System crashed with "cshook_systemcalltable_pre_compat_sys_ioctl"

Solution Verified - Updated -

Issue

  • System crashed with the below log:
[15414404.340501] BUG: unable to handle kernel paging request at 000011d6938b74ba
[15414404.340925] IP: [<ffffffffc0d8955d>] cshook_systemcalltable_pre_compat_sys_ioctl+0x27fcd/0x30840 [falcon_lsm_serviceable]
[15414404.341256] PGD 0 
[15414404.341567] Oops: 0000 [#1] SMP 
[15414404.341831] Modules linked in: falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE) falcon_kal(E) falcon_lsm_pinned_14611(E) falcon_lsm_pinned_14604(E) falcon_lsm_pinned_14504(E) falcon_lsm_pinned_14306(E) 
falcon_lsm_pinned_14203(E) gc_enforcement(OE) falcon_lsm_pinned_14108(E) ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter devlink nfsv3 nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache bonding falcon_lsm_pinned_14006(E) oracleasm(O) ext4 mbcache jbd2 iTCO_wdt iTCO_vendor_support mxm_wmi dcdbas sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd pcspkr dm_service_time ipmi_ssif joydev sg ipmi_si ipmi_devintf lpc_ich mei_me
[15414404.344123]  mei ipmi_msghandler shpchp wmi acpi_power_meter dm_multipath nfsd auth_rpcgss nfs_acl lockd grace sunrpc sch_fq_codel binfmt_misc ip_tables xfs libcrc32c sr_mod cdrom sd_mod lpfc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm nvmet_fc(T) nvmet crc_t10dif crct10dif_generic nvme_fc(T) nvme_fabrics ixgbe nvme_core crct10dif_pclmul crc32c_intel ahci scsi_transport_fc libahci tg3 scsi_tgt libata megaraid_sas crct10dif_common i2c_core mdio dca ptp pps_core dm_mirror dm_region_hash dm_log dm_mod [last unloaded: falcon_kal]
[15414404.346748] CPU: 17 PID: 53986 Comm: kcs-file/0 Kdump: loaded Tainted: P           OE  ------------ T 3.10.0-862.3.3.el7.x86_64 #1
[15414404.347934] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.15.0 06/27/2022
[15414404.348570] task: ffff9b3a97b70000 ti: ffff9b68babb8000 task.ti: ffff9b68babb8000
[15414404.349218] RIP: 0010:[<ffffffffc0d8955d>]  [<ffffffffc0d8955d>] cshook_systemcalltable_pre_compat_sys_ioctl+0x27fcd/0x30840 [falcon_lsm_serviceable]
[15414404.350591] RSP: 0018:ffff9b68babbb7e0  EFLAGS: 00010206
[15414404.351279] RAX: 0000000000000009 RBX: 000011d6938b74ca RCX: 0000000000000004
[15414404.351986] RDX: 0000000000000000 RSI: 00000000000000c9 RDI: 000011d6938b74ca
[15414404.352701] RBP: ffff9b68babbb7e8 R08: ffffa8d224787651 R09: ffff9b68babbb888
[15414404.353413] R10: ffff9ad3bfc07c00 R11: ffffe43e6b9fcd80 R12: ffff9b5907babff0
[15414404.354133] R13: ffff9b5907babf90 R14: 0000000000000000 R15: ffffa8d224786541
[15414404.354863] FS:  0000000000000000(0000) GS:ffff9b90fe000000(0000) knlGS:0000000000000000
[15414404.355594] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[15414404.356335] CR2: 000011d6938b74ba CR3: 00000060a2bd2000 CR4: 00000000003607e0
[15414404.357098] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[15414404.357861] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[15414404.358629] Call Trace:
[15414404.359403]  [<ffffffffc0d6f74b>] cshook_systemcalltable_pre_compat_sys_ioctl+0xe1bb/0x30840 [falcon_lsm_serviceable]
[15414404.360217]  [<ffffffffc0d6d983>] cshook_systemcalltable_pre_compat_sys_ioctl+0xc3f3/0x30840 [falcon_lsm_serviceable]
[15414404.361035]  [<ffffffffc0d6e3cf>] cshook_systemcalltable_pre_compat_sys_ioctl+0xce3f/0x30840 [falcon_lsm_serviceable]
[15414404.361838]  [<ffffffffc0d00b9a>] ? _ZdlPv+0x1672a/0x3c410 [falcon_lsm_serviceable]
[15414404.362651]  [<ffffffffc0d6e6b1>] ? cshook_systemcalltable_pre_compat_sys_ioctl+0xd121/0x30840 [falcon_lsm_serviceable]
[15414404.363494]  [<ffffffffc0d69d6e>] cshook_systemcalltable_pre_compat_sys_ioctl+0x87de/0x30840 [falcon_lsm_serviceable]
[15414404.364356]  [<ffffffffc0d78347>] cshook_systemcalltable_pre_compat_sys_ioctl+0x16db7/0x30840 [falcon_lsm_serviceable]
[15414404.365226]  [<ffffffffc0d786b5>] cshook_systemcalltable_pre_compat_sys_ioctl+0x17125/0x30840 [falcon_lsm_serviceable]
[15414404.366096]  [<ffffffffc0d78a5e>] cshook_systemcalltable_pre_compat_sys_ioctl+0x174ce/0x30840 [falcon_lsm_serviceable]
[15414404.366973]  [<ffffffffc0d78bc0>] cshook_systemcalltable_pre_compat_sys_ioctl+0x17630/0x30840 [falcon_lsm_serviceable]
[15414404.367845]  [<ffffffffc0d17c65>] _ZdlPv+0x2d7f5/0x3c410 [falcon_lsm_serviceable]
[15414404.368734]  [<ffffffffc0d184ff>] _ZdlPv+0x2e08f/0x3c410 [falcon_lsm_serviceable]
[15414404.369620]  [<ffffffffc0d18579>] _ZdlPv+0x2e109/0x3c410 [falcon_lsm_serviceable]
[15414404.370508]  [<ffffffffc0d18277>] _ZdlPv+0x2de07/0x3c410 [falcon_lsm_serviceable]
[15414404.371396]  [<ffffffffc0d2407d>] _ZdlPv+0x39c0d/0x3c410 [falcon_lsm_serviceable]
[15414404.372269]  [<ffffffffc0d25212>] _ZdlPv+0x3ada2/0x3c410 [falcon_lsm_serviceable]
[15414404.373117]  [<ffffffffc0d4f450>] ? cshook_network_ops_inet6_sockraw_release+0x142f0/0x1c140 [falcon_lsm_serviceable]
[15414404.373975]  [<ffffffffa3512032>] ? mutex_lock+0x12/0x2f
[15414404.374831]  [<ffffffffc0d4f450>] ? cshook_network_ops_inet6_sockraw_release+0x142f0/0x1c140 [falcon_lsm_serviceable]
[15414404.375698]  [<ffffffffc0d25310>] _ZdlPv+0x3aea0/0x3c410 [falcon_lsm_serviceable]
[15414404.376545]  [<ffffffffc0d4f450>] ? cshook_network_ops_inet6_sockraw_release+0x142f0/0x1c140 [falcon_lsm_serviceable]
[15414404.377398]  [<ffffffffc0d89900>] ? cshook_systemcalltable_pre_compat_sys_ioctl+0x28370/0x30840 [falcon_lsm_serviceable]
[15414404.378241]  [<ffffffffc0d4f447>] cshook_network_ops_inet6_sockraw_release+0x142e7/0x1c140 [falcon_lsm_serviceable]
[15414404.379074]  [<ffffffffc0d4f460>] cshook_network_ops_inet6_sockraw_release+0x14300/0x1c140 [falcon_lsm_serviceable]
[15414404.379881]  [<ffffffffc0d89921>] cshook_systemcalltable_pre_compat_sys_ioctl+0x28391/0x30840 [falcon_lsm_serviceable]
[15414404.380684]  [<ffffffffa2ebb161>] kthread+0xd1/0xe0
[15414404.381466]  [<ffffffffa2ebb090>] ? insert_kthread_work+0x40/0x40
[15414404.382232]  [<ffffffffa3520677>] ret_from_fork_nospec_begin+0x21/0x21
[15414404.382978]  [<ffffffffa2ebb090>] ? insert_kthread_work+0x40/0x40
[15414404.383702] Code: c3 45 84 ff 75 91 e8 93 9f da ff 0f 1f 00 eb 9b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 ff 48 89 e5 53 48 89 fb 74 14 <8b> 77 f0 8b 7f f4 e8 18 03 00 00 48 8b 7b f8 e8 7f 9f da ff 5b 
[15414404.385220] RIP  [<ffffffffc0d8955d>] cshook_systemcalltable_pre_compat_sys_ioctl+0x27fcd/0x30840 [falcon_lsm_serviceable]
[15414404.385964]  RSP <ffff9b68babbb7e0>
[15414404.386699] CR2: 000011d6938b74ba
  • System crashed with another pattern of log:
  159.057932] general protection fault: 0000 [#1] SMP NOPTI
[  159.057977] CPU: 20 PID: 2744 Comm: kcs-evdefer/3 Kdump: loaded Tainted: P            E    --------- -  - 4.18.0-425.13.1.el8_7.x86_64 #1
[  159.058028] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022
[  159.058062] RIP: 0010:__kmalloc+0xac/0x250
[  159.058086] Code: 50 49 8b 50 08 49 8b 00 49 83 78 10 00 48 89 04 24 0f 84 7a 01 00 00 48 85 c0 0f 84 71 01 00 00 8b 4d 20 48 8b 7d 00 48 01 c1 <48> 8b 19 48 89 ce 48 33 9d 90 01 00 00 48 8d 4a 01 48 0f ce 48 31
[  159.058152] RSP: 0018:ffff9b1f5d1fbb00 EFLAGS: 00010202
[  159.058176] RAX: 7945cc6073007fbf RBX: 0000000000000010 RCX: 7945cc6073007fef
[  159.058203] RDX: 0000000000011a4a RSI: 00000000006000c0 RDI: 00000000000300c0
[  159.058231] RBP: ffff898400004a80 R08: ffff8a121f8300c0 R09: ffff9b1f5d1fbbd8
[  159.058258] R10: ffff9b1f5d1fbcb8 R11: 0000000000000001 R12: 00000000006000c0
[  159.058284] R13: 0000000000000050 R14: ffff898400004a80 R15: ffffffffc0e9725d
[  159.058311] FS:  0000000000000000(0000) GS:ffff8a121f800000(0000) knlGS:0000000000000000
[  159.058343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  159.058367] CR2: 00007fa57401d840 CR3: 0000003a8c210005 CR4: 00000000007706e0
[  159.058395] PKRU: 55555554
[  159.058409] Call Trace:
[  159.058429]  cshook_systemcalltable_pre_compat_sys_ioctl+0x27f4d/0x30840 [falcon_lsm_serviceable]
[  159.058469]  _ZdlPv+0x270d/0x3c870 [falcon_lsm_serviceable]
[  159.058495]  _ZdlPv+0x404a/0x3c870 [falcon_lsm_serviceable]
[  159.058520]  ? _cond_resched+0x15/0x30
[  159.058540]  ? _ZdlPv+0x2f89/0x3c870 [falcon_lsm_serviceable]
[  159.058565]  _ZdlPv+0x4743/0x3c870 [falcon_lsm_serviceable]
[  159.058591]  _ZdlPv+0x4891/0x3c870 [falcon_lsm_serviceable]
[  159.058618]  _ZdlPv+0x4962/0x3c870 [falcon_lsm_serviceable]
[  159.058642]  ? kfree+0xd3/0x250
[  159.058658]  ? down_write+0xe/0x40
[  159.058677]  _ZdlPv+0x5412/0x3c870 [falcon_lsm_serviceable]
[  159.058702]  _ZdlPv+0x782/0x3c870 [falcon_lsm_serviceable]
[  159.058727]  _ZdlPv+0x2a8e1/0x3c870 [falcon_lsm_serviceable]
[  159.058752]  ? cshook_network_ops_inet6_sockraw_release+0x14bb0/0x1ca00 [falcon_lsm_serviceable]
[  159.058789]  ? cshook_systemcalltable_pre_compat_sys_ioctl+0x28370/0x30840 [falcon_lsm_serviceable]
[  159.058825]  _ZdlPv+0x2a977/0x3c870 [falcon_lsm_serviceable]
[  159.058852]  cshook_network_ops_inet6_sockraw_release+0x14ba7/0x1ca00 [falcon_lsm_serviceable]
[  159.058885]  cshook_network_ops_inet6_sockraw_release+0x14bc0/0x1ca00 [falcon_lsm_serviceable]
[  159.059605]  cshook_systemcalltable_pre_compat_sys_ioctl+0x28391/0x30840 [falcon_lsm_serviceable]
[  159.060109]  kthread+0x10b/0x130
[  159.060380]  ? set_kthread_struct+0x50/0x50
[  159.060619]  ret_from_fork+0x1f/0x40
[  159.060863] Modules linked in: mptcp_diag tcp_diag udp_diag raw_diag inet_diag nfsv3 nfs_acl nfs lockd grace fscache falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE) falcon_kal(E) falcon_lsm_pinned_14712(E) team_mode_activebackup team vfat fat ext4 mbcache jbd2 dm_multipath rpcrdma rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_iser intel_rapl_msr intel_rapl_common libiscsi scsi_transport_iscsi rdma_cm iw_cm isst_if_common ib_cm nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp ipmi_ssif kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl intel_cstate bnxt_re ib_uverbs ib_core mei_me intel_uncore pcspkr ses enclosure mei ioatdma acpi_ipmi hpwdt hpilo lpc_ich dca ipmi_si wmi ipmi_devintf ipmi_msghandler acpi_power_meter auth_rpcgss sunrpc binfmt_misc xfs libcrc32c dm_snapshot dm_bufio sd_mod t10_pi sg mgag200 i2c_algo_bit drm_shmem_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm crc32c_intel bnxt_en smartpqi
[  159.060954]  scsi_transport_sas dm_mirror dm_region_hash dm_log dm_mod fuse
[  159.063337] Red Hat flags: eBPF/event

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Falcon module
    • falcon_lsm_serviceable

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content