Ubuntu
linux package

apparmor kernel BUG kills firefox

Bug #1430546 reported by James Troup on 2015-03-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	Medium	John Johansen

Bug Description

I got this kernel BUG last night and its happened a couple of times
now since I upgraded to Utopic. When it happens one of my firefoxs
will becomes non-functional and I have to reboot to get it unstuck.

I'm using encrypted home dir (ecryptfs) and the packaged firefox
profile in enforce mode with a small
/etc/apparmor.d/local/usr.bin.firefox.

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: linux-image-3.16.0-31-generic 3.16.0-31.41
ProcVersionSignature: Ubuntu 3.16.0-31.41-generic 3.16.7-ckt5
Uname: Linux 3.16.0-31-generic x86_64
ApportVersion: 2.14.7-0ubuntu8.2
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: james 3599 F...m pulseaudio
/dev/snd/controlC0: james 3599 F.... pulseaudio
CurrentDesktop: Unity
Date: Tue Mar 10 21:38:33 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2011-10-20 (1237 days ago)
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MachineType: TOSHIBA TECRA R840
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.16.0-31-generic root=UUID=b59c3fb7-c197-4238-8dd3-f71d81bbb315 ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-3.16.0-31-generic N/A
linux-backports-modules-3.16.0-31-generic N/A
linux-firmware 1.138.1
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
SourcePackage: linux
UpgradeStatus: Upgraded to utopic on 2015-01-05 (64 days ago)
dmi.bios.date: 07/12/2011
dmi.bios.vendor: TOSHIBA
dmi.bios.version: Version 2.90
dmi.board.asset.tag: 0000000000
dmi.board.name: Portable PC
dmi.board.vendor: TOSHIBA
dmi.board.version: Version A0
dmi.chassis.asset.tag: 0000000000
dmi.chassis.type: 10
dmi.chassis.vendor: TOSHIBA
dmi.chassis.version: Version 1.0
dmi.modalias: dmi:bvnTOSHIBA:bvrVersion2.90:bd07/12/2011:svnTOSHIBA:pnTECRAR840:pvrPT42GE-00N006EN:rvnTOSHIBA:rnPortablePC:rvrVersionA0:cvnTOSHIBA:ct10:cvrVersion1.0:
dmi.product.name: TECRA R840
dmi.product.version: PT42GE-00N006EN
dmi.sys.vendor: TOSHIBA

Tags:

Related branches

lp:ubuntu/trusty-proposed/linux-lts-xenial

Revision history for this message

James Troup (elmo) wrote on 2015-03-10:

apparmor kernel BUG Edit (5.9 KiB, text/plain)
AlsaInfo.txt Edit (32.6 KiB, text/plain; charset="utf-8")
BootDmesg.txt Edit (62.8 KiB, text/plain; charset="utf-8")
CRDA.txt Edit (203 bytes, text/plain; charset="utf-8")
CurrentDmesg.txt Edit (86.4 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (3.6 KiB, text/plain; charset="utf-8")
IwConfig.txt Edit (357 bytes, text/plain; charset="utf-8")
Lspci.txt Edit (12.4 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (718 bytes, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (3.6 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (333 bytes, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (2.5 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (6.5 KiB, text/plain; charset="utf-8")
PulseList.txt Edit (24.7 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (139.6 KiB, text/plain; charset="utf-8")
UdevLog.txt Edit (327.1 KiB, text/plain; charset="utf-8")
WifiSyslog.txt Edit (439.5 KiB, text/plain; charset="utf-8")

Revision history for this message

James Troup (elmo) wrote on 2015-03-10:

My /etc/apparmor.d/local/usr.bin.firefox Edit (362 bytes, text/plain)

Revision history for this message

Brad Figg (brad-figg) wrote on 2015-03-10: Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status:	New → Confirmed

penalvch (penalvch) on 2015-03-10

tags:	added: bios-outdated-4.10
tags:	added: regression-release

penalvch (penalvch) on 2015-03-11

Changed in linux (Ubuntu):
importance:	Undecided → Medium
status:	Confirmed → Incomplete

Seth Arnold (seth-arnold) on 2015-03-11

Changed in linux (Ubuntu):
status:	Incomplete → Confirmed

Joseph Salisbury (jsalisbury) on 2015-03-11

tags:

added: kernel-da-key

Revision history for this message

John Johansen (jjohansen) wrote on 2015-03-13:

Christopher,

Testing upstream kernels will not help with this issue as Ubuntu carries a newer version of apparmor than is currently upstream. From the back trace it is clear to me that the bug is in the newer code that ubuntu is carrying. I am working on a patch and have a test kernel building.

penalvch (penalvch) on 2015-03-13

Changed in linux (Ubuntu):
status:	Confirmed → Triaged

Revision history for this message

John Johansen (jjohansen) wrote on 2015-03-17:

Can you please install the following test kernel and report whether it fixes the issue

http://people.canonical.com/~jj/lp1430546/

Revision history for this message

John Johansen (jjohansen) wrote on 2015-04-10:

After looking at this some bug some more the above fix, addresses a different issue.

There is something else going on here, either there is a hardware problem, or something at some point is scribbling on kernel memory resulting in an invalid op code.

James,
If you hit any more oops please attach them so we can compare and try and figure out what is going on

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2015-04-14:

vivid-oops.txt Edit (4.8 KiB, text/plain)

I've hit this bug in Vivid while attempting to join a Google Hangout. Just before attempting to join the Hangout, I reloaded the Firefox profile in complain mode while Firefox was already running.

Changed in linux (Ubuntu):
assignee:	nobody → John Johansen (jjohansen)

Revision history for this message

John Johansen (jjohansen) wrote on 2015-04-16:

#10

So this is failing because the task->cred does not equal the task->real_cred during the update of the cred on the task

Revision history for this message

John Johansen (jjohansen) wrote on 2015-04-17:

#11

There is a new test kernel for this issue at

http://people.canonical.com/~jj/lp1430546/

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2015-04-23:

#12

The test kernel linked in comment #11 has been solid for me. I've not hit this oops while running it. I accidentally rebooted into the latest Vivid kernel and the kernel oopsed upon joining a Google Hangout.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-03-02:

#13

Download full text (7.6 KiB)

This bug was fixed in the package linux - 4.4.0-9.24

---------------
linux (4.4.0-9.24) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
- LP: #1551319

* AppArmor logs denial for when the device path is ENOENT (LP: #1482943)
- SAUCE: apparmor: fix log of apparmor audit message when kern_path() fails

  * BUG: unable to handle kernel NULL pointer dereference (aa_label_merge) (LP:
    #1448912)
    - SAUCE: apparmor: Fix: insert race between label_update and label_merge
    - SAUCE: apparmor: Fix: ensure aa_get_newest will trip debugging if the
      replacedby is not setup
    - SAUCE: apparmor: Fix: label merge handling of marking unconfined and stale
    - SAUCE: apparmor: Fix: refcount race between locating in labelset and get
    - SAUCE: apparmor: Fix: ensure new labels resulting from merge have a
      replacedby
    - SAUCE: apparmor: Fix: label_vec_merge insertion
    - SAUCE: apparmor: Fix: deadlock in aa_put_label() call chain
    - SAUCE: apparmor: Fix: add required locking of __aa_update_replacedby on
      merge path
    - SAUCE: apparmor: Fix: convert replacedby update to be protected by the
      labelset lock
    - SAUCE: apparmor: Fix: update replacedby allocation to take a gfp parameter

  * apparmor kernel BUG kills firefox (LP: #1430546)
    - SAUCE: apparmor: Disallow update of cred when then subjective != the
      objective cred
    - SAUCE: apparmor: rework retrieval of the current label in the profile update
      case

* sleep from invalid context in aa_move_mount (LP: #1539349)
- SAUCE: apparmor: fix sleep from invalid context

* s390x: correct restore of high gprs on signal return (LP: #1550468)
- s390/compat: correct restore of high gprs on signal return

* missing SMAP support (LP: #1550517)
- x86/entry/compat: Add missing CLAC to entry_INT80_32

  * Floating-point exception handler receives empty Data-Exception Code in
    Floating Point Control register (LP: #1548414)
    - s390/fpu: signals vs. floating point control register

* kvm fails to boot GNU Hurd kernels with 4.4 Xenial kernel (LP: #1550596)
- KVM: x86: fix conversion of addresses to linear in 32-bit protected mode

  * Surelock GA2 SP1: capiredp01: cxl_init_adapter fails for CAPI devices
    0000:01:00.0 and 0005:01:00.0 after upgrading to 840.10 Platform firmware
    build fips840/b1208b_1604.840 (LP: #1532914)
    - cxl: Fix PSL timebase synchronization detection

* [Feature]EDAC support for Knights Landing (LP: #1519631)
- EDAC, sb_edac: Set fixed DIMM width on Xeon Knights Landing

  * Various failures of kernel_security suite on Xenial kernel on s390x arch
    (LP: #1531327)
    - [config] s390x -- CONFIG_DEFAULT_MMAP_MIN_ADDR=65536

* Unable to install VirtualBox Guest Service in 15.04 (LP: #1434579)
- [Config] Provides: virtualbox-guest-modules when appropriate

  * linux is missing provides for virtualbox-guest-modules [i386 amd64 x32] (LP:
    #1507588)
    - [Config] Provides: virtualbox-guest-modules when appropriate

  * Backport more recent driver for SKL, KBL and BXT graphics (LP: #1540390)
    - SAUCE: i915_bpo: Provide a backport driver for SKL, KBL & BXT graphics
    - SA...

This bug was fixed in the package linux - 4.4.0-9.24

---------------
linux (4.4.0-9.24) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
    - LP: #1551319

* AppArmor logs denial for when the device path is ENOENT (LP: #1482943)
    - SAUCE: apparmor: fix log of apparmor audit message when kern_path() fails

* sleep from invalid context in aa_move_mount (LP: #1539349)
    - SAUCE: apparmor: fix sleep from invalid context

* s390x: correct restore of high gprs on signal return (LP: #1550468)
    - s390/compat: correct restore of high gprs on signal return

* missing SMAP support (LP: #1550517)
    - x86/entry/compat: Add missing CLAC to entry_INT80_32

* Floating-point exception handler receives empty Data-Exception Code in
    Floating Point Control register (LP: #1548414)
    - s390/fpu: signals vs. floating point control register

* kvm fails to boot GNU Hurd kernels with 4.4 Xenial kernel (LP: #1550596)
    - KVM: x86: fix conversion of addresses to linear in 32-bit protected mode

* [Feature]EDAC support for Knights Landing (LP: #1519631)
    - EDAC, sb_edac: Set fixed DIMM width on Xeon Knights Landing

* Various failures of kernel_security suite on Xenial kernel on s390x arch
    (LP: #1531327)
    - [config] s390x -- CONFIG_DEFAULT_MMAP_MIN_ADDR=65536

* Unable to install VirtualBox Guest Service in 15.04 (LP: #1434579)
    - [Config] Provides: virtualbox-guest-modules when appropriate

* linux is missing provides for virtualbox-guest-modules [i386 amd64 x32] (LP:
    #1507588)
    - [Config] Provides: virtualbox-guest-modules when appropriate

* Backport more recent driver for SKL, KBL and BXT graphics (LP: #1540390)
    - SAUCE: i915_bpo: Provide a backport driver for SKL, KBL & BXT graphics
    - SAUCE: i915_bpo: Update intel_ips.h file location
    - SAUCE: i915_bpo: Rename the backport driver to i915_bpo
    - SAUCE: i915_bpo: Add i915_bpo_*() calls for ubuntu/i915
    - drm/i915: remove an extra level of indirection in PCI ID list
    - drm/i915/kbl: Add Kabylake PCI ID
    - drm/i915/kbl: Add Kabylake GT4 PCI ID
    - mm: Export nr_swap_pages
    - async: export current_is_async()
    - drm: fix potential dangling else problems in for_each_ macros
    - dp/mst: add SDP stream support
    - drm: Implement drm_modeset_lock_all_ctx()
    - drm: Add "prefix" parameter to drm_rect_debug_print()
    - drm/i915: Set connector_state->connector using the helper.
    - drm/atomic: add connector mask to drm_crtc_state.
    - drm/i915: Report context GTT size
    - drm/i915: Add get_eld audio component
    - SAUCE: Backport I915_PARAM_HAS_EXEC_SOFTPIN and EXEC_OBJECT_PINNED
    - SAUCE: i915_bpo: Revert passing plane/encoder name
    - SAUCE: sound/hda: Load i915_bpo from the hda driver on SKL/KBL/BXT
    - SAUCE: i915_bpo: Support only SKL, KBL and BXT with the backport driver
    - drm/i915/bxt: update list of PCIIDs
    - drm/i915/skl: Add missing SKL ids
    - SAUCE: i915_bpo: Revert "drm/i915: Defer probe if gmux is present but its
      driver isn't"
    - SAUCE: uapi/drm/i915: Backport I915_EXEC_BSD_MASK
    - drm/atomic: Do not unset crtc when an encoder is stolen
    - drm/i915: Update connector_mask during readout, v2.
    - drm/atomic: Add encoder_mask to crtc_state, v3.
    - SAUCE: drm/core: Add drm_encoder_index.
    - SAUCE: i915_bpo: Revert "drm/i915: Switch DDC when reading the EDID"
    - i915_bpo: [Config] Enable CONFIG_DRM_I915_BPO=m

* arm64: guest hangs when ntpd is running (LP: #1549494)
    - hrtimer: Add support for CLOCK_MONOTONIC_RAW
    - hrtimer: Catch illegal clockids
    - KVM: arm/arm64: timer: Switch to CLOCK_MONOTONIC_RAW

* Miscellaneous Ubuntu changes
    - [Debian] git-ubuntu-log -- wrap long bug and commit titles
    - [Config] CONFIG_ARM_SMMU=y on arm64
    - rebase to v4.4.3
    - [Debian] git-ubuntu-log -- ensure we get the last commit
    - [Config] fix up spelling of probably again
    - [Debian] perf -- build in the context of the full generated local headers
    - SAUCE: tools: lib/bpf -- add generated headers to search path
    - SAUCE: proc: Always set super block owner to init_user_ns
    - SAUCE: fix-up: kern_mount fail path should not be doing put_buffers()
    - SAUCE: apparmor: Fix: oops do to invalid null ptr deref in label print fns
    - SAUCE: apparmor: debug: POISON label and replaceby pointer on free
    - SAUCE: apparmor: add underscores to indicate aa_label_next_not_in_set() use
      needs locking
    - SAUCE: apparmor: Fix: refcount leak in aa_label_merge
    - SAUCE: apparmor: ensure that repacedby sharing is done correctly
    - SAUCE: apparmor Fix: refcount bug in pivotroot mediation
    - SAUCE: apparmor: Fix: now that insert can force replacement use it instead
      of remove_and_insert
    - SAUCE: apparmor: Fix: refcount bug when inserting label update that
      transitions ns
    - SAUCE: apparmor: Fix: break circular refcount for label that is directly
      freed.
    - SAUCE: apparmor: Don't remove label on rcu callback if the label has already
      been removed
    - SAUCE: apparmor: Fix: query label file permission
    - SAUCE: apparmor: fix: ref count leak when profile sha1 hash is read
    - SAUCE: fixup: cleanup return handling of labels
    - SAUCE: fix: replacedby forwarding is not being properly update when ns is
      destroyed
    - SAUCE: fixup: make __share_replacedby private to get rid of build warning
    - SAUCE: fixup: 20/23 locking issue around in __label_update
    - SAUCE: fixup: get rid of unused var build warning
    - SAUCE: fixup: cast poison values to remove warnings
    - SAUCE: apparmor: fix refcount race when finding a child profile
    - SAUCE: fixup: warning about aa_label_vec_find_or_create not being static
    - SAUCE: fix: audit "no_new_privs" case for exec failure
    - SAUCE: Fixup: __label_update() still doesn't handle some cases correctly.
    - SAUCE: Move replacedby allocation into label_alloc
    - [Debian] supply zfs dkms Provides: based on do_zfs
    - [Config] supply zfs dkms Provides: based on do_zfs
    - [Config] drop linux-image-3.0 provides

* Miscellaneous upstream changes
    - x86/mpx: Fix off-by-one comparison with nr_registers

[ Upstream Kernel Changes ]

* rebase to v4.4.3

-- Tim Gardner <tim.gardner@canonical.com>  Thu, 25 Feb 2016 19:47:55 -0700

Changed in linux (Ubuntu):
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

apparmor kernel BUG kills firefox

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package