Kernel panic in tmbpf_var_map_key_size() due to a NULL pointer dereference
Issue
- Kernel panic in the
tmbpf_var_map_key_size()function of an out-of-tree kernel module [bmhook] with the following call traces:
[7914027.445756] BUG: unable to handle kernel NULL pointer dereference at 000000000000006c
[7914027.453333] IP: [<ffffffffc06c3628>] tmbpf_var_map_key_size+0x8/0x30 [bmhook]
[7914027.455189] PGD 0
[7914027.456032] Oops: 0000 [#1] SMP
[7914027.456956] Modules linked in: gsch(OE) redirfs(OE) bmhook(OE) tmhook(OE) dsa_filter(POE) dsa_filter_hook(OE) ebtable_filter ebtables devlink ip6table_filter ip6_tables iptable_filter sunrpc ext4 mbcache jbd2 snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device i2c_piix4 snd_pcm snd_timer ppdev snd soundcore virtio_balloon sg virtio_rng iosf_mbi crc32_pclmul parport_pc ghash_clmulni_intel parport pcspkr aesni_intel joydev lrw gf128mul glue_helper ablk_helper cryptd dm_multipath binfmt_misc ip_tables xfs libcrc32c sr_mod cdrom sd_mod crc_t10dif crct10dif_generic ata_generic pata_acpi virtio_net virtio_console net_failover virtio_scsi failover drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ata_piix libata crct10dif_pclmul crct10dif_common
[7914027.470679] virtio_pci floppy crc32c_intel drm_panel_orientation_quirks virtio_ring serio_raw virtio dm_mirror dm_region_hash dm_log dm_mod
[7914027.472824] CPU: 3 PID: 6395 Comm: ds_am Tainted: POE ------------ 3.10.0-1160.59.1.el7.x86_64 #1
[7914027.474751] Hardware name: Red Hat RHEV Hypervisor, BIOS 1.11.0-2.el7 04/01/2014
[7914027.476573] task: ffffa13842b5a100 ti: ffffa130ab7b0000 task.ti: ffffa130ab7b0000
[7914027.478381] RIP: 0010:[<ffffffffc06c3628>] [<ffffffffc06c3628>] tmbpf_var_map_key_size+0x8/0x30 [bmhook]
[7914027.480212] RSP: 0018:ffffa130ab7b3a88 EFLAGS: 00010246
[7914027.481191] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000006
[7914027.483040] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000014
[7914027.484884] RBP: ffffa130ab7b3ad0 R08: 0000000000000000 R09: ffffa130ab7b3b30
[7914027.486757] R10: ffffa1280c2558c0 R11: 0000000000000000 R12: 0000000000000002
[7914027.488586] R13: ffffa1356be03ac0 R14: ffffa130ab7b3b30 R15: 0000000000000083
[7914027.490420] FS: 00007f92f8ff1700(0000) GS:ffffa1385f2c0000(0000) knlGS:0000000000000000
[7914027.492697] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[7914027.493736] CR2: 000000000000006c CR3: 00000017cb6ee000 CR4: 00000000003606e0
[7914027.495616] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[7914027.497481] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[7914027.499277] Call Trace:
[7914027.500145] [<ffffffffc06bdf31>] ? check_func_arg+0x2b1/0x540 [bmhook]
[7914027.501129] [<ffffffffc06c1775>] do_check.isra.34.constprop.35+0x10c5/0x19e0 [bmhook]
[7914027.502957] [<ffffffffc06c246b>] tmbpf_check+0x3db/0x590 [bmhook]
[7914027.503937] [<ffffffffc06b8311>] tmbpf_load_prog+0x301/0x320 [bmhook]
[7914027.504939] [<ffffffffb5a50bc6>] ? get_empty_filp+0xd6/0x1a0
[7914027.505906] [<ffffffffb5a50cac>] ? alloc_file+0x1c/0x80
[7914027.506935] [<ffffffffb5a9f0e3>] ? anon_inode_getfile+0xd3/0x170
[7914027.507985] [<ffffffffc06ac958>] bmhook_prog_add+0x18/0xf0 [bmhook]
[7914027.509027] [<ffffffffc0694b40>] bmhook_add_bpf_prog+0x100/0x1c0 [bmhook]
[7914027.510034] [<ffffffffc0696740>] bmhook_scan_ioctl+0x880/0x2390 [bmhook]
[7914027.511057] [<ffffffffb5912670>] ? futex_wake+0x90/0x180
[7914027.512004] [<ffffffffc0693298>] bmhook_dev_unlocked_ioctl+0x28/0x40 [bmhook]
[7914027.513740] [<ffffffffb5a63ad0>] do_vfs_ioctl+0x3a0/0x5b0
[7914027.514679] [<ffffffffb5a63d81>] SyS_ioctl+0xa1/0xc0
[7914027.515655] [<ffffffffb5f99f92>] system_call_fastpath+0x25/0x2a
[7914027.516603] Code: ff 5d c3 0f 1f 44 00 00 55 0f b6 c9 48 89 e5 e8 5f b6 fe ff 5d c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 31 c0 <83> 7f 58 04 48 89 e5 74 07 5d c3 0f 1f 44 00 00 48 8b 57 60 48
[7914027.520859] RIP [<ffffffffc06c3628>] tmbpf_var_map_key_size+0x8/0x30 [bmhook]
[7914027.522695] RSP <ffffa130ab7b3a88>
[7914027.523584] CR2: 000000000000006c
[7914027.525276] ---[ end trace ae99cdbb4fdc9d71 ]---
Environment
- Red Hat Enterprise Linux 7
- Out-of-tree (O) kernel module: [
bmhook]
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
