[Bug 1615082] [NEW] kernel NULL pointer dereference on apparmor profile update

LGB [Gábor Lénárt] Fri, 19 Aug 2016 11:46:20 -0700

Public bug reported:

I've used aa-logprof to find more things out to be added to my custom
apache2 apparmor file. Since PHP created tons of files in /tmp in the
form of /tmp/php* I've decided to add this:


/tmp/php* rw,

I'm not sure if it caused the problem, but after this
/etc/init.d/apparmor reload froze and there was the following in the
output of dmesg command:


[13838.909880] audit: type=1400 audit(1471631019.426:1488): apparmor="STATUS" 
operation="profile_replace" profile="unconfined" name="/usr/sbin/apache2" 
pid=23590 comm="apparmor_parser"
[13838.920067] ------------[ cut here ]------------
[13838.920079] WARNING: CPU: 0 PID: 23590 at 
/build/linux-5vkMGy/linux-4.4.0/security/apparmor/label.c:142 
profile_cmp+0xed/0x180()
[13838.920083] AppArmor WARN profile_cmp: ((!b)): 
[13838.920085] Modules linked in:
[13838.920088]  binfmt_misc nf_conntrack_ftp nf_conntrack_irc ip6t_REJECT 
nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables 
ipt_REJECT nf_reject_ipv4 xt_NFLOG nfnetlink_log nfnetlink xt_tcpudp xt_pkttype 
nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter 
ip_tables x_tables gpio_ich ipmi_devintf coretemp ipmi_ssif kvm dcdbas 
irqbypass i5000_edac serio_raw edac_core lpc_ich joydev input_leds i5k_amb 
ipmi_si 8250_fintek ipmi_msghandler shpchp mac_hid ib_iser rdma_cm iw_cm ib_cm 
ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi 
scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 
multipath linear ses enclosure amdkfd amd_iommu_v2 radeon i2c_algo_bit ttm 
drm_kms_helper
[13838.920166]  syscopyarea sysfillrect sysimgblt hid_generic fb_sys_fops 
usbhid uas e1000e ptp hid usb_storage psmouse drm megaraid_sas bnx2 pps_core 
pata_acpi fjes
[13838.920188] CPU: 0 PID: 23590 Comm: apparmor_parser Not tainted 
4.4.0-34-generic #53-Ubuntu
[13838.920192] Hardware name: Dell Inc. PowerEdge 1950/0DT097, BIOS 2.7.0 
10/30/2010
[13838.920195]  0000000000000086 0000000088f44738 ffff880128bffc00 
ffffffff813f11b3
[13838.920199]  ffff880128bffc48 ffffffff81cf08e8 ffff880128bffc38 
ffffffff81081102
[13838.920204]  ffff8800c8d7d400 0000000000000000 000000000000000a 
0000000000000000
[13838.920208] Call Trace:
[13838.920218]  [<ffffffff813f11b3>] dump_stack+0x63/0x90
[13838.920224]  [<ffffffff81081102>] warn_slowpath_common+0x82/0xc0
[13838.920228]  [<ffffffff8108119c>] warn_slowpath_fmt+0x5c/0x80
[13838.920232]  [<ffffffff813ffc40>] ? u32_swap+0x10/0x10
[13838.920236]  [<ffffffff8139072d>] profile_cmp+0xed/0x180
[13838.920239]  [<ffffffff81391843>] aa_vec_unique+0x163/0x240
[13838.920244]  [<ffffffff81395ab7>] __aa_labelset_update_subtree+0x687/0x820
[13838.920249]  [<ffffffff811b332d>] ? kzfree+0x2d/0x40
[13838.920254]  [<ffffffff8138897b>] aa_replace_profiles+0x59b/0xb70
[13838.920259]  [<ffffffff811ecf4e>] ? __kmalloc+0x22e/0x250
[13838.920263]  [<ffffffff8137d69f>] policy_update+0x9f/0x1f0
[13838.920267]  [<ffffffff8137d803>] profile_replace+0x13/0x20
[13838.920272]  [<ffffffff8120c9d8>] __vfs_write+0x18/0x40
[13838.920275]  [<ffffffff8120d369>] vfs_write+0xa9/0x1a0
[13838.920279]  [<ffffffff8120c2ff>] ? do_sys_open+0x1bf/0x2a0
[13838.920282]  [<ffffffff8120e025>] SyS_write+0x55/0xc0
[13838.920288]  [<ffffffff8182def2>] entry_SYSCALL_64_fastpath+0x16/0x71
[13838.920291] ---[ end trace a19473a0fd8d9556 ]---
[13838.920305] BUG: unable to handle kernel NULL pointer dereference at 
0000000000000038
[13838.920475] IP: [<ffffffff8139066f>] profile_cmp+0x2f/0x180
[13838.920582] PGD 128a7d067 PUD 12a6be067 PMD 0 
[13838.920684] Oops: 0000 [#1] SMP 
[13838.920755] Modules linked in: binfmt_misc nf_conntrack_ftp nf_conntrack_irc 
ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter 
ip6_tables ipt_REJECT nf_reject_ipv4 xt_NFLOG nfnetlink_log nfnetlink xt_tcpudp 
xt_pkttype nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack 
iptable_filter ip_tables x_tables gpio_ich ipmi_devintf coretemp ipmi_ssif kvm 
dcdbas irqbypass i5000_edac serio_raw edac_core lpc_ich joydev input_leds 
i5k_amb ipmi_si 8250_fintek ipmi_msghandler shpchp mac_hid ib_iser rdma_cm 
iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi 
scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 
multipath linear ses enclosure amdkfd amd_iommu_v2 radeon i2c_algo_bit
[13838.922791]  ttm drm_kms_helper syscopyarea sysfillrect sysimgblt 
hid_generic fb_sys_fops usbhid uas e1000e ptp hid usb_storage psmouse drm 
megaraid_sas bnx2 pps_core pata_acpi fjes
[13838.923223] CPU: 0 PID: 23590 Comm: apparmor_parser Tainted: G        W      
 4.4.0-34-generic #53-Ubuntu
[13838.923369] Hardware name: Dell Inc. PowerEdge 1950/0DT097, BIOS 2.7.0 
10/30/2010
[13838.923485] task: ffff880035b86400 ti: ffff880128bfc000 task.ti: 
ffff880128bfc000
[13838.923599] RIP: 0010:[<ffffffff8139066f>]  [<ffffffff8139066f>] 
profile_cmp+0x2f/0x180
[13838.923734] RSP: 0018:ffff880128bffcb0  EFLAGS: 00010086
[13838.923816] RAX: 0000000000000000 RBX: ffff8800c8d7d400 RCX: 0000000000000006
[13838.923916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
[13838.924017] RBP: ffff880128bffcc0 R08: 000000000000000a R09: 0000000000000562
[13838.924025] R10: ffff8801289ba410 R11: 0000000000000562 R12: 0000000000000000
[13838.924025] R13: 000000000000000a R14: 0000000000000000 R15: ffff880034fdcf50
[13838.924025] FS:  00007f0e5cb28740(0000) GS:ffff88012fc00000(0000) 
knlGS:0000000000000000
[13838.924025] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[13838.924025] CR2: 0000000000000038 CR3: 0000000129458000 CR4: 00000000000006f0
[13838.924025] Stack:
[13838.924025]  000000000000000b ffff880034fdcfa8 ffff880128bffd08 
ffffffff81391843
[13838.924025]  0000000134db7fb0 ffff88010000000b ffff880034fdcf50 
ffff8800c8d7d760
[13838.924025]  ffff8801289ba3c8 ffff880034fdcf00 ffff8801289ba3c0 
ffff880128bffd98
[13838.924025] Call Trace:
[13838.924025]  [<ffffffff81391843>] aa_vec_unique+0x163/0x240
[13838.924025]  [<ffffffff81395ab7>] __aa_labelset_update_subtree+0x687/0x820
[13838.924025]  [<ffffffff811b332d>] ? kzfree+0x2d/0x40
[13838.924025]  [<ffffffff8138897b>] aa_replace_profiles+0x59b/0xb70
[13838.924025]  [<ffffffff811ecf4e>] ? __kmalloc+0x22e/0x250
[13838.924025]  [<ffffffff8137d69f>] policy_update+0x9f/0x1f0
[13838.924025]  [<ffffffff8137d803>] profile_replace+0x13/0x20
[13838.924025]  [<ffffffff8120c9d8>] __vfs_write+0x18/0x40
[13838.924025]  [<ffffffff8120d369>] vfs_write+0xa9/0x1a0
[13838.924025]  [<ffffffff8120c2ff>] ? do_sys_open+0x1bf/0x2a0
[13838.924025]  [<ffffffff8120e025>] SyS_write+0x55/0xc0
[13838.924025]  [<ffffffff8182def2>] entry_SYSCALL_64_fastpath+0x16/0x71
[13838.924025] Code: 90 55 48 85 ff 48 89 e5 41 54 53 49 89 f4 48 89 fb 0f 84 
8b 00 00 00 4d 85 e4 0f 84 aa 00 00 00 48 83 7b 38 00 0f 84 c9 00 00 00 <49> 83 
7c 24 38 00 0f 84 e8 00 00 00 48 83 7b 08 00 0f 84 07 01 
[13838.924025] RIP  [<ffffffff8139066f>] profile_cmp+0x2f/0x180
[13838.924025]  RSP <ffff880128bffcb0>
[13838.924025] CR2: 0000000000000038
[13838.924025] ---[ end trace a19473a0fd8d9557 ]---

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-34-generic 4.4.0-34.53
ProcVersionSignature: Ubuntu 4.4.0-34.53-generic 4.4.15
Uname: Linux 4.4.0-34-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116,  1 Aug 19 16:33 seq
 crw-rw---- 1 root audio 116, 33 Aug 19 16:33 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
Date: Fri Aug 19 20:32:38 2016
HibernationDevice: RESUME=UUID=5fd6de9a-b76c-49f1-b051-ebb1d40d4436
InstallationDate: Installed on 2016-08-17 (2 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64 
(20160719)
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: Dell Inc. PowerEdge 1950
PciMultimedia:
 
ProcFB: 0 radeondrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-34-generic 
root=UUID=165f1d9c-dc78-412c-86a3-b96a8a94a97a ro
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-34-generic N/A
 linux-backports-modules-4.4.0-34-generic  N/A
 linux-firmware                            1.157.3
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 10/30/2010
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 2.7.0
dmi.board.name: 0DT097
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: 
dmi:bvnDellInc.:bvr2.7.0:bd10/30/2010:svnDellInc.:pnPowerEdge1950:pvr:rvnDellInc.:rn0DT097:rvrA00:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge 1950
dmi.sys.vendor: Dell Inc.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615082

Title:
  kernel NULL pointer dereference on apparmor profile update

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1615082/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1615082] [NEW] kernel NULL pointer dereference on apparmor profile update

Reply via email to