__fput unable to handle kernel paging request at ffffffbfa02c6430

[miroR]

Nov 25 06:15:10 gdOv kernel: [ 6127.027227] BUG: unable to handle kernel paging request at ffffffbfa02c6430
Nov 25 06:15:10 gdOv kernel: [ 6127.029802] IP: [] __fput+0xbf/0x220
Nov 25 06:15:10 gdOv kernel: [ 6127.031149] PGD 1bec067
Nov 25 06:15:10 gdOv kernel: [ 6127.031161] PUD 0
Nov 25 06:15:10 gdOv kernel: [ 6127.032506]
Nov 25 06:15:10 gdOv kernel: [ 6127.033855] Oops: 0000 [#1] SMP
Nov 25 06:15:10 gdOv kernel: [ 6127.035216] Modules linked in: nfnetlink_queue nfnetlink_log nfnetlink bluetooth rfkill nf_log_ipv4 nf_log_common xt_LOG xt_tcpudp xt_conntrack iptable_filter iptable_mangle iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_raw ip_tables x_tables cx22702 isl6421 cx24123 cx88_dvb cx88_vp3054_i2c videobuf2_dvb dvb_core wm8775 ir_rc5_decoder ir_lirc_codec lirc_dev rc_hauppauge tuner_simple tuner_types tda9887 tda8290 tuner edac_mce_amd edac_core kvm_amd cx88_alsa cx8800 cx8802 kvm cx88xx videobuf2_dma_sg videobuf2_memops videobuf2_v4l2 tveeprom v4l2_common mxm_wmi videobuf2_core irqbypass amdkfd evdev videodev radeon pcspkr k10temp serio_raw media snd_hda_codec_realtek snd_hda_codec_generic ttm drm_kms_helper snd_hda_intel drm i2c_algo_bit sp5100_tco fb_sys_fops nuvoton_cir
Nov 25 06:15:10 gdOv kernel: [ 6127.041723] rc_core syscopyarea sysfillrect sg sysimgblt snd_hda_codec acpi_cpufreq wmi shpchp snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore button ext4 crc16 jbd2 fscrypto mbcache xts gf128mul algif_skcipher af_alg dm_crypt dm_mod sr_mod cdrom sd_mod ata_generic uas usb_storage ohci_pci psmouse firewire_ohci r8169 firewire_core mii crc_itu_t sky2 pata_atiixp ahci libahci ohci_hcd xhci_pci ehci_pci ehci_hcd xhci_hcd libata i2c_piix4 usbcore scsi_mod fjes
Nov 25 06:15:10 gdOv kernel: [ 6127.049145] CPU: 1 PID: 29962 Comm: tshark Not tainted 4.9.65-unofficial+grsec171124-19 #1
Nov 25 06:15:10 gdOv kernel: [ 6127.051097] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./970 Extreme4, BIOS P2.60 11/11/2013
Nov 25 06:15:10 gdOv kernel: [ 6127.053120] task: ffff880051d7c5c0 task.stack: ffffc9000da28000
Nov 25 06:15:10 gdOv kernel: [ 6127.055128] RIP: 0010:[] [] __fput+0xbf/0x220
Nov 25 06:15:10 gdOv kernel: [ 6127.057197] RSP: 0018:ffffc9000da2bdc0 EFLAGS: 00010246
Nov 25 06:15:10 gdOv kernel: [ 6127.059245] RAX: ffffffbfa02c63c0 RBX: ffff880085932c00 RCX: 0000000000000001
Nov 25 06:15:10 gdOv kernel: [ 6127.061356] RDX: ffff880085932cd8 RSI: 0000000000000010 RDI: ffff880085932c00
Nov 25 06:15:10 gdOv kernel: [ 6127.063411] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
Nov 25 06:15:10 gdOv kernel: [ 6127.065374] R10: ffff880085932c10 R11: 0000000000000000 R12: ffff8801248401e8
Nov 25 06:15:10 gdOv kernel: [ 6127.067307] R13: ffff8803216900a0 R14: ffff8800757447d0 R15: ffff8801248401e8
Nov 25 06:15:10 gdOv kernel: [ 6127.069179] FS: 0000030bfe92aec0(0000) GS:ffff88032fc80000(0000) knlGS:0000000000000000
Nov 25 06:15:10 gdOv kernel: [ 6127.071043] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov 25 06:15:10 gdOv kernel: [ 6127.072818] CR2: ffffffbfa02c6430 CR3: 00000000017e5000 CR4: 00000000000006f0
Nov 25 06:15:10 gdOv kernel: [ 6127.074626] Stack:
Nov 25 06:15:10 gdOv kernel: [ 6127.076448] ffff880085932c10 ffff880085932c00 ffff880051d7c5c0 ffffffff828b5df0
Nov 25 06:15:10 gdOv kernel: [ 6127.078290] 0000000000000000 ffff880051d7cd60 ffff880085a0a800 ffffffff81078e54
Nov 25 06:15:10 gdOv kernel: [ 6127.080172] ffff880051d7cd94 ffff880051d7c5c0 ffffc9000da2be68 ffff88031ef82140
Nov 25 06:15:10 gdOv kernel: [ 6127.082044] Call Trace:
Nov 25 06:15:10 gdOv kernel: [ 6127.083915] [] ? task_work_run+0x74/0xa0
Nov 25 06:15:10 gdOv kernel: [ 6127.085843] [] ? do_exit+0x2f1/0xb80
Nov 25 06:15:10 gdOv kernel: [ 6127.087739] [] ? return_from_SYSCALL_64+0xd/0x73
Nov 25 06:15:10 gdOv kernel: [ 6127.089663] [] ? do_group_exit+0x49/0xb0
Nov 25 06:15:10 gdOv kernel: [ 6127.091527] [] ? sys_exit_group+0xb/0x10
Nov 25 06:15:10 gdOv kernel: [ 6127.093367] [] ? entry_SYSCALL_64_fastpath+0x17/0xa8
Nov 25 06:15:10 gdOv kernel: [ 6127.095141] Code: d8 00 00 00 48 39 c2 0f 85 13 01 00 00 48 89 df e8 47 36 05 00 f6 43 41 20 0f 85 1b 01 00 00 48 89 df e8 b5 92 0a 00 48 8b 43 28 <48> 8b 40 70 48 85 c0 74 08 48 89 de 4c 89 e7 ff d0 48 89 df e8
Nov 25 06:15:10 gdOv kernel: [ 6127.098876] RIP [] __fput+0xbf/0x220
Nov 25 06:15:10 gdOv kernel: [ 6127.100696] RSP
Nov 25 06:15:10 gdOv kernel: [ 6127.102533] CR2: ffffffbfa02c6430
Nov 25 06:15:10 gdOv kernel: [ 6127.112137] ---[ end trace 0d9c001ca28ee136 ]---
Nov 25 06:15:10 gdOv kernel: [ 6127.112139] grsec: banning user with uid 1000 until system restart for suspicious kernel crash
Nov 25 06:15:10 gdOv kernel: [ 6127.112351] Fixing recursive fault but reboot is needed!

[miroR]

I'd say at least some of my issues are due to attacks... On another system this same kernel, so far: no issues.
I do have network dumps every time I connect online (only with this system in which Oopses occur), I'll see if I can read, or: get help on the network side of this issue) and see what exactly is causing these diverse Oopses.
But its huge work...

[miroR]

I wrote touching this and other of issues I opened at:
https://lists.dyne.org/lurker/message/20171125.150713.667b90e0.en.html

[theLOICofFRANCE]

I think you have a lot of modules.
Use the following command to identify your drivers:
lspci -vvvv | grep Kernel | cut -d : -f 2 | sort | uniq

Because that should be "y", not "m" (more safe) in your kernel config.

1] Did you get the ip address of the attacker in your log or by GRKERNSEC_PROC_IPADDR?
2] Do you use wireshark every time you use the network?
2] Do you use virtualization?

[miroR]

Let me reply to some of your questions below.

On 171125-20:45+0000, Loïc wrote: I think you have a lot of modules. Use the following command to identify your drivers: `lspci -vvvv | grep Kernel | cut -d : -f 2 | sort | uniq`

just: # lspci -vvvv | grep Kernel | cut -d : -f 2 | sort | uniq (i.e.: without backticks)

Because that should be "y", not "m" (more safe) in your kernel config.

It's what I do for kernel for my own use, only my hardware, and no separately compiled modules, running in my Air-Gapped currently, compiled later, named: # uname -r 4.9.65-unofficial+grsec171124-23 But the one you're looking at, is what I'm trying to prepare for ambitious newbies in either: Grsecurity/Pax installation on Devuan GNU/Linux https://dev1galaxy.org/viewtopic.php?id=596 or: Grsecurity/Pax installation on Debian GNU/Linux http://forums.debian.net/viewtopic.php?f=16&t=108616&p=658841#p658841 and that's the kernel that I'd like to work for most of users, if I manage to prepare it correctly (and I'd be more greatful if you or minipli or some other more knowledgeable contributor here looks at it before I can recommend it for Devuan/Debian users (of course, only if any of you find it worthwhile, and if keep in good form to be able to prepare it every so often; corsac kernel is precious absolutely, but I like to do the testing of the new kernels, well, new LTS grsec-unoff kernels). And that kernel is named: $ uname -r 4.9.65-unofficial+grsec171124-19 $ And this one has to have most modules enabled for the above reason.

1] Did you get the ip address of the attacker in your log or by GRKERNSEC_PROC_IPADDR?

I've been busy writing to Devuan ML, but... (read on)

2] Do you use wireshark every time you use the network?

...but I run https://github.com/miroR/uncenz whenever I connect online, and I do have all the traces, will work them with https://github.com/miroR/tshark-streams and https://github.com/miroR/tshark-hosts-conv on top of looking them up with Wireshark, as soon as I manage to get to you and to minipli more info that you asked for (well, the other info, step by step, this point 2] of yours later).

2] Do you use virtualization?

I do have it enabled, but haven't been using it in Devuan yet. I did in Gentoo previously. Have no Gentoo now (other than an old dd'dumped image or two, dd'dumped images that I use for cloning, I mean). I'll look up the /var/log/kern.log to get more info for the next question, by @minipli, for me to reply: vma_wants_writenotify general protection fault #18 (comment)

What did you do to trigger this? Can you reproduce this on vanilla?

Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr

[miroR]

Nov 29 13:10:37 gdOv kernel: [50733.378555] BUG: unable to handle kernel paging request at ffffffbf825ab851
Nov 29 13:10:37 gdOv kernel: [50733.381207] IP: [<ffffffff825a621f>] schedule+0x5f/0xd0
Nov 29 13:10:37 gdOv kernel: [50733.382628] PGD 2c39067 
Nov 29 13:10:37 gdOv kernel: [50733.382643] PUD 0 
Nov 29 13:10:37 gdOv kernel: [50733.383992] 
Nov 29 13:10:37 gdOv kernel: [50733.385415] Oops: 0000 [#1] SMP
Nov 29 13:10:37 gdOv kernel: [50733.386758] CPU: 2 PID: 29078 Comm: mplayer Not tainted 4.9.65-unofficial+grsec171124-23 #1
Nov 29 13:10:37 gdOv kernel: [50733.388151] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./970 Extreme4, BIOS P2.60 11/11/2013
Nov 29 13:10:37 gdOv kernel: [50733.389588] task: ffff88012b850c80 task.stack: ffffc90006a38000
Nov 29 13:10:37 gdOv kernel: [50733.391064] RIP: 0010:[<ffffffff825a621f>]  [<ffffffff825a621f>] schedule+0x5f/0xd0
Nov 29 13:10:37 gdOv kernel: [50733.392591] RSP: 0018:ffffc90006a3be18  EFLAGS: 00010246
Nov 29 13:10:37 gdOv kernel: [50733.394103] RAX: 0000000000000000 RBX: ffff88012b850c80 RCX: ffffffbf825ab861
Nov 29 13:10:37 gdOv kernel: [50733.395572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88015fe89340
Nov 29 13:10:37 gdOv kernel: [50733.397140] RBP: ffffc90006a3be20 R08: 00002e2449017aa1 R09: 0000000000000000
Nov 29 13:10:37 gdOv kernel: [50733.398577] R10: 0000000000000000 R11: 000000000010e467 R12: ffff88012b850c80
Nov 29 13:10:37 gdOv kernel: [50733.400007] R13: ffff88012b850c80 R14: ffffc90006a3bf10 R15: 000000000000c350
Nov 29 13:10:37 gdOv kernel: [50733.401439] FS:  000003637118e2c0(0000) GS:ffff88032fd00000(0000) knlGS:0000000000000000
Nov 29 13:10:37 gdOv kernel: [50733.402884] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov 29 13:10:37 gdOv kernel: [50733.404315] CR2: ffffffbf825ab851 CR3: 0000000002c24000 CR4: 00000000000006f0
Nov 29 13:10:37 gdOv kernel: [50733.405799] Stack:
Nov 29 13:10:37 gdOv kernel: [50733.407242]  ffffc90006a3be70 ffffc90006a3be58 ffffffbf825ab861 00000001811ba213
Nov 29 13:10:37 gdOv kernel: [50733.408733]  0000000000000000 0000000000000001 0000000000000000 000000000000c350
Nov 29 13:10:37 gdOv kernel: [50733.410242]  ffffc90006a3bf00 ffffffff811bbbed 00000001ffff4111 ffffc90006a3be70
Nov 29 13:10:37 gdOv kernel: [50733.411773] Call Trace:
Nov 29 13:10:37 gdOv kernel: [50733.413306]  [<ffffffff811bbbed>] ? hrtimer_nanosleep+0x10d/0x210
Nov 29 13:10:37 gdOv kernel: [50733.414899]  [<ffffffff811ba2a0>] ? __hrtimer_init+0x130/0x130
Nov 29 13:10:37 gdOv kernel: [50733.416464]  [<ffffffff825ab83c>] ? do_nanosleep+0x7c/0x190
Nov 29 13:10:37 gdOv kernel: [50733.418017]  [<ffffffff811bbfc7>] ? rap_sys_nanosleep+0x147/0x190
Nov 29 13:10:37 gdOv kernel: [50733.419546]  [<ffffffff825ad653>] ? entry_SYSCALL_64_fastpath+0x1e/0xec
Nov 29 13:10:37 gdOv kernel: [50733.421042] Code: 48 8b 1c 25 40 c3 00 00 31 ff eb 0b 97 ae 9d e0 ff ff ff ff cc cc cc e8 c0 f6 ff ff 48 8b 83 48 09 00 00 a8 08 75 e1 48 8b 4d 08 <48> 81 79 f0 07 6e 9d db 75 55 5b 5d 48 0f ba 2c 24 3f c3 48 8b 
Nov 29 13:10:37 gdOv kernel: [50733.424235] RIP  [<ffffffff825a621f>] schedule+0x5f/0xd0
Nov 29 13:10:37 gdOv kernel: [50733.425734]  RSP <ffffc90006a3be18>
Nov 29 13:10:37 gdOv kernel: [50733.427217] CR2: ffffffbf825ab851
Nov 29 13:10:37 gdOv kernel: [50733.434535] ---[ end trace 5839dca3c96a9e37 ]---

If anybody bets, yes, it happened as I went online, and after just minutes online altogether this day, in two separate sessions... (this is third short session today)...
Any more info, I' ll try and provide A.S.A.P.

[minipli]

The last comment is a different bug. It traps in schedule(). Please create a new issue for that one if you're able to reproduce it with a recent kernel. Please also mind the closing thoughts of #13 (comment).

[miroR]

Please also mind the closing thoughts of #13 (comment).

Pasting it here for completeness:

But just one more thought: All of your reports hint at memory related issues. Are you overclocking / overvolting your system? Or is the CPU overheating? Could you run a memory stress test like memtest86 on those systems? Those addresses and call traces just look too odd, so memory problems might be the real issue here.

Well, the report follows...

As promised, I tested the memory of the system in question.

The looks of all the stages contain the same input throughout the screen, except for

                                               just the top right
                                             |   |   |   |   |   |   |
                                             v   v   v   v   v   v

      Memtest86+ 5.01       | AMD Phenom(tm) II X4 965 Processor
CLK: 3214 MHz  (X64 Mode)   | Pass 
L1 Cache:   64K  28697 MB/s | Test 
L2 Cache:  512K  14949 MB/s | Test #
L3 Cache: 6144K   8734 MB/s | Testing: 
Memory  : 8166M        MB/s | Pattern:                    | Time:             
------------------------------------------------------------------------------
Core#: 0 (SMP: Disabled)  |  CPU Temp  | RAM: 640 MHz (DDR3-1280)
State: \ Running...       |    64°C    | Timings: CAS 9-9-9-24 @ 128-bit Mode
Cores:  1 Active /  1 Total (Run: All) | Pass:                Errors:         
------------------------------------------------------------------------------

Memory SPD Informations
------------------------------------------------------------------------------
  - Slot 0 : 4096 MB DDR3-1600 - Corsair CMZ16GX3M4X1600C9 *XMP*
  - Slot 1 : 4096 MB DDR3-1600 - Corsair CMZ16GX3M4X1600C9 *XMP*
  - Slot 2 : 4096 MB DDR3-1600 - Corsair CMZ16GX3M4X1600C9 *XMP*
  - Slot 3 : 4096 MB DDR3-1600 - Corsair CMZ16GX3M4X1600C9 *XMP*


                       Asrock 970 Extreme4 (CPUSocket)
(ESC)exit  (c)configuration (SP)scroll_lock  (CR)scroll_unlock

So, to report on the memory of the computer in which almost all the Call Traces happened (almost none happened in the Air-Gapped master machine, which is same hardware, same memory modules, same processor, and I repeat: my guess is it has to do with likely some exploits introduced from the network, namely (almost) only this clone machine has had all the Call Traces, while master and another clone --but which is not connected to online ever-- had almost none of those Call Traces.

So, I repeat, I believe those Call Traces have little to do with programming errors in grsecurity, rather it's some exploits and/or use of the Amd64 PSP functionality. Remember I have a very bad provider who does not really respects its users, and like to squash a user here and there a little occasionally...

But, alright, here follows the report on the memory, requested by minipli.

I will only need to fill in these, the top right corner of the screen:

AMD Phenom(tm) II X4 965 Processor
Pass 
Test 
Test #
Testing: 
Pattern:                    | Time:             

in some 5 different times that I took (some are a little approximative: while I was copying, the numbers would change).

(
And after that, just to keep the reader in suspense, I will only once more give the complete screen, because it will contain the on the middle right side the line with:

                                       | Pass:           ?    Errors:   ????  

showing the successful or failing result.
)

So...

| AMD Phenom(tm) II X4 965 Processor
| Pass 60% #####################
| Test 15% #######
| Test #10  [Modulo 20, Random pattern]
| Testing: 1024K - 2048M 2047M of 8166M
| Pattern: 1e5ab06b2-11       | Time: 0:38:04
--------------------------------------------------

| AMD Phenom(tm) II X4 965 Processor
| Pass 73% #####################
| Test 35% #######
| Test #10  [Modulo 20, Random pattern]
| Testing: 2048M - 3320M    1272M of 8166M
| Pattern: dabb81bc-12       | Time: 0:42:42
--------------------------------------------------

| AMD Phenom(tm) II X4 965 Processor
| Pass 98% #####################
| Test 86% #######
| Test #10  [Modulo 20, Random pattern]
| Testing: 6144M - 8192M    2048M of 8166M
| Pattern: bbcc4436-7        | Time: 0:52:59
--------------------------------------------------

| AMD Phenom(tm) II X4 965 Processor
| Pass 100% #####################################
| Test 93% #################################
| Test #10  [Modulo 20, Random pattern]
| Testing: 8192M - 8960M    768M of 8166M
| Pattern: ????????-?        | Time: 0:54:57
--------------------------------------------------

And the final screen is...

      Memtest86+ 5.01       | AMD Phenom(tm) II X4 965 Processor
CLK: 3214 MHz  (X64 Mode)   | Pass  0%
L1 Cache:   64K  28697 MB/s | Test  7% ##
L2 Cache:  512K  14949 MB/s | Test #3  [Moving inversions, 1s & 0s Parallel]
L3 Cache: 6144K   8734 MB/s | Testing: 1024K - 2048M    2047M of 8166M
Memory  : 8166M        MB/s | Pattern:   00000000           | Time: 0:55:50
------------------------------------------------------------------------------
Core#: 0 (SMP: Disabled)  |  CPU Temp  | RAM: 640 MHz (DDR3-1280)
State: \ Running...       |    64°C    | Timings: CAS 9-9-9-24 @ 128-bit Mode
Cores:  1 Active /  1 Total (Run: All) | Pass:       1        Errors:      0  
------------------------------------------------------------------------------


Memory SPD Informations
------------------------------------------------------------------------------
  - Slot 0 : 4096 MB DDR3-1600 - Corsair CMZ16GX3M4X1600C9 *XMP*
  - Slot 1 : 4096 MB DDR3-1600 - Corsair CMZ16GX3M4X1600C9 *XMP*
  - Slot 2 : 4096 MB DDR3-1600 - Corsair CMZ16GX3M4X1600C9 *XMP*
  - Slot 3 : 4096 MB DDR3-1600 - Corsair CMZ16GX3M4X1600C9 *XMP*


                       Asrock 970 Extreme4 (CPUSocket)
(ESC)exit  (c)configuration (SP)scroll_lock  (CR)scroll_unlock

There... Those call traces were, apparently. not caused by bad memory. Unless I'm missing something, in which case, pls. do tell, @minipli, @HacKurx, other kind and knowledgeable reader.

[miroR]

Let me reply to this part of #13 (comment)

There have been some fixes to the block layer in later versions, so could you please try to reproduce the relevant bugs (with tshark?) on a recent version and, if you can, open new issues -- one for each bug you hit?

Because apparently, same "unable to handle kernel paging request at " can be found also in that now justly closed issue (my fault: mixing different bugs, sorry!) also, as minipli already referenced it, at:
EDIT 2017-12-30, corrected wrong comment link:
#13 (comment)

I'm not online all the time. And I always first start my https://github.com/miroR/uncenz program first, so I have all the traces (but alas, not enough time to study them, and also they are local traces)....
So, my reproducing or not of those depends on whether other conditions that lead to that bug happening will be there. As far as my doing, I will continue to always run my uncenz when online, which, of course, includes the run of tshark

[miroR]

Nothing in particular was going on in the system, IIRC, this is the regular cron last lines before the crash:

Dec 27 18:30:01 gdOv kernel: [117109.435668] grsec: (www-data:U:/usr/bin/lurker-prune) chdir to /var/lib/lurker/www by /usr/bin/lurker-prune[lurker-prune:9612] uid/euid:33/33 gid/egid:33/33, parent /bin/dash[sh:9611] uid/euid:33/33 gid/egid:33/33
Dec 27 18:32:15 gdOv kernel: [117243.579203] grsec: (root:U:/sbin/dhclient-script) exec of /sbin/dhclient-script (/sbin/dhclient-script ) by /sbin/dhclient-script[dhclient:9615] uid/euid:0/0 gid/egid:0/0, parent /sbin/dhclient[dhclient:7675] uid/euid:0/0 gid/egid:0/0
Dec 27 18:32:15 gdOv kernel: [117243.582954] grsec: (root:U:/bin/run-parts) exec of /bin/run-parts (run-parts --list /etc/dhcp/dhclient-enter-hooks.d ) by /bin/run-parts[dhclient-script:9616] uid/euid:0/0 gid/egid:0/0, parent /sbin/dhclient-script[dhclient-script:9615] uid/euid:0/0 gid/egid:0/0
Dec 27 18:32:15 gdOv kernel: [117243.587284] grsec: (root:U:/bin/run-parts) exec of /bin/run-parts (run-parts --list /etc/dhcp/dhclient-exit-hooks.d ) by /bin/run-parts[dhclient-script:9617] uid/euid:0/0 gid/egid:0/0, parent /sbin/dhclient-script[dhclient-script:9615] uid/euid:0/0 gid/egid:0/0

But then in less than two more minutes, I try to run mplayer on a recorded video, the screen goes blank, black actually:

Dec 27 18:33:56 gdOv kernel: [117344.867186] grsec: (mr:U:/usr/bin/mplayer) exec of /usr/bin/mplayer (mplayer -use-filedir-conf Nova_H1227_1816.m2t ) by /usr/bin/mplayer[bash:9618] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3476] uid/euid:1000/1000 gid/egid:1000/1000

and the trace happens:

Dec 27 18:33:57 gdOv kernel: [117345.225913] BUG: unable to handle kernel paging request at ffffffbf82633208
Dec 27 18:33:57 gdOv kernel: [117345.234922] IP: [<ffffffff812e764e>] vfs_getattr_nosec+0x3e/0x130
Dec 27 18:33:57 gdOv kernel: [117345.239599] PGD 2c35067 
Dec 27 18:33:57 gdOv kernel: [117345.239652] PUD 0 
Dec 27 18:33:57 gdOv kernel: [117345.244313] 
Dec 27 18:33:57 gdOv kernel: [117345.248971] Oops: 0000 [#1] SMP
Dec 27 18:33:57 gdOv kernel: [117345.253708] CPU: 1 PID: 9618 Comm: mplayer Not tainted 4.9.70-unofficial+grsec171220-17 #1
Dec 27 18:33:57 gdOv kernel: [117345.258624] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./970 Extreme4, BIOS P2.60 11/11/2013
Dec 27 18:33:57 gdOv kernel: [117345.263655] task: ffff88031d6d0500 task.stack: ffffc90006fa8000
Dec 27 18:33:57 gdOv kernel: [117345.268768] RIP: 0010:[<ffffffff812e764e>]  [<ffffffff812e764e>] vfs_getattr_nosec+0x3e/0x130
Dec 27 18:33:57 gdOv kernel: [117345.273979] RSP: 0018:ffffc90006fabe30  EFLAGS: 00010286
Dec 27 18:33:57 gdOv kernel: [117345.279150] RAX: ffffffbf82633200 RBX: ffff88031b758988 RCX: ffffffff812e77f1
Dec 27 18:33:57 gdOv kernel: [117345.284369] RDX: 0000000000000000 RSI: ffff8801a4d95270 RDI: ffff88031b758988
Dec 27 18:33:57 gdOv kernel: [117345.289563] RBP: ffffc90006fabe48 R08: 000003e037be7ef0 R09: 000003e037c01a00
Dec 27 18:33:57 gdOv kernel: [117345.294741] R10: 000003f3a5c00740 R11: ffff88031d6d0500 R12: ffffc90006fabe90
Dec 27 18:33:57 gdOv kernel: [117345.299912] R13: ffff880068f27580 R14: 000003e037c1d040 R15: 0000000000000000
Dec 27 18:33:57 gdOv kernel: [117345.305094] FS:  0000000000000000(0000) GS:ffff88032fc80000(0000) knlGS:0000000000000000
Dec 27 18:33:57 gdOv kernel: [117345.310308] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Dec 27 18:33:57 gdOv kernel: [117345.315494] CR2: ffffffbf82633208 CR3: 0000000002c1e000 CR4: 00000000000006f0
Dec 27 18:33:57 gdOv kernel: [117345.320751] Stack:
Dec 27 18:33:57 gdOv kernel: [117345.325976]  ffff88031b758900 ffff88031b758900 ffffc90006fabe90 ffffc90006fabe78
Dec 27 18:33:57 gdOv kernel: [117345.331424]  ffffffff812e781a 00000003ffff4111 000003f3a5c005e0 000003e037c01a00
Dec 27 18:33:57 gdOv kernel: [117345.336919]  0000000000000000 ffffc90006fabf08 ffffffff812e7979 00000003ffff4111
Dec 27 18:33:57 gdOv kernel: [117345.342509] Call Trace:
Dec 27 18:33:57 gdOv kernel: [117345.348041]  [<ffffffff812e781a>] vfs_fstat+0x6a/0xd0
Dec 27 18:33:57 gdOv kernel: [117345.353673]  [<ffffffff812e7979>] SYSC_newfstat+0x49/0xb0
Dec 27 18:33:57 gdOv kernel: [117345.359284]  [<ffffffff812e85da>] rap_sys_newfstat+0x3a/0x70
Dec 27 18:33:57 gdOv kernel: [117345.364869]  [<ffffffff8256a313>] entry_SYSCALL_64_fastpath+0x1e/0xec
Dec 27 18:33:57 gdOv kernel: [117345.370402] Code: 4c 89 6d f8 49 89 f4 eb 10 07 6e 9d db ff ff ff ff cc cc cc cc cc cc cc cc 48 8b 73 08 4c 8b ae c8 00 00 00 49 8b 85 78 01 00 00 <48> 8b 40 08 48 85 c0 0f 84 b2 00 00 00 48 ba 00 00 00 00 00 00 
Dec 27 18:33:57 gdOv kernel: [117345.382099] RIP  [<ffffffff812e764e>] vfs_getattr_nosec+0x3e/0x130
Dec 27 18:33:57 gdOv kernel: [117345.387677]  RSP <ffffc90006fabe30>
Dec 27 18:33:57 gdOv kernel: [117345.393200] CR2: ffffffbf82633208
Dec 27 18:33:57 gdOv kernel: [117345.422705] ---[ end trace 9860974f5c2eb821 ]---
Dec 27 18:33:57 gdOv kernel: [117345.422712] grsec: banning user with uid 1000 until system restart for suspicious kernel crash
Dec 27 18:33:57 gdOv kernel: [117345.451144] grsec: (root:U:/bin/bash) special role admin (id 15) exited by /bin/bash[bash:3635] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sudo[sudo:3634] uid/euid:0/0 gid/egid:0/0
Dec 27 18:33:57 gdOv kernel: [117345.566438] grsec: (root:U:/sbin/agetty) exec of /sbin/agetty (/sbin/getty 38400 tty6 ) by /sbin/agetty[init:9619] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

This is just the reboot:

Dec 27 18:37:10 gdOv kernel: [   44.225432] grsec: exec of /usr/bin/stat (/usr/bin/stat -L --format=%d %i /var/run ) by /usr/bin/stat[mountall.sh:1349] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1348] uid/euid:0/0 gid/egid:0/0
Dec 27 18:37:10 gdOv kernel: [   44.228852] grsec: exec of /usr/bin/stat (/usr/bin/stat -L --format=%d %i /run ) by /usr/bin/stat[mountall.sh:1351] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1350] uid/euid:0/0 gid/egid:0/0
Dec 27 18:37:10 gdOv kernel: [   44.230738] grsec: exec of /bin/uname (uname -s ) by /bin/uname[mountall.sh:1352] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1268] uid/euid:0/0 gid/egid:0/0
Dec 27 18:37:10 gdOv kernel: [   44.233422] grsec: exec of /bin/readlink (readlink /var/lock ) by /bin/readlink[mountall.sh:1353] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1268] uid/euid:0/0 gid/egid:0/0
Dec 27 18:37:10 gdOv kernel: [   44.236602] grsec: exec of /usr/bin/stat (/usr/bin/stat -L --format=%d %i /var/lock ) by /usr/bin/stat[mountall.sh:1355] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1354] uid/euid:0/0 gid/egid:0/0
Dec 27 18:37:10 gdOv kernel: [   44.239251] grsec: exec of /usr/bin/stat (/usr/bin/stat -L --format=%d %i /run/lock ) by /usr/bin/stat[mountall.sh:1357] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1356] uid/euid:0/0 gid/egid:0/0
Dec 27 18:37:10 gdOv kernel: [   44.241130] grsec: exec of /bin/uname (uname -s ) by /bin/uname[mountall.sh:1358] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1268] uid/euid:0/0 gid/egid:0/0
Dec 27 18:37:10 gdOv kernel: [   44.243866] grsec: exec of /bin/readlink (readlink /dev/shm ) by /bin/readlink[mountall.sh:1359] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1268] uid/euid:0/0 gid/egid:0/0
Dec 27 18:37:10 gdOv kernel: [   44.245343] grsec: exec of /usr/bin/stat (/usr/bin/stat -L --format=%d %i /dev/shm ) by /usr/bin/stat[mountall.sh:1361] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/mountall.sh[mountall.sh:1360] uid/euid:0/0 gid/egid:0/0

[miroR]

In the comment further up in this issue:
fput unable to handle kernel paging request at ffffffbfa02c6430
#19 (comment)
I link to issue:
NULL pointer deref in do_blockdev_direct_IO()
#13 (comment)

I have, relatively recently figured out what I today explained in the comment to @HacKurx 's pull at:
#30

And let me bring the old suspicion that verified --but in the way I forgot to consider at the fime of my checking of the memory with memtest86+ above in this issue...

This was correct. @minipli wrote in #13 (comment):

But just one more thought: All of your reports hint at memory related issues. Are you overclocking / overvolting your system? Or is the CPU overheating? Could you run a memory stress test like memtest86 on those systems? Those addresses and call traces just look too odd, so memory problems might be the real issue here.

Actually this particular suspicion was very very true:

Or is the CPU overheating?

Only it wasn't the memory, but the stupid cooling paste... Aarrrggh!

[theLOICofFRANCE]

Can you reproduce this with kernel 4.18?

And as I repeat "Sorry but you can't expect us to solve your problems because we have more important things to solve."

With kind regards,

Loic

[miroR]

@HacKurx wrote in reply to me (my comment immediately previous to there):
#30 (comment)

Sorry but you can't expect us to solve your problems because we have more important things to solve.

No, I'm not trying to ask for help! And to me, reporting what goes wrong is an obbligation in FOSS, not something to not do... I was trying to explain that the picture is not as bad as all the bugs/attacks/failing hardware/something-else tended to paint it...

@HacKurx wrote also:

Can you reproduce this with kernel 4.18?

I can try and find time, and install 4.18... But gimme more time, I'm working all the time... Unfortunately, not all the time that I would want to have can I dedicate to grsec... However much that I find it still, even incomplete as we currently have in deppersec, one of the best things in GNU/Linux...

I can try... This is not a promise to do it, but a strong desire and a promise to try to do it...

Pls. tell me, is there anything ready to try out from minipli or your? Just to test, no code perusal (at this time) from me.

[miroR]

@HacKurx:
I have no config to place in 4.18.1, i.e. no 4.9 kernel can fit in (tried, it's a no go), and a couple of hours to configure the kernel from ground up, I also do not have.

Would testing it with the Devuan/Debian stock kernel:
linux-image-4.16.0-2-amd64
be as good as testing with the latest? Thanks!

[theLOICofFRANCE]

@miroR

Pls. tell me, is there anything ready to try out from minipli or your?

No news from Minipli so I can't speak for him.
As for me, I'm only going to maintain a few grsec options for latest kernel release.

Dapperlinux is to be followed with interest indeed ;)