[grsec] grsec related oops? (2.6.19.3)
Marc Schiffbauer
marc at schiffbauer.net
Fri Mar 9 12:27:50 EST 2007
Hi!
Can anybody tell me if this oops may be grsec related?
It happened while running "aide --init" on an almost idle x86_64
system (debian etch)
Kernel 2.6.19.3 / grsec 2.1.10
------------------------------------------------------------------I
ksymoops 2.4.11 on x86_64 2.6.19.3-grsec. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.6.19.3-grsec/ (default)
-m /boot/System.map-2.6.19.3-grsec (default)
Warning: You did not tell me where to find symbol information. I
will
assume that the log matches the kernel and modules that are running
right now and I'll use the default options above for symbol
resolution.
If the current kernel and/or modules do not match the log, you can
get
more accurate output by telling me the kernel version and where to
find
map, modules, ksyms etc. ksymoops -h explains the options.
Error (regular_file): read_ksyms stat /proc/ksyms failed
ksymoops: No such file or directory
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
Unable to handle kernel NULL pointer dereference at 0000000000000018
RIP:
[<ffffffff802c24d5>]
Oops: 0000 [1] SMP
CPU 0
Pid: 3086, comm: aide Not tainted 2.6.19.3-grsec #1
RIP: 0010:[<ffffffff802c24d5>] [<ffffffff802c24d5>]
Using defaults from ksymoops -t elf64-x86-64 -a i386:x86-64
RSP: 0018:ffff810040893e38 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff81007e16e890 RCX: ffff81007e16e9e0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff81007e16ee9c
RBP: ffff8100589e17d8 R08: 0000000000000000 R09: ffff81001215701e
R10: 000000000000003b R11: ffffffff8037db40 R12: 0000000000048000
R13: ffff81007d15b2c0 R14: ffff810067ab69e0 R15: ffff81007e2cd280
FS: 000000000060d480(0063) GS:ffffffff80648000(0000)
knlGS:00000000f7f24b80
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000018 CR3: 00000000706b0000 CR4: 00000000000006e0
Stack: ffff810000000000 ffff81007d15b2c0 ffff8100589e17d8
0000000000048000
ffffffff802c2490 ffffffff8027cd49 0000000000000000 0000000000048000
ffff810012157000 0000000000048000 0000000000000005 00000000ffffff9c
Call Trace:
[<ffffffff802c2490>]
[<ffffffff8027cd49>]
[<ffffffff8027cf0d>]
[<ffffffff803b3e50>]
[<ffffffff8027cf7a>]
[<ffffffff80209ffe>]
Code: 48 8b 68 18 48 85 ed 74 04 f0 ff 45 00 c7 83 0c 06 00 00 01
>>RIP; ffffffff802c24d5 <mounts_open+45/110> <=====
>>RBX; ffff81007e16e890
>><phys_startup_64+ffff81007df6e790/ffffffff7fffff00>
>>RCX; ffff81007e16e9e0
>><phys_startup_64+ffff81007df6e8e0/ffffffff7fffff00>
>>RDI; ffff81007e16ee9c
>><phys_startup_64+ffff81007df6ed9c/ffffffff7fffff00>
>>RBP; ffff8100589e17d8
>><phys_startup_64+ffff8100587e16d8/ffffffff7fffff00>
>>R09; ffff81001215701e
>><phys_startup_64+ffff810011f56f1e/ffffffff7fffff00>
>>R11; ffffffff8037db40 <dummy_inode_permission+0/10>
>>R13; ffff81007d15b2c0
>><phys_startup_64+ffff81007cf5b1c0/ffffffff7fffff00>
>>R14; ffff810067ab69e0
>><phys_startup_64+ffff8100678b68e0/ffffffff7fffff00>
>>R15; ffff81007e2cd280
>><phys_startup_64+ffff81007e0cd180/ffffffff7fffff00>
Trace; ffffffff802c2490 <mounts_open+0/110>
Trace; ffffffff8027cd49 <__dentry_open+b9/190>
Trace; ffffffff8027cf0d <do_filp_open+2d/40>
Trace; ffffffff803b3e50 <gr_learn_resource+50/180>
Trace; ffffffff8027cf7a <do_sys_open+5a/f0>
Trace; ffffffff80209ffe <system_call+7e/83>
Code; ffffffff802c24d5 <mounts_open+45/110>
0000000000000000 <_RIP>:
Code; ffffffff802c24d5 <mounts_open+45/110> <=====
0: 48 8b 68 18 mov 0x18(%rax),%rbp <=====
Code; ffffffff802c24d9 <mounts_open+49/110>
4: 48 85 ed test %rbp,%rbp
Code; ffffffff802c24dc <mounts_open+4c/110>
7: 74 04 je d <_RIP+0xd>
Code; ffffffff802c24de <mounts_open+4e/110>
9: f0 ff 45 00 lock incl 0x0(%rbp)
Code; ffffffff802c24e2 <mounts_open+52/110>
d: c7 83 0c 06 00 00 01 movl $0x1,0x60c(%rbx)
Code; ffffffff802c24e9 <mounts_open+59/110>
14: 00 00 00
CR2: 0000000000000018
1 warning and 1 error issued. Results may not be reliable.
More information about the grsecurity
mailing list