System crashed after 'Supertramp allocated at XXXXXXXX' log

Solution Verified - Updated -

Issue

  • System crashed with 'Bad RIP value.'.
  • Below is one example pattern showing crash
...
Supertramp allocated at ffff880432914000
msda: device registered at 10.54
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at ffffc9000a2de2d0
IP: [<ffffc9000a2de2d0>] 0xffffc9000a2de2d0
Kernel PGD 147fc18067 PUD 207fc18067 PMD c6f8ee067 PTE 8000000c71191063
User   PGD c7fef5067 PUD 0 
Oops: 0011 [#1] SMP 
last sysfs file: /sys/module/ipv6/initstate
CPU 4 
Modules linked in: microsoft_dependency_agent(P)(U) bluechannel(P)(U) iptable_filter ip_tables falcon_lsm_serviceable(P)(U) falcon_nf_netcontain(P)(U) falcon_lsm_pinned_8202(U) ktap_88469(U) vfat fat mpt3sas mpt2sas scsi_transport_sas raid_class mptctl mptbase ipmi_devintf dell_rbu nfsd exportfs autofs4 nfs lockd fscache auth_rpcgss nfs_acl sunrpc bonding ipv6 dm_round_robin dm_multipath power_meter acpi_ipmi ipmi_si ipmi_msghandler microcode iTCO_wdt iTCO_vendor_support dcdbas joydev serio_raw sg lpc_ich mfd_core bnx2x ptp pps_core libcrc32c mdio bnx2 i7core_edac edac_core ext4 jbd2 mbcache sr_mod cdrom sd_mod crc_t10dif pata_acpi ata_generic ata_piix qla2xxx scsi_transport_fc scsi_tgt megaraid_sas dm_mirror dm_region_hash dm_log dm_mod [last unloaded: usb_storage]

Pid: 41966, comm: sshd Tainted: P        W  -- ------------    2.6.32-754.23.1.el6.x86_64 #1 ...
RIP: 0010:[<ffffc9000a2de2d0>]  [<ffffc9000a2de2d0>] 0xffffc9000a2de2d0
RSP: 0018:ffff880c9cc878e0  EFLAGS: 00010286
RAX: ffffc900291a4020 RBX: ffff88145b23fbc0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88144b018340 RDI: ffff88145b23fbc0
RBP: ffff880c9cc87928 R08: 0000000000000000 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88144b018340 R14: 0000000000000000 R15: 0000000000000040
FS:  00007f1171faf7c0(0000) GS:ffff880054040000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000a2de2d0 CR3: 00000023a8b46000 CR4: 00000000000007e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process sshd (pid: 41966, threadinfo ffff880c9cc84000, task ffff8814617a5520)
Stack:
 ffffc900291a4041 ffff880c9cc87908 ffffffff81357d1b ffff881463dcbdc0
<d> ffff88145b23fbc0 0000000000000000 ffff88144b018340 0000000000000000
<d> 0000000000000040 ffff880c9cc87958 ffffffff81472973 0000000000000228
Call Trace:
 [<ffffffff81357d1b>] ? put_ldisc+0x5b/0xc0
 [<ffffffff81472973>] sock_poll+0x63/0x150
 [<ffffffff811b9eb8>] do_select+0x3c8/0x7c0
 [<ffffffff814cb572>] ? ip_finish_output+0x192/0x380
 [<ffffffff811b98a0>] ? __pollwait+0x0/0xf0
 [<ffffffff811b9990>] ? pollwake+0x0/0x60
 [<ffffffff811b9990>] ? pollwake+0x0/0x60
 [<ffffffff811b9990>] ? pollwake+0x0/0x60
 [<ffffffff811b9990>] ? pollwake+0x0/0x60
 [<ffffffff8155cd0b>] ? _spin_unlock_bh+0x1b/0x20
 [<ffffffff8147740a>] ? release_sock+0xea/0x110
 [<ffffffff814d3a2c>] ? tcp_sendmsg+0x74c/0xa40
 [<ffffffff814762d1>] ? sock_aio_write+0x1a1/0x1c0
 [<ffffffff81350ead>] ? tty_wakeup+0x3d/0x80
 [<ffffffff811bacfa>] core_sys_select+0x18a/0x2c0
 [<ffffffff8135471d>] ? n_tty_read+0x3ad/0x950
 [<ffffffff810ab0e0>] ? autoremove_wake_function+0x0/0x40
 [<ffffffffa01dad6d>] ? cshook_security_file_permission+0x1d/0x80 [falcon_lsm_serviceable]
 [<ffffffffa001be62>] ? release_rundown+0x12/0x20 [falcon_lsm_pinned_8202]
 [<ffffffffa001d1db>] ? pinnedhook_security_file_permission+0x6b/0x80 [falcon_lsm_pinned_8202]
 [<ffffffffa01d7d31>] ? crowdstrike_probe_sys_exit+0x21/0x170 [falcon_lsm_serviceable]
 [<ffffffff811bb087>] sys_select+0x47/0x110
 [<ffffffff81564655>] tracesys+0xb2/0xd8
Code: 88 ff ff 98 2d 70 c9 21 88 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 5e 16 ac 21 88 ff ff <98> 0c 16 31 0d 88 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 
RIP  [<ffffc9000a2de2d0>] 0xffffc9000a2de2d0
 RSP <ffff880c9cc878e0>
CR2: ffffc9000a2de2d0

Environment

  • Red Hat Enterprise Linux 6
  • Microsoft driver 'microsoft_dependency_agent' loaded

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content