[redhat-lspp] Updated kernel package available

Amy Griffis amy.griffis at hp.com
Tue Jan 17 15:17:12 UTC 2006 

Hi Steve,

On Mon, Jan 16, 2006 at 12:16:46PM -0500, Steve Grubb wrote:
> On Friday 13 January 2006 20:07, David Woodhouse wrote:
> > This is kernel-2.6.15-1.1826.2.10.2.2_FC5.lspp.6
> >
> > It contains the contents of the audit git tree, Janak's unshare patch
> > sequence, some patches from Steve and Amy's "string fields interface"
> > patches.
> 
> This kernel Oopses immediately on boot. I think its the string1 &
> string2 patches. Here's what I get:

Thanks for the bug report.

I didn't have any issues on boot in my testing, but this kernel
includes some patches I wasn't testing.  I'll look into it and get
back to you.

Amy

> Jan 16 10:35:15 localhost kernel: Unable to handle kernel NULL pointer dereference at 0000000000000018 RIP:
> Jan 16 10:35:15 localhost kernel: <ffffffff801614c4>{audit_receive_filter+464}
> Jan 16 10:35:15 localhost kernel: PGD 34014067 PUD 345ac067 PMD 0
> Jan 16 10:35:15 localhost kernel: Oops: 0002 [1] SMP
> Jan 16 10:35:15 localhost kernel: CPU 0
> Jan 16 10:35:15 localhost kernel: Modules linked in: ipt_REJECT ipt_state ip_conntrack nfnetlink iptable_filter ip_tables dm_mirror dm_mod video button battery ac lp parport_pc parport nvram ohci1394 ieee1394 ehci_hcd ohci_hcd bcm43xx ieee80211softmac ieee80211 ieee80211_crypt 8139cp 8139too mii snd_atiixp_modem snd_atiixp snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc ext3 jbd
> Jan 16 10:35:15 localhost kernel: Pid: 1734, comm: auditctl Not tainted 2.6.15-1.1826.2.10.2.2_FC5.lspp.6 #1
> Jan 16 10:35:15 localhost kernel: RIP: 0010:[<ffffffff801614c4>] <ffffffff801614c4>{audit_receive_filter+464}
> Jan 16 10:35:15 localhost kernel: RSP: 0018:ffff810034d35b18  EFLAGS: 00010246
> Jan 16 10:35:15 localhost kernel: RAX: 0000000000000018 RBX: ffffffff80440db8 RCX: 0000000000000000
> Jan 16 10:35:15 localhost kernel: RDX: ffffffff80440d80 RSI: ffffffff80440dc0 RDI: ffff81003565d180
> Jan 16 10:35:15 localhost kernel: RBP: ffff81003565cd50 R08: 0000000000000000 R09: ffff81003565cd50
> Jan 16 10:35:15 localhost kernel: R10: 00000000000000d0 R11: ffff81003635b840 R12: ffff81003565cd30
> Jan 16 10:35:15 localhost kernel: R13: 0000000000000000 R14: ffffffff80440dc0 R15: ffff810035ed38b8
> Jan 16 10:35:15 localhost kernel: FS:  00002aaaaaad4870(0000) GS:ffffffff805d0000(0000) knlGS:0000000000000000
> Jan 16 10:35:15 localhost kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> Jan 16 10:35:16 localhost kernel: CR2: 0000000000000018 CR3: 000000003417d000 CR4: 00000000000006e0
> Jan 16 10:35:16 localhost kernel: Process auditctl (pid: 1734, threadinfo ffff810034d34000, task ffff810037ca37e0)
> Jan 16 10:35:16 localhost kernel: Stack: ffffffff03c1ce3f ffffffff00000000 ffffffff80440d80 ffff810037a0e978
> Jan 16 10:35:16 localhost kernel:        00000000000503eb 00000000000003eb ffff8100358e9698 ffff810035ed3910
> Jan 16 10:35:16 localhost kernel:        ffff810035ed38b8 ffffffff801607cb
> Jan 16 10:35:16 localhost kernel: Call Trace:<ffffffff801607cb>{audit_receive+1208} <ffffffff801e3e32>{socket_has_perm+93}
> Jan 16 10:35:16 localhost kernel:        <ffffffff802fba25>{netlink_data_ready+18} <ffffffff802fab37>{netlink_sendskb+38}
> Jan 16 10:35:16 localhost kernel:        <ffffffff802fba25>{netlink_data_ready+18} <ffffffff802fab37>{netlink_sendskb+38}
> Jan 16 10:35:16 localhost kernel:        <ffffffff802fc083>{netlink_sendmsg+731} <ffffffff802dd4d0>{sock_sendmsg+246}
> Jan 16 10:35:16 localhost kernel:        <ffffffff8014e9b7>{autoremove_wake_function+0} <ffffffff8016cc1e>{cache_alloc_debugcheck_after+241}
> Jan 16 10:35:16 localhost kernel:        <ffffffff8016e922>{__kmalloc+205} <ffffffff80163096>{audit_sockaddr+54}
> Jan 16 10:35:16 localhost kernel:        <ffffffff802de929>{sys_sendto+232} <ffffffff8019ebc6>{d_alloc+455}
> Jan 16 10:35:16 localhost kernel:        <ffffffff80162a5d>{audit_syscall_entry+301} <ffffffff8010fa50>{tracesys+209}
> Jan 16 10:35:16 localhost kernel:
> Jan 16 10:35:16 localhost kernel: Code: 49 89 45 18 48 8b 95 18 04 00 00 48 8d 42 18 48 89 42 20 48
> Jan 16 10:35:16 localhost kernel: RIP <ffffffff801614c4>{audit_receive_filter+464} RSP <ffff810034d35b18>
> Jan 16 10:35:16 localhost kernel: CR2: 0000000000000018
> 
> Then with gdb, I find this line:
> 
> (gdb) list *0xffffffff801614c4
> 0xffffffff801614c4 is in audit_receive_filter (kernel/auditfilter.c:388).
> 383                     audit_free_watch(krule->watch);
> 384                     krule->watch = w;
> 385                     list_add(&krule->rlist, &w->rules);
> 386                     return;
> 387             }
> 388             INIT_LIST_HEAD(&krule->watch->rules);
> 389             list_add(&krule->rlist, &krule->watch->rules);
> 390             list_add(&krule->watch->mlist, &master_watchlist);
> 391     }
> 
> So, seems that krule is NULL?
> 
> -Steve
> 
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>

More information about the Linux-audit mailing list