kernel BUG at /build/linux-lts-xenial-_hWfOZ/linux-lts-xenial-4.4.0/security/apparmor/include/context.h:69!

more information,
1. on ubuntu14.04.4, after this panic reproduced, all the 4.4.x kernel will get panic when cat /sys/module/apparmor/parameters/audit
2. on ubuntu14.04.5, it is fine with all 4.4.x kernels.

In testing I have not been able to reproduce.

But from the oops it looks either like potentially like memory corruption, or corruption of the cred. The oops reports
  invalid opcode: 0000 [#1] SMP

however the piece of code triggering this is used all the time, so the more likely scenario is that the cred does not have the correct security labeling which would trigger an oops. The oops would not normally be an invalid opcode, but its possible the handling within the oops is triggering the invalid opcode.

The line of code triggering this oops is
 BUG_ON(!ctx || !ctx->label);

which going with the bad cred hypothesis means the actual problem is else where. Tracing down the conditions that cause the bad cred may be difficult.

With this being reported as fine in 14.04.5 with all 4.4.x kernels, and without further input to help trace down the conditions that cause this, I am inclined to close this bug as fixed.

Sorry, I forget to tell that I have disable apparmor through kernel boot parameter:

GRUB_CMDLINE_LINUX="apparmor=0"

you can try with it.
I will try to get kdump for further checking.

correct that ubuntu14.04.5 can also reproduce too.

At first glance, it seems the problem seems to be introduce with commit[1].

I notice the problem while running the sosreport kernel plugin[2] on a system with apparmor disable (apparmor=0).

[1] - commit
commit a3c6147c6f4132e943db2cff4e1a85887277fc2a
Author: John Johansen <email address hidden>
Date: Fri Mar 18 06:09:27 2016 -0700

    UBUNTU: SAUCE: (no-up) apparmor: sync of apparmor3.5-beta1 snapshot

[2] - sos/plugins/kernel.py
..
58 clocksource_path = "/sys/devices/system/clocksource/clocksource0/"
59 self.add_copy_spec([
60 "/proc/modules",
61 "/proc/sys/kernel/random/boot_id",
==> 62 "/sys/module/*/parameters",
63 "/sys/module/*/initstate",
64 "/sys/module/*/refcnt",
65 "/sys/module/*/taint",
66 "/sys/firmware/acpi/*",
..

- Eric

I was also able to reproduce using the above reproducer[1]

[1] - cat /sys/module/apparmor/parameters/audit

I think the problem here is that files in apparmor shouldn't be writable while apparmor is disable.
(-rw-------)

If I do :

# chmod 400 /sys/module/apparmor/parameters/audit (-r--------)

then

# cat /sys/module/apparmor/parameters/audit doesn't crash and displays : "Invalid argument", just like upstream kernel does.

- Eric

A patch[1] has been submitted to Kernel team ML, it is now waiting for kernel folks ACK and will then fall under the next kernel cycle.

[1] - Email subject :
[PATCH][Xenial][Zesty] UBUNTU: SAUCE: fix oops when disabled and module parameters, are accessed

For Zesty the change was already applied as "UBUNTU: SAUCE: apparmor: fix parameters so that the permission test is bypas
sed at boot" (see bug #1678048) in 4.10.0-17.19 (pre release).

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

I have tested with 4.4.0-97 and I can't reproduce the above behavior now.

# uname -r
4.4.0-97-generic

# cat /sys/module/apparmor/parameters/audit
cat: /sys/module/apparmor/parameters/audit: Invalid argument

- Eric

This bug was fixed in the package linux - 4.4.0-97.120

---------------
linux (4.4.0-97.120) xenial; urgency=low

  * linux: 4.4.0-97.120 -proposed tracker (LP: #1718149)

  * blk-mq: possible deadlock on CPU hot(un)plug (LP: #1670634)
    - [Config] s390x -- disable CONFIG_{DM, SCSI}_MQ_DEFAULT

  * Xenial update to 4.4.87 stable release (LP: #1715678)
    - irqchip: mips-gic: SYNC after enabling GIC region
    - i2c: ismt: Don't duplicate the receive length for block reads
    - i2c: ismt: Return EMSGSIZE for block reads with bogus length
    - ceph: fix readpage from fscache
    - cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
    - cpuset: Fix incorrect memory_pressure control file mapping
    - alpha: uapi: Add support for __SANE_USERSPACE_TYPES__
    - CIFS: remove endian related sparse warning
    - wl1251: add a missing spin_lock_init()
    - xfrm: policy: check policy direction value
    - drm/ttm: Fix accounting error when fail to get pages for pool
    - kvm: arm/arm64: Fix race in resetting stage2 PGD
    - kvm: arm/arm64: Force reading uncached stage2 PGD
    - epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove()
    - crypto: algif_skcipher - only call put_page on referenced and used pages
    - Linux 4.4.87

  * Xenial update to 4.4.86 stable release (LP: #1715430)
    - scsi: isci: avoid array subscript warning
    - ALSA: au88x0: Fix zero clear of stream->resources
    - btrfs: remove duplicate const specifier
    - i2c: jz4780: drop superfluous init
    - gcov: add support for gcc version >= 6
    - gcov: support GCC 7.1
    - lightnvm: initialize ppa_addr in dev_to_generic_addr()
    - p54: memset(0) whole array
    - lpfc: Fix Device discovery failures during switch reboot test.
    - arm64: mm: abort uaccess retries upon fatal signal
    - x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
    - arm64: fpsimd: Prevent registers leaking across exec
    - scsi: sg: protect accesses to 'reserved' page array
    - scsi: sg: reset 'res_in_use' after unlinking reserved array
    - drm/i915: fix compiler warning in drivers/gpu/drm/i915/intel_uncore.c
    - Linux 4.4.86

  * Xenial update to 4.4.85 stable release (LP: #1714298)
    - af_key: do not use GFP_KERNEL in atomic contexts
    - dccp: purge write queue in dccp_destroy_sock()
    - dccp: defer ccid_hc_tx_delete() at dismantle time
    - ipv4: fix NULL dereference in free_fib_info_rcu()
    - net_sched/sfq: update hierarchical backlog when drop packet
    - ipv4: better IP_MAX_MTU enforcement
    - sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
    - tipc: fix use-after-free
    - ipv6: reset fn->rr_ptr when replacing route
    - ipv6: repair fib6 tree in failure case
    - tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
    - irda: do not leak initialized list.dev to userspace
    - net: sched: fix NULL pointer dereference when action calls some targets
    - net_sched: fix order of queue length updates in qdisc_replace()
    - mei: me: add broxton pci device ids
    - mei: me: add lewisburg device ids
    - Input: trackpoint - add new trackpoint firmware ID
    - Input: elan_i2c...