Kernel stack overflow
kamushadenes opened this issue · comments
- I've read and understood the Contributing guidelines and have done my best effort to follow them.
- I've read and agree to the Code of Conduct.
- I've searched for any related issues and avoided creating a duplicate issue.
Description
During boot, I'm getting a kernel oops
[ 26.856596] BUG: stack guard page was hit at ffffc900011bbff8 (stack is ffffc900011bc000..ffffc900011bffff) [ 26.859714] kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP [ 26.859714] Modules linked in: intel_rapl sb_edac edac_core crct10dif_pclmul mousedev crc32_pclmul crc32c_intel ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd ttm glue_helper cryptd drm_kms_helper drm intel_rapl_perf pcspkr psmouse syscopyarea sysfillrect ppdev sysimgblt parport_pc fb_sys_fops i2c_piix4 parport input_leds led_class fjes intel_agp intel_gtt acpi_cpufreq evdev tpm_tis tpm_tis_core tpm mac_hid sch_fq_codel ip_tables x_tables ext4 crc16 jbd2 fscrypto mbcache ata_generic pata_acpi serio_raw atkbd libps2 ata_piix libata scsi_mod floppy i8042 serio ixgbevf xen_privcmd xen_netfront xen_blkfront virtio_pci virtio_net virtio_blk virtio_ring virtio ipmi_poweroff ipmi_devintf ipmi_msghandler button [ 26.859714] CPU: 1 PID: 459 Comm: go-audit Not tainted 4.10.11-1-pagarme #1 [ 26.859714] Hardware name: Xen HVM domU, BIOS 4.2.amazon 02/16/2017 [ 26.859714] task: ffff8801090e5580 task.stack: ffffc900011bc000 [ 26.859714] RIP: 0010:_raw_spin_lock_irqsave+0x9/0x50 [ 26.859714] RSP: 0018:ffffc900011bc000 EFLAGS: 00010246 [ 26.859714] RAX: 0000000000000000 RBX: ffff8801090cc800 RCX: 0000000000000000 [ 26.859714] RDX: 0000000100100001 RSI: ffffea0004243200 RDI: ffff88010ac00d40 [ 26.859714] RBP: ffffc900011bc000 R08: 0000000000000001 R09: ffff88010ac00d40 [ 26.859714] R10: ffff8801090cc800 R11: dead000000000100 R12: ffffea0004243200 [ 26.859714] R13: ffff8801090c9800 R14: 0000000000000000 R15: ffff88010ac03040 [ 26.859714] FS: 00007f59a7a7d700(0000) GS:ffff88010b240000(0000) knlGS:0000000000000000 [ 26.859714] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.915296] CR2: ffffc900011bbff8 CR3: 0000000108a4a000 CR4: 00000000001406e0 [ 26.915296] Call Trace: [ 26.919284] __slab_free+0x148/0x3d0 [ 26.919465] ? skb_free_head+0x21/0x30 [ 26.919465] kfree+0x177/0x190 [ 26.919465] skb_free_head+0x21/0x30 [ 26.919465] skb_release_data+0x101/0x110 [ 26.919465] ? kauditd_hold_skb+0x74/0xb0 [ 26.919465] skb_release_all+0x24/0x30 [ 26.919465] kfree_skb+0x36/0xb0 [ 26.919465] kauditd_hold_skb+0x74/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 26.919465] auditd_reset+0x2f/0x70 [ 26.919465] kauditd_hold_skb+0x79/0xb0 [ 27.361241] auditd_reset+0x2f/0x70 [ 27.361241] kauditd_hold_skb+0x79/0xb0 [ 27.361241] auditd_reset+0x2f/0x70 [ 27.361241] kauditd_hold_skb+0x79/0xb0 [ 27.361241] auditd_reset+0x2f/0x70 [ 27.361241] kauditd_hold_skb+0x79/0xb0 [ 27.361241] auditd_reset+0x2f/0x70 [ 27.361241] kauditd_hold_skb+0x79/0xb0 [ 27.361241] auditd_reset+0x2f/0x70 [ 27.361241] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.375353] kauditd_hold_skb+0x79/0xb0 [ 27.375353] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.552103] kauditd_hold_skb+0x79/0xb0 [ 27.552103] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] kauditd_hold_skb+0x79/0xb0 [ 27.603420] auditd_reset+0x2f/0x70 [ 27.603420] audit_receive_msg+0x94e/0xcd0 [ 27.603420] ? __kmalloc_node_track_caller+0x35/0x2c0 [ 27.603420] audit_receive+0x4a/0xa0 [ 27.603420] netlink_unicast+0x17c/0x240 [ 27.603420] netlink_sendmsg+0x348/0x3b0 [ 27.603420] sock_sendmsg+0x17/0x30 [ 27.603420] SyS_sendto+0x101/0x150 [ 27.603420] ? __audit_syscall_entry+0xad/0xf0 [ 27.603420] ? syscall_trace_enter+0x1d9/0x300 [ 27.603420] ? __do_page_fault+0x2dc/0x510 [ 27.603420] do_syscall_64+0x54/0xc0 [ 27.603420] entry_SYSCALL64_slow_path+0x25/0x25 [ 27.603420] RIP: 0033:0x4780ba [ 27.603420] RSP: 002b:000000c42002ee10 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 27.603420] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004780ba [ 27.603420] RDX: 0000000000000038 RSI: 000000c420172020 RDI: 0000000000000005 [ 27.603420] RBP: 000000c42002ee70 R08: 000000c42015010c R09: 000000000000000c [ 27.603420] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 27.603420] R13: 00000000ffffffee R14: 0000000000000060 R15: 00000000000000aa [ 27.603420] Code: f0 80 60 02 df 0f ae f0 48 8b 00 a8 08 74 0b 65 81 25 88 ba 9c 7e ff ff ff 7f 89 d0 5d c3 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 <53> 9c 58 0f 1f 44 00 00 48 89 c3 fa 66 0f 1f 44 00 00 65 ff 05 [ 27.603420] RIP: _raw_spin_lock_irqsave+0x9/0x50 RSP: ffffc900011bc000 [ 27.603420] ---[ end trace 179041e7187b5cc2 ]--- [ 27.743043] note: go-audit[459] exited with preempt_count 1
And then I can't SSH to the machine to get more details (AWS instance)
Reproducible in:
go-audit version: Compiled from e194f88
OS version(s): Arch Linux with kernel 4.11.6
Steps to reproduce:
- Run go-audit
Expected result:
go-audit runs
Actual result:
Kernel oops
Attachments:
e.g. Logs, screenshots, screencast, sample project, funny gif, etc.
Can you share the rules you are running with?
Hello, I managed to fix the problem by adding -F auid!=1 to all rules and doubling the buffer size:
# Configure socket buffers, leave unset to use the system defaults
# Values will be doubled by the kernel
# It is recommended you do not set any of these values unless you really need to
socket_buffer:
# Default is net.core.rmem_default (/proc/sys/net/core/rmem_default)
# Maximum max is net.core.rmem_max (/proc/sys/net/core/rmem_max)
receive: 32768
events:
# Minimum event type to capture, default 1300
min: 1300
# Maximum event type to capture, default 1399
max: 1399
# Configure message sequence tracking
message_tracking:
# Track messages and identify if we missed any, default true
enabled: true
# Log out of orderness, these messages typically signify an overloading system, default false
log_out_of_order: false
# Maximum out of orderness before a missed sequence is presumed dropped, default 500
max_out_of_order: 500
# Configure where to output audit events
# Only 1 output can be active at a given time
output:
# Writes to stdout
# All program status logging will be moved to stderr
stdout:
enabled: false
# Total number of attempts to write a line before considering giving up
# If a write fails go-audit will sleep for 1 second before retrying
# Default is 3
attempts: 2
# Writes logs to syslog
syslog:
enabled: true
attempts: 5
# Configure the type of socket this should be, default is unixgram
# This maps to `network` in golangs net.Dial: https://golang.org/pkg/net/#Dial
network: unixgram
# Set the remote address to connect to, this can be a path or an ip address
# This maps to `address` in golangs net.Dial: https://golang.org/pkg/net/#Dial
address: /dev/log
# Sets the facility and severity for all events. See the table below for help
# The default is 132 which maps to local0 | warn
priority: 129 # local0 | emerg
# Typically the name of the program generating the message. The PID is of the process is appended for you: [1233]
# Default value is "go-audit"
tag: "go-audit"
# Configure logging, only stdout and stderr are used.
log:
# Gives you a bit of control over log line prefixes. Default is 0 - nothing.
# To get the `filename:lineno` you would set this to 16
#
# Ldate = 1 // the date in the local time zone: 2009/01/23
# Ltime = 2 // the time in the local time zone: 01:23:23
# Lmicroseconds = 4 // microsecond resolution: 01:23:23.123123. assumes Ltime.
# Llongfile = 8 // full file name and line number: /a/b/c/d.go:23
# Lshortfile = 16 // final file name element and line number: d.go:23. overrides Llongfile
# LUTC = 32 // if Ldate or Ltime is set, use UTC rather than the local time zone
#
# See also: https://golang.org/pkg/log/#pkg-constants
flags: 0
rules:
- -D
- -a exclude,always -F msgtype=CWD
- -a always,exit -S all -F dir=/var/log/audit -F perm=wra -k audit-logs
- -a exit,always -F arch=b64 -S execve -F auid!=-1 -k user_commands
- -a exit,always -F arch=b32 -S execve -F auid!=-1 -k user_commands
- -w /var/log/auth.log -p wra -k logs -F auid!=-1
- -w /var/log/syslog -p wra -k logs -F auid!=-1
- -a always,exit -F arch=b64 -S all -F exit=-13 -k access -F auid!=-1
- -a always,exit -S all -F dir=/etc -F perm=wa -k system -F auid!=-1
- -a always,exit -S all -F dir=/boot -F perm=wa -k system -F auid!=-1
- -a always,exit -S all -F dir=/usr/lib -F perm=wa -k system -F auid!=-1
- -a always,exit -S all -F dir=/bin -F perm=wa -k system -F auid!=-1
- -a always,exit -S all -F dir=/lib -F perm=wa -k system -F auid!=-1
- -a always,exit -S all -F dir=/lib64 -F perm=wa -k system -F auid!=-1
- -a always,exit -S all -F dir=/sbin -F perm=wa -k system -F auid!=-1
- -a always,exit -S all -F dir=/usr/bin -F perm=wa -k system -F auid!=-1
- -a always,exit -S all -F dir=/usr/sbin -F perm=wa -k system -F auid!=-1
- -a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change -F auid!=-1
- -a always,exit -F arch=b64 -S clock_settime -k time-change -F auid!=-1
- -w /etc/localtime -p wa -k time-change -F auid!=-1
- -w /etc/group -p wa -k identity -F auid!=-1
- -w /etc/passwd -p wa -k identity -F auid!=-1
- -w /etc/gshadow -p wa -k identity -F auid!=-1
- -w /etc/shadow -p wa -k identity -F auid!=-1
- -a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale -F auid!=-1
- -w /etc/issue -p wa -k system-locale -F auid!=-1
- -w /etc/issue.net -p wa -k system-locale -F auid!=-1
- -w /etc/hosts -p wa -k system-locale -F auid!=-1
- -w /var/log/faillog -p wa -k logins -F auid!=-1
- -w /var/log/lastlog -p wa -k logins -F auid!=-1
- -w /var/log/tallylog -p wa -k logins -F auid!=-1
- -w /var/run/utmp -p wa -k session -F auid!=-1
- -w /var/log/btmp -p wa -k session -F auid!=-1
- -w /var/log/wtmp -p wa -k session -F auid!=-1
- -a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -k perm_mod -F auid!=-1
- -a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -k perm_mod -F auid!=-1
- -a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovex/attr -S fremovexattr -k perm_mod -F auid!=-1
- -a always,exit -F path=/usr/bin/sg -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/chsh -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/passwd -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/mount.cifs -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/gpasswd -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/umount -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/write -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/sudo -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/wall -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/crontab -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/expiry -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/mount -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/ksu -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/chfn -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/unix_chkpwd -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/chage -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/suexec -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/newgrp -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/bin/su -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/lib/utempter/utempter -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/lib/mail-privsep -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/lib/dbus-1.0/dbus-daemon-launch-helper -F perm=x -k privileged -F auid!=-1
- -a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -k privileged -F auid!=-1
- -a always,exit -F arch=b64 -S mount -k export -F auid!=-1
- -a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -k delete -F auid!=-1
- -w /etc/sudoers -p wa -k actions -F auid!=-1
- -w /sbin/insmod -p x -k modules -F auid!=-1
- -w /sbin/rmmod -p x -k modules -F auid!=-1
- -w /sbin/modprobe -p x -k modules -F auid!=-1
- -a always,exit -F arch=b64 -S init_module -S delete_module -k modules -F auid!=-1
- -a always,exit -F arch=b32 -S open -S openat -F exit=-EACCES -k access
- -a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k access
- -a always,exit -F arch=b32 -S open -S openat -F exit=-EPERM -k access
- -a always,exit -F arch=b64 -S open -S openat -F exit=-EPERM -k access
- -a exit,always -S listen -k listen
- -e 1
# If kaudit filtering isn't powerful enough you can use the following filter mechanism
filters:
# Each filter consists of exactly 3 parts
- syscall: 49 # The syscall id of the message group (a single log line from go-audit), to test against the regex
message_type: 1130 # The message type identifier containing the data to test against the regex
regex: auid=4294967295 # The regex to test against the message specific message types data
Can you get the same problem to occur while running vanilla auditd and without the -F auid!=-1? I'll try to reproduce the kernel oops tomorrow with this ruleset as well.