The system crashes because of malicious kernel module
Issue
The system unexpectedly crashes with a call trace that makes no sense:
crash> bt
PID: 7273 TASK: ffff8802f4f85520 CPU: 5 COMMAND: "java"
…
#8 [ffff8802f8bb3e60] page_fault at ffffffff8154aed5
[exception RIP: strncmp+0x9]
RIP: ffffffff812a1939 RSP: ffff8802f8bb3f18 RFLAGS: 00010206
RAX: 0000000000000006 RBX: 00007f49eab853c8 RCX: 0000000000000000
RDX: 0000000000000006 RSI: ffff8802f5527760 RDI: 00007f49eab853c8
RBP: ffff8802f8bb3f18 R8: 00007f49e4023728 R9: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: ffff8802f4f85520
R13: 0000000000000006 R14: ffff8802f5527760 R15: 0000000000000003
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#9 [ffff8802f8bb3f80] system_call_fastpath at ffffffff8100b0d2
…
or:
crash> bt
PID: 6174 TASK: ffff8806318fcab0 CPU: 5 COMMAND: "java"
…
#8 [ffff8805b4c2fdd0] page_fault at ffffffff8154e3e5
[exception RIP: unknown or invalid address]
RIP: ffffffffa042aa09 RSP: ffff8805b4c2fe88 RFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8804d0bd6000 RCX: 00000000fffffff2
RDX: ffffffffa042c3c8 RSI: ffffffffa042c4e1 RDI: 0000000000000001
RBP: ffff8805b4c2fee8 R8: 160072730500edac R9: 652e66732e74656e
R10: 452e656863616368 R11: 3e0f746e656d656c R12: 000000000065e96c
R13: 00007f18c371f010 R14: ffff88062cd46580 R15: ffff8804d0bd6fc5
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#9 [ffff8805b4c2fe90] do_mmap_pgoff at ffffffff81160b85
#10 [ffff8805b4c2ff00] fget_light_pos at ffffffff8119b2cf
#11 [ffff8805b4c2ff30] sys_write at ffffffff8119a8f1
…
Environment
- Red Hat Enterprise Linux
- the following kernel modules are loaded:
dm_jct2; orip6tab1es.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.