Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 563804 - sys-kernel/hardened-sources-4.2.x causes bad frame in libc.so
Summary: sys-kernel/hardened-sources-4.2.x causes bad frame in libc.so
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Kernel Team (OBSOLETE)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-22 15:33 UTC by Christian Apeltauer
Modified: 2015-11-01 22:03 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge --info glibc (glibc.info,5.47 KB, text/plain)
2015-10-22 15:34 UTC, Christian Apeltauer
Details
kernel config (config,79.38 KB, text/x-mpsub)
2015-10-22 15:35 UTC, Christian Apeltauer
Details
emerge --info glibc (emerge.glibc.info.txt,18.19 KB, text/plain)
2015-10-25 12:31 UTC, Ilya Mochalov
Details
working config (gentoo-sources-4.2.4) (kernel-config-x86_64-4.2.4-gentoo-cfg-nh-r1,100.01 KB, text/plain)
2015-10-25 12:33 UTC, Ilya Mochalov
Details
config with crashes (hardened-sources-4.2.4) (kernel-config-x86_64-4.2.4-hardened-cfg-nh-nogrsec-r1,99.80 KB, text/x-mpsub)
2015-10-25 12:37 UTC, Ilya Mochalov
Details
difference between working and wrong configs (working(4.2.4-gentoo-cfg-nh-r1)-to-wrong(4.2.4-hardened-cfg-nh-nogrsec-r1)-config.diff,2.54 KB, patch)
2015-10-25 12:40 UTC, Ilya Mochalov
Details | Diff
/proc/cpuinfo (cpuinfo,9.01 KB, text/plain)
2015-10-27 13:08 UTC, Ilya Mochalov
Details
dmesg output (CONFIG_X86_DEBUG_FPU=y) (dmesg.debug_fpu.txt,51.52 KB, text/plain)
2015-10-28 14:33 UTC, Ilya Mochalov
Details
dmesg output (CONFIG_X86_DEBUG_FPU=y, eagerfpu=on) (dmesg.debug_fpu.eagerfpu_on.txt,51.24 KB, text/plain)
2015-10-28 14:34 UTC, Ilya Mochalov
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Apeltauer 2015-10-22 15:33:44 UTC
Booting a hardened kernel from the 4.2.3 causes in several programs a segfault
due to a bad frame in rt_sigreturn in libc-2.22.so (using
sys-devel/glibc-2.22-r1). A typical error log (seen when starting
/etc/init.d/net.enp3s0): is as follows:

Oct 22 12:45:13 localhost kernel: openrc-run.sh[1853] bad frame in rt_sigreturn frame:000003b1e2ee5678 ip:3910eb819c0 sp:3b1e2ee5c18 orax:ffffffffffffffff in libc-2.22.so[3910ea9a000+1a1000]
Oct 22 12:45:13 localhost kernel: grsec: Segmentation fault occurred at            (nil) in /lib64/rc/sh/openrc-run.sh[openrc-run.sh:1853] uid/euid:0/0 gid/egid:0/0, parent /lib64/rc/sh/openrc-run.sh[openrc-run.sh:1794] uid/euid:0/0 gid/egid:0/0
Oct 22 12:45:13 localhost kernel: grsec: bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds.  Please investigate the crash report for /lib64/rc/sh/openrc-run.sh[openrc-run.sh:1853] uid/euid:0/0 gid/egid:0/0, parent /lib64/rc/sh/openrc-run.sh[openrc-run.sh:1794] uid/euid:0/0 gid/egid:0/0
Oct 22 12:45:13 localhost kernel: grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /lib64/rc/sh/openrc-run.sh[openrc-run.sh:1853] uid/euid:0/0 gid/egid:0/0, parent /lib64/rc/sh/openrc-run.sh[openrc-run.sh:1794] uid/euid:0/0 gid/egid:0/0

The affected process hangs afterwards and has to be killed manually. The issue
has been seen so far in:
 /etc/init.d/net.enp3s0 (a symlink to /etc/init.d/net.lo from
  net-misc/netifrc-0.3.1; other scripts in /etc/init.d are unaffected)
 /usr/sbin/lightdm (from x11-misc/lightdm-1.15.3; but X server can be started
  normally from a virtual console)
 /usr/bin/gcc-config (from sys-devel/gcc-config-1.8)

The issue does not happen when booting an old kernel (hardened-sources-4.1.7-r1)


Reproducible: Always
Comment 1 Christian Apeltauer 2015-10-22 15:34:26 UTC
Created attachment 415182 [details]
emerge --info glibc
Comment 2 Christian Apeltauer 2015-10-22 15:35:11 UTC
Created attachment 415184 [details]
kernel config
Comment 3 Magnus Granberg gentoo-dev 2015-10-22 17:01:41 UTC
if you remove this line
GLIBC_PATCH_EXCLUDE+=" 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
from the ebuild and rebuild glibc do it work then?
Comment 4 Christian Apeltauer 2015-10-23 14:13:17 UTC
(In reply to Magnus Granberg from comment #3)
> if you remove this line
> GLIBC_PATCH_EXCLUDE+="
> 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
> from the ebuild and rebuild glibc do it work then?

I tried it, but the behaviour is still the same.
Comment 5 Anthony Basile gentoo-dev 2015-10-24 16:36:11 UTC
(In reply to Christian Apeltauer from comment #4)
> (In reply to Magnus Granberg from comment #3)
> > if you remove this line
> > GLIBC_PATCH_EXCLUDE+="
> > 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
> > from the ebuild and rebuild glibc do it work then?
> 
> I tried it, but the behaviour is still the same.

Bad frame sounds like virtual memory problem in the kernel most likely due to a bug in pax.  If you can, proceed as follows before I assign to upstream:

1) i just added hardened-sources-4.2.4 to the tree. try it and see if you get the same bad frame error

2) if you do, then try vanilla-4.2.4 and see if you get the same frame error.

this will isolate the problem to hardened-sources.  also if it is hardened-sources, upload your kernel config file.
Comment 6 Ilya Mochalov 2015-10-25 12:29:06 UTC
The same problem. I tried the gentoo-sources-4.2.4 and it works fine. The hardned-sources-4.2.4 fails even if CONFIG_GRKERNSEC is not set. A crash log looks like that:

[   41.612752] uptime[6002] bad frame in rt_sigreturn frame:00007ffd080887f8 ip:7ff7abb464f0 sp:7ffd08088d98 orax:ffffffffffffffff in libc-2.21.so[7ff7aba62000+19d000]
[  104.815966] chrome[7235] bad frame in rt_sigreturn frame:00007f31deb0e6b8 ip:7f31ea4d3db7 sp:7f31deb0ec78 orax:ffffffffffffffff in libc-2.21.so[7f31ea3fa000+19d000]
[  104.816071] chrome[7239] bad frame in rt_sigreturn frame:00007f31deb0e6b8 ip:7f31ea4d3db7 sp:7f31deb0ec78 orax:ffffffffffffffff in libc-2.21.so[7f31ea3fa000+19d000]
[  104.817183] traps: chrome[7239] general protection ip:7f31ea42f8c6 sp:7f31deb0c1e0 error:0 in libc-2.21.so[7f31ea3fa000+19d000]
[  104.817515] chrome[7241] bad frame in rt_sigreturn frame:00007f31de30d6b8 ip:7f31ea4d3db7 sp:7f31de30dc78 orax:ffffffffffffffff in libc-2.21.so[7f31ea3fa000+19d000]
[  104.817738] chrome[7255] bad frame in rt_sigreturn frame:00007f31de30d6b8 ip:7f31ea4d3db7 sp:7f31de30dc78 orax:ffffffffffffffff in libc-2.21.so[7f31ea3fa000+19d000]
[  104.819097] chrome[7259] bad frame in rt_sigreturn frame:00007f31ddb0c6b8 ip:7f31ea4d3db7 sp:7f31ddb0cc78 orax:ffffffffffffffff in libc-2.21.so[7f31ea3fa000+19d000]
[  104.819158] chrome[7258] bad frame in rt_sigreturn frame:00007f31ddb0c6b8 ip:7f31ea4d3db7 sp:7f31ddb0cc78 orax:ffffffffffffffff in libc-2.21.so[7f31ea3fa000+19d000]
[  104.820012] chrome[7260] bad frame in rt_sigreturn frame:00007f31ddb0c6b8 ip:7f31ea4d3db7 sp:7f31ddb0cc78 orax:ffffffffffffffff in libc-2.21.so[7f31ea3fa000+19d000]
[  104.821325] traps: chrome[7258] general protection ip:7f31ea42f8c6 sp:7f31ddb0a1e0 error:0 in libc-2.21.so[7f31ea3fa000+19d000]
[  115.312756] chrome[7300] bad frame in rt_sigreturn frame:00007f31dd30b6b8 ip:7f31ea4d3db7 sp:7f31dd30bc78 orax:ffffffffffffffff in libc-2.21.so[7f31ea3fa000+19d000]

The problem reproduced for all 4.2 releases.
Comment 7 Ilya Mochalov 2015-10-25 12:31:05 UTC
Created attachment 415444 [details]
emerge --info glibc
Comment 8 Ilya Mochalov 2015-10-25 12:33:19 UTC
Created attachment 415446 [details]
working config (gentoo-sources-4.2.4)
Comment 9 Ilya Mochalov 2015-10-25 12:37:04 UTC
Created attachment 415458 [details]
config with crashes (hardened-sources-4.2.4)
Comment 10 Ilya Mochalov 2015-10-25 12:40:14 UTC
Created attachment 415460 [details, diff]
difference between working and wrong configs
Comment 11 Anthony Basile gentoo-dev 2015-10-25 12:46:29 UTC
(In reply to Ilya Mochalov from comment #8)
> Created attachment 415446 [details]
> working config (gentoo-sources-4.2.4)

okay this is not hardened only.

@mpagano, have you seen this elsewhere?  this looks like we should bring it upstream
Comment 12 Anthony Basile gentoo-dev 2015-10-25 12:49:01 UTC
(In reply to Ilya Mochalov from comment #10)
> Created attachment 415460 [details, diff] [details, diff]
> difference between working and wrong configs

this looks suspect CONFIG_PROC_PAGE_MONITOR.  this is probably a vm error in the vanilla kernel, which makes it serious.
Comment 13 Anthony Basile gentoo-dev 2015-10-25 13:17:44 UTC
(In reply to Ilya Mochalov from comment #8)
> Created attachment 415446 [details]
> working config (gentoo-sources-4.2.4)

did you try vanilla-sources?
Comment 14 Ilya Mochalov 2015-10-25 17:46:25 UTC
(In reply to Anthony Basile from comment #13)
> (In reply to Ilya Mochalov from comment #8)
> > Created attachment 415446 [details]
> > working config (gentoo-sources-4.2.4)
> 
> did you try vanilla-sources?

Yep, I tried vanilla-sources-4.2.4 with the same config (except for CONFIG_GENTOO_* and CONFIG_FB_CON_DECOR which are missing). It works as fine as gentoo-sources-4.2.4.
Comment 15 Anthony Basile gentoo-dev 2015-10-25 18:42:19 UTC
(In reply to Ilya Mochalov from comment #6)
> The same problem. I tried the gentoo-sources-4.2.4 and it works fine. The
> hardned-sources-4.2.4 fails even if CONFIG_GRKERNSEC is not set. A crash log
> looks like that:
> 
> The problem reproduced for all 4.2 releases.

(In reply to Ilya Mochalov from comment #14)
> (In reply to Anthony Basile from comment #13)
> > (In reply to Ilya Mochalov from comment #8)
> > > Created attachment 415446 [details]
> > > working config (gentoo-sources-4.2.4)
> > 
> > did you try vanilla-sources?
> 
> Yep, I tried vanilla-sources-4.2.4 with the same config (except for
> CONFIG_GENTOO_* and CONFIG_FB_CON_DECOR which are missing). It works as fine
> as gentoo-sources-4.2.4.

I'm sorry, I misunderstood.  So it fails only for all *hardened* 4.2 releases.  But it works for all gentoo-sources and vanilla-sources.  Correct?
Comment 16 Ilya Mochalov 2015-10-25 19:21:04 UTC
(In reply to Anthony Basile from comment #15)
> (In reply to Ilya Mochalov from comment #6)
> > The same problem. I tried the gentoo-sources-4.2.4 and it works fine. The
> > hardned-sources-4.2.4 fails even if CONFIG_GRKERNSEC is not set. A crash log
> > looks like that:
> > 
> > The problem reproduced for all 4.2 releases.
> 
> (In reply to Ilya Mochalov from comment #14)
> > (In reply to Anthony Basile from comment #13)
> > > (In reply to Ilya Mochalov from comment #8)
> > > > Created attachment 415446 [details]
> > > > working config (gentoo-sources-4.2.4)
> > > 
> > > did you try vanilla-sources?
> > 
> > Yep, I tried vanilla-sources-4.2.4 with the same config (except for
> > CONFIG_GENTOO_* and CONFIG_FB_CON_DECOR which are missing). It works as fine
> > as gentoo-sources-4.2.4.
> 
> I'm sorry, I misunderstood.  So it fails only for all *hardened* 4.2
> releases.  But it works for all gentoo-sources and vanilla-sources.  Correct?

Yes, only hardened 4.2 releases are broken in my case.
I apologize if I misled you, my English is not too good yet.
Comment 17 Anthony Basile gentoo-dev 2015-10-25 20:13:04 UTC
(In reply to Ilya Mochalov from comment #16)
> Yes, only hardened 4.2 releases are broken in my case.
> I apologize if I misled you, my English is not too good yet.

you're english is fine, i just missed where you said hardened and later saw all 4.2.

@mpagano, sorry for the noise

@pipacs, its all yours!
Comment 18 Brad Spengler 2015-10-25 20:14:13 UTC
I just uploaded a new test patch that includes my fix for this issue.

-Brad
Comment 19 Anthony Basile gentoo-dev 2015-10-25 20:18:18 UTC
(In reply to Brad Spengler from comment #18)
> I just uploaded a new test patch that includes my fix for this issue.
> 
> -Brad

hardened-sources-4.2.4-r1 = grsecurity-3.1-4.2.4-201510240907

its on the tree now.  can people please test.
Comment 20 Ilya Mochalov 2015-10-25 21:22:38 UTC
(In reply to Anthony Basile from comment #19)
> (In reply to Brad Spengler from comment #18)
> > I just uploaded a new test patch that includes my fix for this issue.
> > 
> > -Brad
> 
> hardened-sources-4.2.4-r1 = grsecurity-3.1-4.2.4-201510240907
> 
> its on the tree now.  can people please test.

I try to use 4.2.4-r1 and it looks like the problem is gone. Thank you very much! =)
Comment 21 Ilya Mochalov 2015-10-25 22:23:16 UTC
(In reply to Anthony Basile from comment #19)
> (In reply to Brad Spengler from comment #18)
> > I just uploaded a new test patch that includes my fix for this issue.
> > 
> > -Brad
> 
> hardened-sources-4.2.4-r1 = grsecurity-3.1-4.2.4-201510240907
> 
> its on the tree now.  can people please test.

Unfortunately, the bug is still here but it happens much less frequently. Also a message about the error in libpthread.so appeared.

[ 1921.142394] chrome[11682] bad frame in rt_sigreturn frame:00007fd640ed46b8 ip:7fd64d09adb7 sp:7fd640ed4c78 orax:ffffffffffffffff in libc-2.21.so[7fd64cfc1000+19d000]
[ 2291.584869] HTMLParserThrea[12500] bad frame in rt_sigreturn frame:00007fd63e3aee38 ip:7fd64d379fa4 sp:7fd63e3af3d8 orax:ffffffffffffffff in libpthread-2.21.so[7fd64d369000+17000]
[ 2293.296022] chrome[12519] bad frame in rt_sigreturn frame:00007fd6416d56b8 ip:7fd64d09adb7 sp:7fd6416d5c78 orax:ffffffffffffffff in libc-2.21.so[7fd64cfc1000+19d000]
[ 2364.032521] cpu[12847] bad frame in rt_sigreturn frame:00007fff5c3b7df8 ip:7f83692ed524 sp:7fff5c3b83b0 orax:ffffffffffffffff in libc-2.21.so[7f83692b9000+19d000]
[ 2364.034049] cpu[12852] bad frame in rt_sigreturn frame:00007fff5c3b7f38 ip:7f836939d4f0 sp:7fff5c3b84e8 orax:ffffffffffffffff in libc-2.21.so[7f83692b9000+19d000]
[ 2364.034918] cpu[12854] bad frame in rt_sigreturn frame:00007fff5c3b7e38 ip:7f836939db90 sp:7fff5c3b83e8 orax:ffffffffffffffff in libc-2.21.so[7f83692b9000+19d000]
[ 2364.035607] cpu[12856] bad frame in rt_sigreturn frame:00007fff5c3b7e38 ip:7f83692ed524 sp:7fff5c3b83e0 orax:ffffffffffffffff in libc-2.21.so[7f83692b9000+19d000]
[ 2364.036317] cpu[12858] bad frame in rt_sigreturn frame:00007fff5c3b7e38 ip:7f836939db90 sp:7fff5c3b83e8 orax:ffffffffffffffff in libc-2.21.so[7f83692b9000+19d000]
[ 2364.036987] cpu[12860] bad frame in rt_sigreturn frame:00007fff5c3b7e38 ip:7f83692ed524 sp:7fff5c3b83e0 orax:ffffffffffffffff in libc-2.21.so[7f83692b9000+19d000]
[ 2662.242681] netstat[13323] bad frame in rt_sigreturn frame:00007fff21aa57f8 ip:7fbf22b6db90 sp:7fff21aa5da8 orax:ffffffffffffffff in libc-2.21.so[7fbf22a89000+19d000]
[ 2960.903924] if_enp2s0[13832] bad frame in rt_sigreturn frame:00007ffe3f4383f8 ip:7fa7c57f5524 sp:7ffe3f4389a0 orax:ffffffffffffffff in libc-2.21.so[7fa7c57c1000+19d000]
Comment 22 Anthony Basile gentoo-dev 2015-10-25 22:43:01 UTC
(In reply to Ilya Mochalov from comment #21)
> (In reply to Anthony Basile from comment #19)
> > (In reply to Brad Spengler from comment #18)
> > > I just uploaded a new test patch that includes my fix for this issue.
> > > 
> > > -Brad
> > 
> > hardened-sources-4.2.4-r1 = grsecurity-3.1-4.2.4-201510240907
> > 
> > its on the tree now.  can people please test.
> 
> Unfortunately, the bug is still here but it happens much less frequently.
> Also a message about the error in libpthread.so appeared.
> 

I removed all hardened-sources-4.2.x except 4.2.4-r1 and was about to close this bug.  I guess its not fixed yet.
Comment 23 Brad Spengler 2015-10-25 22:46:50 UTC
What specific patch did you test with?  If it was with the hardened gentoo one, the date listed is from yesterday and so wouldn't contain my fix.

-Brad
Comment 24 Anthony Basile gentoo-dev 2015-10-25 23:28:15 UTC
(In reply to Brad Spengler from comment #23)
> What specific patch did you test with?  If it was with the hardened gentoo
> one, the date listed is from yesterday and so wouldn't contain my fix.
> 
> -Brad

I have automated downloading/applying of grsec patches, but its only once a day.  So today's run was for 2015-10-24.  If you put up another patch, automagic will push it out tomorrow.  Watch out for hardened-sources-4.2.4-r2.
Comment 25 Brad Spengler 2015-10-25 23:30:07 UTC
If they want they can also test the split-out fix here:
https://grsecurity.net/~spender/fpu_fix.diff

-Brad
Comment 26 Anthony Basile gentoo-dev 2015-10-27 00:05:36 UTC
Okay I think we're done.  hardened-sources-4.2.4-r2 has the fix.  Please test and reopen this bug if we hit the bad frames again.
Comment 27 Ilya Mochalov 2015-10-27 12:46:04 UTC
Nope, the issue is not solved yet.

# uname -a
Linux nh 4.2.4-hardened-r2-cfg-nh-nogrsec-r1 #1 SMP PREEMPT Tue Oct 27 12:03:52 YEKT 2015 x86_64 AMD FX(tm)-8350 Eight-Core Processor AuthenticAMD GNU/Linux
# dmesg | grep rt_sigreturn
[   18.372549] openrc-run.sh[4801] bad frame in rt_sigreturn frame:00007ffd85692038 ip:7fd358704b90 sp:7ffd856925e8 orax:ffffffffffffffff in libc-2.21.so[7fd358620000+19d000]
[  133.799193] chrome[7234] bad frame in rt_sigreturn frame:00007fd5ad84c6b8 ip:7fd5b9211db7 sp:7fd5ad84cc78 orax:ffffffffffffffff in libc-2.21.so[7fd5b9138000+19d000]
[  133.801475] chrome[7261] bad frame in rt_sigreturn frame:00007fd5ad04b6b8 ip:7fd5b9211db7 sp:7fd5ad04bc78 orax:ffffffffffffffff in libc-2.21.so[7fd5b9138000+19d000]
[  203.293488] chrome[7390] bad frame in rt_sigreturn frame:00007fd5ac84a6b8 ip:7fd5b9211db7 sp:7fd5ac84ac78 orax:ffffffffffffffff in libc-2.21.so[7fd5b9138000+19d000]

Is there any useful info that I can add to this discussion?
Comment 28 Brad Spengler 2015-10-27 12:48:42 UTC
What's the exact name of the patch that kernel is using?

-Brad
Comment 29 Brad Spengler 2015-10-27 12:49:48 UTC
Can you also give me your /proc/cpuinfo output?
Comment 30 Ilya Mochalov 2015-10-27 13:08:17 UTC
As far as I understood, from an ebuild, the patches were used:

1003_linux-4.2.4.patch
4420_grsecurity-3.1-4.2.4-201510251836.patch
4425_grsec_remove_EI_PAX.patch
4430_grsec-remove-localversion-grsec.patch
4435_grsec-mute-warnings.patch
4440_grsec-remove-protected-paths.patch
4450_grsec-kconfig-default-gids.patch
4465_selinux-avc_audit-log-curr_ip.patch
4470_disable-compat_vdso.patch
4475_emutramp_default_on.patch
Comment 31 Ilya Mochalov 2015-10-27 13:08:45 UTC
Created attachment 415588 [details]
/proc/cpuinfo
Comment 32 Brad Spengler 2015-10-28 01:38:40 UTC
Can you also show me a full dmesg with CONFIG_X86_DEBUG_FPU=y ?

Thanks,
-Brad
Comment 33 Brad Spengler 2015-10-28 03:15:02 UTC
Something else to try is booting with eagerfpu=on added to the kernel command-line.

-Brad
Comment 34 Ilya Mochalov 2015-10-28 14:32:12 UTC
(In reply to Brad Spengler from comment #32)
> Can you also show me a full dmesg with CONFIG_X86_DEBUG_FPU=y ?
> 
> Thanks,
> -Brad

Yes, of course. Excuse me for delay.
Comment 35 Ilya Mochalov 2015-10-28 14:33:28 UTC
Created attachment 415648 [details]
dmesg output (CONFIG_X86_DEBUG_FPU=y)
Comment 36 Ilya Mochalov 2015-10-28 14:34:21 UTC
Created attachment 415650 [details]
dmesg output (CONFIG_X86_DEBUG_FPU=y, eagerfpu=on)
Comment 37 Ilya Mochalov 2015-11-01 18:39:59 UTC
No one error during two days of testing. I think hardened-sources-4.2.5 resolves the issue. Thank you very much! =)
Comment 38 Anthony Basile gentoo-dev 2015-11-01 21:35:09 UTC
(In reply to Ilya Mochalov from comment #37)
> No one error during two days of testing. I think hardened-sources-4.2.5
> resolves the issue. Thank you very much! =)

Please keep testing 4.2.5 because it is the next stabization canditate.
Comment 39 Ilya Mochalov 2015-11-01 22:03:06 UTC
(In reply to Anthony Basile from comment #38)
> (In reply to Ilya Mochalov from comment #37)
> > No one error during two days of testing. I think hardened-sources-4.2.5
> > resolves the issue. Thank you very much! =)
> 
> Please keep testing 4.2.5 because it is the next stabization canditate.

Okay I will write if I see any anomalies.