Hide Forgot
Description of problem: BUG: unable to handle kernel NULL pointer dereference at (null) Version-Release number of selected component (if applicable): 3.1.6-1 (same as fedora's 3.1.6 but without loop module) How reproducible: restart auditd daemon Steps to Reproduce: 1. reboot 2. service auditd stop 3. service auditd start Actual results: kernel oops. Expected results: No oops. Additional info:
Created attachment 550212 [details] backtrace
Yesterday i did the same stop/start operation. The message was somehow different (different bug?): WARNING: at lib/list_debug.c:26 __list_add+0x6d/0xa0() Hardware name: HP Compaq 8710w (GC124EA#ABB) list_add corruption. next->prev should be prev (ffffffff81a49bc0), but was ffff88012f031a78. (next=ffff88012f031a78). Modules linked in: sha256_generic authenc xfrm6_mode_tunnel xfrm4_mode_tunnel xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 af_key pcspkr vboxpci vboxnetadp vboxnetflt vboxdrv coretemp ipt_REDIRECT iptable_nat nf_nat xt_multiport ip6t_REJECT xt_TCPMSS nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_state xt_connmark nf_conntrack xt_mark ip6table_filter ip6_tables iptable_mangle snd_hda_codec_analog snd_hda_intel arc4 snd_hda_codec snd_hwdep snd_seq_dummy iwl4965 snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device iwl_legacy snd_pcm_oss snd_mixer_oss mac80211 cfg80211 e1000e iTCO_wdt iTCO_vendor_support snd_pcm r592 snd_timer snd r852 sm_common nand memstick nand_ids nand_ecc soundcore hp_wmi hp_accel snd_page_alloc serio_raw mtd lis3lv02d ppdev tpm_infineon parport_pc parport input_polldev sparse_keymap rfkill joydev microcode loop xfs pata_pcmcia nouveau firewire_ohci firewire_core sdhci_pci sdhci pata_acpi crc_itu_t mmc_core yenta_socket t tm ata_generic drm_kms_helper drm i2c_algo_bit i2c_core mxm_wmi wmi video [last unloaded: scsi_wait_scan] Pid: 2355, comm: systemd-tty-ask Tainted: G C 3.1.6-1.AES.f16g.x86_64 #1 Call Trace: [<ffffffff8106b73f>] warn_slowpath_common+0x7f/0xc0 [<ffffffff8106b836>] warn_slowpath_fmt+0x46/0x50 [<ffffffff812bca1d>] __list_add+0x6d/0xa0 [<ffffffff811ada13>] fsnotify_destroy_mark+0xb3/0x150 [<ffffffff811add9e>] fsnotify_clear_marks_by_group_flags+0xde/0x110 [<ffffffff811adde3>] fsnotify_clear_marks_by_group+0x13/0x20 [<ffffffff811aecc6>] inotify_release+0x26/0x60 [<ffffffff8117425a>] fput+0xea/0x260 [<ffffffff81170b26>] filp_close+0x66/0x90 [<ffffffff81170bea>] sys_close+0x9a/0xf0 [<ffffffff815d9942>] system_call_fastpath+0x16/0x1b
You have the vbox modules loaded and have built your own kernel. Let us know if you can recreate this on a stock Fedora kernel without the vbox modules loaded.
Yes I can! Only this time I had to stop and start the daemon 2 times. Log attached. No virtualbox modules (not even compiled!). The kernel is installed from updates. This is definitely a bug.
Created attachment 550418 [details] messages-20120103.log
Just tested on another computer. Kernel from updates. No virtualbox modules. Same thing - oops. First time i had to restart auditd daemon several times (5-6 times). Reboot. Restart auditd - oops.
Correction: First time i had to restart auditd daemon several times (5-6 times) - oops. Reboot. Restart auditd - oops.
The crash seems to be related to content if audit.rules. A. Using original audit.rules file. 1. reboot 2. watch -n5 "service auditd restart" - Crash cannot be reproduced. B. cp /usr/share/doc/audit-2.1.3/capp.rules audit.rules 1. reboot. 2. service auditd restart - System freeze. Reset button required. C. Using my own audit.rules 1. reboot. 2. "service auditd restart" need to be run one or more times. System can be rebooted properly. audit.rules attached.
Created attachment 552365 [details] audit.rules
# Mass update to all open bugs. Kernel 3.6.2-1.fc16 has just been pushed to updates. This update is a significant rebase from the previous version. Please retest with this kernel, and let us know if your problem has been fixed. In the event that you have upgraded to a newer release and the bug you reported is still present, please change the version field to the newest release you have encountered the issue with. Before doing so, please ensure you are testing the latest kernel update in that release and attach any new and relevant information you may have gathered. If you are not the original bug reporter and you still experience this bug, please file a new report, as it is possible that you may be seeing a different problem. (Please don't clone this bug, a fresh bug referencing this bug in the comment is sufficient).
Sorry, I do not have F16 anymore. I cannot reproduce this bug on F17 with kernel 3.6.2-4.f17 and audit 2.2.1. Thank you.
Thanks for letting us know.