From mboxrd@z Thu Jan 1 00:00:00 1970 From: Valentin Avram Subject: Re: Kernel oops+crash on repeated auditd restarts Date: Wed, 8 Feb 2012 18:11:03 +0200 Message-ID: References: <1327519203.4131.25.camel@localhost> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7474275148628762262==" Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Eric Paris Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com --===============7474275148628762262== Content-Type: multipart/alternative; boundary=001636c92c9a70425104b8762458 --001636c92c9a70425104b8762458 Content-Type: text/plain; charset=ISO-8859-1 Hello. Fresh news: Gentoo's gentoo-sources-3.1.10-r1 with audit-2.1.3 still gives oops using the simple "start ; sleep 5 ; stop ; sleep 5 ; repeat" one-liner. Kernel oops after less than 5 minutes: BUG: unable to handle kernel NULL pointer dereference at 00000004 IP: [] fsnotify_mark_destroy+0x87/0x130 *pdpt = 0000000000000000 *pde = f000def8f000def8 Oops: 0002 [#1] SMP Pid: 690, comm: fsnotify_mark Not tainted 3.1.10-gentoo-r1-drbd-version3 #1 Dell Inc. PowerEdge R610/0F0XJ6 EIP: 0060:[] EFLAGS: 00010216 CPU: 3 EIP is at fsnotify_mark_destroy+0x87/0x130 EAX: f2e51708 EBX: f2415fa8 ECX: 00000000 EDX: f2e51744 ESI: f2f46c00 EDI: ffffffc4 EBP: c10ea000 ESP: f2415f90 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process fsnotify_mark (pid: 690, ti=f2414000 task=f2f46c00 task.ti=f2414000) Stack: f2f46c00 00000000 f2f46c00 c1050150 f2415fa0 f2415fa0 f2e51744 f2e51744 f2c47f68 00000000 c10f22b0 00000000 c104f854 00000000 00000000 00000000 00000000 f2415fd4 f2415fd4 00000000 c104f7e0 f2c47f68 c15820b6 00000000 Call Trace: [] ? abort_exclusive_wait+0x90/0x90 [] ? fsnotify_put_mark+0x20/0x20 [] ? kthread+0x74/0x80 [] ? kthread_flush_work_fn+0x10/0x10 [] ? kernel_thread_helper+0x6/0xd Code: 34 1b 8b c1 e8 4b 2d f6 ff 8b 54 24 18 8d 42 c4 39 da 8b 48 3c 8d 79 c4 75 0e eb 2d 90 8d b4 26 00 00 00 00 89 f8 89 ef 8b 68 40 69 04 89 4d 00 89 50 3c 89 50 40 e8 48 ff ff ff 8b 4f 3c 8d EIP: [] fsnotify_mark_destroy+0x87/0x130 SS:ESP 0068:f2415f90 CR2: 0000000000000004 ---[ end trace d10081cf0e5b936c ]--- So far only one oops occured, however the test server is doing quite nothing right now. I'll install more services, retry and post back here the results. On Thu, Jan 26, 2012 at 9:13 AM, Valentin Avram wrote: > > All the information i had is posted on the Gentoo bug report. The two > machines i used to test the issue are now in production mode, so i can't do > any testing on them. However I'll soon have access to a new machine that > can stay in test mode for a while, where i plan to retest with Gentoo's > latest "stable-marked" kernel gentoo-sources-3.1.6. > > --001636c92c9a70425104b8762458 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hello.

Fresh news: Gentoo's gentoo-sources-3.1.10-r1 with audit-= 2.1.3 still gives oops using the simple "start ; sleep 5 ; stop ; slee= p 5 ; repeat" one-liner.

Kernel oops after less than 5 minutes:=

BUG: unable to handle kernel NULL pointer dereference at 00000004
IP= : [<c10f2337>] fsnotify_mark_destroy+0x87/0x130
*pdpt =3D 00000000= 00000000 *pde =3D f000def8f000def8
Oops: 0002 [#1] SMP

Pid: 690= , comm: fsnotify_mark Not tainted 3.1.10-gentoo-r1-drbd-version3 #1 Dell In= c. PowerEdge R610/0F0XJ6
EIP: 0060:[<c10f2337>] EFLAGS: 00010216 CPU: 3
EIP is at fsnotify_= mark_destroy+0x87/0x130
EAX: f2e51708 EBX: f2415fa8 ECX: 00000000 EDX: f= 2e51744
ESI: f2f46c00 EDI: ffffffc4 EBP: c10ea000 ESP: f2415f90
=A0DS= : 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process fsnotify_mark (pid: 690, ti=3Df2414000 task=3Df2f46c00 task.ti=3Df2= 414000)
Stack:
=A0f2f46c00 00000000 f2f46c00 c1050150 f2415fa0 f2415f= a0 f2e51744 f2e51744
=A0f2c47f68 00000000 c10f22b0 00000000 c104f854 000= 00000 00000000 00000000
=A000000000 f2415fd4 f2415fd4 00000000 c104f7e0 f2c47f68 c15820b6 00000000<= br>Call Trace:
=A0[<c1050150>] ? abort_exclusive_wait+0x90/0x90=A0[<c10f22b0>] ? fsnotify_put_mark+0x20/0x20
=A0[<c104f854>= ;] ? kthread+0x74/0x80
=A0[<c104f7e0>] ? kthread_flush_work_fn+0x10/0x10
=A0[<c15820b6= >] ? kernel_thread_helper+0x6/0xd
Code: 34 1b 8b c1 e8 4b 2d f6 ff 8b= 54 24 18 8d 42 c4 39 da 8b 48 3c 8d 79 c4 75 0e eb 2d 90 8d b4 26 00 00 00= 00 89 f8 89 ef 8b 68 40
=A069 04 89 4d 00 89 50 3c 89 50 40 e8 48 ff ff ff 8b 4f 3c 8d
EIP: [&l= t;c10f2337>] fsnotify_mark_destroy+0x87/0x130 SS:ESP 0068:f2415f90
CR= 2: 0000000000000004
---[ end trace d10081cf0e5b936c ]---

So far o= nly one oops occured, however the test server is doing quite nothing right = now. I'll install more services, retry and post back here the results.<= br>

On Thu, Jan 26, 2012 at 9:13 AM, Valentin Av= ram <aval13@gmail.= com> wrote:

All = the information i had is posted on the Gentoo bug report. The two machines = i used to test the issue are now in production mode, so i can't do any = testing on them. However I'll soon have access to a new machine that ca= n stay in test mode for a while, where i plan to retest with Gentoo's l= atest "stable-marked" kernel gentoo-sources-3.1.6.

--001636c92c9a70425104b8762458-- --===============7474275148628762262== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============7474275148628762262==--