Gentoo Archives: gentoo-hardened

From:	"Anthony G. Basile" <basile@××××××××××××××.edu>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade
Date:	Sat, 12 Jan 2013 23:16:47
Message-Id:	`50F1EED8.8040503@opensource.dyc.edu`
In Reply to:	[gentoo-hardened] Crashes after 3.7.0-hardened upgrade by Michael Orlitzky

1	Its e1000. This was an unknown issue until just recently. Is supposed
2	to be fixed in the latest 3.7.1-r2. Let me know if it is and I'll drop
3	3.7.0 in favor of 3.7.1-r2.
4
5	My appologies. I do test, but its impossible to test on every possible
6	hardware config.
7
8	--Tony
9
10	On 01/12/2013 05:22 PM, Michael Orlitzky wrote:
11	> I recently updated all of our servers to 3.7.0-hardened (from
12	> 3.4.2-hardened-r1) and re-did our iptables rules to avoid future pain[1]
13	> from the state -> conntrack switch.
14	>
15	> The first thing I noticed was that vsftpd apparently crashed on my own
16	> box, michael.orlitzky.com. The server stayed up, though, until I did
17	> something stupid and tried to kill the crashed process. Then it
18	> panicked. I drove to work, rebooted, and disabled vsftpd. Naturally that
19	> hasn't happened again.
20	>
21	> Last night, our VPN firewall went down; panicked, around 11:30pm. Drove
22	> to work today and rebooted it, but I'm not sure what the underlying
23	> cause was -- I didn't get a shot of the panic message. The only thing it
24	> does is OpenVPN on two e1000s.
25	>
26	> I've been looking through the dmesg of our other servers, just to see if
27	> anything looks out of the ordinary. There's one other machine still
28	> running vsftpd that has a non-fatal (i.e. stuff is still running) crash.
29	> There are more errors above this if needed, although I'm going to have
30	> to reboot it now.
31	>
32	> On the VPN box, I'll probably bump to 3.7.1-r2 and just pray unless
33	> someone has a better suggestion.
34	>
35	>
36	> grsec: From 61.160.222.83: Invalid alignment/Bus error occurred at
37	> 000000608f728691 in
38	> /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
39	> uid/euid:0/0 gid/egid:0/0, parent
40	> /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
41	> uid/euid:0/0 gid/egid:0/0
42	> grsec: From 61.160.222.83: bruteforce prevention initiated for the next
43	> 30 minutes or until service restarted, stalling each fork 30 seconds.
44	> Please investigate the crash report for
45	> /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
46	> uid/euid:0/0 gid/egid:0/0, parent
47	> /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
48	> uid/euid:0/0 gid/egid:0/0
49	> grsec: From 61.160.222.83: denied resource overstep by requesting 4096
50	> for RLIMIT_CORE against limit 0 for
51	> /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:7764]
52	> uid/euid:0/0 gid/egid:0/0, parent
53	> /var/log/apache2/abogadosdeaccidentedeautoenmarylandblog.com/www/error/error-2013-01-06.log[vsftpd:2583]
54	> uid/euid:0/0 gid/egid:0/0
55	> PAX: please report this to pageexec@××××××××.hu
56	> BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
57	> IP: [<ffffffff81029972>] dup_mm+0x261/0x4c0
58	> PGD 18c661000
59	> Thread overran stack, or stack corrupted
60	> Oops: 0000 [#1] SMP
61	> Modules linked in: xt_tcpudp xt_multiport nf_conntrack_ipv4
62	> nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables
63	> x_tables cpufreq_ondemand uhci_hcd ehci_hcd thermal usbcore acpi_cpufreq
64	> tg3 microcode freq_table mperf usb_common processor libphy thermal_sys
65	> hwmon unix
66	> CPU 0
67	> Pid: 2583, comm: vsftpd Not tainted 3.7.0-hardened #1 HP ProLiant DL380 G4
68	> RIP: 0010:[<ffffffff81029972>] [<ffffffff81029972>] dup_mm+0x261/0x4c0
69	> RSP: 0018:ffff880187a4ddc0 EFLAGS: 00010286
70	> RAX: 0000000000000000 RBX: ffff880193c4c508 RCX: 0000000000000000
71	> RDX: ffff88018c4df500 RSI: ffff880193c4c508 RDI: ffff880154c32cf0
72	> RBP: ffff8801748fa3c0 R08: ffff88019bc112b0 R09: ffffffff810298cd
73	> R10: 8000000000000000 R11: ffff88018c4c9e00 R12: ffff88018bfc30c0
74	> R13: ffff880154c32cf0 R14: ffff8801748fa420 R15: ffff88018bfc3120
75	> FS: 000002ef1e350700(0000) GS:ffff88019bc00000(0000) knlGS:0000000000000000
76	> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
77	> CR2: 0000000000000030 CR3: 0000000001329000 CR4: 00000000000007b0
78	> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
79	> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
80	> Process vsftpd (pid: 2583, threadinfo ffff8801907e3ca8, task
81	> ffff8801907e38d0)
82	> Stack:
83	> 0000000000000000 0000000000000000 0000000000000000 ffff8801748fa3c0
84	> 0000000000000000 ffff8801748fa3c8 ffff880194c52540 0000000001200011
85	> ffff880174920000 0000000000000000 000002ef1e3509d0 0000000000000000
86	> Call Trace:
87	> [<ffffffff8102a42e>] ? copy_process+0x829/0x119e
88	> [<ffffffff8102ae24>] ? do_fork+0x5c/0x2c2
89	> [<ffffffff8131f873>] ? stub_clone+0x13/0x20
90	> [<ffffffff8131f608>] ? system_call_fastpath+0x18/0x1d
91	> Code: 00 00 00 00 49 c7 45 18 00 00 00 00 49 c7 85 b0 00 00 00 00 00 00
92	> 00 49 8b 95 98 00 00 00 48 85 d2 0f 84 85 00 00 00 48 8b 42 18<48> 8b
93	> 48 30 48 8b 82 c8 00 00 00 f0 48 ff 42 30 71 07 f0 48 ff
94	> RIP [<ffffffff81029972>] dup_mm+0x261/0x4c0
95	> RSP<ffff880187a4ddc0>
96	> CR2: 0000000000000030
97	> ---[ end trace 969655b532a2156e ]---
98	>
99	>
100	>
101	>
102	> [1] https://bugs.gentoo.org/show_bug.cgi?id=448906
103
104
105	--
106	Anthony G. Basile, Ph. D.
107	Chair of Information Technology
108	D'Youville College
109	Buffalo, NY 14201
110	(716) 829-8197

Replies

Subject	Author
Re: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade	Michael Orlitzky <michael@××××××××.com>
Re: [gentoo-hardened] Crashes after 3.7.0-hardened upgrade	Michael Orlitzky <michael@××××××××.com>

Report Message

Find on MARC Find on Google Groups