Kernel panic due to a NULL pointer dereference in kfence_guarded_alloc(), caused by the [secfs2] module

Solution Unverified - Updated -

Issue

  • Kernel panic occurred at kfence_guarded_alloc() function due to 3rd party module [secfs2]
  • Kernel panics with following messages:
[244034.051142] BUG: kernel NULL pointer dereference, address: 000000000000002a <======
[244034.051149] #PF: supervisor read access in kernel mode
[244034.051150] #PF: error_code(0x0000) - not-present page
[244034.051152] PGD 15721e067 P4D 15721e067 PUD 15721f067 PMD 0 
[244034.051156] Oops: 0000 [#1] PREEMPT SMP NOPTI                  <<=========
[244034.051158] CPU: 4 PID: 2957 Comm: ncpa Kdump: loaded Tainted: P           OE     -------  ---  5.14.0-503.35.1.el9_5.x86_64 #1
[244034.051161] Hardware name: Nutanix AHV, BIOS 0.0.0 02/06/2015
[244034.051162] RIP: 0010:kfence_guarded_alloc+0x26a/0x400
[..]
[244034.051186] Call Trace:
[244034.051187]  <TASK>
[244034.051190]  ? show_trace_log_lvl+0x1c4/0x2df
[244034.051198]  ? show_trace_log_lvl+0x1c4/0x2df
[244034.051206]  ? __kfence_alloc+0x160/0x180
[244034.051211]  ? __die_body.cold+0x8/0xd
[244034.051214]  ? page_fault_oops+0x134/0x170
[244034.051222]  ? exc_page_fault+0x62/0x150
[244034.051229]  ? asm_exc_page_fault+0x22/0x30
[244034.051242]  ? kfence_guarded_alloc+0x26a/0x400
[244034.051248]  ? check_access+0x506/0x1ca0 [secfs2]
[244034.051371]  __kfence_alloc+0x160/0x180
[244034.051372]  ? __kfence_alloc+0x92/0x180
[244034.051373]  ? kmem_cache_alloc+0x298/0x340
[244034.051376]  ? check_access+0x506/0x1ca0 [secfs2]
[244034.051457]  ? vmfs_acc_op+0x1a1/0x2b0 [secfs2]
[244034.051536]  ? vmfs_acc_inode+0x18/0x30 [secfs2]
[244034.051613]  ? op_getattr+0x37c/0x8b0 [secfs2]
[244034.051659]  ? vfs_statx+0xb9/0x170
[244034.051661]  ? vfs_fstatat+0x54/0x70
[244034.051663]  ? __do_sys_newstat+0x30/0x70
[244034.051664]  ? do_syscall_64+0x5c/0xf0
[244034.051666]  ? entry_SYSCALL_64_after_hwframe+0x78/0x80
[244034.051668]  ? __kmem_cache_alloc_node+0x18f/0x2e0
[244034.051671]  ? lsys_malloc+0x1f/0x70 [secfs2]
[244034.051751]  ? __kmem_cache_alloc_node+0x18f/0x2e0
[244034.051753]  ? free_unref_page_commit+0x80/0x310
[244034.051761]  ? _raw_spin_unlock+0xa/0x30
[244034.051765]  ? free_unref_page+0xf2/0x130
[244034.051770]  ? sf_dentry_path+0x1a9/0x1c0 [secfs2]
[244034.051816]  ? __kmem_cache_alloc_node+0x18f/0x2e0
[244034.051818]  ? lsys_malloc+0x1f/0x70 [secfs2]
[244034.051881]  ? dput+0x2b/0x1a0
[244034.051886]  kmem_cache_alloc+0x298/0x340
[244034.051891]  check_access+0x506/0x1ca0 [secfs2]
[244034.051971]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[244034.051979]  vmfs_acc_op+0x1a1/0x2b0 [secfs2]
[244034.052062]  vmfs_acc_inode+0x18/0x30 [secfs2]
[244034.052143]  op_getattr+0x37c/0x8b0 [secfs2]
[244034.052191]  ? bpf_prog_b2c2c9127e5ee4e2_cf_security_inode_getattr_fentry_1316+0xd8/0xdd
[244034.052204]  vfs_statx+0xb9/0x170
[244034.052209]  vfs_fstatat+0x54/0x70
[244034.052212]  __do_sys_newstat+0x30/0x70
[244034.052220]  do_syscall_64+0x5c/0xf0
[244034.052222]  ? cp_new_stat+0x150/0x180
[244034.052230]  ? __do_sys_newstat+0x3f/0x70
[244034.052237]  ? syscall_exit_work+0x103/0x130
[244034.052241]  ? syscall_exit_to_user_mode+0x19/0x40
[244034.052243]  ? do_syscall_64+0x6b/0xf0
[..]
[244034.052248]  ? clear_bhb_loop+0x25/0x80
[..]
[244034.052259]  entry_SYSCALL_64_after_hwframe+0x78/0x80
[244034.052261] RIP: 0033:0x7ff82b50ed8a

Environment

  • Red Hat Enterprise Linux 9
  • A third party kernel [secfs2] module.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content