grsecurity forums

[lesnoland]

kernel: 2.6.31-grsec(latest patch), grsec low, pax disabled.

problem:
rmmod crashes each time I use it, also it does not matter what module I try to remove.(rt3070sta,vmmon,etc). I dont have disable_modules enabled in sysctl. Also after this happens, I am unable to use lsmod, modprobe until reboot.
some times if i try to rmmod or modprobe the system will just hang.

details:
[40512.984182] ------------[ cut here ]------------
[40512.984185] kernel BUG at mm/slub.c:2970!
[40512.984188] invalid opcode: 0000 [#1] SMP
[40512.984191] last sysfs file: /sys/devices/pci0000:00/0000:00:18.3/resource
[40512.984193] Modules linked in: sctp crc32c libcrc32c x25 appletalk ipx p8023 ax25 xt_tcpudp ipt_MASQUERADE ipt_LOG xt_state iptable_filter nf_nat_ftp iptable_nat nf_nat nf_conntrack_irc nf_conntrack_ftp nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables x_tables usb_storage binfmt_misc bridge stp bnep tun vmnet vmblock vmci vmmon video output lp snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event nvidia(P) snd_seq snd_timer snd_seq_device ppdev psmouse parport_pc parport agpgart serio_raw i2c_nforce2 pcspkr k8temp snd soundcore snd_page_alloc aes_i586 aes_generic cbc floppy dm_crypt forcedeth [last unloaded: rt3070sta]
[40512.984237]
[40512.984241] Pid: 30657, comm: rmmod Tainted: P (2.6.31.5-grsec #1) N61PC-M2S
[40512.984244] EIP: 0060:[<c01e2af2>] EFLAGS: 00010246 CPU: 0
[40512.984249] EIP is at kfree+0x102/0x110
[40512.984252] EAX: 00000000 EBX: 00000000 ECX: f8f9f9a4 EDX: c4302160
[40512.984254] ESI: f8f8bc32 EDI: c0159df2 EBP: d653bf28 ESP: d653bf0c
[40512.984257] DS: 0068 ES: 007b FS: 00d8 GS: 0033 SS: 0068
[40512.984260] Process rmmod (pid: 30657, ti=d653a000 task=c7818000 task.ti=d653a000)
[40512.984262] Stack:
[40512.984263] 00000000 00000000 c4302160 c0108d69 00000000 f8f8d814 00000001 d653bf3c
[40512.984269] <0> c0159df2 f8f18880 f8f188c8 00000000 d653bf4c c0172497 00000000 f8f18880
[40512.984274] <0> d653bfac c017271b 30337472 74733037 ffff0061 0806d000 0806d000 00000000
[40512.984280] Call Trace:
[40512.984286] [<c0108d69>] ? alternatives_smp_module_del+0xa9/0xd0
[40512.984295] [<c0159df2>] ? destroy_params+0x32/0x40
[40512.984304] [<c0172497>] ? free_module+0x97/0x100
[40512.984309] [<c017271b>] ? sys_delete_module+0x18b/0x1f0
[40512.984317] [<c0103523>] ? sysenter_do_call+0x12/0x28
[40512.984319] Code: 00 8b 41 08 85 c0 78 be 8b 01 8b 51 0c 89 04 96 89 31 eb cb 66 a9 00 c0 74 11 8b 45 ec e8 37 c5 fd ff 8d b4 26 00 00 00 00 eb bc <0f> 0b eb fe 8d 76 00 8d bc 27 00 00 00 00 55 83 e8 60 89 e5 e8
[40512.984348] EIP: [<c01e2af2>] kfree+0x102/0x110 SS:ESP 0068:d653bf0c
[40512.984353] ---[ end trace 13d8e985e2fab13d ]---

[PaX Team]

kernel: 2.6.31-grsec(latest patch), grsec low, pax disabled.

problem:
rmmod crashes each time I use it, also it does not matter what module I try to remove.(rt3070sta,vmmon,etc). I dont have disable_modules enabled in sysctl. Also after this happens, I am unable to use lsmod, modprobe until reboot.
some times if i try to rmmod or modprobe the system will just hang.

this is the same issue related to charp module param handling recently talked about on the mailing list, i'll fix it in the next patch.