Suspicious error messages started to show up yesterday, while I gave a try to the latest hardened gentoo kernel: 2.6.21-hardened. The machine is an IBM ThinkPad R50e. I'm using the hardened profile with pie-ssp enabled. The first instance of the error showed up just right after the grsec system became enabled. The second one appeared a few seconds later. I decided to reboot with the last stable kernel to avoid any possible data corruption. The rest of the error messages were generated during the shutdown process. Please see attached kern.log, pax.log log, kernel config and dmesg. I hope that the information will help to trace back and squash the problem.
This hardened gentoo kernel uses grsec-2.1.10-2.6.21-200705012327 patch. I've found no previous references for such errors.
Here is how it looks like:
- Code: Select all
May 4 19:19:40 hostname PAX: suspicious general protection fault: 0000 [#1]
May 4 19:19:40 hostname Modules linked in: hdaps eeprom sn9c102 i915 drm tulip capability commoncap yenta_socket rsrc_nonstatic i2c_i801 ipw2200
May 4 19:19:40 hostname CPU: 0
May 4 19:19:40 hostname EIP: 0060:[<001815b0>] Not tainted VLI
May 4 19:19:40 hostname EFLAGS: 00010203 (2.6.21-hardened #2)
May 4 19:19:40 hostname EIP is at gr_handle_sysctl+0x70/0x3a0
May 4 19:19:40 hostname eax: 00000002 ebx: 00000000 ecx: 00000006 edx: ffffffff
May 4 19:19:40 hostname esi: 00000000 edi: c087da02 ebp: 0000000f esp: e809fe60
May 4 19:19:40 hostname ds: 0068 es: 0068 fs: 00d8 gs: 0033 ss: 0068
May 4 19:19:40 hostname Process touch (pid: 7087, ti=e809e000 task=ee06ca90 task.ti=e809e000)
May 4 19:19:40 hostname Stack: 4b09d750 c169cec0 e5f2a274 00000000 eef2b3e4 00051e85 c10066a0 00000000
May 4 19:19:40 hostname 00000000 00000000 ab12f3b0 00000001 eef2b3e4 00000002 ef23ab58 ef17f000
May 4 19:19:40 hostname c10063d8 0005233d e5f2a274 c169e100 e26c04bc 0002f388 ee2293c0 e5f2a4bc
May 4 19:19:40 hostname Call Trace:
May 4 19:19:40 hostname =======================
May 4 19:19:40 hostname Code: 83 c8 04 89 5c 24 2c 85 c9 8b 5c 24 40 0f 44 44 24 2c 81 fb c0 4a 00 c1 89 44 24 2c 74 37 31 f6 ba ff ff ff ff 8d b6 00 00 00 00 <8b> 7b 04 89 d1 89 f0 f2 ae f7 d1 49 8d 44 0d 01 0f b7 e8 8b 44
May 4 19:19:40 hostname EIP: [<001815b0>] gr_handle_sysctl+0x70/0x3a0 SS:ESP 0068:e809fe60
There were a bunch of these while rebooting the machine.
Please find more detailed information (attached config, dmesg, logs) at:
https://bugs.gentoo.org/show_bug.cgi?id=177234
I would report more details upon request.
Regards,
Dw.