grsecurity forums

I'm running linux-3.0.4 patched with "grsecurity-2.2.2-3.0.4-201108300622.patch" on my "notebook-server". Few days ago, it stopped responding. I restarted the machine but then I've noticed that there is no free space on the root mount. It seems rsyslog filled the entire drive with logs (over 40 GB of pure text) in less than 1 day. The logs contain the same message over and over again. This is the first message that appears in syslog:

Code: Select all

Sep 16 19:18:49 akula kernel: PAX: refcount overflow detected in: swapper:0, uid/euid: 0/0
Sep 16 19:18:49 akula kernel: CPU 0
Sep 16 19:18:49 akula kernel: Modules linked in: [last unloaded: scsi_wait_scan]
Sep 16 19:18:49 akula kernel:
Sep 16 19:18:49 akula kernel: Pid: 0, comm: swapper Not tainted 3.0.4-grsec #4 Dell Inc. Latitude D520                   /0NF743
Sep 16 19:18:49 akula kernel: RIP: 0010:[<ffffffff81079aa2>]  [<ffffffff81079aa2>] rcu_enter_nohz+0x31/0xad
Sep 16 19:18:49 akula kernel: RSP: 0018:ffff88009f403f68  EFLAGS: 00000816
Sep 16 19:18:49 akula kernel: RAX: ffff88009f40bd10 RBX: 0000000000000092 RCX: 0000000000000020
Sep 16 19:18:49 akula kernel: RDX: 0000000000000000 RSI: ffff88009f008200 RDI: ffff88009f00827c
Sep 16 19:18:49 akula kernel: RBP: 0000000000000030 R08: 0000000000000000 R09: ffffffff81623028
Sep 16 19:18:49 akula kernel: R10: 00000000ffffffff R11: ffffffff81462514 R12: 0000000000000000
Sep 16 19:18:49 akula kernel: R13: ffffffff814dbe78 R14: 0000000000000000 R15: 0000000000000000
Sep 16 19:18:49 akula kernel: FS:  0000000000000000(0000) GS:ffff88009f400000(0000) knlGS:0000000000000000
Sep 16 19:18:49 akula kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Sep 16 19:18:49 akula kernel: CR2: ffffffffff600400 CR3: 0000000099811000 CR4: 00000000000006f0
Sep 16 19:18:49 akula kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Sep 16 19:18:49 akula kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Sep 16 19:18:49 akula kernel: Process swapper (pid: 0, threadinfo ffffffff814dc918, task ffffffff814dc500)
Sep 16 19:18:49 akula kernel: Stack:
Sep 16 19:18:49 akula kernel: 0000000000000000 ffffffff81037b2a 0000000000000000 ffffffff8100394e
Sep 16 19:18:49 akula kernel: ffff880099e6d968 ffff88009af7f4b8 ffffffff814dbe98 0000000000000012
Sep 16 19:18:49 akula kernel: ffffffffffffffff ffffffff8136d4d3 ffffffff814dbe98 <EOI>  ffff88009af7f000
Sep 16 19:18:49 akula kernel: Call Trace:
Sep 16 19:18:49 akula kernel: <IRQ>
Sep 16 19:18:49 akula kernel: [<ffffffff81037b2a>] ? irq_exit+0x6d/0xa5
Sep 16 19:18:49 akula kernel: [<ffffffff8100394e>] ? do_IRQ+0x94/0xaa
Sep 16 19:18:49 akula kernel: [<ffffffff8136d4d3>] ? common_interrupt+0x13/0x13
Sep 16 19:18:49 akula kernel: <EOI>
Sep 16 19:18:49 akula kernel: [<ffffffff8120fb8c>] ? acpi_idle_enter_simple+0xaa/0xd5
Sep 16 19:18:49 akula kernel: [<ffffffff8120fb87>] ? acpi_idle_enter_simple+0xa5/0xd5
Sep 16 19:18:49 akula kernel: [<ffffffff812b4bef>] ? cpuidle_idle_call+0x8c/0xc5
Sep 16 19:18:49 akula kernel: [<ffffffff81001dbd>] ? cpu_idle+0x9e/0xd4
Sep 16 19:18:49 akula kernel: [<ffffffff8155fb8e>] ? 0xffffffff8155fb8d
Sep 16 19:18:49 akula kernel: [<ffffffff8155f347>] ? 0xffffffff8155f346
Sep 16 19:18:49 akula kernel: Code: c0 10 bd 00 00 65 48 03 04 25 a0 b4 00 00 8b 10 ff ca 89 10 85 d2 74 07 53 9d e9 86 00 00 00 f0 ff 40 08 71 06 f0 ff 48 08 cd 04 <8b> 40 08 a8 01 74 21 80 3d 61 fc 5a 00 01 74 18 be 69 01 00 00
Sep 16 19:18:49 akula kernel: Call Trace:
Sep 16 19:18:49 akula kernel: <IRQ>  [<ffffffff81037b2a>] ? irq_exit+0x6d/0xa5
Sep 16 19:18:49 akula kernel: [<ffffffff8100394e>] ? do_IRQ+0x94/0xaa
Sep 16 19:18:49 akula kernel: [<ffffffff8136d4d3>] ? common_interrupt+0x13/0x13
Sep 16 19:18:49 akula kernel: <EOI>  [<ffffffff8120fb8c>] ? acpi_idle_enter_simple+0xaa/0xd5
Sep 16 19:18:49 akula kernel: [<ffffffff8120fb87>] ? acpi_idle_enter_simple+0xa5/0xd5
Sep 16 19:18:49 akula kernel: [<ffffffff812b4bef>] ? cpuidle_idle_call+0x8c/0xc5
Sep 16 19:18:49 akula kernel: [<ffffffff81001dbd>] ? cpu_idle+0x9e/0xd4
Sep 16 19:18:49 akula kernel: [<ffffffff8155fb8e>] ? 0xffffffff8155fb8d
Sep 16 19:18:49 akula kernel: [<ffffffff8155f347>] ? 0xffffffff8155f346
Sep 16 19:18:49 akula kernel: ------------[ cut here ]------------
Sep 16 19:18:49 akula kernel: WARNING: at kernel/rcutree.c:361 rcu_enter_nohz+0x52/0xad()
Sep 16 19:18:49 akula kernel: Hardware name: Latitude D520
Sep 16 19:18:49 akula kernel: Modules linked in: [last unloaded: scsi_wait_scan]
Sep 16 19:18:49 akula kernel: Pid: 0, comm: swapper Not tainted 3.0.4-grsec #4
Sep 16 19:18:49 akula kernel: Call Trace:
Sep 16 19:18:49 akula kernel: <IRQ>  [<ffffffff810328d9>] ? warn_slowpath_common+0x78/0x8c
Sep 16 19:18:49 akula kernel: [<ffffffff81079ac3>] ? rcu_enter_nohz+0x52/0xad
Sep 16 19:18:49 akula kernel: [<ffffffff81037b2a>] ? irq_exit+0x6d/0xa5
Sep 16 19:18:49 akula kernel: [<ffffffff8100394e>] ? do_IRQ+0x94/0xaa
Sep 16 19:18:49 akula kernel: [<ffffffff8136d4d3>] ? common_interrupt+0x13/0x13
Sep 16 19:18:49 akula kernel: <EOI>  [<ffffffff8120fb8c>] ? acpi_idle_enter_simple+0xaa/0xd5
Sep 16 19:18:49 akula kernel: [<ffffffff8120fb87>] ? acpi_idle_enter_simple+0xa5/0xd5
Sep 16 19:18:49 akula kernel: [<ffffffff812b4bef>] ? cpuidle_idle_call+0x8c/0xc5
Sep 16 19:18:49 akula kernel: [<ffffffff81001dbd>] ? cpu_idle+0x9e/0xd4
Sep 16 19:18:49 akula kernel: [<ffffffff8155fb8e>] ? 0xffffffff8155fb8d
Sep 16 19:18:49 akula kernel: [<ffffffff8155f347>] ? 0xffffffff8155f346
Sep 16 19:18:49 akula kernel: ---[ end trace a0e77502d7c7767b ]---


I never had this problem with PaX. I can provide the entire syslog (486 MB compressed) if necessary. Is this a bug or a feature? The message has not appeared since the reboot.

matrix64 wrote:I'm running linux-3.0.4 patched with "grsecurity-2.2.2-3.0.4-201108300622.patch" on my "notebook-server".

this is an already known and fixed REFCOUNT false positive bug, you should upgrade to the latest grsec version.

Ok, thank you.