audit.49 kernel

Steve Grubb sgrubb at redhat.com
Wed May 25 17:48:28 UTC 2005 

On Wednesday 25 May 2005 13:29, Steve Grubb wrote:
> Try this script with audit-0.9:

This didn't take long...

May 25 13:35:27 localhost kernel: Unable to handle kernel paging request at virtual address 705f6b6a
May 25 13:35:27 localhost kernel:  printing eip:
May 25 13:35:27 localhost kernel: c014bac9
May 25 13:35:27 localhost kernel: *pde = 00000000
May 25 13:35:27 localhost kernel: Oops: 0002 [#1]
May 25 13:35:27 localhost kernel: Modules linked in: parport_pc lp parport autofs4 i2c_dev i2c_core ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables dm_mod button battery ac md5 ipv6 uhci_hcd snd_emu10k1 snd_rawmidi snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_seq_device snd_ac97_codec snd_page_alloc snd_util_mem snd_hwdep snd soundcore 3c59x floppy ext3 jbd
May 25 13:35:27 localhost kernel: CPU:    0
May 25 13:35:27 localhost kernel: EIP:    0060:[<c014bac9>]    Not tainted VLI
May 25 13:35:27 localhost kernel: EFLAGS: 00210006   (2.6.9-5.0.3.EL.audit.49)
May 25 13:35:27 localhost kernel: EIP is at cache_alloc_refill+0x146/0x227
May 25 13:35:27 localhost kernel: eax: 705f6b66   ebx: effefba0   ecx: dc974400   edx: effefbbc
May 25 13:35:27 localhost kernel: esi: 00000002   edi: effefbac   ebp: effe30a0   esp: e5410dd0
May 25 13:35:27 localhost kernel: ds: 007b   es: 007b   ss: 0068
May 25 13:35:27 localhost kernel: Process metacity (pid: 2598, threadinfo=e5410000 task=e5458660)
May 25 13:35:27 localhost kernel: Stack: 000000d0 effefba0 000000d0 00200246 000000d0 c014c0af ef862880 00001f00
May 25 13:35:27 localhost kernel:        e5a64dc0 c02a2971 00000000 00001eb4 ffffffe0 e5a64dc0 00000000 c02a1c31
May 25 13:35:27 localhost kernel:        00001eb4 00001eb4 00001eb4 e5a64b80 e5410e64 e4eb9980 c02a1d98 00000040
May 25 13:35:27 localhost kernel: Call Trace:
May 25 13:35:27 localhost kernel:  [<c014c0af>] __kmalloc+0x6b/0x7d
May 25 13:35:27 localhost kernel:  [<c02a2971>] alloc_skb+0x33/0xc5
May 25 13:35:27 localhost kernel:  [<c02a1c31>] sock_alloc_send_pskb+0x5d/0x1b8
May 25 13:35:27 localhost kernel:  [<c02a1d98>] sock_alloc_send_skb+0xc/0xf
May 25 13:35:27 localhost kernel:  [<c02fcbdd>] unix_stream_sendmsg+0x14b/0x307
May 25 13:35:27 localhost kernel:  [<c029f265>] sock_aio_write+0x106/0x113
May 25 13:35:27 localhost kernel:  [<c0163bc9>] do_sync_write+0x97/0xc9
May 25 13:35:27 localhost kernel:  [<c01c3afd>] selinux_file_permission+0x114/0x11d
May 25 13:35:27 localhost kernel:  [<c011d04b>] autoremove_wake_function+0x0/0x2d
May 25 13:35:27 localhost kernel:  [<c01413c5>] audit_syscall_entry+0x125/0x13e
May 25 13:35:27 localhost kernel:  [<c0163cc1>] vfs_write+0xc6/0xe2
May 25 13:35:27 localhost kernel:  [<c0163d7b>] sys_write+0x3c/0x62
May 25 13:35:27 localhost kernel:  [<c0303707>] syscall_call+0x7/0xb
May 25 13:35:27 localhost kernel: Code: af 43 34 03 41 0c 89 44 95 10 ff 45 00 8b 51 10 0f b7 41 14 42 89 51 10 0f b7 44 41 18 66 89 41 14 3b 53 3c 72 cc 8b 51 04 8b 01 <89> 50 04 89 02 66 83 79 14 ff c7 01 00 01 10 00 c7 41 04 00 02

Then I loaded kernel-debuginfo & started gdb. 
(gdb) list *0xc014bac9
0xc014bac9 is in cache_alloc_refill (include/linux/list.h:151).
146     include/linux/list.h: No such file or directory.
        in include/linux/list.h

-Steve

More information about the Linux-audit mailing list