A NULL pointer dereference crash occurs in memcpy_erms() due to an invalid buf pointer passed from nsloReadFromFile() to kernel_read()
Issue
- A page allocation failure occurred, and the call trace involved the third-party module named [fortiedr_4_18_0_305].
- It appears that a krealloc/kmalloc call from NsloDefaultAllocatorCalloc() failed to allocate an object from a slab cache due to the page allocation failure.
[650713.883952] java: page allocation failure: order:10, mode:0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0
[650713.883965] CPU: 23 PID: 3306424 Comm: java Kdump: loaded Tainted: P OE --------- - - 4.18.0-305.25.1.el8_4.x86_64 #1
[650713.883966] Hardware name: Red Hat OpenStack Compute, BIOS 1.14.0-1.module+el8.4.0+8855+a9e237a9 04/01/2014
[650713.883966] Call Trace:
[650713.883974] dump_stack+0x5c/0x80
[650713.883978] warn_alloc.cold.117+0x7b/0x10d
[650713.883981] ? _cond_resched+0x15/0x30
[650713.883982] ? __alloc_pages_direct_compact+0x157/0x160
[650713.883984] __alloc_pages_slowpath+0xd0c/0xd50
[650713.883985] __alloc_pages_nodemask+0x283/0x2c0
[650713.883987] kmalloc_order+0x28/0x90
[650713.883989] kmalloc_order_trace+0x1d/0xa0
[650713.883992] __kmalloc_track_caller+0x1e7/0x240
[650713.883993] krealloc+0x47/0x90
[650713.884014] NsloDefaultAllocatorCalloc+0x93/0x180 [fortiedr_4_18_0_305]
[650713.884027] OBitFirstIsLower+0x71/0x110 [fortiedr_4_18_0_305]
[650713.884036] isc_md5_final+0x979/0x3aa0 [fortiedr_4_18_0_305]
[650713.884047] ? nsloReadFromFile+0x40/0x510 [fortiedr_4_18_0_305]
[650713.884056] ? NsloCounterGroupDetach+0x88/0xa0 [fortiedr_4_18_0_305]
[650713.884064] ? nsloReadFromFile+0x40/0x510 [fortiedr_4_18_0_305]
[650713.884073] mz_zip_reader_init+0x4a/0x70 [fortiedr_4_18_0_305]
[650713.884083] NsloAnalyzeJarFile+0x14e/0x610 [fortiedr_4_18_0_305]
[650713.884084] ? _cond_resched+0x15/0x30
[650713.884119] ? xfs_iunlock+0xcc/0x100 [xfs]
[650713.884127] ? OBitFirstIsLower+0xa0/0x110 [fortiedr_4_18_0_305]
[650713.884133] ? OBitFirstIsLower+0xe0/0x110 [fortiedr_4_18_0_305]
[650713.884139] ? OBitFirstIsLower+0x30/0x110 [fortiedr_4_18_0_305]
[650713.884147] ? nsloReadFromFile+0x40/0x510 [fortiedr_4_18_0_305]
[650713.884155] analyze_jar_file+0xa6/0x390 [fortiedr_4_18_0_305]
[650713.884162] CheckIfJarFile+0x26c/0x2d0 [fortiedr_4_18_0_305]
[650713.884170] new_sys_mmap+0x61/0xd0 [fortiedr_4_18_0_305]
[650713.884176] nslo_wrapper_new_sys_mmap+0x26/0x30 [fortiedr_4_18_0_305]
[650713.884178] do_syscall_64+0x5b/0x1a0
[650713.884180] entry_SYSCALL_64_after_hwframe+0x65/0xca
[650713.884183] RIP: 0033:0x7f4e58e2e707
[650713.884184] Code: 54 41 89 d4 55 48 89 fd 53 4c 89 cb 48 85 ff 74 52 49 89 d9 45 89 f8 45 89 f2 44 89 e2 4c 89 ee 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 79 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 0f 1f
[650713.884185] RSP: 002b:00007f4e599402d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[650713.884186] RAX: ffffffffffffffda RBX: 00000000022c0000 RCX: 00007f4e58e2e707
[650713.884186] RDX: 0000000000000001 RSI: 00000000002d60f3 RDI: 0000000000000000
[650713.884187] RBP: 0000000000000000 R08: 0000000000000007 R09: 00000000022c0000
[650713.884187] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[650713.884188] R13: 00000000002d60f3 R14: 0000000000000001 R15: 0000000000000007
[650713.884240] Mem-Info:
......
- A NULL pointer dereference crash occurred in memcpy_erms() shortly after the page allocation failure.
[650713.884277] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[650713.884279] PGD beb66e067 P4D 2fc90b067 PUD 0
[650713.884281] Oops: 0002 [#1] SMP NOPTI
[650713.884282] CPU: 23 PID: 3306424 Comm: java Kdump: loaded Tainted: P OE --------- - - 4.18.0-305.25.1.el8_4.x86_64 #1
[650713.884283] Hardware name: Red Hat OpenStack Compute, BIOS 1.14.0-1.module+el8.4.0+8855+a9e237a9 04/01/2014
[650713.884285] RIP: 0010:memcpy_erms+0x6/0x10
[650713.884286] Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
[650713.884287] RSP: 0018:ff4c084dd29af968 EFLAGS: 00010202
[650713.884288] RAX: 0000000000000010 RBX: 0000000000000bfd RCX: 0000000000000bfd
[650713.884289] RDX: 0000000000000bfd RSI: ff4a7f1c79108403 RDI: 0000000000000010
[650713.884289] RBP: ff4c084dd29afb70 R08: ff4c084dd29af998 R09: 0000000000000000
[650713.884290] R10: ff4c084dd29afbe8 R11: ff4a7f1c79108403 R12: 0000000000000bfd
[650713.884290] R13: 0000000000000bfd R14: ff4a7f1c79109000 R15: ff4c084dd29afb60
[650713.884291] FS: 00007f4e59941700(0000) GS:ff4a7f20ffbc0000(0000) knlGS:0000000000000000
[650713.884292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[650713.884293] CR2: 0000000000000010 CR3: 0000001367d0e005 CR4: 0000000000771ee0
[650713.884297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[650713.884297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[650713.884298] PKRU: 55555554
[650713.884298] Call Trace:
[650713.884301] _copy_to_iter+0x342/0x3e0
[650713.884303] ? xas_load+0x8/0x80
[650713.884306] ? find_get_entry+0xdd/0x1c0
[650713.884307] copy_page_to_iter+0x1d9/0x310
[650713.884308] ? pagecache_get_page+0x30/0x2e0
[650713.884310] generic_file_buffered_read+0x501/0xb00
[650713.884312] ? _cond_resched+0x15/0x30
[650713.884340] xfs_file_buffered_aio_read+0x47/0xe0 [xfs]
[650713.884357] xfs_file_read_iter+0x6e/0xd0 [xfs]
[650713.884359] new_sync_read+0x10f/0x150
[650713.884361] vfs_read+0x91/0x140
[650713.884362] kernel_read+0x2c/0x40
[650713.884372] nsloReadFromFile+0x26/0x510 [fortiedr_4_18_0_305]
[650713.884378] nsloReadFromFile+0x7a/0x510 [fortiedr_4_18_0_305]
[650713.884388] isc_md5_final+0x817/0x3aa0 [fortiedr_4_18_0_305]
[650713.884394] ? nsloReadFromFile+0x40/0x510 [fortiedr_4_18_0_305]
[650713.884404] ? NsloCounterGroupDetach+0x88/0xa0 [fortiedr_4_18_0_305]
[650713.884410] ? nsloReadFromFile+0x40/0x510 [fortiedr_4_18_0_305]
[650713.884418] mz_zip_reader_init+0x4a/0x70 [fortiedr_4_18_0_305]
[650713.884428] NsloAnalyzeJarFile+0x14e/0x610 [fortiedr_4_18_0_305]
[650713.884429] ? _cond_resched+0x15/0x30
[650713.884447] ? xfs_iunlock+0xcc/0x100 [xfs]
[650713.884455] ? OBitFirstIsLower+0xa0/0x110 [fortiedr_4_18_0_305]
[650713.884461] ? OBitFirstIsLower+0xe0/0x110 [fortiedr_4_18_0_305]
[650713.884467] ? OBitFirstIsLower+0x30/0x110 [fortiedr_4_18_0_305]
[650713.884474] ? nsloReadFromFile+0x40/0x510 [fortiedr_4_18_0_305]
[650713.884480] analyze_jar_file+0xa6/0x390 [fortiedr_4_18_0_305]
[650713.884488] CheckIfJarFile+0x26c/0x2d0 [fortiedr_4_18_0_305]
[650713.884495] new_sys_mmap+0x61/0xd0 [fortiedr_4_18_0_305]
[650713.884502] nslo_wrapper_new_sys_mmap+0x26/0x30 [fortiedr_4_18_0_305]
[650713.884504] do_syscall_64+0x5b/0x1a0
[650713.884505] entry_SYSCALL_64_after_hwframe+0x65/0xca
[650713.884506] RIP: 0033:0x7f4e58e2e707
[650713.884507] Code: 54 41 89 d4 55 48 89 fd 53 4c 89 cb 48 85 ff 74 52 49 89 d9 45 89 f8 45 89 f2 44 89 e2 4c 89 ee 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 79 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 0f 1f
[650713.884508] RSP: 002b:00007f4e599402d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[650713.884509] RAX: ffffffffffffffda RBX: 00000000022c0000 RCX: 00007f4e58e2e707
[650713.884510] RDX: 0000000000000001 RSI: 00000000002d60f3 RDI: 0000000000000000
[650713.884510] RBP: 0000000000000000 R08: 0000000000000007 R09: 00000000022c0000
[650713.884511] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[650713.884511] R13: 00000000002d60f3 R14: 0000000000000001 R15: 0000000000000007
[650713.884512] Modules linked in: ...
[650713.884531] CR2: 0000000000000010
Environment
- Red Hat Enterprise Linux 8.4.z - kernel-4.18.0-305.25.1.el8_4
- A third-party module named [fortiedr_4_18_0_305]
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
