From: "izi at guardicore dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug runtime/17862] New: Kernel crash during on module insertion: kernel tried to execute NX-protected page - exploit attempt
Date: Wed, 21 Jan 2015 10:11:00 -0000 [thread overview]
Message-ID: <bug-17862-6586@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=17862
Bug ID: 17862
Summary: Kernel crash during on module insertion: kernel tried
to execute NX-protected page - exploit attempt
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: runtime
Assignee: systemtap at sourceware dot org
Reporter: izi at guardicore dot com
Getting an error of "kernel tried to execute NX-protected page - exploit
attempt" in syslog during module insertion. Problem is not reproduced on every
run, possibly due to races with other modules which are loaded at the same
time.
Attached is the failed script, which is precompiled into a .ko, and the
stap-report data.
Jan 21 02:59:15 ldsm kernel: [ 13.454242] g_2475: systemtap: 2.6/0.157, base:
ffffffffa02d2000, memory: 221data/56text/64ctx/2058net/9alloc kb, probes: 7
Jan 21 02:59:15 ldsm kernel: [ 13.489567] g_2471: systemtap: 2.6/0.157, base:
ffffffffa024d000, memory: 411data/88text/4417ctx/2058net/649alloc kb, probes:
10
Jan 21 02:59:15 ldsm kernel: [ 13.542182] gc_2480: systemtap: 2.6/0.157,
base: ffffffffa031f000, memory: 195data/52text/960ctx/2058net/9alloc kb,
probes: 2
Jan 21 02:59:15 ldsm kernel: [ 13.562902] g_2486: systemtap: 2.6/0.157, base:
ffffffffa035e000, memory: 191data/48text/448ctx/2058net/9alloc kb, probes: 2
Jan 21 02:59:15 ldsm kernel: [ 13.580491] kernel tried to execute
NX-protected page - exploit attempt? (uid: 0)
Jan 21 02:59:15 ldsm kernel: [ 13.580673] BUG: unable to handle kernel paging
request at ffff88003b22c0e1
Jan 21 02:59:15 ldsm kernel: [ 13.580841] IP: [<ffff88003b22c0e1>]
0xffff88003b22c0e0
Jan 21 02:59:15 ldsm kernel: [ 13.581018] PGD 1fd1067 PUD 1fd2067 PMD
3bd95063 PTE 800000003b22c163
Jan 21 02:59:15 ldsm kernel: [ 13.581190] Oops: 0011 [#1] SMP
Jan 21 02:59:15 ldsm kernel: [ 13.581346] Modules linked in: gc__2489(OF)
g_2486(OF) gc_2480(OF) g_2475(OF) g_2471(OF) veth(F) arc4(F) md4(F) nls_utf8
cifs(F) fscache(F) openvswitch gre(F) snd_hda_intel cirrus snd_hda_codec
snd_hwdep(F) microcode(F) ttm drm_kms_helper snd_pcm(F) snd_page_alloc(F)
snd_timer(F) psmouse(F) snd(F) serio_raw(F) virtio_balloon(F) soundcore(F) drm
syscopyarea(F) sysfillrect(F) sysimgblt(F) i2c_piix4 mac_hid lp(F) parport(F)
ext2(F) 8139too(F) 8139cp(F) mii(F) floppy(F)
Jan 21 02:59:15 ldsm kernel: [ 13.582014] CPU: 0 PID: 2496 Comm: ntpd
Tainted: GF O 3.11.0-12-generic #19-Ubuntu
Jan 21 02:59:15 ldsm kernel: [ 13.582183] Hardware name: QEMU Standard PC
(i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Jan 21 02:59:15 ldsm kernel: [ 13.582352] task: ffff8800299bc650 ti:
ffff88002977e000 task.ti: ffff88002977e000
Jan 21 02:59:15 ldsm kernel: [ 13.582515] RIP: 0010:[<ffff88003b22c0e1>]
[<ffff88003b22c0e1>] 0xffff88003b22c0e0
Jan 21 02:59:15 ldsm kernel: [ 13.582687] RSP: 0018:ffff88002977ff20 EFLAGS:
00010286
Jan 21 02:59:15 ldsm kernel: [ 13.582843] RAX: ffff88003b22c0e1 RBX:
ffff88002977ff58 RCX: 0000000000000003
Jan 21 02:59:15 ldsm kernel: [ 13.583005] RDX: 0000000000000000 RSI:
ffff88002977ff58 RDI: ffff880036c617a0
Jan 21 02:59:15 ldsm kernel: [ 13.583168] RBP: ffff88002977ff40 R08:
000000000155629b R09: 0000000000000001
Jan 21 02:59:15 ldsm kernel: [ 13.583333] R10: ffffea0000f33600 R11:
ffffffffa02dcc5c R12: ffff88003cc4c430
Jan 21 02:59:15 ldsm kernel: [ 13.583496] R13: 0000000000000000 R14:
0000000000000000 R15: 0000000000000000
Jan 21 02:59:15 ldsm kernel: [ 13.583659] FS: 0000000000000000(0000)
GS:ffff88003fc00000(0000) knlGS:0000000000000000
Jan 21 02:59:15 ldsm kernel: [ 13.583826] CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
Jan 21 02:59:15 ldsm kernel: [ 13.583984] CR2: ffff88003b22c0e1 CR3:
000000002979f000 CR4: 00000000000006f0
Jan 21 02:59:15 ldsm kernel: [ 13.584020] Stack:
Jan 21 02:59:15 ldsm kernel: [ 13.584020] ffffffff8101fb17 0000000000000000
0000000000000000 0000000000000000
Jan 21 02:59:15 ldsm kernel: [ 13.584020] 0000000000000000 ffffffff816f54bf
000000001008feff 0000000000000000
Jan 21 02:59:15 ldsm kernel: [ 13.584020] 0000000000000000 0000000000000000
0000000000000000 0000000000000000
Jan 21 02:59:15 ldsm kernel: [ 13.584020] Call Trace:
Jan 21 02:59:15 ldsm kernel: [ 13.584020] [<ffffffff8101fb17>] ?
syscall_trace_leave+0xd7/0xf0
Jan 21 02:59:15 ldsm kernel: [ 13.584020] [<ffffffff816f54bf>]
int_check_syscall_exit_work+0x34/0x3d
Jan 21 02:59:15 ldsm kernel: [ 13.584020] Code: 00 00 07 00 00 00 00 00 00 00
58 99 c0 3c 00 88 ff ff 00 68 4d 3b 00 88 ff ff d0 99 c0 3c 00 88 ff ff d0 99
c0 3c 00 88 ff ff 60 <db> 25 3b 00 88 ff ff e0 c4 c4 3c 00 88 ff ff 20 c4 c4 3c
00 88
Jan 21 02:59:15 ldsm kernel: [ 13.584020] RIP [<ffff88003b22c0e1>]
0xffff88003b22c0e0
Jan 21 02:59:15 ldsm kernel: [ 13.584020] RSP <ffff88002977ff20>
Jan 21 02:59:15 ldsm kernel: [ 13.584020] CR2: ffff88003b22c0e1
Jan 21 02:59:15 ldsm kernel: [ 13.584020] ---[ end trace e1a4d67e626da1fa
]---
--
You are receiving this mail because:
You are the assignee for the bug.
next reply other threads:[~2015-01-21 10:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-21 10:11 izi at guardicore dot com [this message]
2015-01-21 10:12 ` [Bug runtime/17862] " izi at guardicore dot com
2015-01-21 10:12 ` izi at guardicore dot com
2015-01-21 10:13 ` [Bug runtime/17862] Kernel crash " izi at guardicore dot com
2015-01-21 13:38 ` izi at guardicore dot com
2015-01-21 13:38 ` izi at guardicore dot com
2015-01-21 14:47 ` dsmith at redhat dot com
2015-01-21 18:04 ` jistone at redhat dot com
2015-01-22 8:41 ` izi at guardicore dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-17862-6586@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=systemtap@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).