Public bug reported:

When there is a race to receive a notification, the failing tasks               
oopes when erroring                                                             
                                                                                
[  196.140988] BUG: kernel NULL pointer dereference, address: 0000000000000000  
[  196.140995] #PF: supervisor read access in kernel mode                       
[  196.140996] #PF: error_code(0x0000) - not-present page                       
[  196.140997] PGD 0 P4D 0                                                      
[  196.140999] Oops: 0000 [#1] PREEMPT SMP NOPTI                                
[  196.141001] CPU: 0 PID: 2316 Comm: aa-prompt Not tainted 6.5.0-9-generic #9-\
Ubuntu                                                                          
[  196.141004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-\
1 04/01/2014                                                                    
[  196.141005] RIP: 0010:aa_listener_unotif_recv+0x11d/0x260                    
[  196.141011] Code: ff ff ff 8b 55 d0 48 8b 75 c8 4c 89 ef e8 6b db ff ff 49 8\
9 c2 48 85 c0 0f 88 c0 00 00 00 0f 84 25 ff ff ff 8b 05 3b 1c 1f 03 <49> 8b 55 \
00 83 e0 20 83 7a 08 07 74 66 85 c0 0f 85 01 01 00 00 48                        
[  196.141012] RSP: 0018:ffffa2674075fdd8 EFLAGS: 00010246                      
[  196.141014] RAX: 0000000000000000 RBX: ffff974507a08404 RCX: 000000000000000\
0                                                                               
[  196.141017] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000\
0                                                                               
[  196.141017] RBP: ffffa2674075fe10 R08: 0000000000000000 R09: 000000000000000\
0                                                                               
[  196.141018] R10: fffffffffffffffe R11: 0000000000000000 R12: ffff974507a0840\
0                                                                               
[  196.141019] R13: 0000000000000000 R14: ffff974507a08430 R15: ffff97451de00a0\
0                                                                               
[  196.141020] FS:  00007f4ab6b30740(0000) GS:ffff97486fa00000(0000) knlGS:0000\
000000000000                                                                    
[  196.141022] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033                
[  196.141024] CR2: 0000000000000000 CR3: 0000000104cf2003 CR4: 0000000000770ef\
0                                                                               
[  196.141026] PKRU: 55555554                                                   
[  196.141027] Call Trace:                                                      
[  196.141032]  <TASK>                                                          
[  196.141034]  ? show_regs+0x6d/0x80                                           
[  196.141041]  ? __die+0x24/0x80                                               
[  196.141043]  ? page_fault_oops+0x99/0x1b0                                    
[  196.141047]  ? do_user_addr_fault+0x316/0x6b0                                
[  196.141048]  ? filemap_map_pages+0x2b3/0x460                                 
[  196.141056]  ? exc_page_fault+0x83/0x1b0                                     
[  196.141068]  ? asm_exc_page_fault+0x27/0x30                                  
[  196.141079]  ? aa_listener_unotif_recv+0x11d/0x260                           
[  196.141081]  ? aa_listener_unotif_recv+0x184/0x260                           
[  196.141083]  listener_ioctl+0x1e1/0x260                                      
[  196.141088]  __x64_sys_ioctl+0xa0/0xf0                                       
[  196.141092]  do_syscall_64+0x59/0x90                                         
[  196.141094]  ? do_user_addr_fault+0x238/0x6b0                                
[  196.141095]  ? exit_to_user_mode_prepare+0x30/0xb0                           
[  196.141100]  ? irqentry_exit_to_user_mode+0x17/0x20                          
[  196.141104]  ? irqentry_exit+0x43/0x50                                       
[  196.141106]  ? exc_page_fault+0x94/0x1b0                                     
[  196.141107]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8                        
[  196.141109] RIP: 0033:0x7f4ab69238ef                                         
[  196.141124] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 0\
0 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d \
00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00                        
[  196.141125] RSP: 002b:00007ffd607a9020 EFLAGS: 00000246 ORIG_RAX: 0000000000\
000010                                                                          
[  196.141127] RAX: ffffffffffffffda RBX: 00007ffd607a9100 RCX: 00007f4ab69238e\
f                                                                               
[  196.141128] RDX: 00007ffd607a9100 RSI: 00000000c008f804 RDI: 000000000000000\
3                                                                               
[  196.141128] RBP: 0000000000000003 R08: 0000000000000001 R09: 00007f4ab6b3074\
0                                                                               
[  196.141129] R10: 00007f4ab6b7f0a0 R11: 0000000000000246 R12: 00007ffd607a90a\
0                                                                               
[  196.141130] R13: 00007ffd607a90dc R14: 0000559564822c10 R15: 000000000003100\
0                                                                               
[  196.141131]  </TASK>                                                         
[  196.141132] Modules linked in: snd_seq_dummy snd_hrtimer binfmt_misc nls_iso\
8859_1 intel_rapl_msr intel_rapl_common snd_hda_codec_generic ledtrig_audio snd\
_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_h\
wdep snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event kvm irqbypass crct10dif_\
pclmul polyval_clmulni polyval_generic ghash_clmulni_intel aesni_intel crypto_s\
imd cryptd rapl joydev snd_rawmidi snd_seq i2c_i801 i2c_smbus snd_seq_device sn\
d_timer qxl snd drm_ttm_helper lpc_ich soundcore ttm 9pnet_virtio 9pnet drm_kms\
_helper input_leds mac_hid serio_raw nfsd msr parport_pc auth_rpcgss ppdev nfs_\
acl lockd grace lp parport drm efi_pstore sunrpc dmi_sysfs qemu_fw_cfg ip_table\
s x_tables autofs4 hid_generic usbhid hid ahci crc32_pclmul psmouse xhci_pci li\
bahci virtio_rng xhci_pci_renesas                                               
[  196.141188] CR2: 0000000000000000                                            
[  196.141190] ---[ end trace 0000000000000000 ]---

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2040245

Title:
  apparmor oops when racing to retrieve a notification

Status in linux package in Ubuntu:
  New

Bug description:
  When there is a race to receive a notification, the failing tasks             
  
  oopes when erroring                                                           
  
                                                                                
  
  [  196.140988] BUG: kernel NULL pointer dereference, address: 
0000000000000000  
  [  196.140995] #PF: supervisor read access in kernel mode                     
  
  [  196.140996] #PF: error_code(0x0000) - not-present page                     
  
  [  196.140997] PGD 0 P4D 0                                                    
  
  [  196.140999] Oops: 0000 [#1] PREEMPT SMP NOPTI                              
  
  [  196.141001] CPU: 0 PID: 2316 Comm: aa-prompt Not tainted 6.5.0-9-generic 
#9-\
  Ubuntu                                                                        
  
  [  196.141004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 
1.15.0-\
  1 04/01/2014                                                                  
  
  [  196.141005] RIP: 0010:aa_listener_unotif_recv+0x11d/0x260                  
  
  [  196.141011] Code: ff ff ff 8b 55 d0 48 8b 75 c8 4c 89 ef e8 6b db ff ff 49 
8\
  9 c2 48 85 c0 0f 88 c0 00 00 00 0f 84 25 ff ff ff 8b 05 3b 1c 1f 03 <49> 8b 
55 \
  00 83 e0 20 83 7a 08 07 74 66 85 c0 0f 85 01 01 00 00 48                      
  
  [  196.141012] RSP: 0018:ffffa2674075fdd8 EFLAGS: 00010246                    
  
  [  196.141014] RAX: 0000000000000000 RBX: ffff974507a08404 RCX: 
000000000000000\
  0                                                                             
  
  [  196.141017] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 
000000000000000\
  0                                                                             
  
  [  196.141017] RBP: ffffa2674075fe10 R08: 0000000000000000 R09: 
000000000000000\
  0                                                                             
  
  [  196.141018] R10: fffffffffffffffe R11: 0000000000000000 R12: 
ffff974507a0840\
  0                                                                             
  
  [  196.141019] R13: 0000000000000000 R14: ffff974507a08430 R15: 
ffff97451de00a0\
  0                                                                             
  
  [  196.141020] FS:  00007f4ab6b30740(0000) GS:ffff97486fa00000(0000) 
knlGS:0000\
  000000000000                                                                  
  
  [  196.141022] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033              
  
  [  196.141024] CR2: 0000000000000000 CR3: 0000000104cf2003 CR4: 
0000000000770ef\
  0                                                                             
  
  [  196.141026] PKRU: 55555554                                                 
  
  [  196.141027] Call Trace:                                                    
  
  [  196.141032]  <TASK>                                                        
  
  [  196.141034]  ? show_regs+0x6d/0x80                                         
  
  [  196.141041]  ? __die+0x24/0x80                                             
  
  [  196.141043]  ? page_fault_oops+0x99/0x1b0                                  
  
  [  196.141047]  ? do_user_addr_fault+0x316/0x6b0                              
  
  [  196.141048]  ? filemap_map_pages+0x2b3/0x460                               
  
  [  196.141056]  ? exc_page_fault+0x83/0x1b0                                   
  
  [  196.141068]  ? asm_exc_page_fault+0x27/0x30                                
  
  [  196.141079]  ? aa_listener_unotif_recv+0x11d/0x260                         
  
  [  196.141081]  ? aa_listener_unotif_recv+0x184/0x260                         
  
  [  196.141083]  listener_ioctl+0x1e1/0x260                                    
  
  [  196.141088]  __x64_sys_ioctl+0xa0/0xf0                                     
  
  [  196.141092]  do_syscall_64+0x59/0x90                                       
  
  [  196.141094]  ? do_user_addr_fault+0x238/0x6b0                              
  
  [  196.141095]  ? exit_to_user_mode_prepare+0x30/0xb0                         
  
  [  196.141100]  ? irqentry_exit_to_user_mode+0x17/0x20                        
  
  [  196.141104]  ? irqentry_exit+0x43/0x50                                     
  
  [  196.141106]  ? exc_page_fault+0x94/0x1b0                                   
  
  [  196.141107]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8                      
  
  [  196.141109] RIP: 0033:0x7f4ab69238ef                                       
  
  [  196.141124] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 
0\
  0 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 
3d \
  00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00                      
  
  [  196.141125] RSP: 002b:00007ffd607a9020 EFLAGS: 00000246 ORIG_RAX: 
0000000000\
  000010                                                                        
  
  [  196.141127] RAX: ffffffffffffffda RBX: 00007ffd607a9100 RCX: 
00007f4ab69238e\
  f                                                                             
  
  [  196.141128] RDX: 00007ffd607a9100 RSI: 00000000c008f804 RDI: 
000000000000000\
  3                                                                             
  
  [  196.141128] RBP: 0000000000000003 R08: 0000000000000001 R09: 
00007f4ab6b3074\
  0                                                                             
  
  [  196.141129] R10: 00007f4ab6b7f0a0 R11: 0000000000000246 R12: 
00007ffd607a90a\
  0                                                                             
  
  [  196.141130] R13: 00007ffd607a90dc R14: 0000559564822c10 R15: 
000000000003100\
  0                                                                             
  
  [  196.141131]  </TASK>                                                       
  
  [  196.141132] Modules linked in: snd_seq_dummy snd_hrtimer binfmt_misc 
nls_iso\
  8859_1 intel_rapl_msr intel_rapl_common snd_hda_codec_generic ledtrig_audio 
snd\
  _hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core 
snd_h\
  wdep snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event kvm irqbypass 
crct10dif_\
  pclmul polyval_clmulni polyval_generic ghash_clmulni_intel aesni_intel 
crypto_s\
  imd cryptd rapl joydev snd_rawmidi snd_seq i2c_i801 i2c_smbus snd_seq_device 
sn\
  d_timer qxl snd drm_ttm_helper lpc_ich soundcore ttm 9pnet_virtio 9pnet 
drm_kms\
  _helper input_leds mac_hid serio_raw nfsd msr parport_pc auth_rpcgss ppdev 
nfs_\
  acl lockd grace lp parport drm efi_pstore sunrpc dmi_sysfs qemu_fw_cfg 
ip_table\
  s x_tables autofs4 hid_generic usbhid hid ahci crc32_pclmul psmouse xhci_pci 
li\
  bahci virtio_rng xhci_pci_renesas                                             
  
  [  196.141188] CR2: 0000000000000000                                          
  
  [  196.141190] ---[ end trace 0000000000000000 ]---

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2040245/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to