The system crashes because of malicious kernel module
Issue
The system unexpectedly crashes with a call trace that makes no sense:
crash> bt
PID: 7273 TASK: ffff8802f4f85520 CPU: 5 COMMAND: "java"
…
#8 [ffff8802f8bb3e60] page_fault at ffffffff8154aed5
[exception RIP: strncmp+0x9]
RIP: ffffffff812a1939 RSP: ffff8802f8bb3f18 RFLAGS: 00010206
RAX: 0000000000000006 RBX: 00007f49eab853c8 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffff8802f5527760 RDI: 00007f49eab853c8
RBP: ffff8802f8bb3f18 R8: 00007f49e4023728 R9: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: ffff8802f4f85520
R13: 0000000000000006 R14: ffff8802f5527760 R15: 0000000000000003
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#9 [ffff8802f8bb3f80] system_call_fastpath at ffffffff8100b0d2
…
or:
crash> bt
PID: 6174 TASK: ffff8806318fcab0 CPU: 5 COMMAND: "java"
…
#8 [ffff8805b4c2fdd0] page_fault at ffffffff8154e3e5
[exception RIP: unknown or invalid address]
RIP: ffffffffa042aa09 RSP: ffff8805b4c2fe88 RFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8804d0bd6000 RCX: 00000000fffffff2
RDX: ffffffffa042c3c8 RSI: ffffffffa042c4e1 RDI: 0000000000000001
RBP: ffff8805b4c2fee8 R8: 160072730500edac R9: 652e66732e74656e
R10: 452e656863616368 R11: 3e0f746e656d656c R12: 000000000065e96c
R13: 00007f18c371f010 R14: ffff88062cd46580 R15: ffff8804d0bd6fc5
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#9 [ffff8805b4c2fe90] do_mmap_pgoff at ffffffff81160b85
#10 [ffff8805b4c2ff00] fget_light_pos at ffffffff8119b2cf
#11 [ffff8805b4c2ff30] sys_write at ffffffff8119a8f1
…
Environment
- Red Hat Enterprise Linux
- the following kernel modules are present:
dm_jct2;ip6tab1es; orlvm3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
