grsecurity forums

When I run transmission-gtk (a program to download torrents) my system freezes completely after a while (sometimes almost immediately, sometimes it takes several minutes) and I have to hold the power button to shut it down. I'm using the latest grsec patch (grsecurity-3.1-4.2.6-201511282239.patch).

This is an image of what is printed on the screen (had to take a picture because nothing goes to the logs): https://i.imgur.com/Mc8RL30.jpg

Tell me if you need more information

can you please comment out the do_group_exit call in fs/exec.c:report_size_overflow and show us the full overflow report (the lines with "size overflow detected in")?

also assuming this will be about sk_buff_head.qlen, can you add a patch like this and report back the output that appears just before the overflow report:

Code: Select all

--- a/net/sched/sch_api.c  2015-09-09 11:17:49.539255303 +0200
+++ b/net/sched/sch_api.c 2015-11-30 21:47:35.827026362 +0100
@@ -765,6 +765,7 @@
                        cops->qlen_notify(sch, cl);
                        cops->put(sch, cl);
                }
+               printk("PAX: sch->q.qlen: %x n: %x\n", sch->q.qlen, n);
                sch->q.qlen -= n;
                __qdisc_qstats_drop(sch, drops);
        }


This is the result:

Code: Select all

Nov 30 22:56:46 Fux-PC kernel: PAX: sch->q.qlen: 0 n: 1
Nov 30 22:56:46 Fux-PC kernel: PAX: size overflow detected in function qdisc_tree_decrease_qlen net/sched/sch_api.c:769 cicus.693_49 min, count: 72, decl: qlen; num: 0; context: sk_buff_head;
Nov 30 22:56:47 Fux-PC kernel: CPU: 2 PID: 19 Comm: ksoftirqd/2 Tainted: G           O    4.2.6.201511282239-1-grsec #1
Nov 30 22:56:47 Fux-PC kernel: Hardware name: ASUSTeK COMPUTER INC. X302LJ/X302LJ, BIOS X302LJ.202 03/05/2015
Nov 30 22:56:47 Fux-PC kernel:  ffffffffa9a04863 0000000000000000 0000000000000000 ffffffffa990ff7c
Nov 30 22:56:47 Fux-PC kernel:  ffffc90000d3bc38 ffffffffa95d2810 0000000000000007 ffffffffa991002b
Nov 30 22:56:47 Fux-PC kernel:  ffffc90000d3bc68 ffffffffa91a44f4 0000000000000001 0000000000000001
Nov 30 22:56:47 Fux-PC kernel: Call Trace:
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa95d2810>] dump_stack+0x4c/0x7f
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa91a44f4>] report_size_overflow+0x34/0x50
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa94d17e2>] qdisc_tree_decrease_qlen+0x152/0x160
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffc02694b1>] fq_codel_dequeue+0x7b1/0x820 [sch_fq_codel]
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffc02680a0>] ? qdisc_peek_dequeued+0xa0/0xa0 [sch_fq_codel]
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa94cd92d>] __qdisc_run+0x4d/0x1d0
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa949b2b2>] net_tx_action+0xc2/0x160
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa90664c1>] __do_softirq+0xf1/0x200
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa90665ee>] run_ksoftirqd+0x1e/0x30
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa90896b0>] smpboot_thread_fn+0x150/0x260
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa9089560>] ? sort_range+0x40/0x40
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa9085fe4>] kthread+0xe4/0x100
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa9085f00>] ? kthread_worker_fn+0x170/0x170
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa95d8d1e>] ret_from_fork+0x3e/0x70
Nov 30 22:56:47 Fux-PC kernel:  [<ffffffffa9085f00>] ? kthread_worker_fn+0x170/0x170
Nov 30 22:59:37 Fux-PC kernel: PAX: sch->q.qlen: ffffffff n: 1


i think this is an unintended integer underflow and something only upstream kernel devs can figure out. can you please report this to them (CC Emese/spender/me as well ) and help them with further debugging:
Jamal Hadi Salim <jhs@mojatatu.com>
"David S. Miller" <davem@davemloft.net>
netdev@vger.kernel.org

PaX Team wrote:i think this is an unintended integer underflow and something only upstream kernel devs can figure out. can you please report this to them (CC Emese/spender/me as well ) and help them with further debugging:
Jamal Hadi Salim <jhs@mojatatu.com>
"David S. Miller" <davem@davemloft.net>
netdev@vger.kernel.org

Ok, I'll do that. Should I report it to all this three emails? Sorry for the stupid question, I've never done this before. Also, here there's your and spender's contact but I can't find emese email.

Thank you for all your work.

yes CC everyone mentioned . Emese's email is in the plugin sources: re.emese@gmail.com