cc: eparis. This might be a new audit bug. On Mon, Jun 16, 2014 at 10:36 AM, Toralf Förster <toralf.foers...@gmx.de> wrote: > On 06/16/2014 07:32 PM, Andy Lutomirski wrote: >> On Mon, Jun 16, 2014 at 10:29 AM, Richard Weinberger <rich...@nod.at> wrote: >>> Am 16.06.2014 19:25, schrieb Andy Lutomirski: >>>> On Mon, Jun 16, 2014 at 10:21 AM, Richard Weinberger >>>> <richard.weinber...@gmail.com> wrote: >>>>> On Mon, Jun 16, 2014 at 6:33 PM, Toralf Förster <toralf.foers...@gmx.de> >>>>> wrote: >>>>>> $ cat syscall.c >>>>>> #include <unistd.h> >>>>>> #include <sys/syscall.h> >>>>>> int main(){return syscall(1000)!=-1;} >>>> >>>> What architecture are you building for? On i386 and x86_64, 1000 >>>> shouldn't be big enough to trigger this. >>> >>> Toralf, is this an UML kernel? >>> >> >> I'm also interested in the userspace architecture. If it's x32 >> userspace, then I'm not surprised that there's a problem. > > It is a x86 system (ThinkPad T420) - not x32.
I don't think this is CVE-2014-3917. It looks like you're hitting this BUG: BUG_ON(context->in_syscall || context->name_count); Can you send the output of: auditctl -l [run as root] and dmesg |grep audit Are you using ptrace or anything like that (e.g. strace) when you trigger this? Are you using a funny glibc version? Do you have selinux or something like that enabled? --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/