Giters

slackhq / go-audit

go-audit is an alternative to the auditd daemon that ships with many distros

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

kernel got panic with go-audit

jiangytcn opened this issue · comments

commented
  • I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've searched for any related issues and avoided creating a duplicate issue.

Description

e.g. Description of the bug or feature

Reproducible in:

go-audit version: master build
OS version(s): ubuntu 14.04 virtual appliance

Steps to reproduce:

  1. build go-audit with golang 1.7.1
  2. generate config file
  3. stop auditd
  4. start go-audit

Expected result:

e.g. What you expected to happen

Actual result:

kernel panic

e.g. What actually happened

Attachments:

e.g. Logs, screenshots, screencast, sample project, funny gif, etc.

[11569.640940] audit: netlink_unicast sending to audit_pid=30964 returned error: -111
[11569.643620] Kernel panic - not syncing: audit: audit_pid=30964 reset
[11569.643620]
[11569.644928] CPU: 0 PID: 918 Comm: kauditd Not tainted 4.4.0-75-generic #9614.04.1-Ubuntu
[11569.644928] Hardware name: OpenStack Foundation OpenStack Nova, BIOS Ubuntu-1.8.2-1ubuntu1cloud0 04/01/2014
[11569.644928] 0000000000000000 ffff880235253d68 ffffffff813dce3c ffffffff81ccf361
[11569.644928] ffff8802347191e4 ffff880235253de0 ffffffff81182e9c 0000000000000010
[11569.644928] ffff880235253df0 ffff880235253d90 ffff880235253da0 ffff880235253e28
[11569.644928] Call Trace:
[11569.644928] [] dump_stack+0x63/0x87
[11569.644928] [] panic+0xc8/0x20f
[11569.644928] [] audit_panic+0x5e/0x60
[11569.644928] [] audit_log_lost+0x3f/0xc0
[11569.644928] [] kauditd_send_skb+0x122/0x150
[11569.644928] [] ? audit_printk_skb+0x70/0x70
[11569.644928] [] kauditd_thread+0x78/0x190
[11569.644928] [] ? prepare_to_wait_event+0xf0/0xf0
[11569.644928] [] kthread+0xc9/0xe0
[11569.644928] [] ? kthread_park+0x60/0x60
[11569.644928] [] ret_from_fork+0x3f/0x70
[11569.644928] [] ? kthread_park+0x60/0x60
[11569.644928] Kernel Offset: disabled
[11569.644928] ---[ end Kernel panic - not syncing: audit: audit_pid=30964 reset
[11569.644928]

commented

Interesting, mind sharing the audit rules that were active when this panic occurred as well as a rough estimate of audit logging rate?