Bug 458744

Summary: oops in audit_filter_inodes
Product: [Fedora] Fedora Reporter: Geoff Reedy <geoff+fedora>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-14 14:20:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Geoff Reedy 2008-08-12 02:20:19 UTC 
Description of problem:
BUG: unable to handle kernel NULL pointer dereference at 00000000
IP: [<c0456b59>] audit_filter_inodes+0xb9/0xe2
*pde = 317b6067 *pte = 00000000 
Oops: 0000 [#1] SMP 
Modules linked in: ipt_MASQUERADE iptable_nat nf_nat bridge appletalk autofs4 fuse sunrpc ipt_REJECT nf_conntrack_ipv4 iptable_filter ip_tables nf_conntrack_netbios_ns ip6t_REJECT xt_tcpudp ip6t_ipv6header nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables x_tables kqemu loop dm_multipath radeon drm ipv6 ppdev parport_pc snd_usb_audio parport snd_usb_lib snd_hwdep floppy pcspkr serio_raw i2c_viapro via_rhine mii via_ircc irda crc_ccitt cx88_alsa snd_via82xx gameport snd_ac97_codec ac97_bus snd_mpu401_uart snd_rawmidi snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq tuner snd_seq_device tea5767 tda8290 tda18271 snd_pcm_oss tda827x tuner_xc2028 snd_mixer_oss xc5000 tda9887 tuner_simple snd_pcm mt20xx tea5761 snd_timer snd soundcore cx8800 snd_page_alloc cx88xx button videodev ir_common v4l1_compat compat_ioctl32 i2c_algo_bit v4l2_common tveeprom i2c_core videobuf_dma_sg videobuf_core firewire_ohci usblp firewire_core crc_itu_t btcx_risc sr_mod cdrom sg pata_via dm_snapshot dm_zero dm_mirror dm_mod sata_promise libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]

Pid: 3689, comm: netspeed_applet Not tainted (2.6.25.11-97.fc9.i686 #1)
EIP: 0060:[<c0456b59>] EFLAGS: 00210202 CPU: 0
EIP is at audit_filter_inodes+0xb9/0xe2
EAX: 00000000 EBX: 00000020 ECX: 00000008 EDX: c083298c
ESI: f15d0c00 EDI: 00000000 EBP: f179df80 ESP: f179df50
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process netspeed_applet (pid: 3689, ti=f179d000 task=f17a0000 task.ti=f179d000)
Stack: 00000000 00000008 f179df70 f17a0000 f15d0c3c c083298c f15d0c00 df5b7e60 
       00000000 f179dfb8 f15d0c00 bfada418 f179dfa4 c04575e6 da96fd70 f17a0000 
       00000000 bfad93c8 f179dfb8 bfad93c8 bfada418 f179dfb0 c040b1cf bfad93c8 
Call Trace:
 [<c04575e6>] ? audit_syscall_exit+0x77/0x2cc
 [<c040b1cf>] ? syscall_trace_leave+0x27/0x7a
 [<c0405d2f>] ? syscall_exit_work+0x1f/0x24
 =======================
Code: 1f 8d 45 ec 83 c2 10 50 8b 45 dc 89 f1 ff 75 e0 e8 cd f7 ff ff 59 5a 85 c0 74 05 8b 45 ec eb 2c 8b 45 f0 8b 00 89 45 f0 8b 45 f0 <8b> 00 0f 18 00 90 8b 55 f0 3b 55 e4 75 bc 83 45 e8 28 47 3b 7e 
EIP: [<c0456b59>] audit_filter_inodes+0xb9/0xe2 SS:ESP 0068:f179df50
---[ end trace 18786e82220d4593 ]---
BUG: unable to handle kernel NULL pointer dereference at 00000000
IP: [<c0456b59>] audit_filter_inodes+0xb9/0xe2
*pde = 317b6067 *pte = 00000000 
Oops: 0000 [#2] SMP 
Modules linked in: ipt_MASQUERADE iptable_nat nf_nat bridge appletalk autofs4 fuse sunrpc ipt_REJECT nf_conntrack_ipv4 iptable_filter ip_tables nf_conntrack_netbios_ns ip6t_REJECT xt_tcpudp ip6t_ipv6header nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables x_tables kqemu loop dm_multipath radeon drm ipv6 ppdev parport_pc snd_usb_audio parport snd_usb_lib snd_hwdep floppy pcspkr serio_raw i2c_viapro via_rhine mii via_ircc irda crc_ccitt cx88_alsa snd_via82xx gameport snd_ac97_codec ac97_bus snd_mpu401_uart snd_rawmidi snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq tuner snd_seq_device tea5767 tda8290 tda18271 snd_pcm_oss tda827x tuner_xc2028 snd_mixer_oss xc5000 tda9887 tuner_simple snd_pcm mt20xx tea5761 snd_timer snd soundcore cx8800 snd_page_alloc cx88xx button videodev ir_common v4l1_compat compat_ioctl32 i2c_algo_bit v4l2_common tveeprom i2c_core videobuf_dma_sg videobuf_core firewire_ohci usblp firewire_core crc_itu_t btcx_risc sr_mod cdrom sg pata_via dm_snapshot dm_zero dm_mirror dm_mod sata_promise libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan]

Pid: 3689, comm: netspeed_applet Tainted: G      D  (2.6.25.11-97.fc9.i686 #1)
EIP: 0060:[<c0456b59>] EFLAGS: 00210202 CPU: 0
EIP is at audit_filter_inodes+0xb9/0xe2
EAX: 00000000 EBX: 00000020 ECX: 00000008 EDX: c083298c
ESI: f15d0c00 EDI: 00000000 EBP: f179dd54 ESP: f179dd24
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process netspeed_applet (pid: 3689, ti=f179d000 task=f17a0000 task.ti=f179d000)
Stack: 00000000 00000008 00000000 f17a0000 f15d0c3c c083298c f15d0c00 c044140c 
       00000000 f17a0000 f15d0c00 f17a0000 f179dd70 c045788d c044bd93 f179dd70 
       f179df18 00200206 f17a0000 f179dd9c c0429a37 00000001 c062eb9d c06c6a7c 
Call Trace:
 [<c044140c>] ? exit_robust_list+0x5a/0xf9
 [<c045788d>] ? audit_free+0x52/0x198
 [<c044bd93>] ? acct_collect+0x82/0x15d
 [<c0429a37>] ? do_exit+0x1d4/0x554
 [<c040715c>] ? die+0x15c/0x164
 [<c062cdba>] ? do_page_fault+0x5f9/0x6eb
 [<c04cfc1e>] ? inode_has_perm+0x5b/0x65
 [<c04ce7b7>] ? avc_has_perm+0x39/0x43
 [<c04cfc1e>] ? inode_has_perm+0x5b/0x65
 [<c04bbebb>] ? sysfs_put_active_two+0x17/0x1a
 [<c04bb087>] ? sysfs_open_file+0x147/0x1a6
 [<c0480a4d>] ? __dentry_open+0xf2/0x185
 [<c062c7c1>] ? do_page_fault+0x0/0x6eb
 [<c062b382>] ? error_code+0x72/0x78
 [<c0456b59>] ? audit_filter_inodes+0xb9/0xe2
 [<c04575e6>] ? audit_syscall_exit+0x77/0x2cc
 [<c040b1cf>] ? syscall_trace_leave+0x27/0x7a
 [<c0405d2f>] ? syscall_exit_work+0x1f/0x24
 =======================
Code: 1f 8d 45 ec 83 c2 10 50 8b 45 dc 89 f1 ff 75 e0 e8 cd f7 ff ff 59 5a 85 c0 74 05 8b 45 ec eb 2c 8b 45 f0 8b 00 89 45 f0 8b 45 f0 <8b> 00 0f 18 00 90 8b 55 f0 3b 55 e4 75 bc 83 45 e8 28 47 3b 7e 
EIP: [<c0456b59>] audit_filter_inodes+0xb9/0xe2 SS:ESP 0068:f179dd24
---[ end trace 18786e82220d4593 ]---
Fixing recursive fault but reboot is needed!

Version-Release number of selected component (if applicable):

Linux dirt.local 2.6.25.11-97.fc9.i686 #1 SMP Mon Jul 21 01:31:09 EDT 2008 i686 athlon i386 GNU/Linux

How reproducible:

Only happened once. Nothing special going on.

Actual results:

Kernel oops and netspeed applet killed

Expected results:

No oops
Additional info:
Comment 1 Chuck Ebbert 2008-09-22 05:55:33 UTC 
  20:   8b 45 f0                mov    -0x10(%ebp),%eax
  23:   8b 00                   mov    (%eax),%eax
  25:   89 45 f0                mov    %eax,-0x10(%ebp)
  28:   8b 45 f0                mov    -0x10(%ebp),%eax
00000000 <.text>:
   0:   8b 00                   mov    (%eax),%eax
   2:   0f 18 00                prefetchnta (%eax)
   5:   90                      nop    

kernel/auditsc.c:689:
                list_for_each_entry_rcu(e, list, list) {

While attempting to prefetch the next entry it found a null pointer.
Comment 2 Chuck Ebbert 2008-09-30 04:44:09 UTC 
Can you try a 2.6.26 kernel?
Comment 3 Bug Zapper 2009-06-10 02:26:24 UTC 
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Bug Zapper 2009-07-14 14:20:31 UTC 
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 5 Red Hat Bugzilla 2023-09-14 01:13:25 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days