grsecurity forums

Skip to content

Postfix traces

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Postfix traces

Postby linkfanel » Mon Dec 20, 2010 9:10 am

I've recently upgraded this machine from 2.6.32 to 2.6.36 and within a few hours of running the new kernel, a postfix process triggers the following trace:

[ 8544.931570] PAX: suspicious general protection fault: 0000 [#1]
[ 8544.931682] last sysfs file: /sys/module/inet_diag/initstate
[ 8544.931744] Modules linked in: tcp_diag inet_diag af_packet ts_bm xt_tcpudp xt_string tun dummy sit tunnel4 ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables x_tables dm_mod pata_ali 3c59x mii ipv6 unix
[ 8544.932054]
[ 8544.932103] Pid: 3268, comm: cleanup Not tainted 2.6.36.2-grsec #1 /
[ 8544.932114] EIP: 0060:[<0018528c>] EFLAGS: 00210046 CPU: 0
[ 8544.932114] EAX: c7e25a78 EBX: 00000000 ECX: 00200246 EDX: c4fb5780
[ 8544.932114] ESI: c4fb5780 EDI: c001df38 EBP: c001de6c ESP: c001de04
[ 8544.932114] DS: 0068 ES: 0068 FS: 0000 GS: 00e0 SS: 0068
[ 8544.932114] Process cleanup (pid: 3268, ti=c001c000 task=c016d0e0 task.ti=c001c000)
[ 8544.932114] Stack:
[ 8544.932114] 0000000c 001fc6ca 00000000 c7e25ba0 c7e25a10 00000000 c001de8c c7e25ab0
[ 8544.932114] <0> c7e25a78 c7c22b40 c4d8fb40 00000000 00000cc4 00000068 00000068 00000000
[ 8544.932114] <0> c11fe6a0 c001dec8 0000000c c001de8c 0017f381 0000000c 00000005 c001de6c
[ 8544.932114] Call Trace:
[ 8544.932114] [<001fc6ca>] ? unix_stream_sendmsg+0x1fa/0x390 [unix]
[ 8544.932114] [<0017f381>] ? sock_aio_write+0xe1/0x140
[ 8544.932114] [<0005aa39>] ? filemap_fault+0x59/0x320
[ 8544.932114] [<00069be1>] ? pax_mirror_file_pte+0xa1/0xd0
[ 8544.932114] [<00081270>] ? do_sync_write+0xb0/0xf0
[ 8544.932114] [<0001bfa8>] ? do_page_fault+0x148/0x3f0
[ 8544.932114] [<0001c02f>] ? do_page_fault+0x1cf/0x3f0
[ 8544.932114] [<000f33b2>] ? security_file_permission+0x12/0x70
[ 8544.932114] [<000813fc>] ? rw_verify_area+0x5c/0xd0
[ 8544.932114] [<00081cd0>] ? vfs_write+0x130/0x180
[ 8544.932114] [<00081dcc>] ? sys_write+0x3c/0x70
[ 8544.932114] [<001f6ded>] ? syscall_call+0x7/0xb
[ 8544.932114] [<00200246>] ? 0x200246
[ 8544.932114] [<00200246>] ? 0x200246
[ 8544.932114] Code: 9c 59 fa 8b 18 89 42 04 89 1a 89 10 89 53 04 8b 50 08 42 89 50 08 51 9d 5b c3 90 8d 74 26 00 53 9c 59 fa 8b 58 04 89 02 89 5a 04 <89> 13 89 50 04 8b 58 08 43 89 58 08 51 9d 5b c3 8d 74 26 00 53
[ 8544.932114] EIP: [<0018528c>] SS:ESP 0068:c001de04
[ 8544.932114] ---[ end trace cfcc70bd9c1ef350 ]---

Then I keep getting this kind of traces whenever somebody tries to send mail to my postfix, until I arrive and restart it. I end up with zombie postfix processes and a tainted kernel. So far it happened every time which is twice, on 2.6.36.1 and 2.6.36.2
linkfanel
 
Posts: 39
Joined: Fri Jul 14, 2006 8:26 pm
Top

Re: Postfix traces

Postby spender » Mon Dec 20, 2010 2:50 pm

Can you make your vmlinux file available somewhere and email me the URL?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron