grsecurity forums

Skip to content

grsecurity-2.1.5-2.6.11.9 kernel oops

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

grsecurity-2.1.5-2.6.11.9 kernel oops

Postby bmcmurphy » Tue May 24, 2005 11:37 am

Hi Folks,

We've had persistent kernel oops problems. Captured this one today. Has anyone else had issues like this?

Thanks

Jim Sheehy


Code: Select all
ksymoops 2.4.11 on i686 2.6.11.9-grsec.  Options used
     -V (default)
     -k /proc/ksyms (default)
     -l /proc/modules (default)
     -o /lib/modules/2.6.11.9-grsec/ (default)
     -m /boot/System.map (specified)

Error (regular_file): read_ksyms stat /proc/ksyms failed
ksymoops: No such file or directory
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
May 20 01:20:03 dor-secft1 kernel: Unable to handle kernel paging request at virtual address eb6adff0
May 20 01:20:03 dor-secft1 kernel: c034e425
May 20 01:20:03 dor-secft1 kernel: *pgd = 60e067
May 20 01:20:03 dor-secft1 kernel: Oops: 0000 [#1]I
May 20 01:20:03 dor-secft1 kernel: CPU:    0
May 20 01:20:03 dor-secft1 kernel: EIP:    0060:[<c034e425>]    Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
May 20 01:20:03 dor-secft1 kernel: EFLAGS: 00010293   (2.6.11.9-grsec)
May 20 01:20:03 dor-secft1 kernel: eax: eb6ada90   ebx: 00008501   ecx: 00001ffe   edx: 4cfea8c0
May 20 01:20:03 dor-secft1 kernel: esi: ffffffff   edi: 00008501   ebp: eb747dc0   esp: eb747da4
May 20 01:20:03 dor-secft1 kernel: ds: 007b   es: 007b   ss: 0068
May 20 01:20:03 dor-secft1 kernel: Stack: 0000a7a4 a7a47dbc 0dfea8c0 4cfea8c0 eb6c4a90 eb746000 0000000d eb747de8
May 20 01:20:03 dor-secft1 kernel:        c034e5d8 eb6c4a90 00000000 eb747df4 c1596740 f7c25f78 eb6c4a90 eb6c4a90
May 20 01:20:04 dor-secft1 kernel:        eb6c4a90 eb747e20 c01842ec eb6c4a90 0000000d 00000092 0000000d 00000000
May 20 01:20:04 dor-secft1 kernel: Call Trace:
May 20 01:20:04 dor-secft1 kernel:  [<c016c96f>] show_stack+0x7f/0xa0
May 20 01:20:04 dor-secft1 kernel:  [<c016cb12>] show_registers+0x152/0x1d0
May 20 01:20:04 dor-secft1 kernel:  [<c016cde3>] die+0x1a3/0x2c0
May 20 01:20:04 dor-secft1 kernel:  [<c01785c1>] do_page_fault+0x631/0xaf0
May 20 01:20:04 dor-secft1 kernel:  [<c016c45b>] error_code+0x2b/0x30
May 20 01:20:04 dor-secft1 kernel:  [<c034e5d8>] gr_del_task_from_ip_table+0x98/0x1a0
May 20 01:20:04 dor-secft1 kernel:  [<c01842ec>] do_exit+0xac/0x6b0
May 20 01:20:04 dor-secft1 kernel:  [<c0184b13>] do_group_exit+0x1e3/0x220
May 20 01:20:04 dor-secft1 kernel:  [<c0192c05>] get_signal_to_deliver+0x2b5/0x800
May 20 01:20:04 dor-secft1 kernel:  [<c016bff9>] do_signal+0xb9/0x100
May 20 01:20:04 dor-secft1 kernel:  [<c016c099>] do_notify_resume+0x59/0x60
May 20 01:20:04 dor-secft1 kernel:  [<c016c24e>] work_notifysig+0x13/0x15
May 20 01:20:04 dor-secft1 kernel: Code: 9d c0 8b 5a c0 85 c0 74 14 a1 80 b3 54 c0 89 04 8d c0 8b 5a c0 83 c4 10 5b 5e 5f 5d c3 31 c0 89 04 8d c0 8b 5a c0 eb ed 8b 55 f0 <39> 90 60 05 00 00 75 8c 8b 55 ec 39 90 64 05 00 00 75 81 8b 55


>>EIP; c034e425 <gr_del_task_from_ip_table_nolock+105/140>   <=====

>>eax; eb6ada90 <pg0+2b0b6a90/3fa07400>
>>esi; ffffffff <__kernel_rt_sigreturn+1bbf/????>
>>ebp; eb747dc0 <pg0+2b150dc0/3fa07400>
>>esp; eb747da4 <pg0+2b150da4/3fa07400>

Trace; c016c96f <show_stack+7f/a0>
Trace; c016cb12 <show_registers+152/1d0>
Trace; c016cde3 <die+1a3/2c0>
Trace; c01785c1 <do_page_fault+631/af0>
Trace; c016c45b <error_code+2b/30>
Trace; c034e5d8 <gr_del_task_from_ip_table+98/1a0>
Trace; c01842ec <do_exit+ac/6b0>
Trace; c0184b13 <do_group_exit+1e3/220>
Trace; c0192c05 <get_signal_to_deliver+2b5/800>
Trace; c016bff9 <do_signal+b9/100>
Trace; c016c099 <do_notify_resume+59/60>
Trace; c016c24e <work_notifysig+13/15>

This architecture has variable length instructions, decoding before eip
is unreliable, take these instructions with a pinch of salt.

Code;  c034e3fa <gr_del_task_from_ip_table_nolock+da/140>
00000000 <_EIP>:
Code;  c034e3fa <gr_del_task_from_ip_table_nolock+da/140>
   0:   9d                        popf   
Code;  c034e3fb <gr_del_task_from_ip_table_nolock+db/140>
   1:   c0 8b 5a c0 85 c0 74      rorb   $0x74,0xc085c05a(%ebx)
Code;  c034e402 <gr_del_task_from_ip_table_nolock+e2/140>
   8:   14 a1                     adc    $0xa1,%al
Code;  c034e404 <gr_del_task_from_ip_table_nolock+e4/140>
   a:   80 b3 54 c0 89 04 8d      xorb   $0x8d,0x489c054(%ebx)
Code;  c034e40b <gr_del_task_from_ip_table_nolock+eb/140>
  11:   c0 8b 5a c0 83 c4 10      rorb   $0x10,0xc483c05a(%ebx)
Code;  c034e412 <gr_del_task_from_ip_table_nolock+f2/140>
  18:   5b                        pop    %ebx
Code;  c034e413 <gr_del_task_from_ip_table_nolock+f3/140>
  19:   5e                        pop    %esi
Code;  c034e414 <gr_del_task_from_ip_table_nolock+f4/140>
  1a:   5f                        pop    %edi
Code;  c034e415 <gr_del_task_from_ip_table_nolock+f5/140>
  1b:   5d                        pop    %ebp
Code;  c034e416 <gr_del_task_from_ip_table_nolock+f6/140>
  1c:   c3                        ret   
Code;  c034e417 <gr_del_task_from_ip_table_nolock+f7/140>
  1d:   31 c0                     xor    %eax,%eax
Code;  c034e419 <gr_del_task_from_ip_table_nolock+f9/140>
  1f:   89 04 8d c0 8b 5a c0      mov    %eax,0xc05a8bc0(,%ecx,4)
Code;  c034e420 <gr_del_task_from_ip_table_nolock+100/140>
  26:   eb ed                     jmp    15 <_EIP+0x15>
Code;  c034e422 <gr_del_task_from_ip_table_nolock+102/140>
  28:   8b 55 f0                  mov    0xfffffff0(%ebp),%edx

This decode from eip onwards should be reliable

Code;  c034e425 <gr_del_task_from_ip_table_nolock+105/140>
00000000 <_EIP>:
Code;  c034e425 <gr_del_task_from_ip_table_nolock+105/140>   <=====
   0:   39 90 60 05 00 00         cmp    %edx,0x560(%eax)   <=====
Code;  c034e42b <gr_del_task_from_ip_table_nolock+10b/140>
   6:   75 8c                     jne    ffffff94 <_EIP+0xffffff94>
Code;  c034e42d <gr_del_task_from_ip_table_nolock+10d/140>
   8:   8b 55 ec                  mov    0xffffffec(%ebp),%edx
Code;  c034e430 <gr_del_task_from_ip_table_nolock+110/140>
   b:   39 90 64 05 00 00         cmp    %edx,0x564(%eax)
Code;  c034e436 <gr_del_task_from_ip_table_nolock+116/140>
  11:   75 81                     jne    ffffff94 <_EIP+0xffffff94>
Code;  c034e438 <gr_del_task_from_ip_table_nolock+118/140>
  13:   8b                        .byte 0x8b
Code;  c034e439 <gr_del_task_from_ip_table_nolock+119/140>
  14:   55                        push   %ebp

May 20 01:20:04 dor-secft1 kernel:  [<c016c9ae>] dump_stack+0x1e/0x30
May 20 01:20:04 dor-secft1 kernel:  [<c04e1bc2>] schedule+0x6a2/0x6b0
May 20 01:20:04 dor-secft1 kernel:  [<c04e37ac>] schedule_timeout+0x8c/0xe0
May 20 01:20:04 dor-secft1 kernel:  [<c016cecd>] die+0x28d/0x2c0
May 20 01:20:04 dor-secft1 kernel:  [<c01785c1>] do_page_fault+0x631/0xaf0
May 20 01:20:04 dor-secft1 kernel:  [<c016c45b>] error_code+0x2b/0x30
May 20 01:20:05 dor-secft1 kernel:  [<c034e5d8>] gr_del_task_from_ip_table+0x98/0x1a0
May 20 01:20:05 dor-secft1 kernel:  [<c01842ec>] do_exit+0xac/0x6b0
May 20 01:20:05 dor-secft1 kernel:  [<c0184b13>] do_group_exit+0x1e3/0x220
May 20 01:20:05 dor-secft1 kernel:  [<c0192c05>] get_signal_to_deliver+0x2b5/0x800
May 20 01:20:05 dor-secft1 kernel:  [<c016bff9>] do_signal+0xb9/0x100
May 20 01:20:05 dor-secft1 kernel:  [<c016c099>] do_notify_resume+0x59/0x60
May 20 01:20:05 dor-secft1 kernel:  [<c016c24e>] work_notifysig+0x13/0x15


1 error issued. Results may not be reliable.
bmcmurphy
 
Posts: 13
Joined: Wed Dec 11, 2002 10:53 am
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron