Starting dockerd causes system crash when using Deep Security Agent dsa_filter module in RHEL 7
Issue
- Starting dockerd causes a system crash
crash> bt
PID: 1420 TASK: ffff880215350000 CPU: 1 COMMAND: "dockerd"
#0 [ffff8800bb81b978] machine_kexec at ffffffff8105c4cb
#1 [ffff8800bb81b9d8] __crash_kexec at ffffffff81104a42
#2 [ffff8800bb81baa8] crash_kexec at ffffffff81104b30
#3 [ffff8800bb81bac0] oops_end at ffffffff816ad338
#4 [ffff8800bb81bae8] no_context at ffffffff8169d35a
#5 [ffff8800bb81bb38] __bad_area_nosemaphore at ffffffff8169d3f0
#6 [ffff8800bb81bb80] bad_area_nosemaphore at ffffffff8169d55a
#7 [ffff8800bb81bb90] __do_page_fault at ffffffff816b01fe
#8 [ffff8800bb81bbf0] do_page_fault at ffffffff816b03a5
#9 [ffff8800bb81bc20] page_fault at ffffffff816ac5c8
[exception RIP: unknown or invalid address]
RIP: ffff8800ae84f9e0 RSP: ffff8800bb81bcd8 RFLAGS: 00010246
RAX: ffff8801cf526040 RBX: ffff880095801d00 RCX: ffff8800ae84f9e0
RDX: 0000000000008040 RSI: 0000000000000000 RDI: ffff88009665b180
RBP: ffff8800bb81bce0 R8: 0000000000000000 R9: 0000000000000000
R10: ffff88009665b180 R11: ffffea0002312e40 R12: ffff8800bb81be50
R13: ffff8800bb81bdf0 R14: 0000000000000000 R15: ffff8800bb81be50
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#10 [ffff8800bb81bcd8] d_real at ffffffff816a139e
#11 [ffff8800bb81bce8] vfs_open at ffffffff811fe7f5
#12 [ffff8800bb81bd10] do_last at ffffffff8120f80d
#13 [ffff8800bb81bdb0] path_openat at ffffffff812109a2
#14 [ffff8800bb81be48] do_filp_open at ffffffff81212f3b
#15 [ffff8800bb81bf18] do_sys_open at ffffffff811ffb83
#16 [ffff8800bb81bf70] sys_openat at ffffffff811ffcb4
#17 [ffff8800bb81bf80] system_call_fastpath at ffffffff816b5089
log from dmesg:
[ 880.989087] [1420(dockerd)]: gsch_mount_hook_fn(overlay,/cust/var/lib/docker/overlay/7b1776ed433ca69b50c74d2f5a4459a87d,overlay,0,000000c42011f600) done
[ 880.990549] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[ 880.990578] BUG: unable to handle kernel paging request at ffff8800ae84f9e0
[ 880.990605] IP: [<ffff8800ae84f9e0>] 0xffff8800ae84f9df
[ 880.990628] PGD 1fe9067 PUD 23ffff067 PMD ae8a4063 PTE 80000000ae84f163
[ 880.990655] Oops: 0011 [#1] SMP
[ 880.990673] Modules linked in: gsch(OE) redirfs(OE) ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter xt_conntrack nf_nat nf_conntrack br_netfilter bridge stp llc overlay(T) dsa_filter(POE) vmw_vsock_vmci_transport vsock sb_edac edac_core iosf_mbi crc32_pclmul
.....
<downsized output>
Environment
- Red Hat Enterprise Linux 7
-Docker container environment
- kernel-3.10.0-693.2.2.el7 - Trend Micro
Deep Security Agent
-ds_agent-9.6.2-7516.el7
- Kernel modules gsch, redifs, dsa_filter
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.