grsec-unoff RAP related Call Traces, 171124-0102 oops

(No. 0)  171114-1000-manu  171117-1426-oops  171118-0933-rsys  171118-1030-none  171122-1348-rsys  171123-1254  171123-1530  171124-0102-none  180101-1917-rsync 

Only where (the gap) it happened, but nothing has been in the logs.

Nov 24 00:55:04 gdOv kernel: [ 1711.731331] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/nsprpub by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0
Nov 24 00:55:04 gdOv kernel: [ 1711.731368] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/nsprpub/tools by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0
Nov 24 00:55:04 gdOv kernel: [ 1711.731559] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/nsprpub by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0
Nov 24 00:55:04 gdOv kernel: [ 1711.731569] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0
Nov 24 00:55:04 gdOv kernel: [ 1711.731602] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/other-licenses by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0
Nov 24 00:55:04 gdOv kernel: [ 1711.731837] grsec: (default:D:/etc/cron.daily) chdir to /Cmn/git/firefox.hg/other-licenses/7zstub by /usr/bin/updatedb.mlocate[updatedb.mlocat:4423] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/flock[flock:4422] uid/euid:0/0 gid/egid:0/0
Nov 24 01:15:27 gdOv kernel: [   93.394372] grsec: exec of /bin/sed (sed s/ *#.*// ) by /bin/sed[cryptdisks:1288] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1286] uid/euid:0/0 gid/egid:0/0
Nov 24 01:15:27 gdOv kernel: [   93.399101] grsec: exec of /bin/sed (sed s/=.*// ) by /bin/sed[cryptdisks:1291] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1289] uid/euid:0/0 gid/egid:0/0
Nov 24 01:15:27 gdOv kernel: [   93.401623] grsec: exec of /bin/sed (sed /=/!d;s/^.*=// ) by /bin/sed[cryptdisks:1294] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1292] uid/euid:0/0 gid/egid:0/0
Nov 24 01:15:27 gdOv kernel: [   93.403790] grsec: exec of /bin/readlink (readlink -f /dev/disk/by-uuid/445f3d74-3251-4b48-a0f3-911e75f70548 ) by /bin/readlink[cryptdisks:1295] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1274] uid/euid:0/0 gid/egid:0/0
Nov 24 01:15:27 gdOv kernel: [   93.405481] grsec: exec of /bin/sed (sed s/ *#.*// ) by /bin/sed[cryptdisks:1298] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1296] uid/euid:0/0 gid/egid:0/0
Nov 24 01:15:27 gdOv kernel: [   93.408144] grsec: exec of /bin/sed (sed s/=.*// ) by /bin/sed[cryptdisks:1301] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1299] uid/euid:0/0 gid/egid:0/0
Nov 24 01:15:27 gdOv kernel: [   93.410455] grsec: exec of /bin/sed (sed /=/!d;s/^.*=// ) by /bin/sed[cryptdisks:1304] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/cryptdisks[cryptdisks:1302] uid/euid:0/0 gid/egid:0/0

But we've seen this behavior already, this time, on the first reboot, it looked like this:

early console in extract_kernel
input_data: 0x0000000002d703b4
input_len: 0x000000000086d05c
output: 0x0000000001000000
output_len: 0x00000000024b9868
kernel_total_size: 0x0000000002600000

Decompressing Linux...

XZ-compressed data is corrupt

 -- System halted

And on the second reboot, it looked like this:

early console in extract_kernel
input_data: 0x0000000002d703b4
input_len: 0x000000000086d05c
output: 0x0000000001000000
output_len: 0x00000000024b9868
kernel_total_size: 0x0000000002600000

Decompressing Linux...

XZ-compressed data is corrupt

 -- System halted

id est, exactly the same :-) .

But afterward, after the next boot, all was fine, and continues to be so (it's past half day on as I'm writing these lines).

To me, this looks sinister, and I'm not at all sure I'm going to be able to protect my system, if these are some kind of intrusional events.

I'm unable to learn computing fast enough to defend from these... (Namely, why is it that these, and other stuff, almost exclusively only happen in my for-online clone?)

---

The verifiable files necessary for this study, if any, are listed in the main page of this section.

---