grsecurity forums

Skip to content

RAP panic in grsecurity-3.1-4.5.3-201605060852.patch

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

RAP panic in grsecurity-3.1-4.5.3-201605060852.patch

Postby cinder » Sat May 07, 2016 7:37 pm

Xen domU using netfront, 1 vcpu, smp kernel.

addr2line:
Code: Select all
Call Trace:
/usr/src/linux/net/sched/sch_generic.c:165
/usr/src/linux/net/core/dev.c:3056
/usr/src/linux/net/core/dev.c:3393
/usr/src/linux/net/ipv4/arp.c:641
/usr/src/linux/net/ipv4/arp.c:317
/usr/src/linux/net/ipv4/arp.c:390
/usr/src/linux/net/core/skbuff.c:824
/usr/src/linux/./arch/x86/include/asm/atomic.h:178
/usr/src/linux/net/core/neighbour.c:1018
/usr/src/linux/net/core/neighbour.c:1295
/usr/src/linux/include/net/dst.h:455
/usr/src/linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c:144
/usr/src/linux/net/ipv4/ip_output.c:285
/usr/src/linux/net/ipv4/ip_output.c:362
/usr/src/linux/kernel/workqueue.c:918
/usr/src/linux/net/ipv4/ip_output.c:267
/usr/src/linux/net/ipv4/ip_output.c:118
/usr/src/linux/./arch/x86/include/asm/preempt.h:74 (discriminator 4)
/usr/src/linux/net/ipv4/tcp_output.c:1030
/usr/src/linux/net/ipv4/tcp_output.c:3266
/usr/src/linux/net/core/secure_seq.c:103
/usr/src/linux/net/ipv4/tcp_ipv4.c:249
/usr/src/linux/net/ipv4/af_inet.c:597
/usr/src/linux/kernel/sched/core.c:7686 (discriminator 14)
/usr/src/linux/kernel/softirq.c:150 (discriminator 2)
/usr/src/linux/net/ipv4/af_inet.c:658
/usr/src/linux/net/socket.c:1606
/usr/src/linux/net/socket.c:1575
/usr/src/linux/arch/x86/entry/entry_64.S:596

RIP: /usr/src/linux/include/linux/netdevice.h:3852


console:
Code: Select all
CPU: 0 PID: 1483 Comm: tlsdate-helper Not tainted 4.5.3 #1
task: ffff88003cb5bf00 ti: ffff88003cb5c780 task.ti: ffff88003cb5c780
RIP: e030:[<ffffffff813e2b5f>]  [<ffffffff813e2b5f>] 0xffffffff813e2b5f
RSP: e02b:ffffc900032537c0  EFLAGS: 00010283
RAX: ffffffff81385258 RBX: ffff88003d919900 RCX: ffffc90003253844
RDX: ffffffff8150bc00 RSI: ffff88003dad1020 RDI: ffff88003d919900
RBP: ffffc90003253828 R08: ffff88000033e6ec R09: 0000000000000001
R10: ffff88000033a218 R11: ffff88003d82e258 R12: ffff880002899860
R13: ffff88003d919900 R14: 0000000000000000 R15: ffff88003dad1020
FS:  00006f571175c700(0000) GS:ffff88003f800000(0000) knlGS:0000000000000000
CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00006f5710bc0430 CR3: 000000003d995000 CR4: 0000000000042660
Stack:
 ffffc900032537e8 ffff88003f811dc0 ffffc90003253844 ffff880002899860
 0000000000000000 0000000000000000 ffff88003dad1020 ffffc90003253828
 ffff88000033e640 ffff880002899860 ffff88003d919900 ffff88000033e6ec
Call Trace:
 [<ffffffff8140895a>] 0xffffffff8140895a
 [<ffffffff813e3029>] 0xffffffff813e3029
 [<ffffffff813e33fa>] 0xffffffff813e33fa
 [<ffffffff8146a1f1>] 0xffffffff8146a1f1
 [<ffffffff8146a2ff>] 0xffffffff8146a2ff
 [<ffffffff8146ad22>] 0xffffffff8146ad22
 [<ffffffff813c7e8b>] ? 0xffffffff813c7e8b
 [<ffffffff813f0ec4>] 0xffffffff813f0ec4
 [<ffffffff813f53f0>] 0xffffffff813f53f0
 [<ffffffff813f61a2>] 0xffffffff813f61a2
 [<ffffffff81432929>] 0xffffffff81432929
 [<ffffffff81482994>] ? 0xffffffff81482994
 [<ffffffff81434290>] 0xffffffff81434290
 [<ffffffff814345d8>] 0xffffffff814345d8
 [<ffffffff81088802>] ? 0xffffffff81088802
 [<ffffffff81434168>] ? 0xffffffff81434168
 [<ffffffff81432cee>] 0xffffffff81432cee
 [<ffffffff8143311b>] 0xffffffff8143311b
 [<ffffffff8145176d>] 0xffffffff8145176d
 [<ffffffff81455142>] 0xffffffff81455142
 [<ffffffff813d99c7>] ? 0xffffffff813d99c7
 [<ffffffff8145843e>] 0xffffffff8145843e
 [<ffffffff81472d67>] 0xffffffff81472d67
 [<ffffffff8109cc2c>] ? 0xffffffff8109cc2c
 [<ffffffff810745b4>] ? 0xffffffff810745b4
 [<ffffffff8147300b>] 0xffffffff8147300b
 [<ffffffff813bdcd1>] 0xffffffff813bdcd1
 [<ffffffff813bf616>] 0xffffffff813bf616
 [<ffffffff8149906b>] 0xffffffff8149906b
Code: 44 24 30 48 8b 90 90 00 00 00 48 05 90 00 00 00 48 39 c2 0f 85 85 fc ff ff e9 27 ff ff ff 48 c7 44 24 28 00 00 00 00 31 c0 eb 91 <0f> 0b 48 c7 c1 40 39 5b 81 48 c7 c2 72 66 5a 81 be 63 08 00 00
RIP  [<ffffffff813e2b5f>] 0xffffffff813e2b5f
 RSP <ffffc900032537c0>
cinder
 
Posts: 1
Joined: Sat May 07, 2016 7:06 pm
Top

Re: RAP panic in grsecurity-3.1-4.5.3-201605060852.patch

Postby PaX Team » Sun May 08, 2016 4:13 am

note that PARAVIRT fixes went into a newer patch since then, can you try it? also what does the RIP address resolve to? and can you please compile the kernel with DEBUG_INFO (if you don't already) and use -fip with addr2line to get more information?

edit: ah sorry, i see the decoded RIP, perhaps put it at the beginning of the trace next time ;). the request for addr2line -fip still stands as it'll provide inlining information. can you also resolve the register values to kernel symbols? one of them (rax or rdx by the look of it) will be the function with the wrong type (you can also send me your config so that i can check the rest too).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Re: RAP panic in grsecurity-3.1-4.5.3-201605060852.patch

Postby PaX Team » Sun May 08, 2016 6:26 am

i figured it out in the meantime, all the start_xmit callbacks should be fixed in the latest patch.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron