9:59 a.m.
* Sat Jul 16 2005 David Woodhouse <dwmw2(a)redhat.com> audit.79
- Defer serial number generation until it's needed to avoid contention
--
dwmw2
6:34 a.m.
On Sat, 2005-07-16 at 15:59 +0100, David Woodhouse wrote:
* Sat Jul 16 2005 David Woodhouse <dwmw2(a)redhat.com> audit.79
- Defer serial number generation until it's needed to avoid contention
triggered an oops last night on audit.79 i686 smp with several scripts
running at the same time. one was toggling audit enable while others
were creating, deleting, and testing watches at the same time.
Jul 18 23:22:02 localhost kernel: ------------[ cut here ]------------
Jul 18 23:22:02 localhost kernel: kernel BUG at kernel/auditfs.c:219!
Jul 18 23:22:02 localhost kernel: invalid operand: 0000 [#1]
Jul 18 23:22:02 localhost kernel: SMP
Jul 18 23:22:02 localhost kernel: Modules linked in: i2c_dev i2c_core ipt_REJECT ipt_state
ip_conntrack iptable_filter ip_tables dm_mod button battery ac joydev uhci_hcd ehci_hcd
hw_random snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer
snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore sk98lin floppy
ext3 jbd i2o_block i2o_core sd_mod scsi_mod
Jul 18 23:22:02 localhost kernel: CPU: 1
Jul 18 23:22:02 localhost kernel: EIP: 0060:[<c013cef5>] Not tainted VLI
Jul 18 23:22:02 localhost kernel: EFLAGS: 00010206 (2.6.9-11.EL.audit.79smp)
Jul 18 23:22:02 localhost kernel: EIP is at audit_watch_put+0x4b/0x62
Jul 18 23:22:02 localhost kernel: eax: 00000004 ebx: f6dda244 ecx: 6bfff080 edx:
f2c54438
Jul 18 23:22:02 localhost kernel: esi: f490f2dc edi: e1149bcc ebp: f3277564 esp:
e51bcf34
Jul 18 23:22:02 localhost kernel: ds: 007b es: 007b ss: 0068
Jul 18 23:22:02 localhost kernel: Process rm (pid: 5327, threadinfo=e51bc000
task=f4cdb0b0)
Jul 18 23:22:02 localhost kernel: Stack: 00000000 c013db9c f3277564 f490f2dc f529a000
f3277564 c016e560 f3277564
Jul 18 23:22:02 localhost kernel: c016f59e 00000000 c0166b48 f7dcae64 f7f4f9c0
af26065d 00000012 f529a005
Jul 18 23:22:02 localhost kernel: 00000010 00000000 00000000 f7b5643c 0000000a
40000003 f4cdb0b0 f4cdb0b0
Jul 18 23:22:02 localhost kernel: Call Trace:
Jul 18 23:22:02 localhost kernel: [<c013db9c>] audit_inode_free+0x13e/0x15c
Jul 18 23:22:02 localhost kernel: [<c016e560>] destroy_inode+0x1b/0x4c
Jul 18 23:22:02 localhost kernel: [<c016f59e>] iput+0x5f/0x61
Jul 18 23:22:02 localhost kernel: [<c0166b48>] sys_unlink+0xd7/0x132
Jul 18 23:22:02 localhost kernel: [<c0109fee>] do_syscall_trace+0xc0/0xca
Jul 18 23:22:02 localhost kernel: [<c02ca823>] syscall_call+0x7/0xb
Jul 18 23:22:02 localhost kernel: Code: 00 8b 43 2c e8 2d 95 00 00 83 7b 08 00 74 08 0f 0b
d9 00 ff d9 2d c0 83 7b 10 00 74 08 0f 0b da 00 ff d9 2d c0 83 7b 18 00 74 08 <0f>
0b db 00 ff d9 2d c0 89 da 5b a1 ec a1 42 c0 e9 42 94 00 00
Jul 18 23:22:02 localhost kernel: <0>Fatal exception: panic in 5 seconds
rob.
4:28 p.m.
On Tuesday 19 July 2005 06:34, Rob Myers wrote:
On Sat, 2005-07-16 at 15:59 +0100, David Woodhouse wrote:
> * Sat Jul 16 2005 David Woodhouse <dwmw2(a)redhat.com> audit.79
> - Defer serial number generation until it's needed to avoid contention
>
triggered an oops last night on audit.79 i686 smp with several scripts
running at the same time. one was toggling audit enable while others
were creating, deleting, and testing watches at the same time.
I think I fixed this. Hopefully David will be able to release a audit.80 with
it for more people to test. I'll go ahead and set up an SMP x86_64 with
this patched kernel and run all night (or attemp to at least).
The problem that I can see is as follows:
hlist_for_each_entry_safe(watch, pos, tmp, &data->watches, w_watched) {
hlist_del(RIGHT HERE)(&watch->w_watched);
audit_watch_put(watch);
}
That really _should_ be a hlist_del_init(). At least, that's what I'm hoping the
problem is. If you think about it, hlist_del() will poison the list, but when we
put back out reference and hit audit_watch_free(), we are hitting line 219,
which is the BUG_ON(!hlist_unhashed(&watch->w_watched) which means
that we are not unhashed... hlist_unhashed checks for a NULL pointer...
thus to set that pointer correctly to NULL rather then the poison value we
use hlist_del_init()... Sound reasonable?
-tim
Jul 18 23:22:02 localhost kernel: ------------[ cut here ]------------
Jul 18 23:22:02 localhost kernel: kernel BUG at kernel/auditfs.c:219!
Jul 18 23:22:02 localhost kernel: invalid operand: 0000 [#1]
Jul 18 23:22:02 localhost kernel: SMP
Jul 18 23:22:02 localhost kernel: Modules linked in: i2c_dev i2c_core ipt_REJECT
ipt_state ip_conntrack iptable_filter ip_tables dm_mod button battery ac joydev uhci_hcd
ehci_hcd hw_random snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer
snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore sk98lin floppy
ext3 jbd i2o_block i2o_core sd_mod scsi_mod
Jul 18 23:22:02 localhost kernel: CPU: 1
Jul 18 23:22:02 localhost kernel: EIP: 0060:[<c013cef5>] Not tainted VLI
Jul 18 23:22:02 localhost kernel: EFLAGS: 00010206 (2.6.9-11.EL.audit.79smp)
Jul 18 23:22:02 localhost kernel: EIP is at audit_watch_put+0x4b/0x62
Jul 18 23:22:02 localhost kernel: eax: 00000004 ebx: f6dda244 ecx: 6bfff080 edx:
f2c54438
Jul 18 23:22:02 localhost kernel: esi: f490f2dc edi: e1149bcc ebp: f3277564 esp:
e51bcf34
Jul 18 23:22:02 localhost kernel: ds: 007b es: 007b ss: 0068
Jul 18 23:22:02 localhost kernel: Process rm (pid: 5327, threadinfo=e51bc000
task=f4cdb0b0)
Jul 18 23:22:02 localhost kernel: Stack: 00000000 c013db9c f3277564 f490f2dc f529a000
f3277564 c016e560 f3277564
Jul 18 23:22:02 localhost kernel: c016f59e 00000000 c0166b48 f7dcae64 f7f4f9c0
af26065d 00000012 f529a005
Jul 18 23:22:02 localhost kernel: 00000010 00000000 00000000 f7b5643c 0000000a
40000003 f4cdb0b0 f4cdb0b0
Jul 18 23:22:02 localhost kernel: Call Trace:
Jul 18 23:22:02 localhost kernel: [<c013db9c>] audit_inode_free+0x13e/0x15c
Jul 18 23:22:02 localhost kernel: [<c016e560>] destroy_inode+0x1b/0x4c
Jul 18 23:22:02 localhost kernel: [<c016f59e>] iput+0x5f/0x61
Jul 18 23:22:02 localhost kernel: [<c0166b48>] sys_unlink+0xd7/0x132
Jul 18 23:22:02 localhost kernel: [<c0109fee>] do_syscall_trace+0xc0/0xca
Jul 18 23:22:02 localhost kernel: [<c02ca823>] syscall_call+0x7/0xb
Jul 18 23:22:02 localhost kernel: Code: 00 8b 43 2c e8 2d 95 00 00 83 7b 08 00 74 08 0f
0b d9 00 ff d9 2d c0 83 7b 10 00 74 08 0f 0b da 00 ff d9 2d c0 83 7b 18 00 74 08
<0f> 0b db 00 ff d9 2d c0 89 da 5b a1 ec a1 42 c0 e9 42 94 00 00
Jul 18 23:22:02 localhost kernel: <0>Fatal exception: panic in 5 seconds
rob.
--
Linux-audit mailing list
Linux-audit(a)redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit
7095
days inactive
7098
days old
linux-audit@lists.linux-audit.osci.io
3 comments
3 participants
participants (3)
-
David Woodhouse -
Rob Myers -
Timothy R. Chavez