System crash after page allocation error in cond_list_destroy called from load_policy

Solution Unverified - Updated -

Issue

  • The system crashes after page allocation failure:
[1254687.039825] SELinux:  policy capability cgroup_seclabel=1
[1254687.039825] SELinux:  policy capability nnp_nosuid_transition=1
[1256482.979670] load_policy: page allocation failure: order:4, mode:0x60c0c0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[1256482.979682] CPU: 3 PID: 2089281 Comm: load_policy Not tainted 4.18.0-348.7.1.el8_5.x86_64 #1
[1256482.979684] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
[1256482.979685] Call Trace:
[1256482.979698]  dump_stack+0x5c/0x80
[1256482.979706]  warn_alloc.cold.114+0x7b/0x10d
[1256482.979713]  ? _cond_resched+0x15/0x30
[1256482.979714]  ? __alloc_pages_direct_compact+0x157/0x160
[1256482.979716]  __alloc_pages_slowpath+0xc87/0xcd0
[1256482.979723]  ? get_partial_node.isra.83.part.84+0x1da/0x280
[1256482.979726]  __alloc_pages_nodemask+0x2db/0x310
[1256482.979731]  kmalloc_order+0x28/0x90
[1256482.979732]  kmalloc_order_trace+0x1d/0xa0
[1256482.979734]  __kmalloc+0x1ee/0x240
[1256482.979741]  cond_read_av_list.isra.6+0x93/0x140       
[1256482.979744]  ? __kmalloc+0x102/0x240
[1256482.979747]  cond_read_list+0x1a6/0x260
[1256482.979751]  policydb_read+0x547/0x1230
[1256482.979753]  security_load_policy+0xa8/0x5e0
[1256482.979759]  ? copy_user_generic_unrolled+0x32/0xc0
[1256482.979763]  sel_write_load+0xde/0x1a0
[1256482.979768]  vfs_write+0xa5/0x1a0
[1256482.979769]  ksys_write+0x4f/0xb0
[1256482.979775]  do_syscall_64+0x5b/0x1a0
[1256482.979778]  entry_SYSCALL_64_after_hwframe+0x65/0xca
[1256482.979782] RIP: 0033:0x7f1036ae9648
...
[1256482.985546] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[1256482.985741] PGD 0 P4D 0 
[1256482.985783] Oops: 0000 [#1] SMP PTI
[1256482.985835] CPU: 3 PID: 2089281 Comm: load_policy Not tainted 4.18.0-348.7.1.el8_5.x86_64 #1
[1256482.985935] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
[1256482.986059] RIP: 0010:cond_list_destroy.isra.5+0x31/0x70
[1256482.986128] Code: 41 55 49 89 fd 41 54 55 53 85 c0 74 3e 49 89 f4 31 db 89 da 83 c3 01 48 8d 04 d5 00 00 00 00 48 29 d0 49 8b 55 00 48 8d 2c c2 <48> 8b 7d 08 e8 26 de ed ff 48 8b 7d 18 e8 1d de ed ff 48 8b 7d 28
[1256482.986342] RSP: 0018:ffffb72dd0e8fcf0 EFLAGS: 00010246
[1256482.986413] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000080400003
[1256482.986542] RDX: 0000000000000000 RSI: ffff94db0c522bf0 RDI: ffff94db0c522be8
[1256482.986668] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff94e10400
[1256482.986764] R10: ffff94db1a09ca40 R11: 0000000000000001 R12: ffff94db0c522bf0
[1256482.986860] R13: ffff94db0c522be8 R14: ffff94db0c522a50 R15: 00000000fffffff4
[1256482.986954] FS:  00007f10374b6640(0000) GS:ffff94dc37d80000(0000) knlGS:0000000000000000
[1256482.987058] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1256482.987134] CR2: 0000000000000008 CR3: 000000016a6d0001 CR4: 00000000003706e0
[1256482.987256] Call Trace:
[1256482.987302]  policydb_destroy+0x15c/0x260
[1256482.987363]  policydb_read+0x34d/0x1230
[1256482.987421]  security_load_policy+0xa8/0x5e0
[1256482.987550]  ? copy_user_generic_unrolled+0x32/0xc0
[1256482.987628]  sel_write_load+0xde/0x1a0
[1256482.987685]  vfs_write+0xa5/0x1a0
[1256482.987738]  ksys_write+0x4f/0xb0
[1256482.987791]  do_syscall_64+0x5b/0x1a0
[1256482.987849]  entry_SYSCALL_64_after_hwframe+0x65/0xca
[1256482.987920] RIP: 0033:0x7f1036ae9648

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content