On 7/18/20 8:40 PM, bauen1 wrote:
Hi,
After upgrading from linux 5.6 to 5.7 on my debian machines with selinux I've started
seeing this null pointer dereference in the audit system. I've included shortened logs
for 5.6 without the error and from 5.7 with the error from my laptop. I've also seen
it happen in a VM and a server, but don't have the logs anymore. Grift was able to
reproduced (presumably) the same issue on fedora with 5.8-rc4.
Steps to reproduce:
Write an selinux policy with a domain for systemd-user-runtime-dir and audit all
permissions of the dir class. E.g. `(auditallow systemd_user_runtime_dir_t all_types (dir
(all)))`
Switch to permissive mode.
Create a new user and login, log out and wait a few seconds for systemd to stop
user-runtime-dir(a)<uid>.service
This should be a reproducer:
echo "(auditallow systemd_logind_t file_type (dir (all)))" > mytest.cil
&& sudo semodule -i mytest.cil
reboot
I believe this issue was made visible by 1320a4052ea11eb2879eb7361da15a106a780972.
Now a AUDIT_PATH event is also generated by default and systemd-user-runtime-dir is
making syscalls that audit_log_name can't handle.
I hope this is enough info to find the root cause.
- bauen1
Log without crash (5.6):
Jul 18 14:26:36 jh-mba kernel: Linux version 5.6.0-2-amd64
(debian-kernel(a)lists.debian.org) (gcc version 9.3.0 (Debian 9.3.0-13)) #1 SMP Debian
5.6.14-2 (2020-06-09)
Jul 18 14:27:53 jh-mba audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:init_t:s0 msg='unit=user@1001 comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 18 14:27:53 jh-mba systemd[1]: Stopping User Runtime Directory /run/user/1001...
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { read } for pid=3178
comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=41325
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/dconf"
dev="tmpfs" ino=41325 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/dconf"
dev="tmpfs" ino=41325 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for pid=3178
comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=41325
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for pid=3178
comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=41325
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for pid=3178
comm="systemd-user-ru" name="user" dev="tmpfs" ino=41326
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for pid=3178
comm="systemd-user-ru" name="user" dev="tmpfs" ino=41326
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=file permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for pid=3178
comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=41325
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { read } for pid=3178
comm="systemd-user-ru" name="gvfs" dev="tmpfs" ino=42315
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/gvfs"
dev="tmpfs" ino=42315 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/gvfs"
dev="tmpfs" ino=42315 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for pid=3178
comm="systemd-user-ru" name="gvfs" dev="tmpfs" ino=42315
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { read } for pid=3178
comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=39557
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/dbus-1"
dev="tmpfs" ino=39557 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/dbus-1"
dev="tmpfs" ino=39557 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for pid=3178
comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=39557
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for pid=3178
comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=39557
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for pid=3178
comm="systemd-user-ru" name="services" dev="tmpfs" ino=39558
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for pid=3178
comm="systemd-user-ru" name="services" dev="tmpfs" ino=39558
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/pulse"
dev="tmpfs" ino=41258 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/pulse"
dev="tmpfs" ino=41258 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for pid=3178
comm="systemd-user-ru" name="pulse" dev="tmpfs" ino=41258
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for pid=3178
comm="systemd-user-ru" name="pulse" dev="tmpfs" ino=41258
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for pid=3178
comm="systemd-user-ru" name="native" dev="tmpfs" ino=41259
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for pid=3178
comm="systemd-user-ru" name="native" dev="tmpfs" ino=41259
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=sock_file permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for pid=3178
comm="systemd-user-ru" name="pulse" dev="tmpfs" ino=41258
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for pid=3178
comm="systemd-user-ru" name="bus" dev="tmpfs" ino=41239
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=sock_file permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { read } for pid=3178
comm="systemd-user-ru" name="gnupg" dev="tmpfs" ino=42225
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/gnupg"
dev="tmpfs" ino=42225 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/gnupg"
dev="tmpfs" ino=42225 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for pid=3178
comm="systemd-user-ru" name="gnupg" dev="tmpfs" ino=42225
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for pid=3178
comm="systemd-user-ru" name="gnupg" dev="tmpfs" ino=42225
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for pid=3178
comm="systemd-user-ru" name="S.gpg-agent" dev="tmpfs"
ino=41252 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for pid=3178
comm="systemd-user-ru" name="S.gpg-agent" dev="tmpfs"
ino=41252 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=sock_file permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for pid=3178
comm="systemd-user-ru" name="gnupg" dev="tmpfs" ino=42225
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/systemd"
dev="tmpfs" ino=39472 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for pid=3178
comm="systemd-user-ru" path="/run/user/1001/systemd"
dev="tmpfs" ino=39472 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for pid=3178
comm="systemd-user-ru" name="systemd" dev="tmpfs" ino=39472
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for pid=3178
comm="systemd-user-ru" name="systemd" dev="tmpfs" ino=39472
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for pid=3178
comm="systemd-user-ru" name="private" dev="tmpfs" ino=41230
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for pid=3178
comm="systemd-user-ru" name="private" dev="tmpfs" ino=41230
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=sock_file permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for pid=3178
comm="systemd-user-ru" name="notify" dev="tmpfs" ino=41226
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:systemd_user_runtime_notify_t:s0 tclass=sock_file permissive=1
Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for pid=3178
comm="systemd-user-ru" name="units" dev="tmpfs" ino=39473
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1
Jul 18 14:27:53 jh-mba systemd[2501]: run-user-1001.mount: Succeeded.
Jul 18 14:27:53 jh-mba systemd[1]: run-user-1001.mount: Succeeded.
Jul 18 14:27:53 jh-mba systemd[2839]: run-user-1001.mount: Succeeded.
Jul 18 14:27:53 jh-mba systemd[1]: user-runtime-dir(a)1001.service: Succeeded.
Jul 18 14:27:53 jh-mba systemd[1]: Stopped User Runtime Directory /run/user/1001.
Log with crash (5.7):
Jul 18 14:30:09 jh-mba kernel: Linux version 5.7.0-1-amd64
(debian-kernel(a)lists.debian.org) (gcc version 9.3.0 (Debian 9.3.0-14), GNU ld (GNU
Binutils for Debian) 2.34) #1 SMP Debian 5.7.6-1 (2020-06-24)
Jul 18 14:35:10 jh-mba audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:init_t:s0 msg='unit=user@1001 comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 18 14:35:10 jh-mba systemd[1]: Stopping User Runtime Directory /run/user/1001...
Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { read } for pid=3163
comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=39541
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { open } for pid=3163
comm="systemd-user-ru" path="/run/user/1001/dconf"
dev="tmpfs" ino=39541 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:35:10 jh-mba audit[3163]: SYSCALL arch=c000003e syscall=257 success=yes exit=4
a0=3 a1=55edb4e41073 a2=f0800 a3=0 items=0 ppid=1 pid=3163 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="systemd-user-ru" exe="/usr/lib/systemd/systemd-user-runtime-dir"
subj=system_u:system_r:systemd_user_runtime_dir_t:s0 key=(null)
Jul 18 14:35:10 jh-mba audit: PROCTITLE
proctitle=2F6C69622F73797374656D642F73797374656D642D757365722D72756E74696D652D6469720073746F700031303031
Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { getattr } for pid=3163
comm="systemd-user-ru" path="/run/user/1001/dconf"
dev="tmpfs" ino=39541 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:35:10 jh-mba audit[3163]: SYSCALL arch=c000003e syscall=5 success=yes exit=0
a0=4 a1=7fff95e523b0 a2=7fff95e523b0 a3=7fff95e52414 items=0 ppid=1 pid=3163
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="systemd-user-ru"
exe="/usr/lib/systemd/systemd-user-runtime-dir"
subj=system_u:system_r:systemd_user_runtime_dir_t:s0 key=(null)
Jul 18 14:35:10 jh-mba audit: PROCTITLE
proctitle=2F6C69622F73797374656D642F73797374656D642D757365722D72756E74696D652D6469720073746F700031303031
Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { search } for pid=3163
comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=39541
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { write } for pid=3163
comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=39541
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { remove_name } for pid=3163
comm="systemd-user-ru" name="user" dev="tmpfs" ino=39542
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1
Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { unlink } for pid=3163
comm="systemd-user-ru" name="user" dev="tmpfs" ino=39542
scontext=system_u:system_r:systemd_user_runtime_dir_t:s0
tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=file permissive=1
Jul 18 14:35:10 jh-mba audit[3163]: SYSCALL arch=c000003e syscall=263 success=yes exit=0
a0=4 a1=55edb4e490b3 a2=0 a3=4 items=2 ppid=1 pid=3163 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="systemd-user-ru" exe="/usr/lib/systemd/systemd-user-runtime-dir"
subj=system_u:system_r:systemd_user_runtime_dir_t:s0 key=(null)
Jul 18 14:35:10 jh-mba kernel: BUG: kernel NULL pointer dereference, address:
0000000000000060
Jul 18 14:35:10 jh-mba kernel: #PF: supervisor read access in kernel mode
Jul 18 14:35:10 jh-mba kernel: #PF: error_code(0x0000) - not-present page
Jul 18 14:35:11 jh-mba kernel: PGD 0 P4D 0
Jul 18 14:35:11 jh-mba kernel: Oops: 0000 [#1] SMP PTI
Jul 18 14:35:11 jh-mba kernel: CPU: 1 PID: 3163 Comm: systemd-user-ru Tainted: P
OE 5.7.0-1-amd64 #1 Debian 5.7.6-1
Jul 18 14:35:11 jh-mba kernel: Hardware name: Apple Inc.
MacBookAir6,2/Mac-7DF21CB3ED6977E5, BIOS 110.0.0.0.0 09/17/2018
Jul 18 14:35:11 jh-mba kernel: RIP: 0010:d_path+0x35/0x140
Jul 18 14:35:11 jh-mba kernel: Code: 49 89 fc 48 83 ec 28 48 8b 7f 08 89 54 24 04 65 48
8b 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 01 f0 48 89 44 24 08 <48> 8b
47 60 48 85 c0 74 22 48 8b 40 48 48 85 c0 74 19 48 3b 7f 18
Jul 18 14:35:11 jh-mba kernel: RSP: 0018:ffffb71e411cfe18 EFLAGS: 00010282
Jul 18 14:35:11 jh-mba kernel: RAX: ffff9a525f18700b RBX: ffff9a524fc52060 RCX:
00000000000004dd
Jul 18 14:35:11 jh-mba kernel: RDX: 000000000000100b RSI: ffff9a525f186000 RDI:
0000000000000000
Jul 18 14:35:11 jh-mba kernel: RBP: ffffb71e411cfe48 R08: ffff9a52672b0060 R09:
0000000000000006
Jul 18 14:35:11 jh-mba kernel: R10: ffff9a522c99e6c0 R11: ffff9a532c99e030 R12:
ffff9a524fc522b0
Jul 18 14:35:11 jh-mba kernel: R13: ffff9a52658d3708 R14: ffff9a524fc52000 R15:
0000000000000000
Jul 18 14:35:11 jh-mba kernel: FS: 00007ff68934e980(0000) GS:ffff9a5267280000(0000)
knlGS:0000000000000000
Jul 18 14:35:11 jh-mba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 18 14:35:11 jh-mba kernel: CR2: 0000000000000060 CR3: 0000000226ce6002 CR4:
00000000001606e0
Jul 18 14:35:11 jh-mba kernel: Call Trace:
Jul 18 14:35:11 jh-mba kernel: audit_log_d_path+0x75/0xd0
Jul 18 14:35:11 jh-mba kernel: audit_log_exit+0x63d/0xcf0
Jul 18 14:35:11 jh-mba kernel: ? audit_filter_inodes+0x2e/0x100
Jul 18 14:35:11 jh-mba kernel: __audit_syscall_exit+0x23b/0x2a0
Jul 18 14:35:11 jh-mba kernel: syscall_slow_exit_work+0x117/0x140
Jul 18 14:35:11 jh-mba kernel: do_syscall_64+0x10e/0x180
Jul 18 14:35:11 jh-mba kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9
Jul 18 14:35:11 jh-mba kernel: RIP: 0033:0x7ff689f8eb67
Jul 18 14:35:11 jh-mba kernel: Code: 73 01 c3 48 8b 0d 29 d3 0c 00 f7 d8 64 89 01 48 83
c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 8b 0d f9 d2 0c 00 f7 d8 64 89 01 48
Jul 18 14:35:11 jh-mba kernel: RSP: 002b:00007fff95e52468 EFLAGS: 00000246 ORIG_RAX:
0000000000000107
Jul 18 14:35:11 jh-mba kernel: RAX: 0000000000000000 RBX: 00007ff68934e830 RCX:
00007ff689f8eb67
Jul 18 14:35:11 jh-mba kernel: RDX: 0000000000000000 RSI: 000055edb4e490b3 RDI:
0000000000000004
Jul 18 14:35:11 jh-mba kernel: RBP: 0000000000000004 R08: 000055edb4e490a0 R09:
00007ff68a05cbe0
Jul 18 14:35:11 jh-mba kernel: R10: 0000000000000004 R11: 0000000000000246 R12:
000055edb4e49040
Jul 18 14:35:11 jh-mba kernel: R13: 0000000000000000 R14: 000055edb4e490a0 R15:
000055edb4e490b3
Jul 18 14:35:11 jh-mba kernel: Modules linked in: rfcomm bnep xt_CHECKSUM
cpufreq_powersave xt_MASQUERADE cpufreq_conservative cpufreq_userspace xt_tcpudp
nft_compat bridge stp llc overlay fuse nft_chain_nat nf_nat nf_log_ipv6 nf_log_ipv4
nf_log_common nft_log veth intel_rapl_msr btusb btrtl btbcm joydev binfmt_misc btintel
nls_ascii nls_cp437 vfat fat bluetooth nft_counter drbg intel_rapl_common asix ansi_cprng
ecdh_generic usbnet ecc mii vrf libphy x86_pkg_temp_thermal intel_powerclamp applesmc
snd_hda_codec_hdmi snd_hda_codec_cirrus snd_hda_codec_generic coretemp ledtrig_audio evdev
wireguard kvm_intel curve25519_x86_64 libcurve25519_generic libchacha20poly1305
snd_hda_intel kvm bcm5974 wl(POE) snd_intel_dspcfg chacha_x86_64 poly1305_x86_64
ip6_udp_tunnel efi_pstore udp_tunnel irqbypass snd_hda_codec libblake2s cfg80211
intel_cstate snd_hda_core blake2s_x86_64 libblake2s_generic libchacha snd_hwdep
intel_uncore iTCO_wdt i915 iTCO_vendor_support intel_rapl_perf snd_pcm nft_ct sg efivars
pcspkr nf_conntrack
Jul 18 14:35:11 jh-mba kernel: watchdog rfkill snd_timer nf_defrag_ipv6 nf_defrag_ipv4
drm_kms_helper mei_me snd mei cec soundcore i2c_algo_bit sbs sbshc acpi_als kfifo_buf
industrialio apple_bl ac button bonding nf_tables parport_pc(E) nfnetlink ppdev(E) lp(E)
drm parport(E) sunrpc efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 btrfs
blake2b_generic zstd_decompress zstd_compress hid_apple hid_generic usbhid hid dm_crypt
dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod uas usb_storage
sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common crc32_pclmul
crc32c_intel ghash_clmulni_intel ahci libahci xhci_pci aesni_intel xhci_hcd libaes
crypto_simd libata cryptd glue_helper usbcore scsi_mod i2c_i801 thunderbolt lpc_ich
mfd_core usb_common spi_pxa2xx_platform dw_dmac video dw_dmac_core
Jul 18 14:35:11 jh-mba kernel: CR2: 0000000000000060
Jul 18 14:35:11 jh-mba kernel: ---[ end trace 01b46d19ab2d30bf ]---
Jul 18 14:35:11 jh-mba kernel: RIP: 0010:d_path+0x35/0x140
Jul 18 14:35:11 jh-mba kernel: Code: 49 89 fc 48 83 ec 28 48 8b 7f 08 89 54 24 04 65 48
8b 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 01 f0 48 89 44 24 08 <48> 8b
47 60 48 85 c0 74 22 48 8b 40 48 48 85 c0 74 19 48 3b 7f 18
Jul 18 14:35:11 jh-mba kernel: RSP: 0018:ffffb71e411cfe18 EFLAGS: 00010282
Jul 18 14:35:11 jh-mba kernel: RAX: ffff9a525f18700b RBX: ffff9a524fc52060 RCX:
00000000000004dd
Jul 18 14:35:11 jh-mba kernel: RDX: 000000000000100b RSI: ffff9a525f186000 RDI:
0000000000000000
Jul 18 14:35:11 jh-mba kernel: RBP: ffffb71e411cfe48 R08: ffff9a52672b0060 R09:
0000000000000006
Jul 18 14:35:11 jh-mba kernel: R10: ffff9a522c99e6c0 R11: ffff9a532c99e030 R12:
ffff9a524fc522b0
Jul 18 14:35:11 jh-mba kernel: R13: ffff9a52658d3708 R14: ffff9a524fc52000 R15:
0000000000000000
Jul 18 14:35:11 jh-mba kernel: FS: 00007ff68934e980(0000) GS:ffff9a5267280000(0000)
knlGS:0000000000000000
Jul 18 14:35:11 jh-mba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 18 14:35:11 jh-mba kernel: CR2: 0000000000000060 CR3: 0000000226ce6002 CR4:
00000000001606e0
Jul 18 14:35:11 jh-mba kernel: BUG: kernel NULL pointer dereference, address:
0000000000000060
Jul 18 14:35:11 jh-mba kernel: #PF: supervisor read access in kernel mode
Jul 18 14:35:12 jh-mba kernel: #PF: error_code(0x0000) - not-present page
Jul 18 14:35:13 jh-mba kernel: PGD 0 P4D 0
Jul 18 14:35:13 jh-mba kernel: Oops: 0000 [#2] SMP PTI
Jul 18 14:35:13 jh-mba kernel: CPU: 1 PID: 3163 Comm: systemd-user-ru Tainted: P D
OE 5.7.0-1-amd64 #1 Debian 5.7.6-1
Jul 18 14:35:13 jh-mba kernel: Hardware name: Apple Inc.
MacBookAir6,2/Mac-7DF21CB3ED6977E5, BIOS 110.0.0.0.0 09/17/2018
Jul 18 14:35:13 jh-mba kernel: RIP: 0010:d_path+0x35/0x140
Jul 18 14:35:13 jh-mba kernel: Code: 49 89 fc 48 83 ec 28 48 8b 7f 08 89 54 24 04 65 48
8b 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 01 f0 48 89 44 24 08 <48> 8b
47 60 48 85 c0 74 22 48 8b 40 48 48 85 c0 74 19 48 3b 7f 18
Jul 18 14:35:13 jh-mba kernel: RSP: 0018:ffffb71e411cfde0 EFLAGS: 00010282
Jul 18 14:35:13 jh-mba kernel: RAX: ffff9a525f18500b RBX: ffff9a524fc52060 RCX:
00000000000004e0
Jul 18 14:35:13 jh-mba kernel: RDX: 000000000000100b RSI: ffff9a525f184000 RDI:
0000000000000000
Jul 18 14:35:13 jh-mba kernel: RBP: ffffb71e411cfe10 R08: ffff9a52672b0060 R09:
0000000000000006
Jul 18 14:35:13 jh-mba kernel: R10: ffff9a522c99cec0 R11: ffff9a532c99c830 R12:
ffff9a524fc522b0
Jul 18 14:35:13 jh-mba kernel: R13: ffff9a52658d35e8 R14: ffff9a524fc52000 R15:
0000000000000000
Jul 18 14:35:13 jh-mba kernel: FS: 00007ff68934e980(0000) GS:ffff9a5267280000(0000)
knlGS:0000000000000000
Jul 18 14:35:13 jh-mba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 18 14:35:13 jh-mba kernel: CR2: 0000000000000060 CR3: 0000000226ce6002 CR4:
00000000001606e0
Jul 18 14:35:13 jh-mba kernel: Call Trace:
Jul 18 14:35:13 jh-mba kernel: audit_log_d_path+0x75/0xd0
Jul 18 14:35:13 jh-mba kernel: audit_log_exit+0x63d/0xcf0
Jul 18 14:35:13 jh-mba kernel: ? audit_log_d_path+0x75/0xd0
Jul 18 14:35:13 jh-mba kernel: ? audit_filter_inodes+0x2e/0x100
Jul 18 14:35:13 jh-mba kernel: __audit_free+0x233/0x260
Jul 18 14:35:13 jh-mba kernel: do_exit+0x8d3/0xb50
Jul 18 14:35:13 jh-mba kernel: ? syscall_slow_exit_work+0x117/0x140
Jul 18 14:35:13 jh-mba kernel: rewind_stack_do_exit+0x17/0x20
Jul 18 14:35:13 jh-mba kernel: RIP: 0033:0x7ff689f8eb67
Jul 18 14:35:13 jh-mba kernel: Code: 73 01 c3 48 8b 0d 29 d3 0c 00 f7 d8 64 89 01 48 83
c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 8b 0d f9 d2 0c 00 f7 d8 64 89 01 48
Jul 18 14:35:13 jh-mba kernel: RSP: 002b:00007fff95e52468 EFLAGS: 00000246 ORIG_RAX:
0000000000000107
Jul 18 14:35:13 jh-mba kernel: RAX: 0000000000000000 RBX: 00007ff68934e830 RCX:
00007ff689f8eb67
Jul 18 14:35:13 jh-mba kernel: RDX: 0000000000000000 RSI: 000055edb4e490b3 RDI:
0000000000000004
Jul 18 14:35:13 jh-mba kernel: RBP: 0000000000000004 R08: 000055edb4e490a0 R09:
00007ff68a05cbe0
Jul 18 14:35:13 jh-mba kernel: R10: 0000000000000004 R11: 0000000000000246 R12:
000055edb4e49040
Jul 18 14:35:13 jh-mba kernel: R13: 0000000000000000 R14: 000055edb4e490a0 R15:
000055edb4e490b3
Jul 18 14:35:13 jh-mba kernel: Modules linked in: rfcomm bnep xt_CHECKSUM
cpufreq_powersave xt_MASQUERADE cpufreq_conservative cpufreq_userspace xt_tcpudp
nft_compat bridge stp llc overlay fuse nft_chain_nat nf_nat nf_log_ipv6 nf_log_ipv4
nf_log_common nft_log veth intel_rapl_msr btusb btrtl btbcm joydev binfmt_misc btintel
nls_ascii nls_cp437 vfat fat bluetooth nft_counter drbg intel_rapl_common asix ansi_cprng
ecdh_generic usbnet ecc mii vrf libphy x86_pkg_temp_thermal intel_powerclamp applesmc
snd_hda_codec_hdmi snd_hda_codec_cirrus snd_hda_codec_generic coretemp ledtrig_audio evdev
wireguard kvm_intel curve25519_x86_64 libcurve25519_generic libchacha20poly1305
snd_hda_intel kvm bcm5974 wl(POE) snd_intel_dspcfg chacha_x86_64 poly1305_x86_64
ip6_udp_tunnel efi_pstore udp_tunnel irqbypass snd_hda_codec libblake2s cfg80211
intel_cstate snd_hda_core blake2s_x86_64 libblake2s_generic libchacha snd_hwdep
intel_uncore iTCO_wdt i915 iTCO_vendor_support intel_rapl_perf snd_pcm nft_ct sg efivars
pcspkr nf_conntrack
Jul 18 14:35:13 jh-mba kernel: watchdog rfkill snd_timer nf_defrag_ipv6 nf_defrag_ipv4
drm_kms_helper mei_me snd mei cec soundcore i2c_algo_bit sbs sbshc acpi_als kfifo_buf
industrialio apple_bl ac button bonding nf_tables parport_pc(E) nfnetlink ppdev(E) lp(E)
drm parport(E) sunrpc efivarfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 btrfs
blake2b_generic zstd_decompress zstd_compress hid_apple hid_generic usbhid hid dm_crypt
dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod uas usb_storage
sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common crc32_pclmul
crc32c_intel ghash_clmulni_intel ahci libahci xhci_pci aesni_intel xhci_hcd libaes
crypto_simd libata cryptd glue_helper usbcore scsi_mod i2c_i801 thunderbolt lpc_ich
mfd_core usb_common spi_pxa2xx_platform dw_dmac video dw_dmac_core
Jul 18 14:35:13 jh-mba kernel: CR2: 0000000000000060
Jul 18 14:35:13 jh-mba kernel: ---[ end trace 01b46d19ab2d30c0 ]---
Jul 18 14:35:13 jh-mba kernel: RIP: 0010:d_path+0x35/0x140
Jul 18 14:35:13 jh-mba kernel: Code: 49 89 fc 48 83 ec 28 48 8b 7f 08 89 54 24 04 65 48
8b 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 01 f0 48 89 44 24 08 <48> 8b
47 60 48 85 c0 74 22 48 8b 40 48 48 85 c0 74 19 48 3b 7f 18
Jul 18 14:35:13 jh-mba kernel: RSP: 0018:ffffb71e411cfe18 EFLAGS: 00010282
Jul 18 14:35:13 jh-mba kernel: RAX: ffff9a525f18700b RBX: ffff9a524fc52060 RCX:
00000000000004dd
Jul 18 14:35:13 jh-mba kernel: RDX: 000000000000100b RSI: ffff9a525f186000 RDI:
0000000000000000
Jul 18 14:35:13 jh-mba kernel: RBP: ffffb71e411cfe48 R08: ffff9a52672b0060 R09:
0000000000000006
Jul 18 14:35:13 jh-mba kernel: R10: ffff9a522c99e6c0 R11: ffff9a532c99e030 R12:
ffff9a524fc522b0
Jul 18 14:35:13 jh-mba kernel: R13: ffff9a52658d3708 R14: ffff9a524fc52000 R15:
0000000000000000
Jul 18 14:35:13 jh-mba kernel: FS: 00007ff68934e980(0000) GS:ffff9a5267280000(0000)
knlGS:0000000000000000
Jul 18 14:35:13 jh-mba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jul 18 14:35:13 jh-mba kernel: CR2: 0000000000000060 CR3: 0000000226ce6002 CR4:
00000000001606e0
Jul 18 14:35:13 jh-mba kernel: Fixing recursive fault but reboot is needed!
Jul 18 14:35:10 jh-mba audit[3163]: SYSCALL arch=c000003e syscall=263 a0=4
a1=55edb4e490b3 a2=0 a3=4 items=2 ppid=1 pid=3163 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="systemd-user-ru" exe="/usr/lib/systemd/systemd-user-runtime-dir"
subj=system_u:system_r:systemd_user_runtime_dir_t:s0 key=(null)
Jul 18 14:35:14 jh-mba systemd[1]: systemd-hostnamed.service: Succeeded.
Jul 18 14:35:14 jh-mba audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Line information from the debian linux-image-5.7.0-1-amd64 (version 5.7.6-1) package,
duplicates ommitted:
Reading symbols from /usr/lib/debug/boot/vmlinux-5.7.0-1-amd64...
(gdb) l *d_path+0x35
0xffffffff812dcee5 is in d_path (fs/d_path.c:275).
270 *
271 * Some pseudo inodes are mountable. When they are mounted
272 * path->dentry == path->mnt->mnt_root. In that case don't
call d_dname
273 * and instead have d_path return the mounted path.
274 */
275 if (path->dentry->d_op &&
path->dentry->d_op->d_dname &&
276 (!IS_ROOT(path->dentry) || path->dentry !=
path->mnt->mnt_root))
277 return path->dentry->d_op->d_dname(path->dentry, buf,
buflen);
278
279 rcu_read_lock();
(gdb) l *audit_log_d_path+0x75
0xffffffff8114f175 is in audit_log_d_path (kernel/audit.c:2046).
2041 pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
2042 if (!pathname) {
2043 audit_log_string(ab, "<no_memory>");
2044 return;
2045 }
2046 p = d_path(path, pathname, PATH_MAX+11);
2047 if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
2048 /* FIXME: can we save some information here? */
2049 audit_log_string(ab, "<too_long>");
2050 } else
(gdb) l *audit_log_exit+0x63d
0xffffffff8115445d is in audit_log_exit (kernel/auditsc.c:1342).
1337 case 0:
1338 /* name was specified as a relative path and the
1339 * directory component is the cwd
1340 */
1341 audit_log_d_path(ab, " name=",
&context->pwd);
1342 break;
1343 default:
1344 /* log the name's directory component */
1345 audit_log_format(ab, " name=");
1346 audit_log_n_untrustedstring(ab, n->name->name,
(gdb) l *audit_filter_inodes+0x2e
0xffffffff81155e2e is in audit_filter_inodes (kernel/auditsc.c:835).
830 */
831 void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx)
832 {
833 struct audit_names *n;
834
835 if (auditd_test_task(tsk))
836 return;
837
838 rcu_read_lock();
839
(gdb) l *__audit_syscall_exit+0x23b
0xffffffff8115661b is in __audit_syscall_exit (kernel/auditsc.c:1710).
1705
1706 audit_filter_syscall(current, context,
1707 &audit_filter_list[AUDIT_FILTER_EXIT]);
1708 audit_filter_inodes(current, context);
1709 if (context->current_state == AUDIT_RECORD_CONTEXT)
1710 audit_log_exit();
1711 }
1712
1713 context->in_syscall = 0;
1714 context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL :
0;
(gdb) l *syscall_slow_exit_work+0x117
0xffffffff81005197 is in syscall_slow_exit_work (include/linux/audit.h:316).
311 {
312 if (unlikely(audit_context())) {
313 int success = is_syscall_success(pt_regs);
314 long return_code = regs_return_value(pt_regs);
315
316 __audit_syscall_exit(success, return_code);
317 }
318 }
319 static inline struct filename *audit_reusename(const __user char *name)
320 {
(gdb) l *do_syscall_64+0x10e
0xffffffff8100543e is in do_syscall_64 (arch/x86/entry/common.c:276).
warning: Source file is more recent than executable.
271 /*
272 * First do one-time work. If these work items are enabled, we
273 * want to run them exactly once per syscall exit with IRQs on.
274 */
275 if (unlikely(cached_flags & SYSCALL_EXIT_WORK_FLAGS))
276 syscall_slow_exit_work(regs, cached_flags);
277
278 local_irq_disable();
279 prepare_exit_to_usermode(regs);
280 }
(gdb) l *entry_SYSCALL_64_after_hwframe+0x44
0xffffffff8180008c is at /build/linux-iTqI2R/linux-5.7.6/arch/x86/entry/entry_64.S:184.
179 /build/linux-iTqI2R/linux-5.7.6/arch/x86/entry/entry_64.S: No such file or
directory.
(gdb) l *__audit_free+0x233
0xffffffff81156283 is in __audit_free (kernel/auditsc.c:1602).
1597
1598 audit_filter_syscall(tsk, context,
1599 &audit_filter_list[AUDIT_FILTER_EXIT]);
1600 audit_filter_inodes(tsk, context);
1601 if (context->current_state == AUDIT_RECORD_CONTEXT)
1602 audit_log_exit();
1603 }
1604
1605 audit_set_context(tsk, NULL);
1606 audit_free_context(context);
(gdb) l *do_exit+0x8d3
0xffffffff81088ce3 is in do_exit (include/linux/audit.h:301).
296 return !p || *(int *)p;
297 }
298 static inline void audit_free(struct task_struct *task)
299 {
300 if (unlikely(task->audit_context))
301 __audit_free(task);
302 }
303 static inline void audit_syscall_entry(int major, unsigned long a0,
304 unsigned long a1, unsigned long a2,
305 unsigned long a3)
(gdb) l *syscall_slow_exit_work+0x117
0xffffffff81005197 is in syscall_slow_exit_work (include/linux/audit.h:316).
311 {
312 if (unlikely(audit_context())) {
313 int success = is_syscall_success(pt_regs);
314 long return_code = regs_return_value(pt_regs);
315
316 __audit_syscall_exit(success, return_code);
317 }
318 }
319 static inline struct filename *audit_reusename(const __user char *name)
320 {
(gdb) l *rewind_stack_do_exit+0x17
(gdb)