Kernel panic at ns_dname() in presence of CyProtectDrv module
Issue
- Kernel panic with logs:
[2804874.777387] BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
[2804874.777634] PGD 0 P4D 0
[2804874.777838] Oops: 0000 [#1] SMP NOPTI
[2804874.778055] CPU: 2 PID: 59805 Comm: oneagentextensi Kdump: loaded Tainted: P OE --------- - - 4.18.0-477.55.1.el8_8.x86_64 #1
[2804874.778389] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
[2804874.778715] RIP: 0010:ns_dname+0xd/0x20
[2804874.778982] Code: 00 00 48 89 f8 48 8b 7f 08 48 8b 00 48 8b 40 18 e9 08 dc a5 00 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 4f 30 48 8b 47 78 <4c> 8b 49 40 4c 8b 00 48 c7 c1 e3 6c b1 b8 e9 30 e8 ff ff 0f 1f 44
[2804874.779472] RSP: 0018:ffffbc07047ffe00 EFLAGS: 00010206
[2804874.779553] RAX: ffffffffb8828340 RBX: ffff9865ae32e210 RCX: 0000000000000000
[2804874.779643] RDX: 00000000000000f0 RSI: ffff9864ec0043b8 RDI: ffff98678da14f00
[2804874.779732] RBP: ffffbc07047ffe38 R08: 0000000000001000 R09: ffffffffb7b7fc00
[2804874.779822] R10: ffff98678da14f00 R11: 0000000000000001 R12: ffff9864ca9511f0
[2804874.780640] R13: ffff986410fa02f0 R14: ffff9864c1df5520 R15: ffff98678da14f00
[2804874.781366] FS: 00007f6c82ffd700(0000) GS:ffff9867ddd00000(0000) knlGS:0000000000000000
[2804874.782050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[2804874.782729] CR2: 0000000000000040 CR3: 00000001667ec004 CR4: 00000000007706e0
[2804874.783446] PKRU: 55555554
[2804874.784128] Call Trace:
[2804874.784818] d_path+0x51/0x140
[2804874.785483] FileUtil_GetPath_bypath+0x51/0x140 [CyProtectDrv]
[2804874.786151] hook_security_file_free+0x7a/0xb0 [CyProtectDrv]
[2804874.786826] security_file_free+0x22/0x60
[2804874.787501] __fput+0x12c/0x250
[2804874.788155] task_work_run+0x8a/0xb0
[2804874.788807] exit_to_usermode_loop+0xef/0x100
[2804874.789458] do_syscall_64+0x19c/0x1b0
[2804874.790104] entry_SYSCALL_64_after_hwframe+0x61/0xc6
[2804874.790746] RIP: 0033:0x7f6c8a94146f
[2804874.791388] Code: 00 0f 05 48 3d 00 f0 ff ff 77 40 c3 0f 1f 80 00 00 00 00 53 89 fb 48 83 ec 10 e8 5c 3d f0 ff 89 df 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2b 89 d7 89 44 24 0c e8 9e 3d f0 ff 8b 44 24
[2804874.792716] RSP: 002b:00007f6c82ffc420 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[2804874.793396] RAX: 0000000000000000 RBX: 000000000000001e RCX: 00007f6c8a94146f
[2804874.794067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001e
[2804874.794734] RBP: 00007f6c82ffc480 R08: 0000000000000000 R09: 0000000000000000
[2804874.795391] R10: 00007f6c82ffc4c0 R11: 0000000000000293 R12: 000000000000001e
[2804874.796047] R13: 00007f6c8b5217d0 R14: 00007f6c82ffd488 R15: 00007f6c82ffca78
[2804874.796693] Modules linked in: mptcp_diag xsk_diag vsock_diag raw_diag af_packet_diag netlink_diag udp_diag tcp_diag inet_diag CyProtectDrv(POE) CyProtectDrvOpen(OE) nf_tables libcrc32c nfnetlink nfsv3 nfs_acl nfs fscache unix_diag lockd grace sunrpc vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock intel_rapl_msr intel_rapl_common intel_uncore_frequency_common nfit libnvdimm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl vmw_balloon joydev pcspkr vmw_vmci i2c_piix4 binfmt_misc ext4 mbcache jbd2 sr_mod cdrom sd_mod t10_pi sg ata_generic vmwgfx drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm ata_piix libata crc32c_intel serio_raw vmxnet3 vmw_pvscsi dm_mirror dm_region_hash dm_log dm_mod fuse [last unloaded: CyProtectDrvOpen]
[2804874.800944] Red Hat flags: eBPF/event
[2804874.801658] CR2: 0000000000000040
Environment
- Red Hat Enterprise Linux 8
- 3rd party security module [CyProtectDrv],
3.2.1100.2341
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
