Ubuntu
linux package

kernel tried to execute NX-protected page - exploit attempt?

Bug #1685776 reported by Martin Vysny on 2017-04-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Expired	Medium	Unassigned

Bug Description

I connected the notebook to external monitor, everything worked fine for a couple of seconds and then the notebook froze. When I browsed syscat logs I have found this:

kernel tried to execute NX-protected page - exploit attempt?

Hopefully the ubuntu-bug tool will attach relevant information, so here's a snippet from the syscat logs:

Apr 24 14:21:52 mavi-vaadin kernel: [21312.321576] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321633] BUG: unable to handle kernel paging request at ffff8a079fa24e08
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321680] IP: 0xffff8a079fa24e08
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321703] PGD 56e62c067
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321703] PUD 9bf168063
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321722] PMD 99fbe0063
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321740] PTE 800000099fa24163
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321758]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321791] Oops: 0011 [#1] SMP
Apr 24 14:21:52 mavi-vaadin kernel: [21312.321812] Modules linked in: veth ipt_MASQUERADE nf_nat_masquerade_ipv4 xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_
filter xt_conntrack nf_nat nf_conntrack br_netfilter bridge stp llc aufs ccm cmac rfcomm bnep arc4 iwlmvm snd_hda_codec_realtek snd_hda_codec_generic intel_rapl mac80211 x86_pkg_temp_thermal intel_powerclamp th
inkpad_acpi snd_hda_intel snd_hda_codec nvram snd_usb_audio snd_hda_core snd_usbmidi_lib snd_hwdep uvcvideo snd_seq_midi snd_seq_midi_event snd_rawmidi videobuf2_vmalloc coretemp videobuf2_memops videobuf2_v4l2
kvm_intel videobuf2_core joydev snd_seq kvm snd_pcm iwlwifi videodev snd_seq_device irqbypass snd_timer btusb media btrtl input_leds btbcm rtsx_pci_ms intel_cstate btintel cfg80211 bluetooth snd memstick serio
_raw soundcore
Apr 24 14:21:52 mavi-vaadin kernel: [21312.322290] intel_rapl_perf mac_hid mei_me mei shpchp intel_pch_thermal cuse ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_i
scsi parport_pc ppdev lp parport ip_tables x_tables autofs4 btrfs algif_skcipher af_alg dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 mult
ipath linear hid_generic usbhid hid rtsx_pci_sdmmc crct10dif_pclmul crc32_pclmul ghash_clmulni_intel nouveau i915 pcbc aesni_intel mxm_wmi ttm aes_x86_64 i2c_algo_bit crypto_simd glue_helper drm_kms_helper cryp
td syscopyarea e1000e psmouse sysfillrect sysimgblt fb_sys_fops ptp pps_core ahci drm rtsx_pci libahci wmi video fjes
Apr 24 14:21:52 mavi-vaadin kernel: [21312.322753] CPU: 0 PID: 2141 Comm: InputThread Not tainted 4.10.0-19-generic #21-Ubuntu
Apr 24 14:21:52 mavi-vaadin kernel: [21312.322814] Hardware name: LENOVO 20EN0005MS/20EN0005MS, BIOS N1EET65W (1.38 ) 02/09/2017
Apr 24 14:21:52 mavi-vaadin kernel: [21312.322870] task: ffff8a087119dc00 task.stack: ffffaf24c6ca8000
Apr 24 14:21:52 mavi-vaadin kernel: [21312.322914] RIP: 0010:0xffff8a079fa24e08
Apr 24 14:21:52 mavi-vaadin kernel: [21312.322949] RSP: 0018:ffffaf24c6caba30 EFLAGS: 00010206
Apr 24 14:21:52 mavi-vaadin kernel: [21312.322992] RAX: ffff8a061c05cdf0 RBX: ffff8a0803554400 RCX: ffffffffc0832fa0
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323048] RDX: 7fffffffffffffff RSI: 0000000000000001 RDI: ffff8a081bb91000
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323108] RBP: ffffaf24c6caba58 R08: 0000000000000000 R09: ffff8a0868ef1000
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323164] R10: ffff8a086c852480 R11: ffff8a0868d68808 R12: ffff8a081bb91000
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323209] R13: 0000000000000001 R14: 7fffffffffffffff R15: 0000000000000001
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323255] FS: 00007f69261d1700(0000) GS:ffff8a08a1400000(0000) knlGS:0000000000000000
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323340] CR2: ffff8a079fa24e08 CR3: 0000000a6adf6000 CR4: 00000000003406f0
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323383] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323425] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323467] Call Trace:
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323489] ? dma_fence_wait_timeout+0x39/0xf0
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323528] drm_atomic_helper_wait_for_fences+0x48/0x120 [drm_kms_helper]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323669] nv50_disp_atomic_commit+0x19c/0x2a0 [nouveau]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323757] drm_atomic_commit+0x4b/0x50 [drm]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323822] drm_atomic_helper_update_plane+0xec/0x150 [drm_kms_helper]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323917] __setplane_internal+0x1b4/0x280 [drm]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.323985] drm_mode_cursor_universal+0x126/0x210 [drm]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324063] drm_mode_cursor_common+0x86/0x180 [drm]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324109] ? ep_poll_callback+0xef/0x1f0
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324174] drm_mode_cursor_ioctl+0x50/0x70 [drm]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324247] drm_ioctl+0x21b/0x4c0 [drm]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324321] ? drm_mode_setplane+0x1a0/0x1a0 [drm]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324366] ? _copy_to_user+0x54/0x60
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324512] nouveau_drm_ioctl+0x74/0xc0 [nouveau]
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324550] do_vfs_ioctl+0xa3/0x610
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324575] ? __vfs_read+0x18/0x40
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324598] ? vfs_read+0x96/0x130
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324623] SyS_ioctl+0x79/0x90
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324647] entry_SYSCALL_64_fastpath+0x1e/0xad
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324677] RIP: 0033:0x7f692fb2e987
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324700] RSP: 002b:00007f69261cf338 EFLAGS: 00003246 ORIG_RAX: 0000000000000010
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324748] RAX: ffffffffffffffda RBX: 000055849eefc540 RCX: 00007f692fb2e987
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324792] RDX: 00007f69261cf370 RSI: 00000000c01c64a3 RDI: 000000000000001a
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324839] RBP: 00007f69261cf630 R08: 000055849ab160c0 R09: 0000000000000780
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324884] R10: 000055849cbfa690 R11: 0000000000003246 R12: 0000000001450db6
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324930] R13: 000055849eefc6a0 R14: 0000000000000002 R15: 0000000000000006
Apr 24 14:21:52 mavi-vaadin kernel: [21312.324977] Code: 8a ff ff e0 4d a2 9f 07 8a ff ff e0 4d a2 9f 07 8a ff ff 00 00 00 00 00 00 00 00 c8 89 65 18 07 8a ff ff c0 89 65 18 07 8a ff ff <08> 4e 62 18 07 8a ff ff 08 09 bb aa 06 8a ff ff 80 c9 64 69 08
Apr 24 14:21:52 mavi-vaadin kernel: [21312.325145] RIP: 0xffff8a079fa24e08 RSP: ffffaf24c6caba30
Apr 24 14:21:52 mavi-vaadin kernel: [21312.325180] CR2: ffff8a079fa24e08
Apr 24 14:21:52 mavi-vaadin kernel: [21312.340328] ---[ end trace a7ba88310d845cc8 ]---

ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: linux-image-4.10.0-19-generic 4.10.0-19.21
ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8
Uname: Linux 4.10.0-19-generic x86_64
ApportVersion: 2.20.4-0ubuntu4
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: mavi 2372 F.... pulseaudio
/dev/snd/controlC1: mavi 2372 F.... pulseaudio
CurrentDesktop: KDE
Date: Mon Apr 24 14:27:11 2017
HibernationDevice: RESUME=/dev/mapper/vg0-lv0--swap
InstallationDate: Installed on 2016-09-05 (231 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
MachineType: LENOVO 20EN0005MS
ProcFB:
0 nouveaufb
1 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.10.0-19-generic root=/dev/mapper/vg0-lv1--root ro splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-4.10.0-19-generic N/A
linux-backports-modules-4.10.0-19-generic N/A
linux-firmware 1.164
SourcePackage: linux
UpgradeStatus: Upgraded to zesty on 2017-03-31 (24 days ago)
dmi.bios.date: 02/09/2017
dmi.bios.vendor: LENOVO
dmi.bios.version: N1EET65W (1.38 )
dmi.board.asset.tag: Not Available
dmi.board.name: 20EN0005MS
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40705 WIN
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.modalias: dmi:bvnLENOVO:bvrN1EET65W(1.38):bd02/09/2017:svnLENOVO:pn20EN0005MS:pvrThinkPadP50:rvnLENOVO:rn20EN0005MS:rvrSDK0J40705WIN:cvnLENOVO:ct10:cvrNone:
dmi.product.name: 20EN0005MS
dmi.product.version: ThinkPad P50
dmi.sys.vendor: LENOVO

Tags:

Revision history for this message

Martin Vysny (vyzivus) wrote on 2017-04-24:

AlsaInfo.txt Edit (28.3 KiB, text/plain; charset="utf-8")
CRDA.txt Edit (999 bytes, text/plain; charset="utf-8")
CurrentDmesg.txt Edit (68.8 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (3.1 KiB, text/plain; charset="utf-8")
IwConfig.txt Edit (506 bytes, text/plain; charset="utf-8")
JournalErrors.txt Edit (35.4 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (12.3 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (633 bytes, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (9.0 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.1 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (325 bytes, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (4.6 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (7.0 KiB, text/plain; charset="utf-8")
PulseList.txt Edit (26.7 KiB, text/plain; charset="utf-8")
RfKill.txt Edit (182 bytes, text/plain; charset="utf-8")
UdevDb.txt Edit (225.5 KiB, text/plain; charset="utf-8")
WifiSyslog.txt Edit (108.8 KiB, text/plain; charset="utf-8")

Revision history for this message

Brad Figg (brad-figg) wrote on 2017-04-24: Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status:	New → Confirmed

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2017-04-24:

Did this issue start happening after an update/upgrade? Was there a prior kernel version where you were not having this particular problem?

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v4.11 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11-rc8

Changed in linux (Ubuntu):
importance:	Undecided → Medium
status:	Confirmed → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-06-24:

[Expired for linux (Ubuntu) because there has been no activity for 60 days.]

Changed in linux (Ubuntu):
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

kernel tried to execute NX-protected page - exploit attempt?

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package