A null-dereference crash occurs upon converting the SELinux SID table due to the sidtab_entry_leaf corruption
Issue
- A null-dereference crash occurs upon converting the SELinux SID table due to the sidtab_entry_leaf corruption
[5016159.234718] SELinux: Converting 81068 SID table entries...
[5016159.692269] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[5016159.788129] PGD 0 P4D 0
[5016159.820472] Oops: 0000 [#1] SMP NOPTI
[5016159.866333] CPU: 81 PID: 673070 Comm: load_policy Kdump: loaded Not tainted 4.18.0-193.14.3.el8_2.x86_64 #1
[5016159.984993] Hardware name: Dell Inc. PowerEdge R940/0V0267, BIOS 2.8.2 08/27/2020
[5016160.076615] RIP: 0010:strlen+0x0/0x20
[5016160.122472] Code: 48 89 f9 74 09 48 83 c1 01 80 39 00 75 f7 31 d2 44 0f b6 04 16 44 88 04 11 48 83 c2 01 45 84 c0 75 ee c3 0f 1f 80 00 00 00 00 <80> 3f 00 74 10 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 31
[5016160.349286] RSP: 0018:ffffa28cf2ad7c58 EFLAGS: 00010286
[5016160.413868] RAX: ffffffffa339a120 RBX: 0000000000000000 RCX: 0000000000000008
[5016160.501328] RDX: 00000000ad8857bf RSI: 0000000000000000 RDI: 0000000000000000
[5016160.588789] RBP: ffff93246d1e86a0 R08: ffff9324ff72e1a0 R09: ffff926747c0e0c0
[5016160.676246] R10: 0000000000000014 R11: 0000000000100000 R12: 0000000000000000
[5016160.763706] R13: ffff931e4bcea3c0 R14: ffff92c04fed13c0 R15: ffffa28cf2ad7e20
[5016160.851168] FS: 00007fd06a281640(0000) GS:ffff9324ff700000(0000) knlGS:0000000000000000
[5016160.950066] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[5016161.020888] CR2: 0000000000000000 CR3: 000000b7ca102003 CR4: 00000000007626e0
[5016161.108348] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[5016161.195808] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[5016161.283268] PKRU: 55555554
[5016161.317688] Call Trace:
[5016161.348996] symhash+0x15/0x50
[5016161.387576] hashtab_search+0x1d/0x80
[5016161.433437] convert_context+0x19e/0x330
[5016161.482418] sidtab_convert_tree.isra.2+0xac/0x130
[5016161.541802] ? vprintk_emit+0x189/0x280
[5016161.541804] sidtab_convert_tree.isra.2+0x5f/0x130
[5016161.841617] sidtab_convert_tree.isra.2+0x5f/0x130
[5016161.900998] sidtab_convert+0x10d/0x140
[5016161.948942] security_load_policy+0x445/0x5f0
[5016162.003123] ? security_compute_sid.part.17+0x640/0x640
[5016162.067704] sel_write_load+0xe3/0x1b0
[5016162.114608] vfs_write+0xa5/0x1a0
[5016162.156308] ksys_write+0x4f/0xb0
[5016162.198011] do_syscall_64+0x5b/0x1a0
[5016162.243874] entry_SYSCALL_64_after_hwframe+0x65/0xca
[5016162.306374] RIP: 0033:0x7fd0698b8b28
[5016162.351196] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 35 4b 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55
[5016162.578008] RSP: 002b:00007ffd55680e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[5016162.670669] RAX: ffffffffffffffda RBX: 00007ffd55680e90 RCX: 00007fd0698b8b28
[5016162.758127] RDX: 00000000008739b0 RSI: 00007fd0688b0000 RDI: 0000000000000004
[5016162.845587] RBP: 0000000000000004 R08: 00005625c2a722a0 R09: 00007fd069949c80
[5016162.933048] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0688b0000
[5016163.020508] R13: 00000000008739b0 R14: 000000000000000f R15: 0000000000000003
[5016163.107968] Modules linked in: joydev binfmt_misc veth vhost_net nf_conntrack_netlink vhost tap tun mpt3sas raid_class scsi_transport_sas dell_rbu xsk_diag raw_diag unix_diag af_packet_diag netlink_diag tcp_diag udp_diag inet_diag geneve ip6_udp_tunnel udp_tunnel nf_log_ipv6 nf_log_ipv4 nf_log_common nft_limit xt_LOG xt_limit ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_multiport nft_counter xt_comment xt_state xt_conntrack nft_compat overlay nf_tables br_netfilter bridge stp llc sch_ingress bonding nfnetlink_cttimeout nfnetlink openvswitch nf_conntrack_ipv6 nf_nat_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_defrag_ipv6 nf_conncount nf_nat nf_conntrack nls_utf8 isofs rpcrdma ib_isert iscsi_target_mod ib_iser ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_umad iw_cxgb4 ib_uverbs rdma_cm iw_cm ib_cm ib_core intel_rapl_msr intel_rapl_common dell_smbios iTCO_wdt wmi_bmof dell_wmi_descriptor iTCO_vendor_support ipmi_ssif dcdbas skx_edac nfit libnvdimm
[5016163.108002] x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_si intel_cstate ipmi_devintf mei_me intel_uncore pcspkr lpc_ich wmi ipmi_msghandler i2c_i801 mei intel_rapl_perf acpi_power_meter ip_tables xfs libcrc32c dm_multipath sd_mod sg mgag200 drm_vram_helper i2c_algo_bit drm_kms_helper crct10dif_pclmul syscopyarea crc32_pclmul sysfillrect sysimgblt crc32c_intel fb_sys_fops ttm nvme ghash_clmulni_intel nvme_core drm ahci ixgbe libahci libata megaraid_sas dca mdio sunrpc dm_mirror dm_region_hash dm_log dm_mod be2iscsi bnx2i cnic uio cxgb4i cxgb4 libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
[5016164.869026] CR2: 0000000000000000
PID: 673070 TASK: ffff931cd7268000 CPU: 81 COMMAND: "load_policy"
...
[exception RIP: strlen]
RIP: ffffffffa3879450 RSP: ffffa28cf2ad7c58 RFLAGS: 00010286
RAX: ffffffffa339a120 RBX: 0000000000000000 RCX: 0000000000000008
RDX: 00000000ad8857bf RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff93246d1e86a0 R8: ffff9324ff72e1a0 R9: ffff926747c0e0c0
R10: 0000000000000014 R11: 0000000000100000 R12: 0000000000000000
R13: ffff931e4bcea3c0 R14: ffff92c04fed13c0 R15: ffffa28cf2ad7e20
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffffa28cf2ad7c58] symhash at ffffffffa339a135
#8 [ffffa28cf2ad7c70] hashtab_search at ffffffffa3399f2d
#9 [ffffa28cf2ad7c90] convert_context at ffffffffa33a2e0e
#10 [ffffa28cf2ad7cd0] sidtab_convert_tree at ffffffffa339a4bc
#11 [ffffa28cf2ad7d10] sidtab_convert_tree at ffffffffa339a46f
#12 [ffffa28cf2ad7d50] sidtab_convert_tree at ffffffffa339a46f
#13 [ffffa28cf2ad7d90] sidtab_convert at ffffffffa339b14d
#14 [ffffa28cf2ad7dd8] security_load_policy at ffffffffa33a4b95
...
Environment
- Red Hat Enterprise Linux 8.2.z (kernel-4.18.0-193.14.3.el8_2.x86_64)
- SELinux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.