
/usr/lib/dovecot/lmtp
/usr/lib/dovecot/log
/usr/lib/dovecot/managesieve
/usr/lib/dovecot/managesieve-login
/usr/lib/dovecot/pop3
/usr/lib/dovecot/pop3-login
/usr/lib/dovecot/ssl-params
/usr/sbin/avahi-daemon
/usr/sbin/dnsmasq
/usr/sbin/dnsmasq//libvirt_leaseshelper
/usr/sbin/identd
/usr/sbin/mdnsd
/usr/sbin/nmbd
/usr/sbin/nscd
/usr/sbin/smbd
/usr/sbin/smbldap-useradd
/usr/sbin/smbldap-useradd///etc/init.d/nscd
/usr/{sbin/traceroute,bin/traceroute.db}
/{usr/,}bin/ping
klogd
syslog-ng
syslogd
5 processes have profiles defined.
2 processes are in enforce mode.
/usr/sbin/libvirtd (1808)
/usr/sbin/mysqld (1852)
3 processes are in complain mode.
/usr/lib/dovecot/anvil (1863)
/usr/lib/dovecot/config (1866)
/usr/lib/dovecot/log (1864)
0 processes are unconfined but have a profile defined.
root@zeus:~# apparmor_parser -r /etc/apparmor.d/usr.lib.dovecot.anvil
- no problems -
root@zeus:~# apparmor_parser -r /etc/apparmor.d/usr.lib.dovecot.auth
- no problems -
root@zeus:~# apparmor_parser -r /etc/apparmor.d/usr.lib.dovecot.imap
- Oops! -
root@zeus:~# dmesg
[...]
[ 143.968692] audit_printk_skb: 66 callbacks suppressed
[ 143.968700] audit: type=1400 audit(1464277001.464:92): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="/usr/lib/dovecot/anvil"
pid=2595 comm="apparmor_parser"
[ 149.546021] audit: type=1400 audit(1464277007.040:93): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="/usr/lib/dovecot/auth"
pid=2597 comm="apparmor_parser"
[ 153.073738] audit: type=1400 audit(1464277010.568:94): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="/usr/lib/dovecot/imap"
pid=2601 comm="apparmor_parser"
[ 153.073793] BUG: unable to handle kernel NULL pointer dereference at
0000000000000038
[ 153.082065] IP: [<ffffffff8138e1ec>] __aa_labelset_update_subtree+0x12c/0x3e0
[ 153.089123] PGD 213973067 PUD 20c79d067 PMD 0
[ 153.095083] Oops: 0000 [#1] SMP
[ 153.100578] Modules linked in: ebtable_filter ebtables bridge stp llc
rc_technisat_ts35 tda10023 tda10021 intel_rapl x86_pkg_temp_thermal
intel_powerclamp coretemp serio_raw mantis mantis_core dvb_core
snd_hda_codec_hdmi rc_core lpc_ich shpchp snd_hda_codec_realtek input_leds
snd_hda_codec_generic snd_soc_rt5640 snd_soc_rl6231 snd_soc_ssm4567
snd_soc_core mei_me snd_hda_intel mei snd_hda_codec snd_compress snd_hda_core
ac97_bus snd_pcm_dmaengine snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event
8250_fintek snd_rawmidi snd_seq snd_seq_device snd_timer snd elan_i2c dw_dmac
dw_dmac_core soundcore snd_soc_sst_acpi 8250_dw i2c_designware_platform
i2c_designware_core spi_pxa2xx_platform acpi_pad tpm_infineon mac_hid kvm_intel
kvm irqbypass nf_log_ipv6 xt_hl ip6t_rt nf_conntrack_ipv6 nf_defrag_ipv6
ip6t_REJECT
[ 153.106750] nf_reject_ipv6 xt_comment nf_log_ipv4 nf_log_common xt_LOG
xt_multiport xt_tcpudp xt_limit xt_addrtype nf_conntrack_ipv4 nf_defrag_ipv4
xt_conntrack ipt_REJECT nf_reject_ipv4 ip6table_filter ip6_tables nf_nat_ftp
nf_nat nf_conntrack_ftp nf_conntrack iptable_filter ip_tables x_tables autofs4
drbg ansi_cprng algif_skcipher af_alg dm_crypt hid_logitech_hidpp
hid_logitech_dj hid_generic uas usb_storage usbhid i915 i2c_algo_bit
crct10dif_pclmul crc32_pclmul drm_kms_helper syscopyarea e1000e ahci ptp
aesni_intel sysfillrect sysimgblt fb_sys_fops aes_x86_64 lrw gf128mul psmouse
glue_helper ablk_helper drm cryptd libahci pps_core video sdhci_acpi i2c_hid
sdhci hid fjes
[ 153.123594] CPU: 1 PID: 2601 Comm: apparmor_parser Not tainted
4.4.0-22-generic #40+lp1581990
[ 153.128866] Hardware name: Gigabyte Technology Co., Ltd. H97-D3H/H97-D3H-CF,
BIOS F3 MX 05/26/2014
[ 153.134156] task: ffff8800d40dd280 ti: ffff88020d31c000 task.ti:
ffff88020d31c000
[ 153.139183] RIP: 0010:[<ffffffff8138e1ec>] [<ffffffff8138e1ec>]
__aa_labelset_update_subtree+0x12c/0x3e0
[ 153.144119] RSP: 0018:ffff88020d31fd50 EFLAGS: 00010046
[ 153.148830] RAX: 0000000000000000 RBX: ffff8802160ff2a0 RCX: 0000000000000000
[ 153.153554] RDX: 00000000000000ff RSI: 0000000000000002 RDI: ffff8802160ff2a0
[ 153.158279] RBP: ffff88020d31fd98 R08: ffff88021ea99fc0 R09: ffff880216001900
[ 153.162788] R10: ffff8800d19c1200 R11: 0000000000000399 R12: ffff8800d19c1200
[ 153.167252] R13: ffff88020d2b6080 R14: ffff88020d2b6088 R15: ffff88020d2b60d0
[ 153.171677] FS: 00007f849665a740(0000) GS:ffff88021ea80000(0000)
knlGS:0000000000000000
[ 153.175921] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 153.180167] CR2: 0000000000000038 CR3: 000000020e81d000 CR4: 00000000001406e0
[ 153.184418] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 153.188669] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 153.192804] Stack:
[ 153.196808] ffff8802160ff200 ffff8802160ff2a8 0000000000000286
ffff8802160ff2a0
[ 153.200832] ffff8802160ff200 ffff88020d31fe28 ffff880210398000
ffff88020d31fe28
[ 153.204851] ffff88020d31fe28 ffff88020d31fe68 ffffffff8138143b
ffffffff811ec67e
[ 153.208779] Call Trace:
[ 153.212594] [<ffffffff8138143b>] aa_replace_profiles+0x59b/0xbc0
[ 153.216411] [<ffffffff811ec67e>] ? __kmalloc+0x22e/0x250
[ 153.220159] [<ffffffff8137614f>] policy_update+0x9f/0x1f0
[ 153.223791] [<ffffffff813762b3>] profile_replace+0x13/0x20
[ 153.227416] [<ffffffff8120c0a8>] __vfs_write+0x18/0x40
[ 153.231027] [<ffffffff8120ca39>] vfs_write+0xa9/0x1a0
[ 153.234627] [<ffffffff8120b9cf>] ? do_sys_open+0x1bf/0x2a0
[ 153.238231] [<ffffffff8120d6f5>] SyS_write+0x55/0xc0
[ 153.241702] [<ffffffff818250b2>] entry_SYSCALL_64_fastpath+0x16/0x71
[ 153.245143] Code: 46 44 49 8b 44 c7 f8 48 8b 40 38 48 05 a0 00 00 00 48 89
c7 48 89 45 d0 e8 52 6a 49 00 48 89 45 c8 49 63 44 24 4c 49 8b 44 c4 48 <48> 8b
78 38 49 63 46 44 49 8b 44 c7 f8 48 39 78 38 0f 85 a7 01
[ 153.248744] RIP [<ffffffff8138e1ec>]
__aa_labelset_update_subtree+0x12c/0x3e0
[ 153.252255] RSP <ffff88020d31fd50>
[ 153.255729] CR2: 0000000000000038
[ 153.259079] ---[ end trace d12284ada0057392 ]---
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1581990
Title:
Profile reload leads to kernel NULL pointer dereference
Status in apparmor package in Ubuntu:
New
Bug description:
Ubuntu 16.04 LTS
Linux zeus 4.4.0-22-generic #39-Ubuntu SMP Thu May 5 16:53:32 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Apparmor packages 2.10.95-0ubuntu2.
When I do a "apparmor_parser -r /etc/apparmor.d/usr.lib.dovecot.anvil"
followed by a "apparmor_parser -r
/etc/apparmor.d/usr.lib.dovecot.auth" it hangs and the kernel
complains:
audit: type=1400 audit(1463327049.301:13641): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="/usr/lib/dovecot/anvil"
pid=13236 comm="apparmor_parser"
------------[ cut here ]------------
WARNING: CPU: 3 PID: 13236 at
/build/linux-UbQGH5/linux-4.4.0/security/apparmor/label.c:142
profile_cmp+0xed/0x180()
AppArmor WARN profile_cmp: ((!b)):
Modules linked in:
ebtable_filter ebtables bridge stp llc rc_technisat_ts35 tda10023 tda10021
intel_rapl x86_pkg_temp_thermal intel_powerclamp mantis coretemp mantis_core
dvb_core serio_raw snd_hda_codec_hdmi snd_hda_codec_realtek
snd_hda_codec_generic rc_core input_leds mei_me lpc_ich snd_hda_intel shpchp
snd_hda_codec mei snd_soc_rt5640 snd_soc_ssm4567 snd_soc_rl6231 snd_soc_core
snd_hda_core snd_hwdep snd_compress snd_seq_midi ac97_bus snd_seq_midi_event
snd_pcm_dmaengine 8250_fintek snd_rawmidi snd_pcm snd_seq elan_i2c
snd_seq_device dw_dmac dw_dmac_core snd_timer snd_soc_sst_acpi snd 8250_dw
i2c_designware_platform tpm_infineon soundcore spi_pxa2xx_platform
i2c_designware_core acpi_pad mac_hid kvm_intel kvm irqbypass nf_log_ipv6 xt_hl
ip6t_rt nf_conntrack_ipv6 nf_defrag_ipv6 ip6t_REJECT nf_reject_ipv6
xt_comment nf_log_ipv4 nf_log_common xt_LOG xt_multiport xt_tcpudp xt_limit
xt_addrtype nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack ipt_REJECT
nf_reject_ipv4 ip6table_filter ip6_tables nf_nat_ftp nf_nat nf_conntrack_ftp
nf_conntrack iptable_filter ip_tables x_tables autofs4 drbg ansi_cprng
algif_skcipher af_alg hid_generic usbhid dm_crypt i915 crct10dif_pclmul
crc32_pclmul i2c_algo_bit drm_kms_helper e1000e syscopyarea aesni_intel
aes_x86_64 ptp lrw uas gf128mul sysfillrect sysimgblt ahci glue_helper
fb_sys_fops ablk_helper sdhci_acpi libahci cryptd pps_core drm usb_storage
video i2c_hid sdhci hid fjes
CPU: 3 PID: 13236 Comm: apparmor_parser Not tainted 4.4.0-22-generic
#39-Ubuntu
Hardware name: Gigabyte Technology Co., Ltd. H97-D3H/H97-D3H-CF, BIOS F3 MX
05/26/2014
0000000000000086 000000000171a3d1 ffff880211cb3c00 ffffffff813e9c53
ffff880211cb3c48 ffffffff81cec6e0 ffff880211cb3c38 ffffffff81080fb2
ffff880213608400 0000000000000000 0000000000000008 0000000000000000
Call Trace:
[<ffffffff813e9c53>] dump_stack+0x63/0x90
[<ffffffff81080fb2>] warn_slowpath_common+0x82/0xc0
[<ffffffff8108104c>] warn_slowpath_fmt+0x5c/0x80
[<ffffffff813f86e0>] ? u32_swap+0x10/0x10
[<ffffffff813891dd>] profile_cmp+0xed/0x180
[<ffffffff8138a2f3>] aa_vec_unique+0x163/0x240
[<ffffffff8138e567>] __aa_labelset_update_subtree+0x687/0x820
[<ffffffff8138142b>] aa_replace_profiles+0x59b/0xb70
[<ffffffff811ec67e>] ? __kmalloc+0x22e/0x250
[<ffffffff8137614f>] policy_update+0x9f/0x1f0
[<ffffffff813762b3>] profile_replace+0x13/0x20
[<ffffffff8120c0a8>] __vfs_write+0x18/0x40
[<ffffffff8120ca39>] vfs_write+0xa9/0x1a0
[<ffffffff8120b9cf>] ? do_sys_open+0x1bf/0x2a0
[<ffffffff8120d6f5>] SyS_write+0x55/0xc0
[<ffffffff818252f2>] entry_SYSCALL_64_fastpath+0x16/0x71
---[ end trace 4507a2efab029c8e ]---
BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
IP: [<ffffffff8138911f>] profile_cmp+0x2f/0x180
PGD 20dd58067 PUD 21236c067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: ebtable_filter ebtables bridge stp llc rc_technisat_ts35
tda10023 tda10021 intel_rapl x86_pkg_temp_thermal intel_powerclamp mantis
coretemp mantis_core dvb_core serio_raw snd_hda_codec_hdmi
snd_hda_codec_realtek snd_hda_codec_generic rc_core input_leds mei_me lpc_ich
snd_hda_intel shpchp snd_hda_codec mei snd_soc_rt5640 snd_soc_ssm4567
snd_soc_rl6231 snd_soc_core snd_hda_core snd_hwdep snd_compress snd_seq_midi
ac97_bus snd_seq_midi_event snd_pcm_dmaengine 8250_fintek snd_rawmidi snd_pcm
snd_seq elan_i2c snd_seq_device dw_dmac dw_dmac_core snd_timer snd_soc_sst_acpi
snd 8250_dw i2c_designware_platform tpm_infineon soundcore spi_pxa2xx_platform
i2c_designware_core acpi_pad mac_hid kvm_intel kvm irqbypass nf_log_ipv6 xt_hl
ip6t_rt nf_conntrack_ipv6 nf_defrag_ipv6 ip6t_REJECT
nf_reject_ipv6 xt_comment nf_log_ipv4 nf_log_common xt_LOG xt_multiport
xt_tcpudp xt_limit xt_addrtype nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack
ipt_REJECT nf_reject_ipv4 ip6table_filter ip6_tables nf_nat_ftp nf_nat
nf_conntrack_ftp nf_conntrack iptable_filter ip_tables x_tables autofs4 drbg
ansi_cprng algif_skcipher af_alg hid_generic usbhid dm_crypt i915
crct10dif_pclmul crc32_pclmul i2c_algo_bit drm_kms_helper e1000e syscopyarea
aesni_intel aes_x86_64 ptp lrw uas gf128mul sysfillrect sysimgblt ahci
glue_helper fb_sys_fops ablk_helper sdhci_acpi libahci cryptd pps_core drm
usb_storage video i2c_hid sdhci hid fjes
CPU: 3 PID: 13236 Comm: apparmor_parser Tainted: G W
4.4.0-22-generic #39-Ubuntu
Hardware name: Gigabyte Technology Co., Ltd. H97-D3H/H97-D3H-CF, BIOS F3 MX
05/26/2014
task: ffff8800d5762940 ti: ffff880211cb0000 task.ti: ffff880211cb0000
RIP: 0010:[<ffffffff8138911f>] [<ffffffff8138911f>] profile_cmp+0x2f/0x180
RSP: 0018:ffff880211cb3cb0 EFLAGS: 00010086
RAX: 0000000000000000 RBX: ffff880213608400 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
RBP: ffff880211cb3cc0 R08: 000000000000000a R09: 0000000000000fff
R10: ffff880210a63350 R11: 0000000000000fff R12: 0000000000000000
R13: 0000000000000008 R14: 0000000000000000 R15: ffff880212531110
FS: 00007f5a3c68c740(0000) GS:ffff88021eb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000038 CR3: 0000000211db4000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000009 ffff880212531158 ffff880211cb3d08 ffffffff8138a2f3
00000001d4117b30 ffff880200000009 ffff880212531110 ffff880213608760
ffff880210a63308 ffff8802125310c0 ffff880210a63300 ffff880211cb3d98
Call Trace:
[<ffffffff8138a2f3>] aa_vec_unique+0x163/0x240
[<ffffffff8138e567>] __aa_labelset_update_subtree+0x687/0x820
[<ffffffff8138142b>] aa_replace_profiles+0x59b/0xb70
[<ffffffff811ec67e>] ? __kmalloc+0x22e/0x250
[<ffffffff8137614f>] policy_update+0x9f/0x1f0
[<ffffffff813762b3>] profile_replace+0x13/0x20
[<ffffffff8120c0a8>] __vfs_write+0x18/0x40
[<ffffffff8120ca39>] vfs_write+0xa9/0x1a0
[<ffffffff8120b9cf>] ? do_sys_open+0x1bf/0x2a0
[<ffffffff8120d6f5>] SyS_write+0x55/0xc0
[<ffffffff818252f2>] entry_SYSCALL_64_fastpath+0x16/0x71
Code: 00 55 48 85 ff 48 89 e5 41 54 53 49 89 f4 48 89 fb 0f 84 8b 00 00 00 4d
85 e4 0f 84 aa 00 00 00 48 83 7b 38 00 0f 84 c9 00 00 00 <49> 83 7c 24 38 00 0f
84 e8 00 00 00 48 83 7b 08 00 0f 84 07 01
RIP [<ffffffff8138911f>] profile_cmp+0x2f/0x180
RSP <ffff880211cb3cb0>
CR2: 0000000000000038
---[ end trace 4507a2efab029c8f ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1581990/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
