okay the first thing I want you to try is removing the use of dd from the auditing chain
open /etc/init.d/klogd in an editor (you need to be root), find the line that looks like this # shovel /proc/kmsg to pipe readable by klogd user start-stop-daemon --start --pidfile $kmsgpidfile --exec /bin/dd -b -m -- bs=1 if=/proc/kmsg of=$kmsgpipe and comment it out so it is now # shovel /proc/kmsg to pipe readable by klogd user # start-stop-daemon --start --pidfile $kmsgpidfile --exec /bin/dd -b -m -- bs=1 if=/proc/kmsg of=$kmsgpipe now find the line # start klogd as non-root with reading from kmsgpipe start-stop-daemon --start --quiet --chuid klog --exec $binpath -- $KLOGD and comment it out and replace it with the command shown below # start klogd as non-root with reading from kmsgpipe # start-stop-daemon --start --quiet --chuid klog --exec $binpath -- $KLOGD start-stop-daemon --start --quiet --exec $binpath -- /proc/kmsg save /etc/init.d/klogd then do > sudo /etc/init.d/klogd stop > sudo /etc/init.d/klogd start > ps aux | grep logd syslog 6645 0.0 0.1 1912 728 ? Ss 01:34 0:00 /sbin/syslogd -u syslog root 6698 0.0 0.2 2496 1400 ? Ss 01:35 0:00 /sbin/klogd /proc/kmsg jj 6959 0.0 0.1 2972 748 pts/0 R+ 01:48 0:00 grep logd what you are looking for here is that dd isn't list, like above. Now you should be able to try and recreate the corrupted messages again. If the corrupt messages still happen, we can try dumping /proc/kmsg directly to a file bypassing klogd and syslog entirely. edit /etc/init.d/klogd again, restore the klogd command by deleting the command and removing the commenting so it looks like # start klogd as non-root with reading from kmsgpipe start-stop-daemon --start --quiet --chuid klog --exec $binpath -- $KLOGD now copy the dd command line and edit it so it looks like (the only part that is changed is of= at the end) # shovel /proc/kmsg to pipe readable by klogd user # start-stop-daemon --start --pidfile $kmsgpidfile --exec /bin/dd -b -m -- bs=1 if=/proc/kmsg of=$kmsgpipe start-stop-daemon --start --pidfile $kmsgpidfile --exec /bin/dd -b -m -- bs=1 if=/proc/kmsg of=/tmp/kmsg-dump save and then do > sudo /etc/init.d/klogd stop > sudo /etc/init.d/klogd start you can then try recreating the corrupted messages again. genprof will work but it won't find any messages, to see if the messages are corrupt you can look at the /tmp/kmsg-dump file. If they are still corrupt the bug is in the kernel, and I will have to take a closer look at the audit / printk interface. -- Corrupted AppArmor audit log messages https://bugs.launchpad.net/bugs/160238 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs