Gentoo Archives: gentoo-hardened

From: Michael Orlitzky <michael@××××××××.com>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade
Date: Sat, 12 Jan 2013 22:22:48
Message-Id: 50F1E22F.2060401@orlitzky.com
1 I recently updated all of our servers to 3.7.0-hardened (from
2 3.4.2-hardened-r1) and re-did our iptables rules to avoid future pain[1]
3 from the state -> conntrack switch.
4
5 The first thing I noticed was that vsftpd apparently crashed on my own
6 box, michael.orlitzky.com. The server stayed up, though, until I did
7 something stupid and tried to kill the crashed process. Then it
8 panicked. I drove to work, rebooted, and disabled vsftpd. Naturally that
9 hasn't happened again.
10
11 Last night, our VPN firewall went down; panicked, around 11:30pm. Drove
12 to work today and rebooted it, but I'm not sure what the underlying
13 cause was -- I didn't get a shot of the panic message. The only thing it
14 does is OpenVPN on two e1000s.
15
16 I've been looking through the dmesg of our other servers, just to see if
17 anything looks out of the ordinary. There's one other machine still
18 running vsftpd that has a non-fatal (i.e. stuff is still running) crash.
19 There are more errors above this if needed, although I'm going to have
20 to reboot it now.
21
22 On the VPN box, I'll probably bump to 3.7.1-r2 and just pray unless
23 someone has a better suggestion.
24
25
26 grsec: From 61.160.222.83: Invalid alignment/Bus error occurred at
27 000000608f728691 in
28 /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
29 uid/euid:0/0 gid/egid:0/0, parent
30 /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
31 uid/euid:0/0 gid/egid:0/0
32 grsec: From 61.160.222.83: bruteforce prevention initiated for the next
33 30 minutes or until service restarted, stalling each fork 30 seconds.
34 Please investigate the crash report for
35 /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
36 uid/euid:0/0 gid/egid:0/0, parent
37 /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
38 uid/euid:0/0 gid/egid:0/0
39 grsec: From 61.160.222.83: denied resource overstep by requesting 4096
40 for RLIMIT_CORE against limit 0 for
41 /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
42 uid/euid:0/0 gid/egid:0/0, parent
43 /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
44 uid/euid:0/0 gid/egid:0/0
45 PAX: please report this to pageexec@××××××××.hu
46 BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
47 IP: [<ffffffff81029972>] dup_mm+0x261/0x4c0
48 PGD 18c661000
49 Thread overran stack, or stack corrupted
50 Oops: 0000 [#1] SMP
51 Modules linked in: xt_tcpudp xt_multiport nf_conntrack_ipv4
52 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables
53 x_tables cpufreq_ondemand uhci_hcd ehci_hcd thermal usbcore acpi_cpufreq
54 tg3 microcode freq_table mperf usb_common processor libphy thermal_sys
55 hwmon unix
56 CPU 0
57 Pid: 2583, comm: vsftpd Not tainted 3.7.0-hardened #1 HP ProLiant DL380 G4
58 RIP: 0010:[<ffffffff81029972>] [<ffffffff81029972>] dup_mm+0x261/0x4c0
59 RSP: 0018:ffff880187a4ddc0 EFLAGS: 00010286
60 RAX: 0000000000000000 RBX: ffff880193c4c508 RCX: 0000000000000000
61 RDX: ffff88018c4df500 RSI: ffff880193c4c508 RDI: ffff880154c32cf0
62 RBP: ffff8801748fa3c0 R08: ffff88019bc112b0 R09: ffffffff810298cd
63 R10: 8000000000000000 R11: ffff88018c4c9e00 R12: ffff88018bfc30c0
64 R13: ffff880154c32cf0 R14: ffff8801748fa420 R15: ffff88018bfc3120
65 FS: 000002ef1e350700(0000) GS:ffff88019bc00000(0000) knlGS:0000000000000000
66 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
67 CR2: 0000000000000030 CR3: 0000000001329000 CR4: 00000000000007b0
68 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
69 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
70 Process vsftpd (pid: 2583, threadinfo ffff8801907e3ca8, task
71 ffff8801907e38d0)
72 Stack:
73 0000000000000000 0000000000000000 0000000000000000 ffff8801748fa3c0
74 0000000000000000 ffff8801748fa3c8 ffff880194c52540 0000000001200011
75 ffff880174920000 0000000000000000 000002ef1e3509d0 0000000000000000
76 Call Trace:
77 [<ffffffff8102a42e>] ? copy_process+0x829/0x119e
78 [<ffffffff8102ae24>] ? do_fork+0x5c/0x2c2
79 [<ffffffff8131f873>] ? stub_clone+0x13/0x20
80 [<ffffffff8131f608>] ? system_call_fastpath+0x18/0x1d
81 Code: 00 00 00 00 49 c7 45 18 00 00 00 00 49 c7 85 b0 00 00 00 00 00 00
82 00 49 8b 95 98 00 00 00 48 85 d2 0f 84 85 00 00 00 48 8b 42 18 <48> 8b
83 48 30 48 8b 82 c8 00 00 00 f0 48 ff 42 30 71 07 f0 48 ff
84 RIP [<ffffffff81029972>] dup_mm+0x261/0x4c0
85 RSP <ffff880187a4ddc0>
86 CR2: 0000000000000030
87 ---[ end trace 969655b532a2156e ]---
88
89
90
91
92 [1] https://bugs.gentoo.org/show_bug.cgi?id=448906

Replies

Subject Author
Re: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade "Anthony G. Basile" <basile@××××××××××××××.edu>
Re: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade "Tóth Attila" <atoth@××××××××××.hu>