The kernel crashes due to NULL pointer dereference in audit_filter_syscall()

Solution Unverified - Updated -

Issue

  • The kernel crash was triggered by a NULL pointer dereference in audit_filter_syscall().
[437523.537957] BUG: unable to handle kernel NULL pointer dereference at 000000000000003c
[437523.538000] PGD 21da16067 P4D 21da16067 PUD 40d3f7067 PMD 0 
[437523.538023] Oops: 0000 [#1] SMP NOPTI
[437523.538037] CPU: 15 PID: 650579 Comm: oracle Kdump: loaded Tainted: G           OE     --------r-  - 4.18.0-553.54.1.el8_10.x86_64 #1
[437523.538068] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
[437523.538092] RIP: 0010:audit_filter_syscall+0x82/0xf0
[437523.538115] Code: ff ff ff 49 89 ed 49 c1 ed 05 44 89 e8 4d 63 cd c1 e0 05 4d 8d 79 04 29 c1 41 d3 e2 45 89 d6 4c 39 e5 77 2a 49 83 fd 3f 77 24 <46> 85 74 bb 20 74 1d 48 8b 14 24 48 8b 7c 24 08 31 c9 48 8d 73 20
[437523.538157] RSP: 0018:ffffb7950653fea0 EFLAGS: 00010293
[437523.538174] RAX: 0000000000000020 RBX: 0000000000000008 RCX: 0000000000000003
[437523.538193] RDX: ffff89187f39fc40 RSI: ffff8913e363b000 RDI: ffff8914b068d000
[437523.538244] RBP: 0000000000000023 R08: ffffb79503233e38 R09: 0000000000000001
[437523.538264] R10: 0000000000000008 R11: 00000000000000ba R12: 00000000ffffffff
[437523.538283] R13: 0000000000000001 R14: 0000000000000008 R15: 0000000000000005
[437523.538302] FS:  00007f1fcce83740(0000) GS:ffff891a9fdc0000(0000) knlGS:0000000000000000
[437523.538324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[437523.538339] CR2: 000000000000003c CR3: 000000048a084000 CR4: 00000000003506e0
[437523.538379] Call Trace:
[437523.538455]  ? __die_body+0x1a/0x60
[437523.538474]  ? no_context+0x1ba/0x3f0
[437523.538492]  ? __bad_area_nosemaphore+0x157/0x180
[437523.538509]  ? do_page_fault+0x37/0x12d
[437523.538524]  ? page_fault+0x1e/0x30
[437523.538542]  ? audit_filter_syscall+0x82/0xf0
[437523.538561]  __audit_syscall_exit+0x86/0xf0
[437523.538577]  syscall_slow_exit_work+0x109/0x130
[437523.538596]  do_syscall_64+0x16d/0x1a0
[437523.538611]  entry_SYSCALL_64_after_hwframe+0x66/0xcb
[437523.538630] RIP: 0033:0x7f1fca5fcdf5
[437523.538645] Code: 64 89 02 b8 ff ff ff ff eb bc 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 8b 05 56 d6 20 00 85 c0 75 12 b8 23 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 43 c3 66 90 55 48 89 f5 53 48 89 fb 48 83 ec
[437523.538687] RSP: 002b:00007ffe5d7c07e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
[437523.538709] RAX: 0000000000000000 RBX: 00000000000f4240 RCX: 00007f1fca5fcdf5
[437523.538727] RDX: 0000000000000000 RSI: 00007ffe5d7c0800 RDI: 00007ffe5d7c07f0
[437523.538746] RBP: 00007ffe5d7c0840 R08: 00000000000f4240 R09: 0000000000000000
[437523.538765] R10: 0000000001c9c380 R11: 0000000000000246 R12: 00007ffe5d7c0a38
[437523.538784] R13: 00000000000003e8 R14: 0000000000000000 R15: 0000000000000000
    ...

Environment

  • Red Hat Enterprise Linux 8.10.z

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content