Public bug reported:
Ubuntu 16.04 LTS
Linux zeus 4.4.0-22-generic #39-Ubuntu SMP Thu May 5 16:53:32 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Apparmor packages 2.10.95-0ubuntu2.
When I do a "apparmor_parser -r /etc/apparmor.d/usr.lib.dovecot.anvil"
followed by a "apparmor_parser -r /etc/apparmor.d/usr.lib.dovecot.auth"
it hangs and the kernel complains:
audit: type=1400 audit(1463327049.301:13641): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="/usr/lib/dovecot/anvil"
pid=13236 comm="apparmor_parser"
------------[ cut here ]------------
WARNING: CPU: 3 PID: 13236 at
/build/linux-UbQGH5/linux-4.4.0/security/apparmor/label.c:142
profile_cmp+0xed/0x180()
AppArmor WARN profile_cmp: ((!b)):
Modules linked in:
ebtable_filter ebtables bridge stp llc rc_technisat_ts35 tda10023 tda10021
intel_rapl x86_pkg_temp_thermal intel_powerclamp mantis coretemp mantis_core
dvb_core serio_raw snd_hda_codec_hdmi snd_hda_codec_realtek
snd_hda_codec_generic rc_core input_leds mei_me lpc_ich snd_hda_intel shpchp
snd_hda_codec mei snd_soc_rt5640 snd_soc_ssm4567 snd_soc_rl6231 snd_soc_core
snd_hda_core snd_hwdep snd_compress snd_seq_midi ac97_bus snd_seq_midi_event
snd_pcm_dmaengine 8250_fintek snd_rawmidi snd_pcm snd_seq elan_i2c
snd_seq_device dw_dmac dw_dmac_core snd_timer snd_soc_sst_acpi snd 8250_dw
i2c_designware_platform tpm_infineon soundcore spi_pxa2xx_platform
i2c_designware_core acpi_pad mac_hid kvm_intel kvm irqbypass nf_log_ipv6 xt_hl
ip6t_rt nf_conntrack_ipv6 nf_defrag_ipv6 ip6t_REJECT nf_reject_ipv6
xt_comment nf_log_ipv4 nf_log_common xt_LOG xt_multiport xt_tcpudp xt_limit
xt_addrtype nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack ipt_REJECT
nf_reject_ipv4 ip6table_filter ip6_tables nf_nat_ftp nf_nat nf_conntrack_ftp
nf_conntrack iptable_filter ip_tables x_tables autofs4 drbg ansi_cprng
algif_skcipher af_alg hid_generic usbhid dm_crypt i915 crct10dif_pclmul
crc32_pclmul i2c_algo_bit drm_kms_helper e1000e syscopyarea aesni_intel
aes_x86_64 ptp lrw uas gf128mul sysfillrect sysimgblt ahci glue_helper
fb_sys_fops ablk_helper sdhci_acpi libahci cryptd pps_core drm usb_storage
video i2c_hid sdhci hid fjes
CPU: 3 PID: 13236 Comm: apparmor_parser Not tainted 4.4.0-22-generic #39-Ubuntu
Hardware name: Gigabyte Technology Co., Ltd. H97-D3H/H97-D3H-CF, BIOS F3 MX
05/26/2014
0000000000000086 000000000171a3d1 ffff880211cb3c00 ffffffff813e9c53
ffff880211cb3c48 ffffffff81cec6e0 ffff880211cb3c38 ffffffff81080fb2
ffff880213608400 0000000000000000 0000000000000008 0000000000000000
Call Trace:
[<ffffffff813e9c53>] dump_stack+0x63/0x90
[<ffffffff81080fb2>] warn_slowpath_common+0x82/0xc0
[<ffffffff8108104c>] warn_slowpath_fmt+0x5c/0x80
[<ffffffff813f86e0>] ? u32_swap+0x10/0x10
[<ffffffff813891dd>] profile_cmp+0xed/0x180
[<ffffffff8138a2f3>] aa_vec_unique+0x163/0x240
[<ffffffff8138e567>] __aa_labelset_update_subtree+0x687/0x820
[<ffffffff8138142b>] aa_replace_profiles+0x59b/0xb70
[<ffffffff811ec67e>] ? __kmalloc+0x22e/0x250
[<ffffffff8137614f>] policy_update+0x9f/0x1f0
[<ffffffff813762b3>] profile_replace+0x13/0x20
[<ffffffff8120c0a8>] __vfs_write+0x18/0x40
[<ffffffff8120ca39>] vfs_write+0xa9/0x1a0
[<ffffffff8120b9cf>] ? do_sys_open+0x1bf/0x2a0
[<ffffffff8120d6f5>] SyS_write+0x55/0xc0
[<ffffffff818252f2>] entry_SYSCALL_64_fastpath+0x16/0x71
---[ end trace 4507a2efab029c8e ]---
BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
IP: [<ffffffff8138911f>] profile_cmp+0x2f/0x180
PGD 20dd58067 PUD 21236c067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: ebtable_filter ebtables bridge stp llc rc_technisat_ts35
tda10023 tda10021 intel_rapl x86_pkg_temp_thermal intel_powerclamp mantis
coretemp mantis_core dvb_core serio_raw snd_hda_codec_hdmi
snd_hda_codec_realtek snd_hda_codec_generic rc_core input_leds mei_me lpc_ich
snd_hda_intel shpchp snd_hda_codec mei snd_soc_rt5640 snd_soc_ssm4567
snd_soc_rl6231 snd_soc_core snd_hda_core snd_hwdep snd_compress snd_seq_midi
ac97_bus snd_seq_midi_event snd_pcm_dmaengine 8250_fintek snd_rawmidi snd_pcm
snd_seq elan_i2c snd_seq_device dw_dmac dw_dmac_core snd_timer snd_soc_sst_acpi
snd 8250_dw i2c_designware_platform tpm_infineon soundcore spi_pxa2xx_platform
i2c_designware_core acpi_pad mac_hid kvm_intel kvm irqbypass nf_log_ipv6 xt_hl
ip6t_rt nf_conntrack_ipv6 nf_defrag_ipv6 ip6t_REJECT
nf_reject_ipv6 xt_comment nf_log_ipv4 nf_log_common xt_LOG xt_multiport
xt_tcpudp xt_limit xt_addrtype nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack
ipt_REJECT nf_reject_ipv4 ip6table_filter ip6_tables nf_nat_ftp nf_nat
nf_conntrack_ftp nf_conntrack iptable_filter ip_tables x_tables autofs4 drbg
ansi_cprng algif_skcipher af_alg hid_generic usbhid dm_crypt i915
crct10dif_pclmul crc32_pclmul i2c_algo_bit drm_kms_helper e1000e syscopyarea
aesni_intel aes_x86_64 ptp lrw uas gf128mul sysfillrect sysimgblt ahci
glue_helper fb_sys_fops ablk_helper sdhci_acpi libahci cryptd pps_core drm
usb_storage video i2c_hid sdhci hid fjes
CPU: 3 PID: 13236 Comm: apparmor_parser Tainted: G W
4.4.0-22-generic #39-Ubuntu
Hardware name: Gigabyte Technology Co., Ltd. H97-D3H/H97-D3H-CF, BIOS F3 MX
05/26/2014
task: ffff8800d5762940 ti: ffff880211cb0000 task.ti: ffff880211cb0000
RIP: 0010:[<ffffffff8138911f>] [<ffffffff8138911f>] profile_cmp+0x2f/0x180
RSP: 0018:ffff880211cb3cb0 EFLAGS: 00010086
RAX: 0000000000000000 RBX: ffff880213608400 RCX: 0000000000000006
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
RBP: ffff880211cb3cc0 R08: 000000000000000a R09: 0000000000000fff
R10: ffff880210a63350 R11: 0000000000000fff R12: 0000000000000000
R13: 0000000000000008 R14: 0000000000000000 R15: ffff880212531110
FS: 00007f5a3c68c740(0000) GS:ffff88021eb80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000038 CR3: 0000000211db4000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000009 ffff880212531158 ffff880211cb3d08 ffffffff8138a2f3
00000001d4117b30 ffff880200000009 ffff880212531110 ffff880213608760
ffff880210a63308 ffff8802125310c0 ffff880210a63300 ffff880211cb3d98
Call Trace:
[<ffffffff8138a2f3>] aa_vec_unique+0x163/0x240
[<ffffffff8138e567>] __aa_labelset_update_subtree+0x687/0x820
[<ffffffff8138142b>] aa_replace_profiles+0x59b/0xb70
[<ffffffff811ec67e>] ? __kmalloc+0x22e/0x250
[<ffffffff8137614f>] policy_update+0x9f/0x1f0
[<ffffffff813762b3>] profile_replace+0x13/0x20
[<ffffffff8120c0a8>] __vfs_write+0x18/0x40
[<ffffffff8120ca39>] vfs_write+0xa9/0x1a0
[<ffffffff8120b9cf>] ? do_sys_open+0x1bf/0x2a0
[<ffffffff8120d6f5>] SyS_write+0x55/0xc0
[<ffffffff818252f2>] entry_SYSCALL_64_fastpath+0x16/0x71
Code: 00 55 48 85 ff 48 89 e5 41 54 53 49 89 f4 48 89 fb 0f 84 8b 00 00 00 4d
85 e4 0f 84 aa 00 00 00 48 83 7b 38 00 0f 84 c9 00 00 00 <49> 83 7c 24 38 00 0f
84 e8 00 00 00 48 83 7b 08 00 0f 84 07 01
RIP [<ffffffff8138911f>] profile_cmp+0x2f/0x180
RSP <ffff880211cb3cb0>
CR2: 0000000000000038
---[ end trace 4507a2efab029c8f ]---
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581990
Title:
Profile reload leads to kernel NULL pointer dereference
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1581990/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
