Ubuntu
linux package

  1. Bug #1450442
  2. Comment #28

Comment 28 for bug 1450442

Revision history for this message
Pete Cheslock (pete-cheslock) wrote :

I'm still able to recreate this issue with kernel version 3.13.0-52-generic #85-Ubuntu SMP Wed Apr 29 16:44:17 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

It looks like a different set of audit rules causes the same issue.

To replicate:
Install 3.13.0-52-generic kernel
apt-get install auditd

in /etc/audit/audit.rules
---
-D
-b 5000
-f 0
-r 15000
-a exit,always -F arch=b64 -S execve -S exit -S exit_group -S fork -S clone -S vfork -S accept -S accept4 -S connect -S bind -S listen
---

restart auditd
below stacktrace happens.

Stacktrace:

[ 186.897309] BUG: unable to handle kernel NULL pointer dereference at 0000000000000690
[ 186.897322] IP: [<ffffffff8136cbb0>] strlen+0x0/0x30
[ 186.897331] PGD 0
[ 186.897334] Oops: 0000 [#1] SMP
[ 186.897339] Modules linked in: dm_crypt crct10dif_pclmul crc32_pclmul ghash_clmulni_intel isofs aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd
[ 186.897357] CPU: 0 PID: 2206 Comm: sudo Not tainted 3.13.0-52-generic #85-Ubuntu
[ 186.897363] task: ffff880003286000 ti: ffff880002a04000 task.ti: ffff880002a04000
[ 186.897368] RIP: e030:[<ffffffff8136cbb0>] [<ffffffff8136cbb0>] strlen+0x0/0x30
[ 186.897375] RSP: e02b:ffff880002a05df0 EFLAGS: 00010286
[ 186.897379] RAX: ffff880002a05d40 RBX: 0000000000000690 RCX: 0000000000000000
[ 186.897382] RDX: 0000000000000036 RSI: 0000000000000690 RDI: 0000000000000690
[ 186.897385] RBP: ffff880002a05e08 R08: 0000000000000000 R09: 000000000000fffe
[ 186.897389] R10: 0000000000000000 R11: ffff880002a05c06 R12: ffff8801d298f340
[ 186.897393] R13: 0000000000000000 R14: ffff8801d0fa2000 R15: 0000000000000000
[ 186.897401] FS: 00007f4a94370840(0000) GS:ffff8801dee00000(0000) knlGS:0000000000000000
[ 186.897408] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 186.897412] CR2: 0000000000000690 CR3: 00000000031f5000 CR4: 0000000000002660
[ 186.897418] Stack:
[ 186.897420] ffffffff810f7fda ffff8801d298f340 ffff8801d0fa2060 ffff880002a05e78
[ 186.897425] ffffffff810f9581 ffffffff8172a480 ffffffff81c55740 ffff880002a05e60
[ 186.897430] ffffffff8172a480 ffff880002a05ef0 ffff880002a05e60 ffffffff810f6b93
[ 186.897435] Call Trace:
[ 186.897441] [<ffffffff810f7fda>] ? audit_log_untrustedstring+0x1a/0x30
[ 186.897445] [<ffffffff810f9581>] audit_log_name+0x281/0x320
[ 186.897451] [<ffffffff8172a480>] ? _raw_spin_unlock_irqrestore+0x20/0x40
[ 186.897455] [<ffffffff8172a480>] ? _raw_spin_unlock_irqrestore+0x20/0x40
[ 186.897459] [<ffffffff810f6b93>] ? audit_buffer_free+0x73/0xa0
[ 186.897463] [<ffffffff810fbe37>] audit_log_exit+0x3d7/0xb90
[ 186.897467] [<ffffffff810fe5bf>] __audit_syscall_exit+0x27f/0x2e0
[ 186.897472] [<ffffffff81733224>] sysret_audit+0x17/0x21
[ 186.897474] Code: 89 f8 48 89 e5 f6 82 40 c7 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 40 c7 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
[ 186.897508] RIP [<ffffffff8136cbb0>] strlen+0x0/0x30
[ 186.897511] RSP <ffff880002a05df0>
[ 186.897513] CR2: 0000000000000690
[ 186.897516] ---[ end trace 2626030fc35ecb54 ]---