The kernel crashes due to Bad RIP value shortly after uninstalling Tripwire
Issue
- The kernel crashes due to Bad RIP value shortly after uninstalling Tripwire
[1782938.935431] twnotify: exit
[1782938.935437] unhooking syscalltable
[1782938.935454] unhooking syscalltable done
[1782948.912100] 44258 twnotify: twnotify_cleanup_module: starting...
[1782948.912104] 44258 twnotify: twnotify_set_qlimit: Starting set qlimit=0 (was 0 with 0 active entries)
[1782948.912107] 44258 twnotify: twnotify_cleanup_module: unregistering ...
[1782948.912110] 44258 twnotify: twnotify_cleanup_module: done.
[1782948.912111] twnotify: exit done
[1782953.305230] BUG: unable to handle kernel paging request at ffffffffc04d0c9b
[1782953.306387] IP: [<ffffffffc04d0c9b>] 0xffffffffc04d0c9b
[1782953.307530] PGD b1ac14067 PUD b1ac16067 PMD c0dfcc067 PTE 0
[1782953.308646] Oops: 0010 [#1] SMP
[1782953.309743] Modules linked in: tcp_diag udp_diag inet_diag nf_conntrack_netlink nfnetlink_queue ip6table_mangle ip6table_nat nf_nat_ipv6 ip6table_raw iptable_mangle iptable_raw xt_NFLOG nfnetlink_log xt_set xt_multiport xt_conntrack iptable_nat nf_nat_ipv4 nf_nat ip_set_hash_ip ip_set_hash_net ip_set nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables xt_LOG nf_conntrack_tftp nf_conntrack_ftp nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack iptable_filter nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache scsi_transport_iscsi 8021q garp mrp stp llc bonding sunrpc dm_multipath skx_edac nfit libnvdimm ipmi_ssif intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper
[1782953.316562] cryptd pcspkr ses enclosure sg mei_me lpc_ich mei hpilo hpwdt wmi ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter binfmt_misc ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm mlx5_core drm crct10dif_pclmul crct10dif_common crc32c_intel serio_raw smartpqi tg3 mlxfw scsi_transport_sas devlink ptp drm_panel_orientation_quirks pps_core dm_mirror dm_region_hash dm_log dm_mod [last unloaded: twnotify]
[1782953.322329] CPU: 4 PID: 42731 Comm: splunkd Kdump: loaded Tainted: G OE ------------ T 3.10.0-1160.99.1.el7.x86_64 #1
[1782953.324587] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 04/20/2023
[1782953.325727] task: ffff9f30911ad280 ti: ffff9f2606ea4000 task.ti: ffff9f2606ea4000
[1782953.326856] RIP: 0010:[<ffffffffc04d0c9b>] [<ffffffffc04d0c9b>] 0xffffffffc04d0c9b
[1782953.327987] RSP: 0018:ffff9f2606ea7f38 EFLAGS: 00010282
[1782953.329092] RAX: 0000000000170000 RBX: 0000000000000000 RCX: 0000000000000000
[1782953.330191] RDX: ffff9f30911ad280 RSI: 0000000000000000 RDI: ffff9f2540987600
[1782953.331278] RBP: ffff9f2606ea7f48 R08: 0000000000000000 R09: 0000000000000000
[1782953.332345] R10: 0000000000000001 R11: ffff9f2510158000 R12: 0000000000000001
[1782953.333399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[1782953.334435] FS: 00007fe67c9ff700(0000) GS:ffff9f30cfd00000(0000) knlGS:0000000000000000
[1782953.335466] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1782953.336482] CR2: ffffffffc04d0c9b CR3: 0000000111c06000 CR4: 00000000007607e0
[1782953.337495] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[1782953.338494] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[1782953.339472] PKRU: 55555554
[1782953.340429] Call Trace:
[1782953.341372] [<ffffffff8cbc539a>] system_call_fastpath+0x25/0x2a
[1782953.342307] Code: Bad RIP value.
[1782953.343229] RIP [<ffffffffc04d0c9b>] 0xffffffffc04d0c9b
[1782953.344152] RSP <ffff9f2606ea7f38>
[1782953.345041] CR2: ffffffffc04d0c9b
Environment
- Red Hat Enterprise Linux 7.9.z - kernel-3.10.0-1160.99.1.el7.x86_64
- Tripwire
- Out-of-tree module named "twnotify"
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
