FS#46633 - [linux-grsec] Segmentation fault on boot, drops to recovery shell.

Attached to Project: Community Packages
Opened by archaurwiki (archaurwiki) - Friday, 09 October 2015, 21:25 GMT
Last edited by Daniel Micay (thestinger) - Tuesday, 13 October 2015, 16:44 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Daniel Micay (thestinger)
Architecture x86_64
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No

Details

Description:

Segmentation fault, drops to recovery shell, shell doesn't accept input.

Additional info:
* package version(s)
4.2.3.201510072230-1

* Environment
- Running Arch within Arch
- VirtualBox 5.0.4-1
- /boot on own partition
- LVM for swap and root
- Not running LUKS
- grub 1:2.02.beta2-5

* Notes
- Multiple kernels installed. Linux 4.2.2-1 boots as expected.
- Changing fstab UUID=* to /dev/mapper/* has no alternate effect.

Steps to reproduce:

1. Upgrade: 4.1.7.201509201149-1 to 4.2.3.201510072230-1
2. Reboot (also tested with cold boot)
3. Segmentation fault after ":: Triggering uevents..."
4. Drops to recovery shell but shell doesn't accept input.

Screenshot attached.
   grsec_crash.png (7.3 KiB)
This task depends upon

Closed by  Daniel Micay (thestinger)
Tuesday, 13 October 2015, 16:44 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed by 4.2.3.201510111839-1.
Comment by archaurwiki (archaurwiki) - Friday, 09 October 2015, 21:32 GMT
4.1.7 to 4.2.3 is somewhat of a jump so I'm yet not sure if this is an upstream issue. This could also be related to the fact that stable grsec patches are no longer free.
Comment by Daniel Micay (thestinger) - Friday, 09 October 2015, 23:06 GMT
> This could also be related to the fact that stable grsec patches are no longer free.

No reason it would be related to that. The linux-grsec package has always been the test patch, i.e. the one follow 'stable' upstream releases rather than sticking with a specific longterm release for years.
Comment by Michal Svoboda (pht) - Saturday, 10 October 2015, 08:51 GMT
Happens here too, but only inside qemu-kvm vm's ... bare metal host boots ok with same kernel.
Comment by archaurwiki (archaurwiki) - Saturday, 10 October 2015, 12:36 GMT
Confirmed. Can only reproduce with KVM or "default" paravirtualization settings. Hyper-V and the rest work fine - most of the time (erratic grsec bruteforce complaints with systemd, not always reproducible though).
Comment by stoffl (stoffl) - Sunday, 11 October 2015, 22:00 GMT
Same steps to reproduce:

1. Upgrade: 4.1.7.201509201149-1 to 4.2.3.201510072230-1
2. Reboot
3. Segmentation fault
4. Drops to recovery shell but shell doesn't accept input.

Same results:
* segmentation fault in initramfs
* erratic grsec bruteforce complaints with systemd, bash, sh

But in VMs and on VM hosts, too.
Comment by Daniel Micay (thestinger) - Tuesday, 13 October 2015, 02:13 GMT
This is likely fixed by 4.2.3.201510111839, uploading it soon.
Comment by archaurwiki (archaurwiki) - Tuesday, 13 October 2015, 05:49 GMT
The segfault has been fixed but now bruteforce prevention is always initiated (always reproducible) on shutdown for mkinitcpio (mkinitcpio-generate-shutdown-ramfs.service). Screenshot attached.
   grsec_bruteforce_mkinitcpio.p... (8.1 KiB)
Comment by Daniel Micay (thestinger) - Tuesday, 13 October 2015, 16:43 GMT
I don't think that's related. Issues like this need to be reported upstream if you want them to be fixed though, there's nothing I can do beyond passing along the reports to upstream when the issues aren't already reported in the grsecurity forums.

Loading...