FS#46811 - [linux-grsec] system freezes as soon as wifi connection is used

Attached to Project: Community Packages
Opened by Pascal Ernster (hardfalcon) - Tuesday, 20 October 2015, 19:28 GMT
Last edited by Daniel Micay (thestinger) - Tuesday, 27 October 2015, 06:13 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Daniel Micay (thestinger)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Since I installed (and rebooted into) linux-grsec 4.2.3.201510171833-1, my laptop (Thinkpad T440p) immediately freezes or crashes as soon as I try to send data over my wifi connection. According to lspci, my wifi card is a "Intel Corporation Centrino Advanced-N 6235 (rev 24)" that is being handled by the iwlwifi module. The crash does not occur upon establishing the wifi connection but only upon actually sending data over the established connection (launching Firefox, Thunderbird oder Pidgin suffices to trigger a crash). Installing linux-grsec 4.2.3.201510191935-1 has not changed anything about this problem, and those crashes do *not* occur when using the stock Archlinux kernel.

Additional info:
* package version(s): linux-grsec >= 4.2.3.201510171833-1
* config and/or log files etc.: If you can tell me how to get a dmesg off a freezed computer, I shall give you a dmesg of the crash.


Steps to reproduce:
1. Install linux-grsec >= 4.2.3.201510171833-1
2. Reboot into linux-grsec >= 4.2.3.201510171833-1
3. Establish a wifi connection
4. Send data over said connection and enjoy the pleasures of an immediate freeze/crash.
This task depends upon

Closed by  Daniel Micay (thestinger)
Tuesday, 27 October 2015, 06:13 GMT
Reason for closing:  Fixed
Comment by John (KernelProblems) - Wednesday, 21 October 2015, 01:13 GMT
This is also happening to me while using the 4.2.3.201510191935 patch. The previous patch fixed the issues with unplugging usbs/sd cards causing the system to freeze, but now connecting to wifi freezes everything in the same way. Lspci shows my wifi card as "Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01)." Using stock linux kernel doesn't cause this issue for me either.
Comment by Daniel Micay (thestinger) - Wednesday, 21 October 2015, 03:56 GMT
Try the recently uploaded 4.2.3.201510200858. It turns the overflows detected by the size_overflow plugin into soft failures (error logged) for the time being. You can probably get a useful error from the logs and then it can be fixed for when it's moved back to the hard failure mode.
Comment by Daniel Micay (thestinger) - Wednesday, 21 October 2015, 06:23 GMT
The overflow was probably fixed by the following change:

- Emese fixed a false positive that affected the iwlwifi driver among others, reported by victor
Comment by John (KernelProblems) - Wednesday, 21 October 2015, 07:13 GMT
Upgraded to 4.2.3.201510200858-1-grsec and connected to wifi fine, my driver ath9k was probably among the affected drivers everything is seemingly fixed now.

Thanks for the quick upload.
Comment by Daniel Micay (thestinger) - Wednesday, 21 October 2015, 07:17 GMT
Please check the kernel log to see if there are any size_overflow errors though. There may still be one or more overflows detected, but it will only report a warning for now.
Comment by John (KernelProblems) - Wednesday, 21 October 2015, 22:23 GMT
my journalctl --dmesg:

-- Logs begin at Thu 2015-09-24 05:04:52 UTC, end at Wed 2015-10-21 22:12:23 UTC. --
Oct 21 21:48:41 . kernel: Initializing cgroup subsys cpuset
Oct 21 21:48:41 . kernel: Initializing cgroup subsys cpu
Oct 21 21:48:41 . kernel: Initializing cgroup subsys cpuacct
Oct 21 21:48:41 . kernel: Linux version 4.2.3.201510200858-1-grsec (builduser@strcat) (gcc version 5.2.0 (GCC) ) #1 SMP PREEMPT Tue Oct 20 21:52:39
Oct 21 21:48:41 . kernel: Command line: BOOT_IMAGE=/vmlinuz-linux-grsec root= .
Oct 21 21:48:41 . kernel: x86/fpu: Supporting XSAVE feature 0x01: 'x87 floating point registers'
Oct 21 21:48:41 . kernel: x86/fpu: Supporting XSAVE feature 0x02: 'SSE registers'
Oct 21 21:48:42 . kernel: x86/fpu: Enabled xstate features 0x3, context size is 0x240 bytes, using 'standard' format.
Oct 21 21:48:42 . kernel: x86/fpu: Using 'eager' FPU context switches.
Oct 21 21:48:42 . kernel: e820: BIOS-provided physical RAM map:
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009d3ff] usable
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x000000000009d400-0x000000000009ffff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x0000000000100000-0x000000001fffffff] usable
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x0000000020000000-0x00000000201fffff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x0000000020200000-0x0000000040003fff] usable
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x0000000040004000-0x0000000040004fff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x0000000040005000-0x000000009ffaffff] usable
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x000000009ffb0000-0x00000000a13affff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000a13b0000-0x00000000aa3befff] usable
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000aa3bf000-0x00000000aaebefff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000aaebf000-0x00000000aafbefff] ACPI NVS
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000aafbf000-0x00000000aaffefff] ACPI data
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000aafff000-0x00000000aaffffff] usable
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000ab000000-0x00000000af9fffff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000e0000000-0x00000000efffffff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000feb00000-0x00000000feb03fff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000fed10000-0x00000000fed19fff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000fed1c000-0x00000000fed1ffff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x00000000ffb80000-0x00000000ffffffff] reserved
Oct 21 21:48:42 . kernel: BIOS-e820: [mem 0x0000000100000000-0x000000014f5fffff] usable
Oct 21 21:48:42 . kernel: NX (Execute Disable) protection: active
Oct 21 21:48:42 . kernel: SMBIOS 2.7 present.
Oct 21 21:48:42 . kernel: DMI: Dell Inc. Inspiron 3521/0MND5Y, BIOS A02 09/26/2012
Oct 21 21:48:42 . kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
Oct 21 21:48:42 . kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
Oct 21 21:48:42 . kernel: e820: last_pfn = 0x14f600 max_arch_pfn = 0x400000000
Oct 21 21:48:42 . kernel: MTRR default type: uncachable

Does it look fine?
Comment by Daniel Micay (thestinger) - Wednesday, 21 October 2015, 22:27 GMT
That's only a small fraction of the log and it wouldn't be happening that early. Need to see the whole thing.
Comment by John (KernelProblems) - Wednesday, 21 October 2015, 23:23 GMT
I found a few overflow errors when i ran dmesg -Hk:

Oct21 21:49] grsec: denied kernel module auto-load of fuse by uid 1000
[Oct21 21:50] IPv6: ADDRCONF(NETDEV_UP): wlp2s0: link is not ready
[ +0.256196] r8169 0000:01:00.0 enp1s0: link down
[ +0.000043] IPv6: ADDRCONF(NETDEV_UP): enp1s0: link is not ready
[ +0.060264] IPv6: ADDRCONF(NETDEV_UP): wlp2s0: link is not ready
[ +38.034290] IPv6: ADDRCONF(NETDEV_UP): wlp2s0: link is not ready
[ +0.249932] r8169 0000:01:00.0 enp1s0: link down
[ +0.000048] IPv6: ADDRCONF(NETDEV_UP): enp1s0: link is not ready
[ +0.849995] IPv6: ADDRCONF(NETDEV_UP): wlp2s0: link is not ready
[ +0.249586] r8169 0000:01:00.0 enp1s0: link down
[ +0.000041] IPv6: ADDRCONF(NETDEV_UP): enp1s0: link is not ready
[ +0.056936] IPv6: ADDRCONF(NETDEV_UP): wlp2s0: link is not ready
[ +3.229871] wlp2s0: authenticate with xx:xx:xx:xx:xx:xx
[ +0.039057] wlp2s0: send auth to xx:xx:xx:xx:xx:xx (try 1/3)
[ +0.002074] wlp2s0: authenticated
[ +0.001278] wlp2s0: associate with xx:xx:xx:xx:xx:xx (try 1/3)
[ +0.016406] wlp2s0: RX AssocResp from xx:xx:xx:xx:xx:xx (capab=0xc11 status=0 aid=4)
[ +0.000124] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
[ +0.000241] wlp2s0: associated

[ +0.707962] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.986868] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.000033] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.825526] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[Oct21 21:51] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +2.553826] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +4.726607] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.401195] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.255435] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.129999] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.129317] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.040011] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.114786] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.020591] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.101709] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.022681] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

[ +0.020402] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

If you need the lines preceding and proceeding the errors just let me know, I omitted them because the post would've been extremely long.
Comment by Daniel Micay (thestinger) - Wednesday, 21 October 2015, 23:26 GMT
Try with the latest kernel version (4.2.3.201510202025).
Comment by John (KernelProblems) - Wednesday, 21 October 2015, 23:47 GMT
Upgraded to 4.2.3.201510202025-1-grsec

[Oct21 23:33] IPv6: ADDRCONF(NETDEV_UP): wlp2s0: link is not ready
[ +0.276281] r8169 0000:01:00.0 enp1s0: link down
[ +0.000042] IPv6: ADDRCONF(NETDEV_UP): enp1s0: link is not ready
[ +0.069068] IPv6: ADDRCONF(NETDEV_UP): wlp2s0: link is not ready
[ +4.330844] wlp2s0: authenticate with xx:xx:xx:xx:xx:xx
[ +0.038970] wlp2s0: send auth to xx:xx:xx:xx:xx:xx (try 1/3)
[ +0.002026] wlp2s0: authenticated
[ +0.001269] wlp2s0: associate with xx:xx:xx:xx:xx:xx (try 1/3)
[ +0.016425] wlp2s0: RX AssocResp from xx:xx:xx:xx:xx:xx (capab=0xc11 status=0 aid=4)
[ +0.000128] wlp2s0: associated
[ +0.000070] IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
[ +0.526634] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

The overflow errors still show, but far less in number. Only 4 in total now. Still the same repeated error though.

Before the last overflow: [ +0.000030] PAX: size overflow detected in function minstrel_ht_get_rate net/mac80211/rc80211_minstrel_ht.c:1056 cicus.237_207 max, count: 21, decl: idx; num: 0; context: ieee80211_tx_rate;

the line: [ +25.034225] report_size_overflow: 1 callbacks suppressed

shows up which I don't remember seeing before. but for all I know it doesn't mean anything.
Comment by Pascal Ernster (hardfalcon) - Friday, 23 October 2015, 05:38 GMT
Thanks, the iwlwifi issue seems fixed now (tested with 4.2.4.201510222059-1-grsec).

dmesg still shows some size overflows detected by PAX in drivers/usb/class/cdc-acm.c though (see attached file).
   dmesg-pax.txt (7.8 KiB)
Comment by Pascal Ernster (hardfalcon) - Saturday, 24 October 2015, 10:37 GMT
Correction/Update: There is still a size overflow left in drivers/net/wireless/iwlwifi/dvm/lib.c:104.
   dmesg-iwlwifi.txt (1.9 KiB)
Comment by Pascal Ernster (hardfalcon) - Sunday, 25 October 2015, 07:22 GMT
And yet another one, this time in include/linux/skbuff.h:1969 on a Dell Optiplex 760.
   dmesg-ipv6_gro_receive.txt (2 KiB)
Comment by Daniel Micay (thestinger) - Monday, 26 October 2015, 01:02 GMT
Can you check how many issues are remaining with 4.2.4.201510251836-1?
Comment by Daniel Micay (thestinger) - Monday, 26 October 2015, 01:02 GMT
(just released, so might take a while for it to be available)
Comment by Pascal Ernster (hardfalcon) - Tuesday, 27 October 2015, 05:40 GMT
Yes, all size overflows seem fixed, I haven't encountered a single one since installing/running linux-grsec 4.2.4.201510251836-1. Thank you for the great support! :-)
Comment by Daniel Micay (thestinger) - Tuesday, 27 October 2015, 06:13 GMT
Great! Please file another bug if you notice any other size_overflow tracebacks.

Loading...