4.9 kernel panic in netlink unicast because audit replace passing audit sock as NULL
Kassey Li
kasseyli at outlook.com
Fri Oct 12 02:43:58 UTC 2018
hi, Paul:
we got one kernel panic on 4.9 kernel
[16237.397896] [2018:10:09 23:06:55]audit: audit_pid=20802 reset
[16238.098916] [2018:10:09 23:06:57]Unable to handle kernel NULL pointer dereference at virtual address 00000280
audit_sock is set to NULL in kauditd_send_skb, but later we are access it again in audit_replace caused this panic.
is there patch for such SW issue on 4.9 kernel ?
static int audit_replace(pid_t pid)
{
struct sk_buff *skb = audit_make_reply(0, 0, AUDIT_REPLACE, 0, 0,
&pid, sizeof(pid));
if (!skb)
return -ENOMEM;
return netlink_unicast(audit_sock, skb, audit_nlk_portid, 0);
}
Br
kassey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20181012/186b5429/attachment.htm>
More information about the Linux-audit
mailing list