audit.79 kernel
Timothy R. Chavez
tinytim at us.ibm.com
Tue Jul 19 21:28:52 UTC 2005
On Tuesday 19 July 2005 06:34, Rob Myers wrote:
> On Sat, 2005-07-16 at 15:59 +0100, David Woodhouse wrote:
> > * Sat Jul 16 2005 David Woodhouse <dwmw2 at redhat.com> audit.79
> > - Defer serial number generation until it's needed to avoid contention
> >
>
> triggered an oops last night on audit.79 i686 smp with several scripts
> running at the same time. one was toggling audit enable while others
> were creating, deleting, and testing watches at the same time.
I think I fixed this. Hopefully David will be able to release a audit.80 with
it for more people to test. I'll go ahead and set up an SMP x86_64 with
this patched kernel and run all night (or attemp to at least).
The problem that I can see is as follows:
hlist_for_each_entry_safe(watch, pos, tmp, &data->watches, w_watched) {
hlist_del(RIGHT HERE)(&watch->w_watched);
audit_watch_put(watch);
}
That really _should_ be a hlist_del_init(). At least, that's what I'm hoping the
problem is. If you think about it, hlist_del() will poison the list, but when we
put back out reference and hit audit_watch_free(), we are hitting line 219,
which is the BUG_ON(!hlist_unhashed(&watch->w_watched) which means
that we are not unhashed... hlist_unhashed checks for a NULL pointer...
thus to set that pointer correctly to NULL rather then the poison value we
use hlist_del_init()... Sound reasonable?
-tim
>
> Jul 18 23:22:02 localhost kernel: ------------[ cut here ]------------
> Jul 18 23:22:02 localhost kernel: kernel BUG at kernel/auditfs.c:219!
> Jul 18 23:22:02 localhost kernel: invalid operand: 0000 [#1]
> Jul 18 23:22:02 localhost kernel: SMP
> Jul 18 23:22:02 localhost kernel: Modules linked in: i2c_dev i2c_core ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables dm_mod button battery ac joydev uhci_hcd ehci_hcd hw_random snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore sk98lin floppy ext3 jbd i2o_block i2o_core sd_mod scsi_mod
> Jul 18 23:22:02 localhost kernel: CPU: 1
> Jul 18 23:22:02 localhost kernel: EIP: 0060:[<c013cef5>] Not tainted VLI
> Jul 18 23:22:02 localhost kernel: EFLAGS: 00010206 (2.6.9-11.EL.audit.79smp)
> Jul 18 23:22:02 localhost kernel: EIP is at audit_watch_put+0x4b/0x62
> Jul 18 23:22:02 localhost kernel: eax: 00000004 ebx: f6dda244 ecx: 6bfff080 edx: f2c54438
> Jul 18 23:22:02 localhost kernel: esi: f490f2dc edi: e1149bcc ebp: f3277564 esp: e51bcf34
> Jul 18 23:22:02 localhost kernel: ds: 007b es: 007b ss: 0068
> Jul 18 23:22:02 localhost kernel: Process rm (pid: 5327, threadinfo=e51bc000 task=f4cdb0b0)
> Jul 18 23:22:02 localhost kernel: Stack: 00000000 c013db9c f3277564 f490f2dc f529a000 f3277564 c016e560 f3277564
> Jul 18 23:22:02 localhost kernel: c016f59e 00000000 c0166b48 f7dcae64 f7f4f9c0 af26065d 00000012 f529a005
> Jul 18 23:22:02 localhost kernel: 00000010 00000000 00000000 f7b5643c 0000000a 40000003 f4cdb0b0 f4cdb0b0
> Jul 18 23:22:02 localhost kernel: Call Trace:
> Jul 18 23:22:02 localhost kernel: [<c013db9c>] audit_inode_free+0x13e/0x15c
> Jul 18 23:22:02 localhost kernel: [<c016e560>] destroy_inode+0x1b/0x4c
> Jul 18 23:22:02 localhost kernel: [<c016f59e>] iput+0x5f/0x61
> Jul 18 23:22:02 localhost kernel: [<c0166b48>] sys_unlink+0xd7/0x132
> Jul 18 23:22:02 localhost kernel: [<c0109fee>] do_syscall_trace+0xc0/0xca
> Jul 18 23:22:02 localhost kernel: [<c02ca823>] syscall_call+0x7/0xb
> Jul 18 23:22:02 localhost kernel: Code: 00 8b 43 2c e8 2d 95 00 00 83 7b 08 00 74 08 0f 0b d9 00 ff d9 2d c0 83 7b 10 00 74 08 0f 0b da 00 ff d9 2d c0 83 7b 18 00 74 08 <0f> 0b db 00 ff d9 2d c0 89 da 5b a1 ec a1 42 c0 e9 42 94 00 00
> Jul 18 23:22:02 localhost kernel: <0>Fatal exception: panic in 5 seconds
>
> rob.
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> http://www.redhat.com/mailman/listinfo/linux-audit
>
>
More information about the Linux-audit
mailing list