Kernel panic caused by a double free attempt due to a BUG in key serial number collision avoidance code logic in key_alloc_serial()

Solution Verified - Updated -

Issue

  • Kernel panic (i.e. BUG: unable to handle kernel paging request at virtual address 00200200) caused by a double free attempt due to a BUG in key serial number collision avoidance code logic in key_alloc_serial()
  • The keyring_destroy() function is called twice with the same pointer
  • Kernel panic with following call trace:
BUG: unable to handle kernel paging request at virtual address 00200200
 printing eip:
c04e024e
*pde = b4f55067
Oops: 0000 [#1]
SMP 
last sysfs file: /devices/pci0000:00/0000:00:00.0/irq
Modules linked in: mptctl mptbase sg ipmi_si(U) ipmi_devintf(U) ipmi_msghandler(U) autofs4 hp_ilo(U) hidp l2cap bluetooth sunrpc dm_multipath video sbs i2c_ec i2c_core button battery asus_acpi ac ipv6 parport_pc lp parport bnx2(U) serio_raw ide_cd cdrom pcspkr dm_snapshot dm_zero dm_mirror dm_mod cciss(U) sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
CPU:    0
EIP:    0060:[<c04e024e>]    Not tainted VLI
EFLAGS: 00010217   (2.6.18-8.el5 #1) 
EIP is at list_del+0x6/0x5c
eax: 00200200   ebx: cf77a78c   ecx: 00000000   edx: 00100100
esi: cf77a748   edi: 00000001   ebp: 00000286   esp: f7feff4c
ds: 007b   es: 007b   ss: 0068
Process events/0 (pid: 14, ti=f7fef000 task=ca9c6550 task.ti=f7fef000)
Stack: cf77a740 c04b3e27 cf77a740 cf77a748 00000001 c04b39f7 c0671340 c0671344 
       ca996640 c043210c c04b393f 00000000 ca996654 ca996640 ca99664c 00000000 
       c04329c0 00000001 00000000 ca9c665c 00010000 00000000 00000000 ca9c6550 
Call Trace:
 [<c04b3e27>] keyring_destroy+0x28/0x66
 [<c04b39f7>] key_cleanup+0xb8/0xd1
 [<c043210c>] run_workqueue+0x78/0xb5
 [<c04b393f>] key_cleanup+0x0/0xd1
 [<c04329c0>] worker_thread+0xd9/0x10d
 [<c041dc4d>] default_wake_function+0x0/0xc
 [<c04328e7>] worker_thread+0x0/0x10d
 [<c0434d99>] kthread+0xc0/0xeb
 [<c0434cd9>] kthread+0x0/0xeb
 [<c0404c3b>] kernel_thread_helper+0x7/0x10
 =======================
Code: 8d 4b 04 8b 51 04 8d 46 04 e8 73 00 00 00 8d 4b 0c 8b 51 04 8d 46 0c 5b 5e 5f e9 62 00 00 00 89 c3 eb eb 90 90 53 89 c3 8b 40 04 <8b> 00 39 d8 74 17 50 53 68 c6 97 62 c0 e8 04 3f f4 ff 0f 0b 41 
EIP: [<c04e024e>] list_del+0x6/0x5c SS:ESP 0068:f7feff4c

Environment

  • Red Hat Enterprise Linux 5
  • kernel-2.6.18-8.el5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content