mencoder: page allocation failure: order:1, mode:0x2080024(GFP_ATOMIC|GFP_DMA32) (only 4.9.111, not with 4.9.107)

Not recorded because either exec_logging and audit_chdir were off or for some other reason, but this was running:

```

2018-07-15T06:11:03.035069+00:00 gdOv kernel: [  486.399411] grsec: (root:U:/usr/sbin/tripwire) exec of /usr/sbin/tripwire (tripwire -m c ) by /usr/sbin/tripwire[bash:4038] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3932] uid/euid:0/0 gid/egid:0/0

```
( of course, the above, I ran again at later time, as the timestamp shows )

```

```
And a tshark-based script of mine was running (and this is now consecutive order as it was happening, I'll only shorten for quicker reading.

```

2018-07-15T05:35:43.868594+00:00 gdOv kernel: [ 5468.682523] grsec: (mr:U:/usr/bin/tshark) chdir to /usr/lib/x86_64-linux-gnu/wireshark/extcap by /usr/bin/tshark[tshark:27474] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/tshark[tshark:27416] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:35:43.868599+00:00 gdOv kernel: [ 5468.682823] grsec: (mr:U:/) exec of /usr/lib/x86_64-linux-gnu/wireshark/extcap/udpdump (/usr/lib/x86_64-linux-gnu/wireshark/extcap/udpdump --extcap-interfaces ) by /usr/lib/x86_64-linux-gnu/wireshark/extcap/udpdump[tshark:27474] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/tshark[tshark:27416] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:35:43.870569+00:00 gdOv kernel: [ 5468.684846] grsec: (mr:U:/bin/rm) exec of /bin/rm (rm -v dump_180714_1029_gdO-frame-http-request-full_uri.txt ) by /bin/rm[tshark-hosts-co:27475] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/local/bin/tshark-hosts-conv.sh[tshark-hosts-co:25371] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:35:43.875621+00:00 gdOv kernel: [ 5468.689215] grsec: (mr:U:/usr/bin/tee) exec of /usr/bin/tee (tee -a dump_180714_1029_gdO_tHostsConv_180715_053528.log ) by /usr/bin/tee[tshark-hosts-co:27476] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/local/bin/tshark-hosts-conv.sh[tshark-hosts-co:25371] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:35:43.878566+00:00 gdOv kernel: [ 5468.692434] grsec: (mr:U:/usr/bin/tshark) chdir to /usr/lib/x86_64-linux-gnu/wireshark/extcap by /usr/bin/tshark[tshark:27477] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/tshark[tshark:27416] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:35:43.878588+00:00 gdOv kernel: [ 5468.692687] grsec: (mr:U:/usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump) exec of /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump (/usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --extcap-config --extcap-interface ssh ) by /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump[tshark:27477] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/tshark[tshark:27416] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:35:43.881564+00:00 gdOv kernel: [ 5468.695675] grsec: (mr:U:/bin/rm) exec of /bin/rm (rm -v dump_180714_1029_gdO.hosts ) by /bin/rm[tshark-hosts-co:27478] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/local/bin/tshark-hosts-conv.sh[tshark-hosts-co:25371] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:35:43.881596+00:00 gdOv kernel: [ 5468.695992] grsec: (mr:U:/usr/bin/tee) exec of /usr/bin/tee (tee -a dump_180714_1029_gdO_tHostsConv_180715_053528.log ) by /usr/bin/tee[tshark-hosts-co:27479] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/local/bin/tshark-hosts-conv.sh[tshark-hosts-co:25371] uid/euid:1000/1000 gid/egid:1000/1000

[ 75 lines cut here ]

2018-07-15T05:35:44.387711+00:00 gdOv kernel: [ 5469.201789] grsec: (mr:U:/) exec of /usr/lib/x86_64-linux-gnu/wireshark/extcap/udpdump (/usr/lib/x86_64-linux-gnu/wireshark/extcap/udpdump --extcap-interfaces ) by /usr/lib/x86_64-linux-gnu/wireshark/extcap/udpdump[tshark:27537] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/tshark[tshark:27501] uid/euid:1000/1000 gid/egid:1000/1000

```
This is my script that I run to turn off exec_logging and audit_chdir when they would be too verbose and spam /var/log/kern.log and /var/log/syslog (grsec isn't sorted with logging, and would run even in /var/log/messages, in Debian/Devuan, same lines in all three, in parallel, but I removed the last one...).

```

2018-07-15T05:35:44.387742+00:00 gdOv kernel: [ 5469.201816] grsec: (admin:S:/) exec of /usr/local/bin/grsec_el_ad_0.sh (grsec_el_ad_0.sh ) by /usr/local/bin/grsec_el_ad_0.sh[bash:27534] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3947] uid/euid:0/0 gid/egid:0/0

[ 3 lines cut here ]

```
Previous is /var/log/kern.log.1 , below is /var/log/kern.log

```

2018-07-15T05:53:26.993588+00:00 gdOv kernel: [ 6531.799300] grsec: (root:U:/usr/bin/file) denied access to hidden file /dev/grsec by /usr/bin/file[file:2742] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/rkhunter[rkhunter:2741] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:53:26.993619+00:00 gdOv kernel: [ 6531.799355] grsec: (root:U:/usr/bin/file) denied access to hidden file /dev/grsec by /usr/bin/file[file:2742] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/rkhunter[rkhunter:2741] uid/euid:0/0 gid/egid:0/0

[ 8 lines cut here ]

2018-07-15T05:53:40.899564+00:00 gdOv kernel: [ 6545.704786] grsec: (admin:S:/) exec of /bin/grep (grep updatedb.mlocate ) by /bin/grep[grsec_if_upddb_:3398] uid/euid:0/0 gid/egid:0/0, parent /usr/local/bin/grsec_if_upddb_rkh_exec_chdir.sh[grsec_if_upddb_:3396] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:53:40.930627+00:00 gdOv kernel: [ 6545.736077] grsec: (admin:S:/) exec of /usr/local/bin/grsec_el_ad_1.sh (/usr/local/bin/grsec_el_ad_1.sh ) by /usr/local/bin/grsec_el_ad_1.sh[grsec_if_upddb_:3400] uid/euid:0/0 gid/egid:0/0, parent /usr/local/bin/grsec_if_upddb_rkh_exec_chdir.sh[grsec_if_upddb_:11366] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:53:40.934601+00:00 gdOv kernel: [ 6545.740566] grsec: (admin:S:/) exec of /usr/local/bin/grsec_el_ad_pr_q.sh (grsec_el_ad_pr_q.sh ) by /usr/local/bin/grsec_el_ad_pr_q.sh[grsec_if_upddb_:3402] uid/euid:0/0 gid/egid:0/0, parent /usr/local/bin/grsec_if_upddb_rkh_exec_chdir.sh[grsec_if_upddb_:11366] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:53:40.935597+00:00 gdOv kernel: [ 6545.741537] grsec: (admin:S:/) exec of /bin/cat (cat /proc/sys/kernel/grsecurity/exec_logging /proc/sys/kernel/grsecurity/audit_chdir ) by /bin/cat[grsec_if_upddb_:3408] uid/euid:0/0 gid/egid:0/0, parent /usr/local/bin/grsec_if_upddb_rkh_exec_chdir.sh[grsec_if_upddb_:3402] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:53:40.936620+00:00 gdOv kernel: [ 6545.742497] grsec: (admin:S:/) exec of /usr/bin/tr (tr \012 @ ) by /usr/bin/tr[grsec_if_upddb_:3409] uid/euid:0/0 gid/egid:0/0, parent /usr/local/bin/grsec_if_upddb_rkh_exec_chdir.sh[grsec_if_upddb_:3402] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:53:40.937558+00:00 gdOv kernel: [ 6545.743143] grsec: (admin:S:/) exec of /bin/sed (sed s/@//g ) by /bin/sed[grsec_if_upddb_:3410] uid/euid:0/0 gid/egid:0/0, parent /usr/local/bin/grsec_if_upddb_rkh_exec_chdir.sh[grsec_if_upddb_:3402] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:53:43.721622+00:00 gdOv kernel: [ 6548.527540] grsec: (admin:S:/) exec of /bin/grep (grep \[ Warning ) by /bin/grep[bash:3412] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:3931] uid/euid:0/0 gid/egid:0/0

[ 13 lines cut here ]

2018-07-15T05:54:59.173715+00:00 gdOv kernel: [ 6623.978673] grsec: (mr:U:/usr/bin/mencoder) exec of /usr/bin/mencoder (mencoder tv:// -profile mpeg4_capt_HaupP -o Compo_H0715_0554.avi ) by /usr/bin/mencoder[bash:3441] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3776] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:10.340596+00:00 gdOv kernel: [ 6635.145434] grsec: (mr:U:/) exec of /usr/bin/alsamixer (alsamixer ) by /usr/bin/alsamixer[bash:3442] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3875] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:19.697528+00:00 gdOv kernel: [ 6644.500983] grsec: (mr:U:/) exec of /bin/ls (ls --color=auto -ltr ) by /bin/ls[bash:3443] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3875] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:32.345594+00:00 gdOv kernel: [ 6657.150409] grsec: (mr:U:/usr/bin/vim.basic) exec of /usr/bin/vim.basic (vi -p /home/mr/.asoundrc /home/mr/.mplayer/mencoder.conf ) by /usr/bin/vim.basic[bash:3468] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3875] uid/euid:1000/1000 gid/egid:1000/1000

[ 75 lines cut here (all vim.basic, it really spams the logs when exec_logging is on... ]

```
It's relatively little, so no more cutting. Soon the *Call Trace* for kind visitor to view  in all its ugliness...

```
2018-07-15T05:55:32.621578+00:00 gdOv kernel: [ 6657.426298] grsec: (mr:U:/usr/bin/vim.basic) chdir to /Cmn/mr_180714_gdO by /usr/bin/vim.basic[vi:3468] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3875] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:32.621596+00:00 gdOv kernel: [ 6657.426308] grsec: (mr:U:/usr/bin/vim.basic) chdir to /usr/share/vim/vim81 by /usr/bin/vim.basic[vi:3468] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3875] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:32.621599+00:00 gdOv kernel: [ 6657.426316] grsec: (mr:U:/usr/bin/vim.basic) chdir to /Cmn/mr_180714_gdO by /usr/bin/vim.basic[vi:3468] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3875] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:38.325601+00:00 gdOv kernel: [ 6663.130321] grsec: (root:U:/etc/cron.daily) exec of /etc/cron.daily/yclamscan (/etc/cron.daily/yclamscan ) by /etc/cron.daily/yclamscan[run-parts:3469] uid/euid:0/0 gid/egid:0/0, parent /bin/run-parts[run-parts:11387] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.379608+00:00 gdOv kernel: [ 6663.183998] grsec: (root:U:/bin/date) exec of /bin/date (date +%y%m%d_%H ) by /bin/date[yclamscan:3472] uid/euid:0/0 gid/egid:0/0, parent /etc/cron.daily/yclamscan[yclamscan:3470] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.379665+00:00 gdOv kernel: [ 6663.184042] grsec: (root:U:/bin/date) exec of /bin/date (date +%y%m%d_%H ) by /bin/date[yclamscan:3473] uid/euid:0/0 gid/egid:0/0, parent /etc/cron.daily/yclamscan[yclamscan:3471] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.395579+00:00 gdOv kernel: [ 6663.200751] grsec: (root:U:/usr/sbin/cron) chdir to /root by /usr/sbin/cron[cron:3474] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:11385] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.401123+00:00 gdOv kernel: [ 6663.205129] grsec: (root:U:/usr/sbin/sendmail) exec of /usr/sbin/sendmail (/usr/sbin/sendmail -i -FCronDaemon -B8BITMIME -oem root ) by /usr/sbin/sendmail[cron:3474] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:11385] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.430606+00:00 gdOv kernel: [ 6663.234880] grsec: (root:U:/) exec of /bin/hostname (hostname ) by /bin/hostname[yclamscan:3475] uid/euid:0/0 gid/egid:0/0, parent /etc/cron.daily/yclamscan[yclamscan:3471] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.430652+00:00 gdOv kernel: [ 6663.234919] grsec: (root:U:/) exec of /bin/hostname (hostname ) by /bin/hostname[yclamscan:3476] uid/euid:0/0 gid/egid:0/0, parent /etc/cron.daily/yclamscan[yclamscan:3470] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.437734+00:00 gdOv kernel: [ 6663.242489] grsec: (root:U:/usr/bin/clamscan) exec of /usr/bin/clamscan (/usr/bin/clamscan -r -i --cross-fs=no /Cmn ) by /usr/bin/clamscan[yclamscan:3471] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.437778+00:00 gdOv kernel: [ 6663.242534] grsec: (root:U:/usr/bin/clamscan) exec of /usr/bin/clamscan (/usr/bin/clamscan -r -i --cross-fs=no / ) by /usr/bin/clamscan[yclamscan:3470] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.645622+00:00 gdOv kernel: [ 6663.450737] grsec: (root:U:/usr/sbin/sendmail) chdir to /var/spool/postfix by /usr/sbin/sendmail[sendmail:3474] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:11385] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.667598+00:00 gdOv kernel: [ 6663.470736] grsec: (root:U:/usr/sbin/postdrop) exec of /usr/sbin/postdrop (/usr/sbin/postdrop -r ) by /usr/sbin/postdrop[sendmail:3477] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sendmail[sendmail:3474] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.677613+00:00 gdOv kernel: [ 6663.482750] grsec: (root:U:/usr/sbin/postdrop) chdir to /var/spool/postfix by /usr/sbin/postdrop[postdrop:3477] uid/euid:0/0 gid/egid:0/117, parent /usr/sbin/sendmail[sendmail:3474] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.804601+00:00 gdOv kernel: [ 6663.609421] grsec: (root:U:/usr/lib/postfix/sbin) exec of /usr/lib/postfix/sbin/cleanup (cleanup -z -t unix -u -c ) by /usr/lib/postfix/sbin/cleanup[master:3478] uid/euid:0/0 gid/egid:0/0, parent /usr/lib/postfix/sbin/master[master:3542] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.867588+00:00 gdOv kernel: [ 6663.672150] grsec: (root:U:/usr/lib/postfix/sbin) chdir to /var/spool/postfix by /usr/lib/postfix/sbin/cleanup[cleanup:3478] uid/euid:0/0 gid/egid:0/0, parent /usr/lib/postfix/sbin/master[master:3542] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.867615+00:00 gdOv kernel: [ 6663.672425] grsec: (root:U:/usr/lib/postfix/sbin) chdir to /var/spool/postfix by /usr/lib/postfix/sbin/cleanup[cleanup:3478] uid/euid:0/0 gid/egid:113/113, parent /usr/lib/postfix/sbin/master[master:3542] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:38.997705+00:00 gdOv kernel: [ 6663.801826] grsec: (root:U:/usr/lib/postfix/sbin) exec of /usr/lib/postfix/sbin/local (local -t unix -v ) by /usr/lib/postfix/sbin/local[master:3479] uid/euid:0/0 gid/egid:0/0, parent /usr/lib/postfix/sbin/master[master:3542] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:39.030606+00:00 gdOv kernel: [ 6663.835414] grsec: (root:U:/usr/lib/postfix/sbin) chdir to /var/spool/postfix by /usr/lib/postfix/sbin/local[local:3479] uid/euid:0/0 gid/egid:0/0, parent /usr/lib/postfix/sbin/master[master:3542] uid/euid:0/0 gid/egid:0/0
2018-07-15T05:55:39.066366+00:00 gdOv kernel: [ 6663.869795] grsec: (mr:U:/bin/dash) exec of /bin/dash (sh -c procmail -a "$EXTENSION" ) by /bin/dash[local:3480] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/lib/postfix/sbin/local[local:3479] uid/euid:0/106 gid/egid:0/113
2018-07-15T05:55:39.186603+00:00 gdOv kernel: [ 6663.991588] grsec: (mr:U:/usr/bin/procmail) exec of /usr/bin/procmail (procmail -a  ) by /usr/bin/procmail[sh:3481] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/dash[sh:3480] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:46.973389+00:00 gdOv kernel: [ 6671.777316] grsec: (mr:U:/) exec of /bin/date (date +H%m%d_%H%M ) by /bin/date[bash:3482] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3776] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:46.975584+00:00 gdOv kernel: [ 6671.780009] grsec: (mr:U:/usr/bin/mencoder) exec of /usr/bin/mencoder (mencoder tv:// -profile mpeg4_capt_HaupP -o Compo_H0715_0555.avi ) by /usr/bin/mencoder[bash:3483] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3776] uid/euid:1000/1000 gid/egid:1000/1000
2018-07-15T05:55:53.893470+00:00 gdOv kernel: [ 6678.697699] grsec: (mr:U:/) exec of /bin/ls (ls --color=auto -ltr ) by /bin/ls[bash:3486] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:3839] uid/euid:1000/1000 gid/egid:1000/1000
```
For easier reading, the Call Trace I put in the next post.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

mencoder: page allocation failure: order:1, mode:0x2080024(GFP_ATOMIC|GFP_DMA32) (only 4.9.111, not with 4.9.107) #8

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

mencoder: page allocation failure: order:1, mode:0x2080024(GFP_ATOMIC|GFP_DMA32) (only 4.9.111, not with 4.9.107) #8

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions