[redhat-lspp] Updated kernel package available

Steve Grubb sgrubb at redhat.com
Mon Jan 16 17:16:46 UTC 2006 

On Friday 13 January 2006 20:07, David Woodhouse wrote:
> This is kernel-2.6.15-1.1826.2.10.2.2_FC5.lspp.6
>
> It contains the contents of the audit git tree, Janak's unshare patch
> sequence, some patches from Steve and Amy's "string fields interface"
> patches.

This kernel Oopses immediately on boot. I think its the string1 & string2 patches. Here's what I get:

Jan 16 10:35:15 localhost kernel: Unable to handle kernel NULL pointer dereference at 0000000000000018 RIP:
Jan 16 10:35:15 localhost kernel: <ffffffff801614c4>{audit_receive_filter+464}
Jan 16 10:35:15 localhost kernel: PGD 34014067 PUD 345ac067 PMD 0
Jan 16 10:35:15 localhost kernel: Oops: 0002 [1] SMP
Jan 16 10:35:15 localhost kernel: CPU 0
Jan 16 10:35:15 localhost kernel: Modules linked in: ipt_REJECT ipt_state ip_conntrack nfnetlink iptable_filter ip_tables dm_mirror dm_mod video button battery ac lp parport_pc parport nvram ohci1394 ieee1394 ehci_hcd ohci_hcd bcm43xx ieee80211softmac ieee80211 ieee80211_crypt 8139cp 8139too mii snd_atiixp_modem snd_atiixp snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc ext3 jbd
Jan 16 10:35:15 localhost kernel: Pid: 1734, comm: auditctl Not tainted 2.6.15-1.1826.2.10.2.2_FC5.lspp.6 #1
Jan 16 10:35:15 localhost kernel: RIP: 0010:[<ffffffff801614c4>] <ffffffff801614c4>{audit_receive_filter+464}
Jan 16 10:35:15 localhost kernel: RSP: 0018:ffff810034d35b18  EFLAGS: 00010246
Jan 16 10:35:15 localhost kernel: RAX: 0000000000000018 RBX: ffffffff80440db8 RCX: 0000000000000000
Jan 16 10:35:15 localhost kernel: RDX: ffffffff80440d80 RSI: ffffffff80440dc0 RDI: ffff81003565d180
Jan 16 10:35:15 localhost kernel: RBP: ffff81003565cd50 R08: 0000000000000000 R09: ffff81003565cd50
Jan 16 10:35:15 localhost kernel: R10: 00000000000000d0 R11: ffff81003635b840 R12: ffff81003565cd30
Jan 16 10:35:15 localhost kernel: R13: 0000000000000000 R14: ffffffff80440dc0 R15: ffff810035ed38b8
Jan 16 10:35:15 localhost kernel: FS:  00002aaaaaad4870(0000) GS:ffffffff805d0000(0000) knlGS:0000000000000000
Jan 16 10:35:15 localhost kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Jan 16 10:35:16 localhost kernel: CR2: 0000000000000018 CR3: 000000003417d000 CR4: 00000000000006e0
Jan 16 10:35:16 localhost kernel: Process auditctl (pid: 1734, threadinfo ffff810034d34000, task ffff810037ca37e0)
Jan 16 10:35:16 localhost kernel: Stack: ffffffff03c1ce3f ffffffff00000000 ffffffff80440d80 ffff810037a0e978
Jan 16 10:35:16 localhost kernel:        00000000000503eb 00000000000003eb ffff8100358e9698 ffff810035ed3910
Jan 16 10:35:16 localhost kernel:        ffff810035ed38b8 ffffffff801607cb
Jan 16 10:35:16 localhost kernel: Call Trace:<ffffffff801607cb>{audit_receive+1208} <ffffffff801e3e32>{socket_has_perm+93}
Jan 16 10:35:16 localhost kernel:        <ffffffff802fba25>{netlink_data_ready+18} <ffffffff802fab37>{netlink_sendskb+38}
Jan 16 10:35:16 localhost kernel:        <ffffffff802fba25>{netlink_data_ready+18} <ffffffff802fab37>{netlink_sendskb+38}
Jan 16 10:35:16 localhost kernel:        <ffffffff802fc083>{netlink_sendmsg+731} <ffffffff802dd4d0>{sock_sendmsg+246}
Jan 16 10:35:16 localhost kernel:        <ffffffff8014e9b7>{autoremove_wake_function+0} <ffffffff8016cc1e>{cache_alloc_debugcheck_after+241}
Jan 16 10:35:16 localhost kernel:        <ffffffff8016e922>{__kmalloc+205} <ffffffff80163096>{audit_sockaddr+54}
Jan 16 10:35:16 localhost kernel:        <ffffffff802de929>{sys_sendto+232} <ffffffff8019ebc6>{d_alloc+455}
Jan 16 10:35:16 localhost kernel:        <ffffffff80162a5d>{audit_syscall_entry+301} <ffffffff8010fa50>{tracesys+209}
Jan 16 10:35:16 localhost kernel:
Jan 16 10:35:16 localhost kernel: Code: 49 89 45 18 48 8b 95 18 04 00 00 48 8d 42 18 48 89 42 20 48
Jan 16 10:35:16 localhost kernel: RIP <ffffffff801614c4>{audit_receive_filter+464} RSP <ffff810034d35b18>
Jan 16 10:35:16 localhost kernel: CR2: 0000000000000018

Then with gdb, I find this line:

(gdb) list *0xffffffff801614c4
0xffffffff801614c4 is in audit_receive_filter (kernel/auditfilter.c:388).
383                     audit_free_watch(krule->watch);
384                     krule->watch = w;
385                     list_add(&krule->rlist, &w->rules);
386                     return;
387             }
388             INIT_LIST_HEAD(&krule->watch->rules);
389             list_add(&krule->rlist, &krule->watch->rules);
390             list_add(&krule->watch->mlist, &master_watchlist);
391     }

So, seems that krule is NULL?

-Steve

More information about the Linux-audit mailing list