A null-dereference crash occurs upon converting the SELinux SID table due to the sidtab_entry_leaf corruption

Solution Unverified - Updated -

Issue

  • A null-dereference crash occurs upon converting the SELinux SID table due to the sidtab_entry_leaf corruption
[5016159.234718] SELinux:  Converting 81068 SID table entries...
[5016159.692269] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[5016159.788129] PGD 0 P4D 0 
[5016159.820472] Oops: 0000 [#1] SMP NOPTI
[5016159.866333] CPU: 81 PID: 673070 Comm: load_policy Kdump: loaded Not tainted 4.18.0-193.14.3.el8_2.x86_64 #1
[5016159.984993] Hardware name: Dell Inc. PowerEdge R940/0V0267, BIOS 2.8.2 08/27/2020
[5016160.076615] RIP: 0010:strlen+0x0/0x20
[5016160.122472] Code: 48 89 f9 74 09 48 83 c1 01 80 39 00 75 f7 31 d2 44 0f b6 04 16 44 88 04 11 48 83 c2 01 45 84 c0 75 ee c3 0f 1f 80 00 00 00 00 <80> 3f 00 74 10 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 31
[5016160.349286] RSP: 0018:ffffa28cf2ad7c58 EFLAGS: 00010286
[5016160.413868] RAX: ffffffffa339a120 RBX: 0000000000000000 RCX: 0000000000000008
[5016160.501328] RDX: 00000000ad8857bf RSI: 0000000000000000 RDI: 0000000000000000
[5016160.588789] RBP: ffff93246d1e86a0 R08: ffff9324ff72e1a0 R09: ffff926747c0e0c0
[5016160.676246] R10: 0000000000000014 R11: 0000000000100000 R12: 0000000000000000
[5016160.763706] R13: ffff931e4bcea3c0 R14: ffff92c04fed13c0 R15: ffffa28cf2ad7e20
[5016160.851168] FS:  00007fd06a281640(0000) GS:ffff9324ff700000(0000) knlGS:0000000000000000
[5016160.950066] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[5016161.020888] CR2: 0000000000000000 CR3: 000000b7ca102003 CR4: 00000000007626e0
[5016161.108348] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[5016161.195808] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[5016161.283268] PKRU: 55555554
[5016161.317688] Call Trace:
[5016161.348996]  symhash+0x15/0x50
[5016161.387576]  hashtab_search+0x1d/0x80
[5016161.433437]  convert_context+0x19e/0x330
[5016161.482418]  sidtab_convert_tree.isra.2+0xac/0x130
[5016161.541802]  ? vprintk_emit+0x189/0x280
[5016161.541804]  sidtab_convert_tree.isra.2+0x5f/0x130
[5016161.841617]  sidtab_convert_tree.isra.2+0x5f/0x130
[5016161.900998]  sidtab_convert+0x10d/0x140
[5016161.948942]  security_load_policy+0x445/0x5f0
[5016162.003123]  ? security_compute_sid.part.17+0x640/0x640
[5016162.067704]  sel_write_load+0xe3/0x1b0
[5016162.114608]  vfs_write+0xa5/0x1a0
[5016162.156308]  ksys_write+0x4f/0xb0
[5016162.198011]  do_syscall_64+0x5b/0x1a0
[5016162.243874]  entry_SYSCALL_64_after_hwframe+0x65/0xca
[5016162.306374] RIP: 0033:0x7fd0698b8b28
[5016162.351196] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 35 4b 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55
[5016162.578008] RSP: 002b:00007ffd55680e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[5016162.670669] RAX: ffffffffffffffda RBX: 00007ffd55680e90 RCX: 00007fd0698b8b28
[5016162.758127] RDX: 00000000008739b0 RSI: 00007fd0688b0000 RDI: 0000000000000004
[5016162.845587] RBP: 0000000000000004 R08: 00005625c2a722a0 R09: 00007fd069949c80
[5016162.933048] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0688b0000
[5016163.020508] R13: 00000000008739b0 R14: 000000000000000f R15: 0000000000000003
[5016163.107968] Modules linked in: joydev binfmt_misc veth vhost_net nf_conntrack_netlink vhost tap tun mpt3sas raid_class scsi_transport_sas dell_rbu xsk_diag raw_diag unix_diag af_packet_diag netlink_diag tcp_diag udp_diag inet_diag geneve ip6_udp_tunnel udp_tunnel nf_log_ipv6 nf_log_ipv4 nf_log_common nft_limit xt_LOG xt_limit ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_multiport nft_counter xt_comment xt_state xt_conntrack nft_compat overlay nf_tables br_netfilter bridge stp llc sch_ingress bonding nfnetlink_cttimeout nfnetlink openvswitch nf_conntrack_ipv6 nf_nat_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_defrag_ipv6 nf_conncount nf_nat nf_conntrack nls_utf8 isofs rpcrdma ib_isert iscsi_target_mod ib_iser ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_umad iw_cxgb4 ib_uverbs rdma_cm iw_cm ib_cm ib_core intel_rapl_msr intel_rapl_common dell_smbios iTCO_wdt wmi_bmof dell_wmi_descriptor iTCO_vendor_support ipmi_ssif dcdbas skx_edac nfit libnvdimm
[5016163.108002]  x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_si intel_cstate ipmi_devintf mei_me intel_uncore pcspkr lpc_ich wmi ipmi_msghandler i2c_i801 mei intel_rapl_perf acpi_power_meter ip_tables xfs libcrc32c dm_multipath sd_mod sg mgag200 drm_vram_helper i2c_algo_bit drm_kms_helper crct10dif_pclmul syscopyarea crc32_pclmul sysfillrect sysimgblt crc32c_intel fb_sys_fops ttm nvme ghash_clmulni_intel nvme_core drm ahci ixgbe libahci libata megaraid_sas dca mdio sunrpc dm_mirror dm_region_hash dm_log dm_mod be2iscsi bnx2i cnic uio cxgb4i cxgb4 libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
[5016164.869026] CR2: 0000000000000000

PID: 673070  TASK: ffff931cd7268000  CPU: 81  COMMAND: "load_policy"
     ...
    [exception RIP: strlen]
    RIP: ffffffffa3879450  RSP: ffffa28cf2ad7c58  RFLAGS: 00010286
    RAX: ffffffffa339a120  RBX: 0000000000000000  RCX: 0000000000000008
    RDX: 00000000ad8857bf  RSI: 0000000000000000  RDI: 0000000000000000
    RBP: ffff93246d1e86a0   R8: ffff9324ff72e1a0   R9: ffff926747c0e0c0
    R10: 0000000000000014  R11: 0000000000100000  R12: 0000000000000000
    R13: ffff931e4bcea3c0  R14: ffff92c04fed13c0  R15: ffffa28cf2ad7e20
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #7 [ffffa28cf2ad7c58] symhash at ffffffffa339a135
 #8 [ffffa28cf2ad7c70] hashtab_search at ffffffffa3399f2d
 #9 [ffffa28cf2ad7c90] convert_context at ffffffffa33a2e0e
#10 [ffffa28cf2ad7cd0] sidtab_convert_tree at ffffffffa339a4bc
#11 [ffffa28cf2ad7d10] sidtab_convert_tree at ffffffffa339a46f
#12 [ffffa28cf2ad7d50] sidtab_convert_tree at ffffffffa339a46f
#13 [ffffa28cf2ad7d90] sidtab_convert at ffffffffa339b14d
#14 [ffffa28cf2ad7dd8] security_load_policy at ffffffffa33a4b95
    ...

Environment

  • Red Hat Enterprise Linux 8.2.z (kernel-4.18.0-193.14.3.el8_2.x86_64)
  • SELinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content