A null-dereference crash occurred upon calling find_entry() --> strlen() due to the NULLed procname. A possible kmalloc-8k slab use-after-free or double-free.
Issue
- A null-dereference crash occurred upon calling find_entry()-->strlen() due to the NULLed procname.
[4816637.612601] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[4816637.612606] PGD 0 P4D 0
[4816637.612611] Oops: 0000 [#1] SMP NOPTI
[4816637.612614] CPU: 0 PID: 294785 Comm: (fprintd) Kdump: loaded Tainted: P OE --------- - - 4.18.0-240.15.1.el8_3.x86_64 #1
[4816637.612616] Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.16460286.B64.2006250725 06/25/2020
[4816637.612626] RIP: 0010:strlen+0x0/0x20
[4816637.612628] Code: 48 89 f9 74 09 48 83 c1 01 80 39 00 75 f7 31 d2 44 0f b6 04 16 44 88 04 11 48 83 c2 01 45 84 c0 75 ee c3 0f 1f 80 00 00 00 00 <80> 3f 00 74 10 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 31
[4816637.612631] RSP: 0018:ffffb0e584cc7b70 EFLAGS: 00010286
[4816637.612633] RAX: 0000000000000005 RBX: ffff8f5c9eba8618 RCX: 0000000000000069
[4816637.612634] RDX: 0000000000000005 RSI: ffffffff991508b5 RDI: 0000000000000000
[4816637.612635] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000034
[4816637.612637] R10: ffff8f5c9cc1f000 R11: ffffffff9914cf9a R12: ffffb0e584cc7c35
[4816637.612638] R13: 0000000000000000 R14: ffff8f5b48120350 R15: ffff8f5b48120000
[4816637.612640] FS: 00007fa60587f9c0(0000) GS:ffff8f5df0a00000(0000) knlGS:0000000000000000
[4816637.612642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[4816637.612643] CR2: 0000000000000000 CR3: 0000000124650002 CR4: 00000000007606f0
[4816637.612683] PKRU: 55555554
[4816637.612684] Call Trace:
[4816637.612728] find_entry.isra.20+0x52/0x90
[4816637.612755] find_subdir+0x2d/0x80
[4816637.612759] __register_sysctl_table+0x23b/0x4e0
[4816637.612768] neigh_sysctl_register+0x126/0x1f0
[4816637.612777] ? prandom_u32+0x14/0x20
[4816637.612779] ? neigh_rand_reach_time.part.34+0xe/0x20
[4816637.612788] devinet_sysctl_register+0x5c/0xa0
[4816637.612792] inetdev_init+0xaf/0x190
[4816637.612795] inetdev_event+0x46c/0x580
[4816637.612799] ? rtnl_is_locked+0x11/0x20
[4816637.612805] ? notifier_call_chain+0x47/0x70
[4816637.612807] notifier_call_chain+0x47/0x70
[4816637.612815] register_netdevice+0x348/0x500
[4816637.612818] register_netdev+0x1a/0x30
[4816637.612824] loopback_net_init+0x48/0x90
[4816637.612829] ops_init+0x3a/0x100
[4816637.612832] setup_net+0xee/0x250
[4816637.612835] copy_net_ns+0xc3/0x180
[4816637.612839] create_new_namespaces+0x166/0x1b0
[4816637.612842] unshare_nsproxy_namespaces+0x55/0xa0
[4816637.612847] ksys_unshare+0x187/0x350
[4816637.612850] __x64_sys_unshare+0xe/0x20
[4816637.612857] do_syscall_64+0x5b/0x1a0
[4816637.612864] entry_SYSCALL_64_after_hwframe+0x65/0xca
[4816637.612867] RIP: 0033:0x7fa603bcbc0b
[4816637.612870] Code: 73 01 c3 48 8b 0d 7d f2 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4d f2 2b 00 f7 d8 64 89 01 48
[4816637.612871] RSP: 002b:00007ffee5a26a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[4816637.612874] RAX: ffffffffffffffda RBX: 0000560fd9573c18 RCX: 00007fa603bcbc0b
[4816637.612875] RDX: 0000000000000000 RSI: 00007ffee5a269f0 RDI: 0000000040000000
[4816637.612876] RBP: 00007ffee5a26ab0 R08: 0000000000000000 R09: fffffffffffffe00
[4816637.612877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[4816637.612879] R13: 0000560fd9528360 R14: 00000000fffffff5 R15: 0000000000000000
[4816637.612881] Modules linked in: xsk_diag vsock_diag tcp_diag udp_diag raw_diag inet_diag unix_diag af_packet_diag netlink_diag iscsi_target_mod target_core_mod binfmt_misc nf_tables nfnetlink overlay rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache symap_custom_4_18_0_240_15_1_el8_3_x86_64(POE) symev_custom_4_18_0_240_15_1_el8_3_x86_64(OE) vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vfat fat intel_rapl_msr intel_rapl_common isst_if_mbox_msr isst_if_common nfit libnvdimm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vmw_balloon pcspkr joydev intel_rapl_perf i2c_piix4 vmw_vmci nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse ip_tables ext4 mbcache jbd2 sr_mod cdrom ata_generic sd_mod vmwgfx sg drm_kms_helper crc32c_intel serio_raw syscopyarea sysfillrect sysimgblt ata_piix fb_sys_fops ttm drm ahci libahci vmxnet3 vmw_pvscsi libata dm_mirror dm_region_hash dm_log dm_mod
[4816637.612940] CR2: 0000000000000000
Environment
-
Red Hat Enterprise Linux 8.2 4.18.0-240.15.1.el8_3
-
Symantec Endpoint Protection
symev_custom_4_18_0_240_15_1_el8_3_x86_64
symap_custom_4_18_0_240_15_1_el8_3_x86_64
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
