Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Tóth Attila" <atoth@××××××××××.hu>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade
Date: Sat, 12 Jan 2013 23:22:31
Message-Id: bc02457613fd9bb587c5fa53bf534634.squirrel@atoth.sote.hu
In Reply to: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade by Michael Orlitzky
1 Regarding the panic also see:
2 CONFIG_GRKERNSEC_BRUTE kernel config option.
3 It tries to counteract brute-forcing probes.
4 In case of process running as a user it kills, if it's running as root it
5 makes the system panic.
6 --
7 dr Tóth Attila, Radiológus, 06-20-825-8057
8 Attila Toth MD, Radiologist, +36-20-825-8057
9
10 2013.Január 12.(Szo) 23:22 időpontban Michael Orlitzky ezt írta:
11 > I recently updated all of our servers to 3.7.0-hardened (from
12 > 3.4.2-hardened-r1) and re-did our iptables rules to avoid future pain[1]
13 > from the state -> conntrack switch.
14 >
15 > The first thing I noticed was that vsftpd apparently crashed on my own
16 > box, michael.orlitzky.com. The server stayed up, though, until I did
17 > something stupid and tried to kill the crashed process. Then it
18 > panicked. I drove to work, rebooted, and disabled vsftpd. Naturally that
19 > hasn't happened again.
20 >
21 > Last night, our VPN firewall went down; panicked, around 11:30pm. Drove
22 > to work today and rebooted it, but I'm not sure what the underlying
23 > cause was -- I didn't get a shot of the panic message. The only thing it
24 > does is OpenVPN on two e1000s.
25 >
26 > I've been looking through the dmesg of our other servers, just to see if
27 > anything looks out of the ordinary. There's one other machine still
28 > running vsftpd that has a non-fatal (i.e. stuff is still running) crash.
29 > There are more errors above this if needed, although I'm going to have
30 > to reboot it now.
31 >
32 > On the VPN box, I'll probably bump to 3.7.1-r2 and just pray unless
33 > someone has a better suggestion.
34 >
35 >
36 > grsec: From 61.160.222.83: Invalid alignment/Bus error occurred at
37 > 000000608f728691 in
38 > /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
39 > uid/euid:0/0 gid/egid:0/0, parent
40 > /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
41 > uid/euid:0/0 gid/egid:0/0
42 > grsec: From 61.160.222.83: bruteforce prevention initiated for the next
43 > 30 minutes or until service restarted, stalling each fork 30 seconds.
44 > Please investigate the crash report for
45 > /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
46 > uid/euid:0/0 gid/egid:0/0, parent
47 > /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
48 > uid/euid:0/0 gid/egid:0/0
49 > grsec: From 61.160.222.83: denied resource overstep by requesting 4096
50 > for RLIMIT_CORE against limit 0 for
51 > /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
52 > uid/euid:0/0 gid/egid:0/0, parent
53 > /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
54 > uid/euid:0/0 gid/egid:0/0
55 > PAX: please report this to pageexec@××××××××.hu
56 > BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
57 > IP: [<ffffffff81029972>] dup_mm+0x261/0x4c0
58 > PGD 18c661000
59 > Thread overran stack, or stack corrupted
60 > Oops: 0000 [#1] SMP
61 > Modules linked in: xt_tcpudp xt_multiport nf_conntrack_ipv4
62 > nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables
63 > x_tables cpufreq_ondemand uhci_hcd ehci_hcd thermal usbcore acpi_cpufreq
64 > tg3 microcode freq_table mperf usb_common processor libphy thermal_sys
65 > hwmon unix
66 > CPU 0
67 > Pid: 2583, comm: vsftpd Not tainted 3.7.0-hardened #1 HP ProLiant DL380 G4
68 > RIP: 0010:[<ffffffff81029972>] [<ffffffff81029972>] dup_mm+0x261/0x4c0
69 > RSP: 0018:ffff880187a4ddc0 EFLAGS: 00010286
70 > RAX: 0000000000000000 RBX: ffff880193c4c508 RCX: 0000000000000000
71 > RDX: ffff88018c4df500 RSI: ffff880193c4c508 RDI: ffff880154c32cf0
72 > RBP: ffff8801748fa3c0 R08: ffff88019bc112b0 R09: ffffffff810298cd
73 > R10: 8000000000000000 R11: ffff88018c4c9e00 R12: ffff88018bfc30c0
74 > R13: ffff880154c32cf0 R14: ffff8801748fa420 R15: ffff88018bfc3120
75 > FS: 000002ef1e350700(0000) GS:ffff88019bc00000(0000)
76 > knlGS:0000000000000000
77 > CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
78 > CR2: 0000000000000030 CR3: 0000000001329000 CR4: 00000000000007b0
79 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
80 > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
81 > Process vsftpd (pid: 2583, threadinfo ffff8801907e3ca8, task
82 > ffff8801907e38d0)
83 > Stack:
84 > 0000000000000000 0000000000000000 0000000000000000 ffff8801748fa3c0
85 > 0000000000000000 ffff8801748fa3c8 ffff880194c52540 0000000001200011
86 > ffff880174920000 0000000000000000 000002ef1e3509d0 0000000000000000
87 > Call Trace:
88 > [<ffffffff8102a42e>] ? copy_process+0x829/0x119e
89 > [<ffffffff8102ae24>] ? do_fork+0x5c/0x2c2
90 > [<ffffffff8131f873>] ? stub_clone+0x13/0x20
91 > [<ffffffff8131f608>] ? system_call_fastpath+0x18/0x1d
92 > Code: 00 00 00 00 49 c7 45 18 00 00 00 00 49 c7 85 b0 00 00 00 00 00 00
93 > 00 49 8b 95 98 00 00 00 48 85 d2 0f 84 85 00 00 00 48 8b 42 18 <48> 8b
94 > 48 30 48 8b 82 c8 00 00 00 f0 48 ff 42 30 71 07 f0 48 ff
95 > RIP [<ffffffff81029972>] dup_mm+0x261/0x4c0
96 > RSP <ffff880187a4ddc0>
97 > CR2: 0000000000000030
98 > ---[ end trace 969655b532a2156e ]---
99 >
100 >
101 >
102 >
103 > [1] https://bugs.gentoo.org/show_bug.cgi?id=448906
104 >

Replies

Subject Author
Re: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade Michael Orlitzky <michael@××××××××.com>
Report Message
Find on MARC Find on Google Groups