Kernel oops+crash on repeated auditd restarts
Valentin Avram
aval13 at gmail.com
Wed Feb 8 16:11:03 UTC 2012
Hello.
Fresh news: Gentoo's gentoo-sources-3.1.10-r1 with audit-2.1.3 still gives
oops using the simple "start ; sleep 5 ; stop ; sleep 5 ; repeat" one-liner.
Kernel oops after less than 5 minutes:
BUG: unable to handle kernel NULL pointer dereference at 00000004
IP: [<c10f2337>] fsnotify_mark_destroy+0x87/0x130
*pdpt = 0000000000000000 *pde = f000def8f000def8
Oops: 0002 [#1] SMP
Pid: 690, comm: fsnotify_mark Not tainted 3.1.10-gentoo-r1-drbd-version3 #1
Dell Inc. PowerEdge R610/0F0XJ6
EIP: 0060:[<c10f2337>] EFLAGS: 00010216 CPU: 3
EIP is at fsnotify_mark_destroy+0x87/0x130
EAX: f2e51708 EBX: f2415fa8 ECX: 00000000 EDX: f2e51744
ESI: f2f46c00 EDI: ffffffc4 EBP: c10ea000 ESP: f2415f90
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process fsnotify_mark (pid: 690, ti=f2414000 task=f2f46c00 task.ti=f2414000)
Stack:
f2f46c00 00000000 f2f46c00 c1050150 f2415fa0 f2415fa0 f2e51744 f2e51744
f2c47f68 00000000 c10f22b0 00000000 c104f854 00000000 00000000 00000000
00000000 f2415fd4 f2415fd4 00000000 c104f7e0 f2c47f68 c15820b6 00000000
Call Trace:
[<c1050150>] ? abort_exclusive_wait+0x90/0x90
[<c10f22b0>] ? fsnotify_put_mark+0x20/0x20
[<c104f854>] ? kthread+0x74/0x80
[<c104f7e0>] ? kthread_flush_work_fn+0x10/0x10
[<c15820b6>] ? kernel_thread_helper+0x6/0xd
Code: 34 1b 8b c1 e8 4b 2d f6 ff 8b 54 24 18 8d 42 c4 39 da 8b 48 3c 8d 79
c4 75 0e eb 2d 90 8d b4 26 00 00 00 00 89 f8 89 ef 8b 68 40
69 04 89 4d 00 89 50 3c 89 50 40 e8 48 ff ff ff 8b 4f 3c 8d
EIP: [<c10f2337>] fsnotify_mark_destroy+0x87/0x130 SS:ESP 0068:f2415f90
CR2: 0000000000000004
---[ end trace d10081cf0e5b936c ]---
So far only one oops occured, however the test server is doing quite
nothing right now. I'll install more services, retry and post back here the
results.
On Thu, Jan 26, 2012 at 9:13 AM, Valentin Avram <aval13 at gmail.com> wrote:
>
> All the information i had is posted on the Gentoo bug report. The two
> machines i used to test the issue are now in production mode, so i can't do
> any testing on them. However I'll soon have access to a new machine that
> can stay in test mode for a while, where i plan to retest with Gentoo's
> latest "stable-marked" kernel gentoo-sources-3.1.6.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20120208/0bc38216/attachment.htm>
More information about the Linux-audit
mailing list