After installing Symantec Endpoint Protection for Linux 14.2 MP1 on a Linux server running the Network File System (NFS) version 4.0 daemon and rebooting, the server crashes and/or you see a NFS daemon related kernel stack dump in /var/log/messages or the dmesg output.
Oct 23 09:40:11 twbtmdll01 kernel: CPU: 3 PID: 1679 Comm: nfsd Tainted: P OE ------------ 3.10.0-862.14.4.el7.x86_64 #1 Oct 23 09:40:11 twbtmdll01 kernel: Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016 Oct 23 09:40:11 twbtmdll01 kernel: Call Trace: Oct 23 09:40:11 twbtmdll01 kernel: [] dump_stack+0x19/0x1b Oct 23 09:40:11 twbtmdll01 kernel: [ ] __warn+0xd8/0x100 Oct 23 09:40:11 twbtmdll01 kernel: [ ] warn_slowpath_null+0x1d/0x20 Oct 23 09:40:11 twbtmdll01 kernel: [ ] lookup_one_len+0x11b/0x150 Oct 23 09:40:11 twbtmdll01 kernel: [ ] reconnect_path+0x1d7/0x300 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? security_d_instantiate+0x21/0x40 Oct 23 09:40:11 twbtmdll01 kernel: libata crc32c_intel serio_raw i2c_core vmxnet3 vmw_pvscsi floppy dm_mirror dm_region_hash dm_log dm_mod Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? nfsd_proc_getattr+0xa0/0xa0 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: CPU: 1 PID: 1678 Comm: nfsd Tainted: P OE ------------ 3.10.0-862.14.4.el7.x86_64 #1 Oct 23 09:40:11 twbtmdll01 kernel: [ ] exportfs_decode_fh+0x101/0x2f0 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? exp_find+0x100/0x1d0 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? sock_recvmsg+0xc5/0x100 Oct 23 09:40:11 twbtmdll01 kernel: Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016 Oct 23 09:40:11 twbtmdll01 kernel: Call Trace: Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? __kmalloc_track_caller+0x55/0x240 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? selinux_cred_prepare+0x1b/0x30 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? kmemdup+0x36/0x50 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? selinux_cred_prepare+0x1b/0x30 Oct 23 09:40:11 twbtmdll01 kernel: [ ] dump_stack+0x19/0x1b Oct 23 09:40:11 twbtmdll01 kernel: [ ] __warn+0xd8/0x100 Oct 23 09:40:11 twbtmdll01 kernel: [ ] fh_verify+0x338/0x600 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] warn_slowpath_null+0x1d/0x20 Oct 23 09:40:11 twbtmdll01 kernel: [ ] nfsd4_putfh+0x49/0x50 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] nfsd4_proc_compound+0x3dd/0x780 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] lookup_one_len+0x11b/0x150 Oct 23 09:40:11 twbtmdll01 kernel: [ ] symev_nfsd4_proc_compound+0x195/0xa90 [symev_custom_3_10_0_862_14_4_el7_x86_64] Oct 23 09:40:11 twbtmdll01 kernel: [ ] reconnect_path+0x1d7/0x300 Oct 23 09:40:11 twbtmdll01 kernel: [ ] nfsd_dispatch+0xe0/0x290 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? nfsd_proc_getattr+0xa0/0xa0 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] svc_process_common+0x466/0x710 [sunrpc] Oct 23 09:40:11 twbtmdll01 kernel: [ ] svc_process+0x103/0x190 [sunrpc] Oct 23 09:40:11 twbtmdll01 kernel: [ ] exportfs_decode_fh+0x101/0x2f0 Oct 23 09:40:11 twbtmdll01 kernel: [ ] nfsd+0xdf/0x150 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? prepare_creds+0x26/0x1c0 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? exp_find+0x100/0x1d0 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? __kmalloc_track_caller+0x55/0x240 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? nfsd_destroy+0x80/0x80 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? selinux_cred_prepare+0x1b/0x30 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? kmemdup+0x36/0x50 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? selinux_cred_prepare+0x1b/0x30 Oct 23 09:40:11 twbtmdll01 kernel: [ ] kthread+0xd1/0xe0 Oct 23 09:40:11 twbtmdll01 kernel: [ ] fh_verify+0x338/0x600 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] nfsd4_putfh+0x49/0x50 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? insert_kthread_work+0x40/0x40 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ret_from_fork_nospec_begin+0x21/0x21 Oct 23 09:40:11 twbtmdll01 kernel: [ ] nfsd4_proc_compound+0x3dd/0x780 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? insert_kthread_work+0x40/0x40 Oct 23 09:40:11 twbtmdll01 kernel: [ ] symev_nfsd4_proc_compound+0x195/0xa90 [symev_custom_3_10_0_862_14_4_el7_x86_64] Oct 23 09:40:11 twbtmdll01 kernel: [ ] nfsd_dispatch+0xe0/0x290 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: ---[ end trace 986fc7baf809a32f ]--- Oct 23 09:40:11 twbtmdll01 kernel: [ ] svc_process_common+0x466/0x710 [sunrpc] Oct 23 09:40:11 twbtmdll01 kernel: [ ] svc_process+0x103/0x190 [sunrpc] Oct 23 09:40:11 twbtmdll01 kernel: [ ] nfsd+0xdf/0x150 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? nfsd_destroy+0x80/0x80 [nfsd] Oct 23 09:40:11 twbtmdll01 kernel: [ ] kthread+0xd1/0xe0 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? insert_kthread_work+0x40/0x40 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ret_from_fork_nospec_begin+0x21/0x21 Oct 23 09:40:11 twbtmdll01 kernel: [ ] ? insert_kthread_work+0x40/0x40 Oct 23 09:40:11 twbtmdll01 kernel: ---[ end trace 986fc7baf809a330 ]---
After a rdentry (NFS file handle) node is received in symev_nfsd4_proc_compound(), it is attempted to release it without proper validation ahead of the release call. That is, it is only checked whether or not it is NULL. If rdentry is negative, a nfsd related crash will occur and the system log will reflect that the kernel was tainted by non-GPL module (the meaning of Tainted: P) symev.
This issue was resolved in SEP for Linux 14.2 RU1, by skipping the release operation if a negative rdentry is received.