[3008724.941576] kernel tried to execute NX-protected page - exploit attempt? (uid: 1000)
[3008724.941626] BUG: unable to handle kernel paging request at ffff883f0ea64e50
[3008724.941668] IP: [<ffff883f0ea64e50>] 0xffff883f0ea64e50
[3008724.941702] PGD 1d3e067 PUD 8000003f000001e3
[3008724.941733] Oops: 0011 [#1] SMP
[3008724.941755] Modules linked in: fuse 8021q garp mrp stp llc intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul sha256_ssse3 sha256_generic hmac drbg ansi_cprng ast ttm iTCO_wdt aesni_intel drm_kms_helper iTCO_vendor_support aes_x86_64 lrw gf128mul joydev evdev glue_helper drm ablk_helper mei_me cryptd pcspkr sb_edac i2c_algo_bit lpc_ich ioatdma mei i2c_i801 edac_core mfd_core wmi 8250_fintek shpchp ipmi_watchdog tpm_tis tpm processor acpi_power_meter acpi_pad button ipmi_si ipmi_poweroff ipmi_devintf ipmi_msghandler autofs4 ext4 crc16 mbcache jbd2 hid_generic usbhid hid sg sd_mod crc32c_intel ahci libahci xhci_pci ehci_pci xhci_hcd libata ehci_hcd ixgbe dca vxlan usbcore ip6_udp_tunnel scsi_mod udp_tunnel usb_common ptp pps_core
[3008724.942332] mdio fjes
[3008724.942348] CPU: 3 PID: 134487 Comm: parameter_serve Not tainted 4.4.0-0.bpo.1-amd64 #1 Debian 4.4.6-1~bpo8+1
[3008724.942398] Hardware name: Powerleader PR2760TG/X10DRT-PT, BIOS 2.0 12/18/2015
[3008724.942436] task: ffff882193003040 ti: ffff880379674000 task.ti: ffff880379674000
[3008724.944095] RIP: 0010:[<ffff883f0ea64e50>] [<ffff883f0ea64e50>] 0xffff883f0ea64e50
[3008724.945397] RSP: 0000:ffff880379677d58 EFLAGS: 00010092
[3008724.946615] RAX: 0000000000000031 RBX: 000000008101fa25 RCX: dead000000000200
[3008724.948173] RDX: ffff883f7f8565a0 RSI: ffff883f7f8565a0 RDI: ffff883f0ea650e0
[3008724.949713] RBP: ffff883f0ea64e40 R08: ffff883f7f8565a0 R09: 0000000000000000
[3008724.951244] R10: 0000000000000008 R11: 0000000000000000 R12: ffff883f7f8d5d80
[3008724.952779] R13: 0000000000000003 R14: 0000000000015d80 R15: ffff883f7f855d80
[3008724.954292] FS: 00007fe8d35a2700(0000) GS:ffff883f7f8c0000(0000) knlGS:0000000000000000
[3008724.955829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[3008724.957331] CR2: ffff883f0ea64e50 CR3: 0000002e08802000 CR4: 00000000003406e0
[3008724.958832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[3008724.960335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[3008724.961800] Stack:
[3008724.963261] ffffffff810b45b1 0000000000015d80 ffff883f7f8d5d80 ffff883f7f8d5d80
[3008724.964746] 0000000000000282 ffff882193003040 ffff882193003040 00000000ffffffff
[3008724.966241] ffffffff810b46d3 0000000000000000 ffffffff8109ac9e ffff880379678000
[3008724.967721] Call Trace:
[3008724.969186] [<ffffffff810b45b1>] ? push_rt_task.part.40+0x231/0x260
[3008724.970656] [<ffffffff810b46d3>] ? push_rt_tasks+0x13/0x30
[3008724.972116] [<ffffffff8109ac9e>] ? __balance_callback+0x3e/0x60
[3008724.973550] [<ffffffff8158e961>] ? schedule+0x31/0x80
[3008724.974975] [<ffffffff81591caf>] ? schedule_hrtimeout_range_clock+0x10f/0x120
[3008724.976408] [<ffffffff8121f025>] ? ep_scan_ready_list+0x1c5/0x1e0
[3008724.977815] [<ffffffff8121f3a2>] ? ep_poll+0x342/0x3f0
[3008724.979213] [<ffffffff810a0df0>] ? wake_up_q+0x60/0x60
[3008724.980597] [<ffffffff812207c9>] ? SyS_epoll_wait+0xb9/0xd0
[3008724.981966] [<ffffffff815926f6>] ? system_call_fast_compare_end+0xc/0x6b
[3008724.982847] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 5e 8e 2e 88 ff ff <03> 00 00 00 40 01 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[3008724.984577] RIP [<ffff883f0ea64e50>] 0xffff883f0ea64e50
[3008724.985408] RSP <ffff880379677d58>
[3008724.986226] CR2: ffff883f0ea64e50
This kernel is base on 4.4.6 version and just add a patch from 4.6. the patching reason is we faced deadlock issue in 4.4.6. the detail : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822084;msg=5
the kernel we use is stable for a long time. but recently we start to use fuse, face this kernel panic issue. but I can not find any information be related to fuse module.
the panic address in push_rt_task.part.40+0x231/0x260 :
ffffffff810b4590: e8 fb b6 fe ff callq ffffffff8109fc90 <deactivate_task>
ffffffff810b4595: 41 8b b6 80 09 00 00 mov 0x980(%r14),%esi
ffffffff810b459c: 48 89 df mov %rbx,%rdi
ffffffff810b459f: e8 7c bd fe ff callq ffffffff810a0320 <set_task_cpu>
ffffffff810b45a4: 31 d2 xor %edx,%edx
ffffffff810b45a6: 48 89 de mov %rbx,%rsi
ffffffff810b45a9: 4c 89 f7 mov %r14,%rdi
ffffffff810b45ac: e8 4f b6 fe ff callq ffffffff8109fc00 <activate_task>
ffffffff810b45b1: 4c 89 f7 mov %r14,%rdi
ffffffff810b45b4: e8 97 ad fe ff callq ffffffff8109f350 <resched_curr>
ffffffff810b45b9: 4c 89 f7 mov %r14,%rdi
ffffffff810b45bc: ff 14 25 88 c7 a2 81 callq *0xffffffff81a2c788
and another kernel panic machiine information as :
[2977073.451183] BUG: unable to handle kernel NULL pointer dereference at 000000000000001f
[2977073.451245] IP: [<000000000000001f>] 0x1f
[2977073.451277] PGD 76ad556067 PUD 495929a067 PMD 0
[2977073.451309] Oops: 0010 [#1] SMP
[2977073.451331] Modules linked in: fuse 8021q garp mrp stp llc intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul sha256_ssse3 sha256_generic hmac iTCO_wdt drbg iTCO_vendor_support ansi_cprng aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd ast pcspkr ttm drm_kms_helper evdev joydev sb_edac edac_core drm i2c_algo_bit mei_me lpc_ich ioatdma mei i2c_i801 shpchp mfd_core wmi 8250_fintek acpi_power_meter acpi_pad ipmi_watchdog tpm_tis tpm processor button ipmi_si ipmi_poweroff ipmi_devintf ipmi_msghandler autofs4 ext4 crc16 mbcache jbd2 hid_generic usbhid hid sg sd_mod crc32c_intel ahci libahci xhci_pci ehci_pci libata xhci_hcd ehci_hcd ixgbe dca vxlan ip6_udp_tunnel usbcore udp_tunnel scsi_mod usb_common ptp pps_core
[2977073.452013] mdio fjes
[2977073.452032] CPU: 14 PID: 60107 Comm: parameter_serve Not tainted 4.4.0-0.bpo.1-amd64 #1 Debian 4.4.6-1~bpo8+1
[2977073.452083] Hardware name: Powerleader PR2760TG/X10DRT-PT, BIOS 2.0 12/18/2015
[2977073.452120] task: ffff887c10e08f00 ti: ffff884857830000 task.ti: ffff884857830000
[2977073.452160] RIP: 0010:[<000000000000001f>] [<000000000000001f>] 0x1f
[2977073.454069] RSP: 0018:ffff887f7f103a08 EFLAGS: 00010092
[2977073.455918] RAX: 0000000000000031 RBX: 000000008101fa25 RCX: dead000000000200
[2977073.457805] RDX: ffff887f7f2d65a0 RSI: ffff887f7f2d65a0 RDI: ffff881a771953e0
[2977073.459673] RBP: ffff881a77195140 R08: ffff887f7f2d65a0 R09: ffff887688762280
[2977073.461509] R10: 000000000002d58c R11: 0000000000000000 R12: ffff887f7f2d5d80
[2977073.463330] R13: ffff881a77195734 R14: 0000000000000046 R15: 000000000000001f
[2977073.465138] FS: 00007f19f723d700(0000) GS:ffff887f7f100000(0000) knlGS:0000000000000000
[2977073.466949] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[2977073.468745] CR2: 000000000000001f CR3: 00000075a5454000 CR4: 00000000003406e0
[2977073.470533] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[2977073.472304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[2977073.474048] Stack:
[2977073.475754] ffffffff8109ffee ffff881a77195140 ffff887f7f2d5d80 ffffffff810a0b6e
[2977073.477496] ffff8844796bc740 ffff88486bb36c68 0000000000000001 ffff883f62a21af8
[2977073.479229] 0000000000000000 0000000000000000 0000000000000003 ffff883f62a21ae0
[2977073.480949] Call Trace:
[2977073.482637] <IRQ>
[2977073.482658] [<ffffffff8109ffee>] ? ttwu_do_activate.constprop.93+0x2e/0x60
[2977073.485981] [<ffffffff810a0b6e>] ? try_to_wake_up+0x17e/0x380
[2977073.487652] [<ffffffff810b6c9e>] ? __wake_up_common+0x4e/0x90
[2977073.489301] [<ffffffff8121f4d6>] ? ep_poll_callback+0x86/0x150
[2977073.490925] [<ffffffff810b6c9e>] ? __wake_up_common+0x4e/0x90
[2977073.492532] [<ffffffff810b70ad>] ? __wake_up_sync_key+0x3d/0x60
[2977073.494123] [<ffffffff81481156>] ? sock_def_readable+0x36/0x60
[2977073.495692] [<ffffffff814ee367>] ? tcp_rcv_established+0x3e7/0x700
[2977073.497249] [<ffffffff814f8447>] ? tcp_v4_do_rcv+0x127/0x200
[2977073.498786] [<ffffffff814f98c7>] ? tcp_v4_rcv+0x867/0xa00
[2977073.500299] [<ffffffff814f900c>] ? tcp_v4_early_demux+0xfc/0x150
[2977073.501799] [<ffffffff814d4767>] ? ip_rcv_finish+0xe7/0x310
[2977073.503277] [<ffffffff814d4a1b>] ? ip_local_deliver_finish+0x8b/0x1c0
[2977073.504745] [<ffffffff814d4ceb>] ? ip_local_deliver+0x6b/0xe0
[2977073.506192] [<ffffffff814f900c>] ? tcp_v4_early_demux+0xfc/0x150
[2977073.507625] [<ffffffff814d4767>] ? ip_rcv_finish+0xe7/0x310
[2977073.509027] [<ffffffff814d4fd8>] ? ip_rcv+0x278/0x3a0
[2977073.510407] [<ffffffff8157f54e>] ? packet_rcv+0x4e/0x420
[2977073.511791] [<ffffffff814985d9>] ? __netif_receive_skb_core+0x2b9/0xa00
[2977073.513180] [<ffffffff814995c5>] ? dev_gro_receive+0x225/0x3a0
[2977073.514538] [<ffffffff81499947>] ? napi_gro_receive+0x27/0x100
[2977073.515845] [<ffffffff81498daf>] ? netif_receive_skb_internal+0x2f/0xa0
[2977073.517116] [<ffffffff81498f85>] ? napi_gro_flush+0x55/0x70
[2977073.518351] [<ffffffffa01eedd9>] ? ixgbe_poll+0x469/0x7a0 [ixgbe]
[2977073.519541] [<ffffffff810b0001>] ? distribute_cfs_runtime+0x1/0xf0
[2977073.520692] [<ffffffff8149926b>] ? net_rx_action+0x21b/0x350
[2977073.521804] [<ffffffff8107c782>] ? __do_softirq+0x112/0x2b0
[2977073.522883] [<ffffffff8107ca56>] ? irq_exit+0x86/0x90
[2977073.523927] [<ffffffff815950ef>] ? do_IRQ+0x4f/0xd0
[2977073.524950] [<ffffffff81593202>] ? common_interrupt+0x82/0x82
[2977073.525960] <EOI>
[2977073.525980] [<ffffffff812f37ff>] ? rb_erase+0x34f/0x380
[2977073.527959] [<ffffffff8121f6ab>] ? ep_remove+0x5b/0xc0
[2977073.528942] [<ffffffff81220161>] ? SyS_epoll_ctl+0x631/0xbe0
[2977073.529931] [<ffffffff815926f6>] ? system_call_fast_compare_end+0xc/0x6b
[2977073.530921] Code: Bad RIP value.
[2977073.531907] RIP [<000000000000001f>] 0x1f
[2977073.532874] RSP <ffff887f7f103a08>
[2977073.533820] CR2: 000000000000001f
the panic address in [<ffffffff8109ffee>] ? ttwu_do_activate.constprop.93+0x2e/0x60:
ffffffff8109ffc0 <ttwu_do_activate.constprop.93>:
ffffffff8109ffc0: e8 2b 4e 4f 00 callq ffffffff81594df0 <__fentry__>
ffffffff8109ffc5: 55 push %rbp
ffffffff8109ffc6: 53 push %rbx
ffffffff8109ffc7: 48 89 fd mov %rdi,%rbp
ffffffff8109ffca: f6 86 2c 03 00 00 02 testb $0x2,0x32c(%rsi)
ffffffff8109ffd1: 48 89 f3 mov %rsi,%rbx
ffffffff8109ffd4: 74 08 je ffffffff8109ffde <ttwu_do_activate.constprop.93+0x1e>
ffffffff8109ffd6: 48 83 af d0 08 00 00 subq $0x1,0x8d0(%rdi)
ffffffff8109ffdd: 01
ffffffff8109ffde: ba 05 00 00 00 mov $0x5,%edx
ffffffff8109ffe3: 48 89 de mov %rbx,%rsi
ffffffff8109ffe6: 48 89 ef mov %rbp,%rdi
ffffffff8109ffe9: e8 12 fc ff ff callq ffffffff8109fc00 <activate_task>
ffffffff8109ffee: f6 43 14 20 testb $0x20,0x14(%rbx)
ffffffff8109fff2: c7 43 44 01 00 00 00 movl $0x1,0x44(%rbx)
ffffffff8109fff9: 74 0e je ffffffff810a0009 <ttwu_do_activate.constprop.93+0x49>
ffffffff8109fffb: 8b b5 80 09 00 00 mov 0x980(%rbp),%esi
ffffffff810a0001: 48 89 df mov %rbx,%rdi
ffffffff810a0004: e8 37 0d ff ff callq ffffffff81090d40 <wq_worker_waking_up>
ffffffff810a0009: 48 89 de mov %rbx,%rsi
ffffffff810a000c: 48 89 ef mov %rbp,%rdi
ffffffff810a000f: 31 d2 xor %edx,%edx
ffffffff810a0011: 5b pop %rbx
ffffffff810a0012: 5d pop %rbp
ffffffff810a0013: e9 88 fe ff ff jmpq ffffffff8109fea0 <ttwu_do_wakeup>
ffffffff810a0018: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
ffffffff810a001f: 00
seems like the same issue: activate_task()