Ubuntu
linux package

5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084

Bug #1990236 reported by Andreas Schultz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

After upgrading to 5.19.0-17.17 from 5.19.0-16.16, system began to lock up unexpectedly.
Log inspection showed this:

Sep 20 09:05:20 zeus kernel: BUG: kernel NULL pointer dereference, address: 0000000000000084
Sep 20 09:05:20 zeus kernel: #PF: supervisor read access in kernel mode
Sep 20 09:05:20 zeus kernel: #PF: error_code(0x0000) - not-present page
Sep 20 09:05:20 zeus kernel: PGD 0 P4D 0
Sep 20 09:05:20 zeus kernel: Oops: 0000 [#1] PREEMPT SMP PTI
Sep 20 09:05:20 zeus kernel: CPU: 6 PID: 4291 Comm: slack Tainted: P OE 5.19.0-17-generic #17-Ubuntu
Sep 20 09:05:20 zeus kernel: Hardware name: HP HP ZBook Studio G5/8427, BIOS Q71 Ver. 01.20.00 03/22/2022
Sep 20 09:05:20 zeus kernel: RIP: 0010:unix_fs_perm.part.0+0x50/0x1e0
Sep 20 09:05:20 zeus kernel: Code: 04 25 28 00 00 00 48 89 45 d0 31 c0 48 8b 81 08 03 00 00 89 75 8c 48 85 c0 0f 85 b0 00 00 00 48 8b 91 70 02 00 00 48 8d 7d a0 <8b> 8a 84 00 00 00 0f b7 92 80 00 00 00 48 c7 45 9c 00 00 00 00 48
Sep 20 09:05:20 zeus kernel: RSP: 0018:ffffb014c7eb3ce0 EFLAGS: 00010246
Sep 20 09:05:20 zeus kernel: RAX: 0000000000000000 RBX: ffff94c0e0c7adb0 RCX: ffff94be5003ac00
Sep 20 09:05:20 zeus kernel: RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffb014c7eb3cf8
Sep 20 09:05:20 zeus kernel: RBP: ffffb014c7eb3d58 R08: 0000000000000002 R09: 0000000000000000
Sep 20 09:05:20 zeus kernel: R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004
Sep 20 09:05:20 zeus kernel: R13: 0000000000000002 R14: ffffffffa044fe92 R15: ffff94be5003ac00
Sep 20 09:05:20 zeus kernel: FS: 00007f6b47927c00(0000) GS:ffff94c47bd80000(0000) knlGS:0000000000000000
Sep 20 09:05:20 zeus kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Sep 20 09:05:20 zeus kernel: CR2: 0000000000000084 CR3: 000000013e1b4003 CR4: 00000000003706e0
Sep 20 09:05:20 zeus kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Sep 20 09:05:20 zeus kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Sep 20 09:05:20 zeus kernel: Call Trace:
Sep 20 09:05:20 zeus kernel: <TASK>
Sep 20 09:05:20 zeus kernel: aa_unix_file_perm+0x2f2/0x400
Sep 20 09:05:20 zeus kernel: aa_sock_file_perm+0x5c/0x80
Sep 20 09:05:20 zeus kernel: aa_file_perm+0x288/0x2e0
Sep 20 09:05:20 zeus kernel: apparmor_file_permission+0x71/0x1a0
Sep 20 09:05:20 zeus kernel: security_file_permission+0x36/0x70
Sep 20 09:05:20 zeus kernel: rw_verify_area+0x35/0x80
Sep 20 09:05:20 zeus kernel: vfs_read+0x6c/0x1b0
Sep 20 09:05:20 zeus kernel: ksys_read+0xc9/0x100
Sep 20 09:05:20 zeus kernel: __x64_sys_read+0x19/0x30
Sep 20 09:05:20 zeus kernel: do_syscall_64+0x58/0x90
Sep 20 09:05:20 zeus kernel: entry_SYSCALL_64_after_hwframe+0x63/0xcd
Sep 20 09:05:20 zeus kernel: RIP: 0033:0x7f6b46c68474
Sep 20 09:05:20 zeus kernel: Code: 84 00 00 00 00 00 41 54 55 49 89 d4 53 48 89 f5 89 fb 48 83 ec 10 e8 8b fc ff ff 4c 89 e2 41 89 c0 48 89 ee 89 df 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 48 89 44 24 08 e8 c7 fc ff ff 48
Sep 20 09:05:20 zeus kernel: RSP: 002b:00007ffc54391700 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
Sep 20 09:05:20 zeus kernel: RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00007f6b46c68474
Sep 20 09:05:20 zeus kernel: RDX: 0000000000000008 RSI: 00007ffc54391800 RDI: 0000000000000028
Sep 20 09:05:20 zeus kernel: RBP: 00007ffc54391800 R08: 0000000000000000 R09: 0000000000000000
Sep 20 09:05:20 zeus kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
Sep 20 09:05:20 zeus kernel: R13: 0000000000000028 R14: 00007ffc54391800 R15: 0000000000000000

I'll attach the full log.

The presence apparmor in the trace correlates with the ton of permission problem that this kernel introduced (Chrome and Slack no longer starting, see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1990064).
---
ProblemType: Bug
ApportVersion: 2.23.0-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: XFCE
DistroRelease: Ubuntu 22.10
InstallationDate: Installed on 2017-09-26 (1819 days ago)
InstallationMedia: Ubuntu-Server 17.10 "Artful Aardvark" - Alpha amd64 (20170924)
NonfreeKernelModules: nvidia_modeset nvidia
Package: linux (not installed)
Tags: kinetic
Uname: Linux 5.18.8-051808-generic x86_64
UnreportableReason: The running kernel is not an Ubuntu kernel
UpgradeStatus: Upgraded to kinetic on 2022-05-22 (120 days ago)
UserGroups: cdrom dialout dip docker libvirt lpadmin lxd plugdev render sambashare src sudo tss tty uucp video wireshark
_MarkForUpload: True

See original description

CVE References

Revision history for this message
Andreas Schultz (aschultz) wrote :
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1990236

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Andreas Schultz (aschultz) wrote : ProcCpuinfoMinimal.txt

apport information

tags: added: apport-collected kinetic
description: updated
Revision history for this message
Andreas Schultz (aschultz) wrote : ProcEnviron.txt

apport information

Changed in linux (Ubuntu):
status: Incomplete → New
Revision history for this message
Andreas Schultz (aschultz) wrote :

Note: the bot wants me to run apport on this bug, however I can not run apport on the broken kernel and running it on the working kernel is likely to produce wrong logs.

Please look at the boot log that I attached manually instead.

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1990236

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Seth Arnold (seth-arnold)
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (18.6 KiB)

This bug was fixed in the package linux - 5.19.0-18.18

---------------
linux (5.19.0-18.18) kinetic; urgency=medium

  * kinetic/linux: 5.19.0-18.18 -proposed tracker (LP: #1990366)

  * 5.19.0-17.17: kernel NULL pointer dereference, address: 0000000000000084
    (LP: #1990236)
    - Revert "UBUNTU: SAUCE: apparmor: Fix regression in stacking due to label
      flags"
    - Revert "UBUNTU: [Config] disable SECURITY_APPARMOR_RESTRICT_USERNS"
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - add an internal buffer""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't wait on cleanup""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - don't waste entropy""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - always add a pending
      request""
    - Revert "UBUNTU: SAUCE: Revert "hwrng: virtio - unregister device before
      reset""
    - Revert "UBUNTU: SAUCE: Revert "virtio-rng: make device ready before making
      request""
    - Revert "UBUNTU: [Config] update configs after apply new apparmor patch set"
    - Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation"
    - Revert "UBUNTU: SAUCE: selinux: Implement userns_create hook"
    - Revert "UBUNTU: SAUCE: bpf-lsm: Make bpf_lsm_userns_create() sleepable"
    - Revert "UBUNTU: SAUCE: security, lsm: Introduce security_create_user_ns()"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: AppArmor: Remove the exclusive
      flag"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add /proc attr entry for full
      LSM context"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Removed scaffolding function
      lsmcontext_init"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: netlabel: Use a struct lsmblob in
      audit data"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple
      object contexts"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: audit: multiple subject lsm values
      for netlabel"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Add record for multiple task
      security contexts"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Allow multiple records in an
      audit_buffer"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Add a function to report
      multiple LSMs"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Create audit_stamp
      structure"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: Audit: Keep multiple LSM data in
      audit_names"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx
      module selection"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: binder: Pass LSM identifier for
      confirmation"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: NET: Store LSM netlabel data in a
      lsmblob"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: security_secid_to_secctx in
      netlink netfilter"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_dentry_init_security"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_inode_getsecctx"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM: Use lsmcontext in
      security_secid_to_secctx"
    - Revert "UBUNTU: SAUCE: lsm stacking v37: LSM:...

Changed in linux (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-hwe-5.19/5.19.0-24.25~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-hwe-5.19 verification-needed-jammy
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.