Nov 17 14:26:36 gdOv kernel: [ 3456.797283] grsec: exec of /usr/lib/x86_64-linux-gnu/wireshark/extcap/ciscodump (/usr/lib/x86_64-linux-gnu/wireshark/extcap/ciscodump --extcap-config --extcap-interface cisco ) by /usr/lib/x86_64-linux-gnu/wireshark/extcap/ciscodump[tshark:27964] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/tshark[tshark:27958] uid/euid:1000/1000 gid/egid:1000/1000 Nov 17 14:26:37 gdOv kernel: [ 3456.809214] grsec: chdir to /usr/lib/x86_64-linux-gnu/wireshark/extcap by /usr/bin/tshark[tshark:27965] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/tshark[tshark:27958] uid/euid:1000/1000 gid/egid:1000/1000 Nov 17 14:26:37 gdOv kernel: [ 3456.809422] PAX: please report this to pageexec@freemail.hu Nov 17 14:26:37 gdOv kernel: [ 3456.809436] BUG: unable to handle kernel NULL pointer dereference at 00000000000003e8 Nov 17 14:26:37 gdOv kernel: [ 3456.812435] IP: [] do_blockdev_direct_IO+0x2c9d/0x4fe0 Nov 17 14:26:37 gdOv kernel: [ 3456.813998] PGD 200276000 Nov 17 14:26:37 gdOv kernel: [ 3456.814014] Nov 17 14:26:37 gdOv kernel: [ 3456.815581] Oops: 0000 [#1] SMP Nov 17 14:26:37 gdOv kernel: [ 3456.817139] CPU: 0 PID: 27965 Comm: tshark Not tainted 4.9.61-unofficial+grsec171114-20 #1 Nov 17 14:26:37 gdOv kernel: [ 3456.818740] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./970 Extreme4, BIOS P2.60 11/11/2013 Nov 17 14:26:37 gdOv kernel: [ 3456.820359] task: ffff8802cefdf2c0 task.stack: ffffc9000722c000 Nov 17 14:26:37 gdOv kernel: [ 3456.822002] RIP: 0010:[] [] do_blockdev_direct_IO+0x2c9d/0x4fe0 Nov 17 14:26:37 gdOv kernel: [ 3456.823635] RSP: 0018:ffffc9000722fc48 EFLAGS: 00010246 Nov 17 14:26:37 gdOv kernel: [ 3456.825251] RAX: 0000000000000000 RBX: ffff8802e67aa540 RCX: 0000000000000000 Nov 17 14:26:37 gdOv kernel: [ 3456.826876] RDX: 0000000000000000 RSI: 00000000000003e8 RDI: 00000000ffffffff Nov 17 14:26:37 gdOv kernel: [ 3456.828524] RBP: ffffc9000722fc98 R08: 00000000ffffffc3 R09: 0000000000000000 Nov 17 14:26:37 gdOv kernel: [ 3456.830139] R10: ffffffff814958b0 R11: 0000000000000000 R12: ffff8802d8d150c0 Nov 17 14:26:37 gdOv kernel: [ 3456.831752] R13: ffff8803207b8000 R14: 0000000000000000 R15: 0000000000000000 Nov 17 14:26:37 gdOv kernel: [ 3456.833367] FS: 000003ee36ee5ec0(0000) GS:ffff88032fc00000(0000) knlGS:0000000000000000 Nov 17 14:26:37 gdOv kernel: [ 3456.835029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Nov 17 14:26:37 gdOv kernel: [ 3456.836664] CR2: 00000000000003e8 CR3: 0000000002c22000 CR4: 00000000000006f0 Nov 17 14:26:37 gdOv kernel: [ 3456.838325] Stack: Nov 17 14:26:37 gdOv kernel: [ 3456.839980] ffffc9000722fc90 000000008128a28f 0000000000000000 0000000000000000 Nov 17 14:26:37 gdOv kernel: [ 3456.841722] 793a2e3f24dcd213 ffff8803207b8000 ffff88020e9286a8 ffff880320401400 Nov 17 14:26:37 gdOv kernel: [ 3456.843457] ffff8803207b8000 000000000000001b ffffc9000722fce0 ffffffff812f7fb8 Nov 17 14:26:37 gdOv kernel: [ 3456.845211] Call Trace: Nov 17 14:26:37 gdOv kernel: [ 3456.846958] [] prepare_binprm+0xc8/0x240 Nov 17 14:26:37 gdOv kernel: [ 3456.848669] [] do_execveat_common.isra.53+0x677/0xd20 Nov 17 14:26:37 gdOv kernel: [ 3456.850345] [] ? __check_object_size+0x178/0x31a Nov 17 14:26:37 gdOv kernel: [ 3456.852008] [] ? strncpy_from_user+0x6f/0x1e0 Nov 17 14:26:37 gdOv kernel: [ 3456.853646] [] ? getname_flags+0x85/0x260 Nov 17 14:26:37 gdOv kernel: [ 3456.855263] [] rap_sys_execve+0x6b/0xa0 Nov 17 14:26:37 gdOv kernel: [ 3456.856861] [] do_syscall_64+0x8d/0x180 Nov 17 14:26:37 gdOv kernel: [ 3456.858481] [] entry_SYSCALL64_slow_path+0x32/0x32 Nov 17 14:26:37 gdOv kernel: [ 3456.860066] Code: 48 8b b4 24 48 03 00 00 eb 0b a5 65 b7 e6 ff ff ff ff cc cc cc e8 e4 a8 45 00 8b 94 24 54 03 00 00 39 c2 0f 84 b7 08 00 00 4c 8b 24 e8 02 00 00 4d 89 65 50 48 8b bc 24 30 02 00 00 eb 0b 00 Nov 17 14:26:37 gdOv kernel: [ 3456.863587] RIP [] do_blockdev_direct_IO+0x2c9d/0x4fe0 Nov 17 14:26:37 gdOv kernel: [ 3456.865253] RSP Nov 17 14:26:37 gdOv kernel: [ 3456.866931] CR2: 00000000000003e8 Nov 17 14:26:37 gdOv kernel: [ 3456.876484] ---[ end trace b254e691dff20938 ]--- Nov 17 14:26:37 gdOv kernel: [ 3456.876487] grsec: banning user with uid 1000 until system restart for suspicious kernel crash Nov 17 14:26:37 gdOv kernel: [ 3456.895953] grsec: exec of /sbin/agetty (/sbin/getty 38400 tty6 ) by /sbin/agetty[init:27966] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0