kernel panic on boot with 2.6.13.1 and 200509131759

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

kernel panic on boot with 2.6.13.1 and 200509131759

Postby bani » Thu Sep 15, 2005 7:29 pm

PaX Team wrote:
movax wrote:Problem disapear. I dont know how, mayby i compile it now with other flags. i wil check this.

ps. 2.6.13-grsec compiled but kernel panic on boot when trying to run init -- failed loding /lib/ld-linux.so.2
can you give me:
- your PaX .config
- readelf -e /lib/ld-linux.so.2 output
- your glibc version
- your distro version
- exact error message?


I get the exact same problem.

PaX Team wrote:- your PaX .config


Code: Select all
#
# PaX
#
CONFIG_PAX=y

#
# PaX Control
#
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
# CONFIG_PAX_PAGEEXEC is not set
CONFIG_PAX_SEGMEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_NOELFRELOCS is not set

#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_NOVSYSCALL=y
CONFIG_KEYS=y
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
CONFIG_SECURITY=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
CONFIG_SECURITY_SECLVL=m
# CONFIG_SECURITY_SELINUX is not set


PaX Team wrote:- readelf -e /lib/ld-linux.so.2 output


Code: Select all
# readelf -e /lib/ld-linux.so.2
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              DYN (Shared object file)
  Machine:                           Intel 80386
  Version:                           0x1
  Entry point address:               0x4cf297c0
  Start of program headers:          52 (bytes into file)
  Start of section headers:          111320 (bytes into file)
  Flags:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         6
  Size of section headers:           40 (bytes)
  Number of section headers:         24
  Section header string table index: 23

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .hash             HASH            4cf290f4 0000f4 0000d8 04   A  2   0  4
  [ 2] .dynsym           DYNSYM          4cf291cc 0001cc 000230 10   A  3   8  4
  [ 3] .dynstr           STRTAB          4cf293fc 0003fc 000186 00   A  0   0  1
  [ 4] .gnu.version      VERSYM          4cf29582 000582 000046 02   A  2   0  2
  [ 5] .gnu.version_d    VERDEF          4cf295c8 0005c8 0000a4 00   A  3   5  4
  [ 6] .rel.dyn          REL             4cf2966c 00066c 0000a8 08   A  2   0  4
  [ 7] .rel.plt          REL             4cf29714 000714 000028 08   A  2   8  4
  [ 8] .plt              PROGBITS        4cf2973c 00073c 000060 04  AX  0   0  4
  [ 9] .text             PROGBITS        4cf297a0 0007a0 011def 00  AX  0   0 16
  [10] .rodata           PROGBITS        4cf3b5a0 0125a0 0025ec 00   A  0   0 32
  [11] .eh_frame_hdr     PROGBITS        4cf3db8c 014b8c 00005c 00   A  0   0  4
  [12] .eh_frame         PROGBITS        4cf3dbe8 014be8 00015c 00   A  0   0  4
  [13] .data.rel.ro      PROGBITS        4cf3fc80 015c80 000274 00  WA  0   0 32
  [14] .dynamic          DYNAMIC         4cf3fef4 015ef4 0000c0 08  WA  3   0  4
  [15] .got              PROGBITS        4cf3ffb4 015fb4 00002c 04  WA  0   0  4
  [16] .data             PROGBITS        4cf40000 016000 00043c 00  WA  0   0 32
  [17] .bss              NOBITS          4cf40440 01643c 0000b4 00  WA  0   0  8
  [18] .comment          PROGBITS        00000000 01643c 0007e8 00      0   0  1
  [19] .symtab           SYMTAB          00000000 016c24 002c00 10     20 677  4
  [20] .strtab           STRTAB          00000000 019824 00155d 00      0   0  1
  [21] .gnu_debuglink    PROGBITS        00000000 01ad84 000018 00      0   0  4
  [22] .gnu.prelink_undo PROGBITS        00000000 01ad9c 000464 01      0   0  4
  [23] .shstrtab         STRTAB          00000000 01b200 0000d5 00      0   0  1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x000000 0x4cf29000 0x4cf29000 0x14d44 0x14d44 R E 0x1000
  LOAD           0x015c80 0x4cf3fc80 0x4cf3fc80 0x007bc 0x00874 RW  0x1000
  DYNAMIC        0x015ef4 0x4cf3fef4 0x4cf3fef4 0x000c0 0x000c0 RW  0x4
  GNU_EH_FRAME   0x014b8c 0x4cf3db8c 0x4cf3db8c 0x0005c 0x0005c R   0x4
  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4
  GNU_RELRO      0x015c80 0x4cf3fc80 0x4cf3fc80 0x00380 0x00380 R   0x1

 Section to Segment mapping:
  Segment Sections...
   00     .hash .dynsym .dynstr .gnu.version .gnu.version_d .rel.dyn .rel.plt .plt .text .rodata .eh_frame_hdr .eh_frame
   01     .data.rel.ro .dynamic .got .data .bss
   02     .dynamic
   03     .eh_frame_hdr
   04     
   05     .data.rel.ro .dynamic .got


PaX Team wrote:- your glibc version


Code: Select all
# rpm -qi glibc
Name        : glibc                        Relocations: (not relocatable)
Version     : 2.3.5                             Vendor: Red Hat, Inc.
Release     : 0.fc3.1                       Build Date: Thu 07 Apr 2005 04:01:02 AM PDT
Install Date: Mon 11 Apr 2005 03:14:55 PM PDT      Build Host: porky.build.redhat.com
Group       : System Environment/Libraries   Source RPM: glibc-2.3.5-0.fc3.1.src.rpm
Size        : 12388709                         License: LGPL
Signature   : DSA/SHA1, Thu 07 Apr 2005 01:40:49 PM PDT, Key ID b44269d04f2a6fd2
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The GNU libc libraries.
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.


PaX Team wrote:- your distro version


Code: Select all
# more /etc/fedora-release
Fedora Core release 3 (Heidelberg)


PaX Team wrote:- exact error message?


Code: Select all
VFS: Mounted root (reiserfs filesystem) readonly.
Freeing unused kernel memory: 164k freed
Unable to load interpreter /lib/ld-linux.so.2
Kernel panic - not syncing: No init found. Try passing init= option to kernel.
bani
 
Posts: 15
Joined: Sun Aug 28, 2005 10:56 pm

Postby bani » Fri Sep 16, 2005 2:30 am

btw this exact same config works perfectly fine on 2.6.11.10 + grsec
bani
 
Posts: 15
Joined: Sun Aug 28, 2005 10:56 pm

Not a PAX problem?

Postby Wildfire » Fri Sep 23, 2005 3:26 pm

Hi,

I get error messages similar to this, however I'm not using grsecurity on 2.6.13.1/2

The problem seems to be that 2.6.13 dropped support for devfs entirely, but my distro (debian etch x64) doesn't really support pure udev configuration yet...

Try compiling a 2.6.13 kernel without grsecurity/pax and see if you can get it to boot...

Code: Select all
Kernel panic - not syncing: VFS: unable to mount root fs on unknown-block (3,7)


I managed to get a little further using mkinitrd/yaird but no luck booting all the way yet =/

Code: Select all
mount: unknown filesystem type 'devfs'
umount: devfs: not mounted
pivot_root: No such file or directory
/sbin/init: 432: cannot open dev/console: no such file
[b]Kernel panic - not syncing: Attempted to kill init[/b]
Wildfire
 
Posts: 2
Joined: Fri Sep 23, 2005 3:18 pm

Postby bani » Fri Sep 23, 2005 5:30 pm

2.6.13.* works perfectly for me without grsecurity/pax. only with grsecurity+pax does it have this panic and boot failure.

fedora core 3 and 4.
bani
 
Posts: 15
Joined: Sun Aug 28, 2005 10:56 pm

Postby spender » Sun Sep 25, 2005 11:34 am

Please try the latest patch in http://grsecurity.net/~spender. The problem should be fixed.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby bani » Mon Sep 26, 2005 6:08 pm

the kernel panic is fixed and 2.6.13.2 seems to be running ok now :D :D

thanks!
bani
 
Posts: 15
Joined: Sun Aug 28, 2005 10:56 pm

Postby Carceru » Thu Sep 29, 2005 2:25 am

Is it still running fine? I want to upgrade to 2.6.13.2, but am a bit hesitant to use a test version in a production environment.
Carceru
 
Posts: 12
Joined: Tue Jun 21, 2005 8:24 am

Postby bani » Thu Sep 29, 2005 2:38 am

no problems for me yet.
bani
 
Posts: 15
Joined: Sun Aug 28, 2005 10:56 pm

2.6.13.4

Postby TSJason » Wed Oct 26, 2005 6:43 pm

Hi,

I seem to be running into this same problem with the 2.6.13.4 patch 2.1.7-2.6.13.4-200510192227 that's currently in /~spendor. Did it get reverted somehow? Same issue that's mentioned above...kills init on boot but no grsec patch in the kernel with the same .config and it boots just fine.
TSJason
 
Posts: 13
Joined: Fri Jul 01, 2005 6:24 am

Postby Hal9000 » Thu Oct 27, 2005 3:30 am

Carceru wrote:Is it still running fine? I want to upgrade to 2.6.13.2, but am a bit hesitant to use a test version in a production environment.


ahhh... I don't know... by looking at this forum, grsec 2.1.7 seems to have a lot of problems on the 2.6.13 kernel, more than previous releases/kernels... it's taking forever to get released, actually i think kernel 2.6.14 will be released first hehe...
at least this is my impression, this scares me a bit so I guess I'll stick to the 2.4 kernel for another while, perhaps until the 2.6 kernel finally gets forked and will cause less headaches to the grsec team :P

hal
Hal9000
 
Posts: 78
Joined: Wed Jun 16, 2004 2:40 am

Re: 2.6.13.4

Postby PaX Team » Thu Oct 27, 2005 5:56 am

TSJason wrote: I seem to be running into this same problem with the 2.6.13.4 patch 2.1.7-2.6.13.4-200510192227 that's currently in /~spendor. Did it get reverted somehow?
patch seems to be ok, so it's probably a new issue. can you answer the same questions that the first post in this thread did?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support