← Back to team overview

kernel-packages team mailing list archive

[Bug 1450643] Re: Installing linux-image-3.13.0-51-generic with auditd causes inability to ssh into the system

 

*** This bug is a duplicate of bug 1450442 ***
    https://bugs.launchpad.net/bugs/1450442

Additional way to replicate

Setup a vanilla ubuntu 14.04 system
apt-get install linux-headers-3.13.0-51 linux-headers-3.13.0-51-generic linux-image-3.13.0-51-generic
reboot
<now running 3.13.0-51>
login
apt-get install auditd
echo "-w /etc/test" >>/etc/audit/audit.rules
/etc/init.d/auditd restart
logout
ssh to the system
failure - and below stacktrace


Thru doing more testing - depending on the order you take depends on what fails.  But the main issue is that you will be unable to ssh to the machine and get the below stacktrace

Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.897427] BUG: unable to handle kernel NULL pointer dereference at 0000000000000023
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.897696] IP: [<ffffffff8136cb80>] strlen+0x0/0x30
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.897867] PGD 0
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.897977] Oops: 0000 [#3] SMP
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.898150] Modules linked in: vmw_vsock_vmci_transport vsock dm_crypt ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper vmw_balloon ablk_helper cryptd psmouse serio_raw nfsd auth_rpcgss nfs_acl nfs lockd sunrpc fscache vmw_vmci parport_pc lp parport vmw_pvscsi vmxnet3 mptspi e1000 mptscsih mptbase floppy
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.899575] CPU: 0 PID: 1646 Comm: sshd Tainted: G      D       3.13.0-51-generic #84-Ubuntu
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.899790] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.900023] task: ffff8800078c6000 ti: ffff8800144e8000 task.ti: ffff8800144e8000
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.900241] RIP: 0010:[<ffffffff8136cb80>]  [<ffffffff8136cb80>] strlen+0x0/0x30
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.900489] RSP: 0018:ffff8800144e9d60  EFLAGS: 00010216
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.900598] RAX: 000000000000000a RBX: 000000000000000a RCX: 00000000001dfcd3
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.900752] RDX: 0000000000000014 RSI: 0000000000000023 RDI: 0000000000000023
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.901749] RBP: ffff8800144e9d90 R08: ffff880015789248 R09: ffff880017c197e0
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.902249] R10: ffffffff81288580 R11: ffffea00004e0b40 R12: 0000000000000014
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.902512] R13: 0000000000000023 R14: ffff88000b07cdb8 R15: ffff880015789060
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.902738] FS:  00007f2117494840(0000) GS:ffff880017c00000(0000) knlGS:0000000000000000
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.902976] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.903142] CR2: 0000000000000023 CR3: 000000000342e000 CR4: 00000000001407f0
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.903374] Stack:
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.903495]  ffffffff810fb39b 0000000000000000 0000000000000004 ffff88001318c488
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.903834]  ffff880015789000 ffff880015789060 ffff8800144e9df8 ffffffff810fdb36
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.904170]  00000000000008e6 0000000400000023 ffff88000b07cd80 ffff88001318cc38
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.904505] Call Trace:
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.904636]  [<ffffffff810fb39b>] ? audit_compare_dname_path+0x2b/0xa0
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.904795]  [<ffffffff810fdb36>] __audit_inode_child+0xb6/0x330
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.904958]  [<ffffffff811ca060>] vfs_mknod+0x110/0x160
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.905106]  [<ffffffff816bf475>] unix_bind+0x2a5/0x360
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.905251]  [<ffffffff810ff142>] ? __audit_sockaddr+0x42/0x80
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.905404]  [<ffffffff8160d4c0>] SYSC_bind+0xe0/0x120
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.905548]  [<ffffffff8160e4de>] SyS_bind+0xe/0x10
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.905691]  [<ffffffff817330bd>] system_call_fastpath+0x1a/0x1f
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.905839] Code: 89 f8 48 89 e5 f6 82 40 c7 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 40 c7 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.907914] RIP  [<ffffffff8136cb80>] strlen+0x0/0x30
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.910466]  RSP <ffff8800144e9d60>
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.910568] CR2: 0000000000000023
Apr 30 22:06:22 default-ubuntu-1404 kernel: [  253.910698] ---[ end trace 149770bb65f981f7 ]---
A

** Summary changed:

- Installing linux-image-3.13.0-51-generic with auditd causes unrecoverable system state
+ Installing linux-image-3.13.0-51-generic with auditd causes inability to ssh into the system

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-trusty in Ubuntu.
https://bugs.launchpad.net/bugs/1450643

Title:
  Installing linux-image-3.13.0-51-generic with auditd causes inability
  to ssh into the system

Status in linux-lts-trusty package in Ubuntu:
  New

Bug description:
  When installing linux kernel 3.13.0-51 onto a system that has auditd
  installed with at least one rule enabled, the following stacktrace
  occurs when various processes occur (pretty much anything by root).

  [   41.813593] type=1305 audit(1430428709.300:28): audit_pid=0 old=880 auid=4294967295 ses=4294967295 res=1
  [   41.830177] type=1305 audit(1430428709.316:29): audit_enabled=1 old=1 auid=900 ses=1 res=1
  [   41.830184] type=1305 audit(1430428709.316:30): audit_pid=1238 old=0 auid=900 ses=1 res=1
  [   51.377064] BUG: unable to handle kernel NULL pointer dereference at 0000000000000023
  [   51.377243] IP: [<ffffffff8136cb80>] strlen+0x0/0x30
  [   51.377312] PGD 0
  [   51.377358] Oops: 0000 [#1] SMP
  [   51.377428] Modules linked in: vmw_vsock_vmci_transport vsock dm_crypt ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper vmw_balloon cryptd psmouse serio_raw nfsd auth_rpcgss nfs_acl nfs lockd sunrpc fscache vmw_vmci parport_pc lp parport vmw_pvscsi vmxnet3 e1000 mptspi mptscsih mptbase floppy
  [   51.378232] CPU: 0 PID: 1281 Comm: sshd Not tainted 3.13.0-51-generic #84-Ubuntu
  [   51.378285] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/20/2014
  [   51.378355] task: ffff880015979800 ti: ffff8800158f6000 task.ti: ffff8800158f6000
  [   51.378429] RIP: 0010:[<ffffffff8136cb80>]  [<ffffffff8136cb80>] strlen+0x0/0x30
  [   51.378496] RSP: 0018:ffff8800158f7d60  EFLAGS: 00010216
  [   51.378537] RAX: 000000000000000a RBX: 000000000000000a RCX: 00000000001e0e67
  [   51.378587] RDX: 0000000000000014 RSI: 0000000000000023 RDI: 0000000000000023
  [   51.378637] RBP: ffff8800158f7d90 R08: ffff88001549c248 R09: ffff880017c197e0
  [   51.378736] R10: ffffffff81288580 R11: ffffea0000020ac0 R12: 0000000000000014
  [   51.378823] R13: 0000000000000023 R14: ffff88000f1661b8 R15: ffff88001549c060
  [   51.378910] FS:  00007fee7e146840(0000) GS:ffff880017c00000(0000) knlGS:0000000000000000
  [   51.379038] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [   51.379118] CR2: 0000000000000023 CR3: 00000000175f4000 CR4: 00000000001407f0
  [   51.379238] Stack:
  [   51.379299]  ffffffff810fb39b 0000000000000000 0000000000000004 ffff88000f1633e8
  [   51.379523]  ffff88001549c000 ffff88001549c060 ffff8800158f7df8 ffffffff810fdb36
  [   51.379827]  00000000000008e6 0000000400000023 ffff88000f166180 ffff88000f1637c0
  [   51.380015] Call Trace:
  [   51.380085]  [<ffffffff810fb39b>] ? audit_compare_dname_path+0x2b/0xa0
  [   51.380170]  [<ffffffff810fdb36>] __audit_inode_child+0xb6/0x330
  [   51.380254]  [<ffffffff811ca060>] vfs_mknod+0x110/0x160
  [   51.380350]  [<ffffffff816bf475>] unix_bind+0x2a5/0x360
  [   51.380449]  [<ffffffff810ff142>] ? __audit_sockaddr+0x42/0x80
  [   51.380538]  [<ffffffff8160d4c0>] SYSC_bind+0xe0/0x120
  [   51.380617]  [<ffffffff8160e4de>] SyS_bind+0xe/0x10
  [   51.380777]  [<ffffffff817330bd>] system_call_fastpath+0x1a/0x1f
  [   51.380943] Code: 89 f8 48 89 e5 f6 82 40 c7 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 40 c7 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 <80> 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80
  [   51.382310] RIP  [<ffffffff8136cb80>] strlen+0x0/0x30
  [   51.382432]  RSP <ffff8800158f7d60>
  [   51.382518] CR2: 0000000000000023
  [   51.382654] ---[ end trace b5e4e75ed1093ea0 ]---

  
  To Replicate:
  apt-get install auditd
  echo "-w /etc/test" >>/etc/audit/audit.rules
  /etc/init.d/auditd restart
  apt-get install linux-headers-3.13.0-51 linux-headers-3.13.0-51-generic linux-image-3.13.0-51-generic
  reboot
  attempt to login or ssh into the host - you'll get a similar stacktrace.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1450643/+subscriptions


References