1 |
On Wed, Jun 1, 2016, at 15:49, Tóth Attila wrote: |
2 |
> I've just had an unsuccessful attempt to upgrade to systemd-230-r1. It |
3 |
> segfaults and slows the system down. The symptoms are better compared to |
4 |
> -229, but still significant. |
5 |
> |
6 |
> https://forums.grsecurity.net/viewtopic.php?f=3&t=4485 |
7 |
> |
8 |
> Some relevant log entries: |
9 |
> grsec: denied resource overstep by requesting 8392704 for RLIMIT_STACK |
10 |
> against limit 8388608 for /usr/lib64/systemd/systemd[systemd:2735] |
11 |
> uid/euid:0/0 gid/egid:0/0, parent /usr/lib64/systemd/systemd[systemd:1] |
12 |
> uid/euid:0/0 gid/egid:0/0 |
13 |
> systemd[2735]: segfault at 39f8d01cf00 ip 00000368d4caa2e4 sp |
14 |
> 0000039f8d01cf00 error 6 in libc-2.23.so[368d4c62000+19a000] |
15 |
> grsec: Segmentation fault occurred at 0000039f8d01cf00 in |
16 |
> /usr/lib64/systemd/systemd[systemd:2735] uid/euid:0/0 gid/egid:0/0, |
17 |
> parent |
18 |
> /usr/lib64/systemd/systemd[systemd:1] uid/euid:0/0 gid/egid:0/0 |
19 |
> grsec: bruteforce prevention initiated for the next 30 minutes or until |
20 |
> service restarted, stalling each fork 30 seconds. Please investigate the |
21 |
> crash report for /usr/lib64/systemd/systemd[systemd:2735] uid/euid:0/0 |
22 |
> gid/egid:0/0, parent /usr/lib64/systemd/systemd[systemd:1] uid/euid:0/0 |
23 |
> gid/egid:0/0 |
24 |
> |
25 |
> systemd-coredump[2747]: Process 2735 (systemd) of user 0 dumped core. |
26 |
> |
27 |
> Stack trace of thread |
28 |
> 2735: |
29 |
> #0 0x00000368d4caa2e4 |
30 |
> _IO_vfprintf |
31 |
> (libc.so.6) |
32 |
> #1 0x00000368d4d5e852 |
33 |
> __vsnprintf_chk |
34 |
> (libc.so.6) |
35 |
> #2 0x00000368d4d5e7a4 |
36 |
> __snprintf_chk |
37 |
> (libc.so.6) |
38 |
> #3 0x00000000df8db344 |
39 |
> n/a (systemd) |
40 |
> #4 0x00000000df8db9aa |
41 |
> n/a (systemd) |
42 |
> #5 0x00000000df8da72f |
43 |
> n/a (systemd) |
44 |
> #6 0x00000000df8db314 |
45 |
> n/a (systemd) |
46 |
> #7 0x00000000df8db9aa |
47 |
> n/a (systemd) |
48 |
> #8 0x00000000df8da72f |
49 |
> n/a (systemd) |
50 |
> #9 0x00000000df8db314 |
51 |
> n/a (systemd) |
52 |
> #10 0x00000000df8db9aa |
53 |
> n/a (systemd) |
54 |
> #11 0x00000000df8da72f |
55 |
> n/a (systemd) |
56 |
> #12 0x00000000df8db314 |
57 |
> n/a (systemd) |
58 |
> #13 0x00000000df8db9aa |
59 |
> n/a (systemd) |
60 |
> #14 0x00000000df8da72f |
61 |
> n/a (systemd) |
62 |
> #15 0x00000000df8db314 |
63 |
> n/a (systemd) |
64 |
> #16 0x00000000df8db9aa |
65 |
> n/a (systemd) |
66 |
> #17 0x00000000df8da72f |
67 |
> n/a (systemd) |
68 |
> #18 0x00000000df8db314 |
69 |
> n/a (systemd) |
70 |
> #19 0x00000000df8db9aa |
71 |
> n/a (systemd) |
72 |
> #20 0x00000000df8da72f |
73 |
> n/a (systemd) |
74 |
> #21 0x00000000df8db314 |
75 |
> n/a (systemd) |
76 |
> #22 0x00000000df8db9aa |
77 |
> n/a (systemd) |
78 |
> #23 0x00000000df8da72f |
79 |
> n/a (systemd) |
80 |
> #24 0x00000000df8db314 |
81 |
> n/a (systemd) |
82 |
> #25 0x00000000df8db9aa |
83 |
> n/a (systemd) |
84 |
> #26 0x00000000df8da72f |
85 |
> n/a (systemd) |
86 |
> #27 0x00000000df8db314 |
87 |
> n/a (systemd) |
88 |
> #28 0x00000000df8db9aa |
89 |
> n/a (systemd) |
90 |
> #29 0x00000000df8da72f |
91 |
> n/a (systemd) |
92 |
> #30 0x00000000df8db314 |
93 |
> n/a (systemd) |
94 |
> #31 0x00000000df8db9aa |
95 |
> n/a (systemd) |
96 |
> #32 0x00000000df8da72f |
97 |
> n/a (systemd) |
98 |
> #33 0x00000000df8db314 |
99 |
> n/a (systemd) |
100 |
> #34 0x00000000df8db9aa |
101 |
> n/a (systemd) |
102 |
> #35 0x00000000df8da72f |
103 |
> n/a (systemd) |
104 |
> #36 0x00000000df8db314 |
105 |
> n/a (systemd) |
106 |
> #37 0x00000000df8db9aa |
107 |
> n/a (systemd) |
108 |
> #38 0x00000000df8da72f |
109 |
> n/a (systemd) |
110 |
> #39 0x00000000df8db314 |
111 |
> n/a (systemd) |
112 |
> #40 0x00000000df8db9aa |
113 |
> n/a (systemd) |
114 |
> #41 0x00000000df8da72f |
115 |
> n/a (systemd) |
116 |
> #42 0x00000000df8db314 |
117 |
> n/a (systemd) |
118 |
> #43 0x00000000df8db9aa |
119 |
> n/a (systemd) |
120 |
> #44 0x00000000df8da72f |
121 |
> n/a (systemd) |
122 |
> #45 0x00000000df8db314 |
123 |
> n/a (systemd) |
124 |
> #46 0x00000000df8db9aa |
125 |
> n/a (systemd) |
126 |
> #47 0x00000000df8da72f |
127 |
> n/a (systemd) |
128 |
> #48 0x00000000df8db314 |
129 |
> n/a (systemd) |
130 |
> #49 0x00000000df8db9aa |
131 |
> n/a (systemd) |
132 |
> #50 0x00000000df8da72f |
133 |
> n/a (systemd) |
134 |
> #51 0x00000000df8db314 |
135 |
> n/a (systemd) |
136 |
> #52 0x00000000df8db9aa |
137 |
> n/a (systemd) |
138 |
> #53 0x00000000df8da72f |
139 |
> n/a (systemd) |
140 |
> #54 0x00000000df8db314 |
141 |
> n/a (systemd) |
142 |
> #55 0x00000000df8db9aa |
143 |
> n/a (systemd) |
144 |
> #56 0x00000000df8da72f |
145 |
> n/a (systemd) |
146 |
> #57 0x00000000df8db314 |
147 |
> n/a (systemd) |
148 |
> #58 0x00000000df8db9aa |
149 |
> n/a (systemd) |
150 |
> #59 0x00000000df8da72f |
151 |
> n/a (systemd) |
152 |
> #60 0x00000000df8db314 |
153 |
> n/a (systemd) |
154 |
> #61 0x00000000df8db9aa |
155 |
> n/a (systemd) |
156 |
> #62 0x00000000df8da72f |
157 |
> n/a (systemd) |
158 |
> #63 0x00000000df8db314 |
159 |
> n/a (systemd) |
160 |
> systemd-logind[897]: Failed to abandon session scope: Connection timed |
161 |
> out |
162 |
> |
163 |
> |
164 |
> Any of you have problems with the latest versions of systemd as well? Any |
165 |
> ideas? |
166 |
> |
167 |
> Thanks: |
168 |
> Dw. |
169 |
> -- |
170 |
> dr Tóth Attila, Radiológus, 06-20-825-8057 |
171 |
> Attila Toth MD, Radiologist, +36-20-825-8057 |
172 |
> |
173 |
> 2016.Március 10.(Cs) 01:53 időpontban "Tóth Attila" ezt írta: |
174 |
> > After upgrading to systemd-229 it segfaults early during boot triggering |
175 |
> > bruteforce prevention, which renders the system annoyingly slow. |
176 |
> > |
177 |
> > grsec: Segmentation fault occurred at 000003e45975efd0 in |
178 |
> > /usr/lib64/systemd/systemd[systemd:1135] |
179 |
> > grsec: bruteforce prevention initiated for the next 30 minutes or until |
180 |
> > service restarted, stalling each fork 30 seconds. Please investigate the |
181 |
> > crash report for /usr/lib64/systemd/systemd[systemd:1135] |
182 |
> > |
183 |
> > Avoid it or be aware that might happen: Dw. |
184 |
> > -- |
185 |
> > dr Tóth Attila, Radiológus, 06-20-825-8057 |
186 |
> > Attila Toth MD, Radiologist, +36-20-825-8057 |
187 |
|
188 |
Not necessarily the ideal solution, but have you tried twiddling with |
189 |
the stack size in limits.conf? |
190 |
|
191 |
If I read this right, grsec limits the size of the stack, which causes |
192 |
the process to segfault. |
193 |
|
194 |
-- |
195 |
0x7D964D3361142ACF |