On Sat, Jul 18, 2020 at 2:56 PM Dominick Grift <[email protected]> wrote: > On 7/18/20 8:40 PM, bauen1 wrote: > > Hi, > > After upgrading from linux 5.6 to 5.7 on my debian machines with selinux > > I've started seeing this null pointer dereference in the audit system. I've > > included shortened logs for 5.6 without the error and from 5.7 with the > > error from my laptop. I've also seen it happen in a VM and a server, but > > don't have the logs anymore. Grift was able to reproduced (presumably) the > > same issue on fedora with 5.8-rc4. > > > > Steps to reproduce: > > Write an selinux policy with a domain for systemd-user-runtime-dir and > > audit all permissions of the dir class. E.g. `(auditallow > > systemd_user_runtime_dir_t all_types (dir (all)))` > > Switch to permissive mode. > > Create a new user and login, log out and wait a few seconds for systemd to > > stop user-runtime-dir@<uid>.service > > This should be a reproducer: > > echo "(auditallow systemd_logind_t file_type (dir (all)))" > mytest.cil > && sudo semodule -i mytest.cil > reboot
Thanks bauen1 and Dominick. Richard, you broke it, you bought it :) Did you want to take a closer look at this? If you can't let me know. Based on a quick look, my gut feeling is that either context->pwd is never set properly or it is getting free'd prematurely; I'm highly suspicious of the latter but the former seems like it might be a reasonable place to start. > > I believe this issue was made visible by > > 1320a4052ea11eb2879eb7361da15a106a780972. > > Now a AUDIT_PATH event is also generated by default and > > systemd-user-runtime-dir is making syscalls that audit_log_name can't > > handle. > > > > I hope this is enough info to find the root cause. > > - bauen1 > > > > Log without crash (5.6): > > > > Jul 18 14:26:36 jh-mba kernel: Linux version 5.6.0-2-amd64 > > ([email protected]) (gcc version 9.3.0 (Debian 9.3.0-13)) #1 > > SMP Debian 5.6.14-2 (2020-06-09) > > Jul 18 14:27:53 jh-mba audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 > > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1001 > > comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? > > res=success' > > Jul 18 14:27:53 jh-mba systemd[1]: Stopping User Runtime Directory > > /run/user/1001... > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { read } for > > pid=3178 comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=41325 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/dconf" dev="tmpfs" > > ino=41325 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/dconf" dev="tmpfs" > > ino=41325 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for > > pid=3178 comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=41325 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for > > pid=3178 comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=41325 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for > > pid=3178 comm="systemd-user-ru" name="user" dev="tmpfs" ino=41326 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for > > pid=3178 comm="systemd-user-ru" name="user" dev="tmpfs" ino=41326 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=file permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for > > pid=3178 comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=41325 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { read } for > > pid=3178 comm="systemd-user-ru" name="gvfs" dev="tmpfs" ino=42315 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/gvfs" dev="tmpfs" > > ino=42315 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/gvfs" dev="tmpfs" > > ino=42315 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for > > pid=3178 comm="systemd-user-ru" name="gvfs" dev="tmpfs" ino=42315 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:user_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { read } for > > pid=3178 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=39557 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/dbus-1" dev="tmpfs" > > ino=39557 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/dbus-1" dev="tmpfs" > > ino=39557 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for > > pid=3178 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=39557 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for > > pid=3178 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=39557 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for > > pid=3178 comm="systemd-user-ru" name="services" dev="tmpfs" ino=39558 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for > > pid=3178 comm="systemd-user-ru" name="services" dev="tmpfs" ino=39558 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/pulse" dev="tmpfs" > > ino=41258 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/pulse" dev="tmpfs" > > ino=41258 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for > > pid=3178 comm="systemd-user-ru" name="pulse" dev="tmpfs" ino=41258 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for > > pid=3178 comm="systemd-user-ru" name="pulse" dev="tmpfs" ino=41258 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for > > pid=3178 comm="systemd-user-ru" name="native" dev="tmpfs" ino=41259 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for > > pid=3178 comm="systemd-user-ru" name="native" dev="tmpfs" ino=41259 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=sock_file permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for > > pid=3178 comm="systemd-user-ru" name="pulse" dev="tmpfs" ino=41258 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:pulseaudio_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for > > pid=3178 comm="systemd-user-ru" name="bus" dev="tmpfs" ino=41239 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:session_dbusd_runtime_t:s0 tclass=sock_file > > permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { read } for > > pid=3178 comm="systemd-user-ru" name="gnupg" dev="tmpfs" ino=42225 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/gnupg" dev="tmpfs" > > ino=42225 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/gnupg" dev="tmpfs" > > ino=42225 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for > > pid=3178 comm="systemd-user-ru" name="gnupg" dev="tmpfs" ino=42225 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for > > pid=3178 comm="systemd-user-ru" name="gnupg" dev="tmpfs" ino=42225 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for > > pid=3178 comm="systemd-user-ru" name="S.gpg-agent" dev="tmpfs" ino=41252 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for > > pid=3178 comm="systemd-user-ru" name="S.gpg-agent" dev="tmpfs" ino=41252 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=sock_file permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for > > pid=3178 comm="systemd-user-ru" name="gnupg" dev="tmpfs" ino=42225 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:dirmngr_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { open } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/systemd" dev="tmpfs" > > ino=39472 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { getattr } for > > pid=3178 comm="systemd-user-ru" path="/run/user/1001/systemd" dev="tmpfs" > > ino=39472 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { search } for > > pid=3178 comm="systemd-user-ru" name="systemd" dev="tmpfs" ino=39472 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { write } for > > pid=3178 comm="systemd-user-ru" name="systemd" dev="tmpfs" ino=39472 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { remove_name } for > > pid=3178 comm="systemd-user-ru" name="private" dev="tmpfs" ino=41230 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for > > pid=3178 comm="systemd-user-ru" name="private" dev="tmpfs" ino=41230 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=sock_file > > permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { unlink } for > > pid=3178 comm="systemd-user-ru" name="notify" dev="tmpfs" ino=41226 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:systemd_user_runtime_notify_t:s0 tclass=sock_file > > permissive=1 > > Jul 18 14:27:53 jh-mba audit[3178]: AVC avc: denied { rmdir } for > > pid=3178 comm="systemd-user-ru" name="units" dev="tmpfs" ino=39473 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1 > > Jul 18 14:27:53 jh-mba systemd[2501]: run-user-1001.mount: Succeeded. > > Jul 18 14:27:53 jh-mba systemd[1]: run-user-1001.mount: Succeeded. > > Jul 18 14:27:53 jh-mba systemd[2839]: run-user-1001.mount: Succeeded. > > Jul 18 14:27:53 jh-mba systemd[1]: [email protected]: Succeeded. > > Jul 18 14:27:53 jh-mba systemd[1]: Stopped User Runtime Directory > > /run/user/1001. > > > > > > Log with crash (5.7): > > > > Jul 18 14:30:09 jh-mba kernel: Linux version 5.7.0-1-amd64 > > ([email protected]) (gcc version 9.3.0 (Debian 9.3.0-14), GNU > > ld (GNU Binutils for Debian) 2.34) #1 SMP Debian 5.7.6-1 (2020-06-24) > > Jul 18 14:35:10 jh-mba audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 > > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1001 > > comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? > > res=success' > > Jul 18 14:35:10 jh-mba systemd[1]: Stopping User Runtime Directory > > /run/user/1001... > > Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { read } for > > pid=3163 comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=39541 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { open } for > > pid=3163 comm="systemd-user-ru" path="/run/user/1001/dconf" dev="tmpfs" > > ino=39541 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:35:10 jh-mba audit[3163]: SYSCALL arch=c000003e syscall=257 > > success=yes exit=4 a0=3 a1=55edb4e41073 a2=f0800 a3=0 items=0 ppid=1 > > pid=3163 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > > fsgid=0 tty=(none) ses=4294967295 comm="systemd-user-ru" > > exe="/usr/lib/systemd/systemd-user-runtime-dir" > > subj=system_u:system_r:systemd_user_runtime_dir_t:s0 key=(null) > > Jul 18 14:35:10 jh-mba audit: PROCTITLE > > proctitle=2F6C69622F73797374656D642F73797374656D642D757365722D72756E74696D652D6469720073746F700031303031 > > Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { getattr } for > > pid=3163 comm="systemd-user-ru" path="/run/user/1001/dconf" dev="tmpfs" > > ino=39541 scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:35:10 jh-mba audit[3163]: SYSCALL arch=c000003e syscall=5 > > success=yes exit=0 a0=4 a1=7fff95e523b0 a2=7fff95e523b0 a3=7fff95e52414 > > items=0 ppid=1 pid=3163 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-user-ru" > > exe="/usr/lib/systemd/systemd-user-runtime-dir" > > subj=system_u:system_r:systemd_user_runtime_dir_t:s0 key=(null) > > Jul 18 14:35:10 jh-mba audit: PROCTITLE > > proctitle=2F6C69622F73797374656D642F73797374656D642D757365722D72756E74696D652D6469720073746F700031303031 > > Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { search } for > > pid=3163 comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=39541 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { write } for > > pid=3163 comm="systemd-user-ru" name="dconf" dev="tmpfs" ino=39541 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { remove_name } for > > pid=3163 comm="systemd-user-ru" name="user" dev="tmpfs" ino=39542 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=dir permissive=1 > > Jul 18 14:35:10 jh-mba audit[3163]: AVC avc: denied { unlink } for > > pid=3163 comm="systemd-user-ru" name="user" dev="tmpfs" ino=39542 > > scontext=system_u:system_r:systemd_user_runtime_dir_t:s0 > > tcontext=user_u:object_r:gconf_tmp_t:s0 tclass=file permissive=1 > > Jul 18 14:35:10 jh-mba audit[3163]: SYSCALL arch=c000003e syscall=263 > > success=yes exit=0 a0=4 a1=55edb4e490b3 a2=0 a3=4 items=2 ppid=1 pid=3163 > > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 > > tty=(none) ses=4294967295 comm="systemd-user-ru" > > exe="/usr/lib/systemd/systemd-user-runtime-dir" > > subj=system_u:system_r:systemd_user_runtime_dir_t:s0 key=(null) > > Jul 18 14:35:10 jh-mba kernel: BUG: kernel NULL pointer dereference, > > address: 0000000000000060 > > Jul 18 14:35:10 jh-mba kernel: #PF: supervisor read access in kernel mode > > Jul 18 14:35:10 jh-mba kernel: #PF: error_code(0x0000) - not-present page > > Jul 18 14:35:11 jh-mba kernel: PGD 0 P4D 0 > > Jul 18 14:35:11 jh-mba kernel: Oops: 0000 [#1] SMP PTI > > Jul 18 14:35:11 jh-mba kernel: CPU: 1 PID: 3163 Comm: systemd-user-ru > > Tainted: P OE 5.7.0-1-amd64 #1 Debian 5.7.6-1 > > Jul 18 14:35:11 jh-mba kernel: Hardware name: Apple Inc. > > MacBookAir6,2/Mac-7DF21CB3ED6977E5, BIOS 110.0.0.0.0 09/17/2018 > > Jul 18 14:35:11 jh-mba kernel: RIP: 0010:d_path+0x35/0x140 > > Jul 18 14:35:11 jh-mba kernel: Code: 49 89 fc 48 83 ec 28 48 8b 7f 08 89 54 > > 24 04 65 48 8b 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 01 f0 48 > > 89 44 24 08 <48> 8b 47 60 48 85 c0 74 22 48 8b 40 48 48 85 c0 74 19 48 3b > > 7f 18 > > Jul 18 14:35:11 jh-mba kernel: RSP: 0018:ffffb71e411cfe18 EFLAGS: 00010282 > > Jul 18 14:35:11 jh-mba kernel: RAX: ffff9a525f18700b RBX: ffff9a524fc52060 > > RCX: 00000000000004dd > > Jul 18 14:35:11 jh-mba kernel: RDX: 000000000000100b RSI: ffff9a525f186000 > > RDI: 0000000000000000 > > Jul 18 14:35:11 jh-mba kernel: RBP: ffffb71e411cfe48 R08: ffff9a52672b0060 > > R09: 0000000000000006 > > Jul 18 14:35:11 jh-mba kernel: R10: ffff9a522c99e6c0 R11: ffff9a532c99e030 > > R12: ffff9a524fc522b0 > > Jul 18 14:35:11 jh-mba kernel: R13: ffff9a52658d3708 R14: ffff9a524fc52000 > > R15: 0000000000000000 > > Jul 18 14:35:11 jh-mba kernel: FS: 00007ff68934e980(0000) > > GS:ffff9a5267280000(0000) knlGS:0000000000000000 > > Jul 18 14:35:11 jh-mba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: > > 0000000080050033 > > Jul 18 14:35:11 jh-mba kernel: CR2: 0000000000000060 CR3: 0000000226ce6002 > > CR4: 00000000001606e0 > > Jul 18 14:35:11 jh-mba kernel: Call Trace: > > Jul 18 14:35:11 jh-mba kernel: audit_log_d_path+0x75/0xd0 > > Jul 18 14:35:11 jh-mba kernel: audit_log_exit+0x63d/0xcf0 > > Jul 18 14:35:11 jh-mba kernel: ? audit_filter_inodes+0x2e/0x100 > > Jul 18 14:35:11 jh-mba kernel: __audit_syscall_exit+0x23b/0x2a0 > > Jul 18 14:35:11 jh-mba kernel: syscall_slow_exit_work+0x117/0x140 > > Jul 18 14:35:11 jh-mba kernel: do_syscall_64+0x10e/0x180 > > Jul 18 14:35:11 jh-mba kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > Jul 18 14:35:11 jh-mba kernel: RIP: 0033:0x7ff689f8eb67 > > Jul 18 14:35:11 jh-mba kernel: Code: 73 01 c3 48 8b 0d 29 d3 0c 00 f7 d8 64 > > 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 > > 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f9 d2 0c 00 f7 d8 64 89 > > 01 48 > > Jul 18 14:35:11 jh-mba kernel: RSP: 002b:00007fff95e52468 EFLAGS: 00000246 > > ORIG_RAX: 0000000000000107 > > Jul 18 14:35:11 jh-mba kernel: RAX: 0000000000000000 RBX: 00007ff68934e830 > > RCX: 00007ff689f8eb67 > > Jul 18 14:35:11 jh-mba kernel: RDX: 0000000000000000 RSI: 000055edb4e490b3 > > RDI: 0000000000000004 > > Jul 18 14:35:11 jh-mba kernel: RBP: 0000000000000004 R08: 000055edb4e490a0 > > R09: 00007ff68a05cbe0 > > Jul 18 14:35:11 jh-mba kernel: R10: 0000000000000004 R11: 0000000000000246 > > R12: 000055edb4e49040 > > Jul 18 14:35:11 jh-mba kernel: R13: 0000000000000000 R14: 000055edb4e490a0 > > R15: 000055edb4e490b3 > > Jul 18 14:35:11 jh-mba kernel: Modules linked in: rfcomm bnep xt_CHECKSUM > > cpufreq_powersave xt_MASQUERADE cpufreq_conservative cpufreq_userspace > > xt_tcpudp nft_compat bridge stp llc overlay fuse nft_chain_nat nf_nat > > nf_log_ipv6 nf_log_ipv4 nf_log_common nft_log veth intel_rapl_msr btusb > > btrtl btbcm joydev binfmt_misc btintel nls_ascii nls_cp437 vfat fat > > bluetooth nft_counter drbg intel_rapl_common asix ansi_cprng ecdh_generic > > usbnet ecc mii vrf libphy x86_pkg_temp_thermal intel_powerclamp applesmc > > snd_hda_codec_hdmi snd_hda_codec_cirrus snd_hda_codec_generic coretemp > > ledtrig_audio evdev wireguard kvm_intel curve25519_x86_64 > > libcurve25519_generic libchacha20poly1305 snd_hda_intel kvm bcm5974 wl(POE) > > snd_intel_dspcfg chacha_x86_64 poly1305_x86_64 ip6_udp_tunnel efi_pstore > > udp_tunnel irqbypass snd_hda_codec libblake2s cfg80211 intel_cstate > > snd_hda_core blake2s_x86_64 libblake2s_generic libchacha snd_hwdep > > intel_uncore iTCO_wdt i915 iTCO_vendor_support intel_rapl_perf snd_pcm > > nft_ct s g efivars pcspkr nf_conntrack > > Jul 18 14:35:11 jh-mba kernel: watchdog rfkill snd_timer nf_defrag_ipv6 > > nf_defrag_ipv4 drm_kms_helper mei_me snd mei cec soundcore i2c_algo_bit sbs > > sbshc acpi_als kfifo_buf industrialio apple_bl ac button bonding nf_tables > > parport_pc(E) nfnetlink ppdev(E) lp(E) drm parport(E) sunrpc efivarfs > > ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 btrfs blake2b_generic > > zstd_decompress zstd_compress hid_apple hid_generic usbhid hid dm_crypt > > dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor > > async_tx xor raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear > > md_mod uas usb_storage sd_mod t10_pi crc_t10dif crct10dif_generic > > crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel > > ghash_clmulni_intel ahci libahci xhci_pci aesni_intel xhci_hcd libaes > > crypto_simd libata cryptd glue_helper usbcore scsi_mod i2c_i801 thunderbolt > > lpc_ich mfd_core usb_common spi_pxa2xx_platform dw_dmac video dw_dmac_core > > Jul 18 14:35:11 jh-mba kernel: CR2: 0000000000000060 > > Jul 18 14:35:11 jh-mba kernel: ---[ end trace 01b46d19ab2d30bf ]--- > > Jul 18 14:35:11 jh-mba kernel: RIP: 0010:d_path+0x35/0x140 > > Jul 18 14:35:11 jh-mba kernel: Code: 49 89 fc 48 83 ec 28 48 8b 7f 08 89 54 > > 24 04 65 48 8b 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 01 f0 48 > > 89 44 24 08 <48> 8b 47 60 48 85 c0 74 22 48 8b 40 48 48 85 c0 74 19 48 3b > > 7f 18 > > Jul 18 14:35:11 jh-mba kernel: RSP: 0018:ffffb71e411cfe18 EFLAGS: 00010282 > > Jul 18 14:35:11 jh-mba kernel: RAX: ffff9a525f18700b RBX: ffff9a524fc52060 > > RCX: 00000000000004dd > > Jul 18 14:35:11 jh-mba kernel: RDX: 000000000000100b RSI: ffff9a525f186000 > > RDI: 0000000000000000 > > Jul 18 14:35:11 jh-mba kernel: RBP: ffffb71e411cfe48 R08: ffff9a52672b0060 > > R09: 0000000000000006 > > Jul 18 14:35:11 jh-mba kernel: R10: ffff9a522c99e6c0 R11: ffff9a532c99e030 > > R12: ffff9a524fc522b0 > > Jul 18 14:35:11 jh-mba kernel: R13: ffff9a52658d3708 R14: ffff9a524fc52000 > > R15: 0000000000000000 > > Jul 18 14:35:11 jh-mba kernel: FS: 00007ff68934e980(0000) > > GS:ffff9a5267280000(0000) knlGS:0000000000000000 > > Jul 18 14:35:11 jh-mba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: > > 0000000080050033 > > Jul 18 14:35:11 jh-mba kernel: CR2: 0000000000000060 CR3: 0000000226ce6002 > > CR4: 00000000001606e0 > > Jul 18 14:35:11 jh-mba kernel: BUG: kernel NULL pointer dereference, > > address: 0000000000000060 > > Jul 18 14:35:11 jh-mba kernel: #PF: supervisor read access in kernel mode > > Jul 18 14:35:12 jh-mba kernel: #PF: error_code(0x0000) - not-present page > > Jul 18 14:35:13 jh-mba kernel: PGD 0 P4D 0 > > Jul 18 14:35:13 jh-mba kernel: Oops: 0000 [#2] SMP PTI > > Jul 18 14:35:13 jh-mba kernel: CPU: 1 PID: 3163 Comm: systemd-user-ru > > Tainted: P D OE 5.7.0-1-amd64 #1 Debian 5.7.6-1 > > Jul 18 14:35:13 jh-mba kernel: Hardware name: Apple Inc. > > MacBookAir6,2/Mac-7DF21CB3ED6977E5, BIOS 110.0.0.0.0 09/17/2018 > > Jul 18 14:35:13 jh-mba kernel: RIP: 0010:d_path+0x35/0x140 > > Jul 18 14:35:13 jh-mba kernel: Code: 49 89 fc 48 83 ec 28 48 8b 7f 08 89 54 > > 24 04 65 48 8b 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 01 f0 48 > > 89 44 24 08 <48> 8b 47 60 48 85 c0 74 22 48 8b 40 48 48 85 c0 74 19 48 3b > > 7f 18 > > Jul 18 14:35:13 jh-mba kernel: RSP: 0018:ffffb71e411cfde0 EFLAGS: 00010282 > > Jul 18 14:35:13 jh-mba kernel: RAX: ffff9a525f18500b RBX: ffff9a524fc52060 > > RCX: 00000000000004e0 > > Jul 18 14:35:13 jh-mba kernel: RDX: 000000000000100b RSI: ffff9a525f184000 > > RDI: 0000000000000000 > > Jul 18 14:35:13 jh-mba kernel: RBP: ffffb71e411cfe10 R08: ffff9a52672b0060 > > R09: 0000000000000006 > > Jul 18 14:35:13 jh-mba kernel: R10: ffff9a522c99cec0 R11: ffff9a532c99c830 > > R12: ffff9a524fc522b0 > > Jul 18 14:35:13 jh-mba kernel: R13: ffff9a52658d35e8 R14: ffff9a524fc52000 > > R15: 0000000000000000 > > Jul 18 14:35:13 jh-mba kernel: FS: 00007ff68934e980(0000) > > GS:ffff9a5267280000(0000) knlGS:0000000000000000 > > Jul 18 14:35:13 jh-mba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: > > 0000000080050033 > > Jul 18 14:35:13 jh-mba kernel: CR2: 0000000000000060 CR3: 0000000226ce6002 > > CR4: 00000000001606e0 > > Jul 18 14:35:13 jh-mba kernel: Call Trace: > > Jul 18 14:35:13 jh-mba kernel: audit_log_d_path+0x75/0xd0 > > Jul 18 14:35:13 jh-mba kernel: audit_log_exit+0x63d/0xcf0 > > Jul 18 14:35:13 jh-mba kernel: ? audit_log_d_path+0x75/0xd0 > > Jul 18 14:35:13 jh-mba kernel: ? audit_filter_inodes+0x2e/0x100 > > Jul 18 14:35:13 jh-mba kernel: __audit_free+0x233/0x260 > > Jul 18 14:35:13 jh-mba kernel: do_exit+0x8d3/0xb50 > > Jul 18 14:35:13 jh-mba kernel: ? syscall_slow_exit_work+0x117/0x140 > > Jul 18 14:35:13 jh-mba kernel: rewind_stack_do_exit+0x17/0x20 > > Jul 18 14:35:13 jh-mba kernel: RIP: 0033:0x7ff689f8eb67 > > Jul 18 14:35:13 jh-mba kernel: Code: 73 01 c3 48 8b 0d 29 d3 0c 00 f7 d8 64 > > 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 > > 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f9 d2 0c 00 f7 d8 64 89 > > 01 48 > > Jul 18 14:35:13 jh-mba kernel: RSP: 002b:00007fff95e52468 EFLAGS: 00000246 > > ORIG_RAX: 0000000000000107 > > Jul 18 14:35:13 jh-mba kernel: RAX: 0000000000000000 RBX: 00007ff68934e830 > > RCX: 00007ff689f8eb67 > > Jul 18 14:35:13 jh-mba kernel: RDX: 0000000000000000 RSI: 000055edb4e490b3 > > RDI: 0000000000000004 > > Jul 18 14:35:13 jh-mba kernel: RBP: 0000000000000004 R08: 000055edb4e490a0 > > R09: 00007ff68a05cbe0 > > Jul 18 14:35:13 jh-mba kernel: R10: 0000000000000004 R11: 0000000000000246 > > R12: 000055edb4e49040 > > Jul 18 14:35:13 jh-mba kernel: R13: 0000000000000000 R14: 000055edb4e490a0 > > R15: 000055edb4e490b3 > > Jul 18 14:35:13 jh-mba kernel: Modules linked in: rfcomm bnep xt_CHECKSUM > > cpufreq_powersave xt_MASQUERADE cpufreq_conservative cpufreq_userspace > > xt_tcpudp nft_compat bridge stp llc overlay fuse nft_chain_nat nf_nat > > nf_log_ipv6 nf_log_ipv4 nf_log_common nft_log veth intel_rapl_msr btusb > > btrtl btbcm joydev binfmt_misc btintel nls_ascii nls_cp437 vfat fat > > bluetooth nft_counter drbg intel_rapl_common asix ansi_cprng ecdh_generic > > usbnet ecc mii vrf libphy x86_pkg_temp_thermal intel_powerclamp applesmc > > snd_hda_codec_hdmi snd_hda_codec_cirrus snd_hda_codec_generic coretemp > > ledtrig_audio evdev wireguard kvm_intel curve25519_x86_64 > > libcurve25519_generic libchacha20poly1305 snd_hda_intel kvm bcm5974 wl(POE) > > snd_intel_dspcfg chacha_x86_64 poly1305_x86_64 ip6_udp_tunnel efi_pstore > > udp_tunnel irqbypass snd_hda_codec libblake2s cfg80211 intel_cstate > > snd_hda_core blake2s_x86_64 libblake2s_generic libchacha snd_hwdep > > intel_uncore iTCO_wdt i915 iTCO_vendor_support intel_rapl_perf snd_pcm > > nft_ct s g efivars pcspkr nf_conntrack > > Jul 18 14:35:13 jh-mba kernel: watchdog rfkill snd_timer nf_defrag_ipv6 > > nf_defrag_ipv4 drm_kms_helper mei_me snd mei cec soundcore i2c_algo_bit sbs > > sbshc acpi_als kfifo_buf industrialio apple_bl ac button bonding nf_tables > > parport_pc(E) nfnetlink ppdev(E) lp(E) drm parport(E) sunrpc efivarfs > > ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 btrfs blake2b_generic > > zstd_decompress zstd_compress hid_apple hid_generic usbhid hid dm_crypt > > dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor > > async_tx xor raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear > > md_mod uas usb_storage sd_mod t10_pi crc_t10dif crct10dif_generic > > crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel > > ghash_clmulni_intel ahci libahci xhci_pci aesni_intel xhci_hcd libaes > > crypto_simd libata cryptd glue_helper usbcore scsi_mod i2c_i801 thunderbolt > > lpc_ich mfd_core usb_common spi_pxa2xx_platform dw_dmac video dw_dmac_core > > Jul 18 14:35:13 jh-mba kernel: CR2: 0000000000000060 > > Jul 18 14:35:13 jh-mba kernel: ---[ end trace 01b46d19ab2d30c0 ]--- > > Jul 18 14:35:13 jh-mba kernel: RIP: 0010:d_path+0x35/0x140 > > Jul 18 14:35:13 jh-mba kernel: Code: 49 89 fc 48 83 ec 28 48 8b 7f 08 89 54 > > 24 04 65 48 8b 04 25 28 00 00 00 48 89 44 24 20 31 c0 48 63 c2 48 01 f0 48 > > 89 44 24 08 <48> 8b 47 60 48 85 c0 74 22 48 8b 40 48 48 85 c0 74 19 48 3b > > 7f 18 > > Jul 18 14:35:13 jh-mba kernel: RSP: 0018:ffffb71e411cfe18 EFLAGS: 00010282 > > Jul 18 14:35:13 jh-mba kernel: RAX: ffff9a525f18700b RBX: ffff9a524fc52060 > > RCX: 00000000000004dd > > Jul 18 14:35:13 jh-mba kernel: RDX: 000000000000100b RSI: ffff9a525f186000 > > RDI: 0000000000000000 > > Jul 18 14:35:13 jh-mba kernel: RBP: ffffb71e411cfe48 R08: ffff9a52672b0060 > > R09: 0000000000000006 > > Jul 18 14:35:13 jh-mba kernel: R10: ffff9a522c99e6c0 R11: ffff9a532c99e030 > > R12: ffff9a524fc522b0 > > Jul 18 14:35:13 jh-mba kernel: R13: ffff9a52658d3708 R14: ffff9a524fc52000 > > R15: 0000000000000000 > > Jul 18 14:35:13 jh-mba kernel: FS: 00007ff68934e980(0000) > > GS:ffff9a5267280000(0000) knlGS:0000000000000000 > > Jul 18 14:35:13 jh-mba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: > > 0000000080050033 > > Jul 18 14:35:13 jh-mba kernel: CR2: 0000000000000060 CR3: 0000000226ce6002 > > CR4: 00000000001606e0 > > Jul 18 14:35:13 jh-mba kernel: Fixing recursive fault but reboot is needed! > > Jul 18 14:35:10 jh-mba audit[3163]: SYSCALL arch=c000003e syscall=263 a0=4 > > a1=55edb4e490b3 a2=0 a3=4 items=2 ppid=1 pid=3163 auid=4294967295 uid=0 > > gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 > > comm="systemd-user-ru" exe="/usr/lib/systemd/systemd-user-runtime-dir" > > subj=system_u:system_r:systemd_user_runtime_dir_t:s0 key=(null) > > Jul 18 14:35:14 jh-mba systemd[1]: systemd-hostnamed.service: Succeeded. > > Jul 18 14:35:14 jh-mba audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 > > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed > > comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? > > res=success' > > > > Line information from the debian linux-image-5.7.0-1-amd64 (version > > 5.7.6-1) package, duplicates ommitted: > > > > Reading symbols from /usr/lib/debug/boot/vmlinux-5.7.0-1-amd64... > > (gdb) l *d_path+0x35 > > 0xffffffff812dcee5 is in d_path (fs/d_path.c:275). > > 270 * > > 271 * Some pseudo inodes are mountable. When they are mounted > > 272 * path->dentry == path->mnt->mnt_root. In that case don't > > call d_dname > > 273 * and instead have d_path return the mounted path. > > 274 */ > > 275 if (path->dentry->d_op && path->dentry->d_op->d_dname && > > 276 (!IS_ROOT(path->dentry) || path->dentry != > > path->mnt->mnt_root)) > > 277 return path->dentry->d_op->d_dname(path->dentry, > > buf, buflen); > > 278 > > 279 rcu_read_lock(); > > (gdb) l *audit_log_d_path+0x75 > > 0xffffffff8114f175 is in audit_log_d_path (kernel/audit.c:2046). > > 2041 pathname = kmalloc(PATH_MAX+11, ab->gfp_mask); > > 2042 if (!pathname) { > > 2043 audit_log_string(ab, "<no_memory>"); > > 2044 return; > > 2045 } > > 2046 p = d_path(path, pathname, PATH_MAX+11); > > 2047 if (IS_ERR(p)) { /* Should never happen since we send > > PATH_MAX */ > > 2048 /* FIXME: can we save some information here? */ > > 2049 audit_log_string(ab, "<too_long>"); > > 2050 } else > > (gdb) l *audit_log_exit+0x63d > > 0xffffffff8115445d is in audit_log_exit (kernel/auditsc.c:1342). > > 1337 case 0: > > 1338 /* name was specified as a relative path > > and the > > 1339 * directory component is the cwd > > 1340 */ > > 1341 audit_log_d_path(ab, " name=", > > &context->pwd); > > 1342 break; > > 1343 default: > > 1344 /* log the name's directory component */ > > 1345 audit_log_format(ab, " name="); > > 1346 audit_log_n_untrustedstring(ab, > > n->name->name, > > (gdb) l *audit_filter_inodes+0x2e > > 0xffffffff81155e2e is in audit_filter_inodes (kernel/auditsc.c:835). > > 830 */ > > 831 void audit_filter_inodes(struct task_struct *tsk, struct > > audit_context *ctx) > > 832 { > > 833 struct audit_names *n; > > 834 > > 835 if (auditd_test_task(tsk)) > > 836 return; > > 837 > > 838 rcu_read_lock(); > > 839 > > (gdb) l *__audit_syscall_exit+0x23b > > 0xffffffff8115661b is in __audit_syscall_exit (kernel/auditsc.c:1710). > > 1705 > > 1706 audit_filter_syscall(current, context, > > 1707 > > &audit_filter_list[AUDIT_FILTER_EXIT]); > > 1708 audit_filter_inodes(current, context); > > 1709 if (context->current_state == AUDIT_RECORD_CONTEXT) > > 1710 audit_log_exit(); > > 1711 } > > 1712 > > 1713 context->in_syscall = 0; > > 1714 context->prio = context->state == AUDIT_RECORD_CONTEXT ? > > ~0ULL : 0; > > (gdb) l *syscall_slow_exit_work+0x117 > > 0xffffffff81005197 is in syscall_slow_exit_work (include/linux/audit.h:316). > > 311 { > > 312 if (unlikely(audit_context())) { > > 313 int success = is_syscall_success(pt_regs); > > 314 long return_code = regs_return_value(pt_regs); > > 315 > > 316 __audit_syscall_exit(success, return_code); > > 317 } > > 318 } > > 319 static inline struct filename *audit_reusename(const __user char > > *name) > > 320 { > > (gdb) l *do_syscall_64+0x10e > > 0xffffffff8100543e is in do_syscall_64 (arch/x86/entry/common.c:276). > > warning: Source file is more recent than executable. > > 271 /* > > 272 * First do one-time work. If these work items are > > enabled, we > > 273 * want to run them exactly once per syscall exit with IRQs > > on. > > 274 */ > > 275 if (unlikely(cached_flags & SYSCALL_EXIT_WORK_FLAGS)) > > 276 syscall_slow_exit_work(regs, cached_flags); > > 277 > > 278 local_irq_disable(); > > 279 prepare_exit_to_usermode(regs); > > 280 } > > (gdb) l *entry_SYSCALL_64_after_hwframe+0x44 > > 0xffffffff8180008c is at > > /build/linux-iTqI2R/linux-5.7.6/arch/x86/entry/entry_64.S:184. > > 179 /build/linux-iTqI2R/linux-5.7.6/arch/x86/entry/entry_64.S: No such > > file or directory. > > (gdb) l *__audit_free+0x233 > > 0xffffffff81156283 is in __audit_free (kernel/auditsc.c:1602). > > 1597 > > 1598 audit_filter_syscall(tsk, context, > > 1599 > > &audit_filter_list[AUDIT_FILTER_EXIT]); > > 1600 audit_filter_inodes(tsk, context); > > 1601 if (context->current_state == AUDIT_RECORD_CONTEXT) > > 1602 audit_log_exit(); > > 1603 } > > 1604 > > 1605 audit_set_context(tsk, NULL); > > 1606 audit_free_context(context); > > (gdb) l *do_exit+0x8d3 > > 0xffffffff81088ce3 is in do_exit (include/linux/audit.h:301). > > 296 return !p || *(int *)p; > > 297 } > > 298 static inline void audit_free(struct task_struct *task) > > 299 { > > 300 if (unlikely(task->audit_context)) > > 301 __audit_free(task); > > 302 } > > 303 static inline void audit_syscall_entry(int major, unsigned long a0, > > 304 unsigned long a1, unsigned > > long a2, > > 305 unsigned long a3) > > (gdb) l *syscall_slow_exit_work+0x117 > > 0xffffffff81005197 is in syscall_slow_exit_work (include/linux/audit.h:316). > > 311 { > > 312 if (unlikely(audit_context())) { > > 313 int success = is_syscall_success(pt_regs); > > 314 long return_code = regs_return_value(pt_regs); > > 315 > > 316 __audit_syscall_exit(success, return_code); > > 317 } > > 318 } > > 319 static inline struct filename *audit_reusename(const __user char > > *name) > > 320 { > > (gdb) l *rewind_stack_do_exit+0x17 > > (gdb) > > -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
