Race between load_module() error handling and kprobe registration causes a kernel page to become read-only, panic due to protection fault
Issue
- Race between load_module() error handling and kprobe registration causes a kernel page to become read-only, panic due to protection fault
[ 42.273827] BUG: unable to handle kernel paging request at ffff88045d833000
[ 42.279667] IP: [<ffffffff812ffce7>] clear_page_c_e+0x7/0x10
[ 42.285596] PGD 1f32067 PUD 465d79063 PMD 463f41063 PTE 800000045d833161
[ 42.293066] Oops: 0003 [#1] SMP
[ 42.300496] Modules linked in: ltdmemchk(OE) ltdmce(OE) ltdrdev(OE) ltdrint(OE) ltdpatch(OE) ltd(OE) eertrace_kvm(OE) eertrace_writeback(OE) eertrace_systemcall(OE) eertrace_signal(OE) eerlog(OE) eertrace_scsi(OE) eertrace_process(OE) eertrace_network(OE) eertrace_memory(OE) eertrace_jbd2(OE) eertrace_irq(OE) eertrace_ext4(OE) eertrace_block(OE) eertrace(OE) vfat fat intel_powerclamp coretemp intel_rapl kvm_intel kvm crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ipmi_ssif ablk_helper cryptd iTCO_wdt iTCO_vendor_support pcspkr sg i2c_i801 lpc_ich mei_me ioatdma mfd_core mei shpchp dca wmi ipmi_si ipmi_msghandler acpi_power_meter binfmt_misc nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables sddlmfdrv(POE) sddlmadrv(POE) xfs libcrc32c sd_mod crc_t10dif crct10dif_generic sr_mod
[ 42.359087] cdrom syscopyarea sysfillrect crct10dif_pclmul sysimgblt crct10dif_common i2c_algo_bit crc32c_intel drm_kms_helper ttm ahci drm libahci hfcldd(OE) hfcldd_conf(OE) tg3 libata scsi_transport_fc i2c_core ptp scsi_tgt pps_core hraslog_post(OE) hraslog(OE) hraslog_link(OE)
[ 42.382645] CPU: 3 PID: 3799 Comm: ifup Tainted: P OE ------------ 3.10.0-327.el7.x86_64 #1
[ 42.402825] Hardware name: HITACHI HA8000/RS220 GUA221BN-3LNNNN0/MS-S0901, BIOS 5.0.9024 11/13/2015
[ 42.421385] task: ffff88003eed7300 ti: ffff8808674e0000 task.ti: ffff8808674e0000
[ 42.431139] RIP: 0010:[<ffffffff812ffce7>] [<ffffffff812ffce7>] clear_page_c_e+0x7/0x10
[ 42.440429] RSP: 0018:ffff8808674e3980 EFLAGS: 00010246
[ 42.449500] RAX: 0000000000000000 RBX: 0000000011760cc0 RCX: 0000000000001000
[ 42.458727] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88045d833000
[ 42.467952] RBP: ffff8808674e3a80 R08: ffffffff81877777 R09: ffffea0011760d00
[ 42.477258] R10: 0000000000000c53 R11: ffff880463f4df90 R12: ffff8808674e3fd8
[ 42.486655] R13: 0000000011760d00 R14: ffffea0011760cc0 R15: ffff8808674e0000
[ 42.495968] FS: 00007ff83e5eb740(0000) GS:ffff88046fc60000(0000) knlGS:0000000000000000
[ 42.505382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.514830] CR2: ffff88045d833000 CR3: 00000008674ce000 CR4: 00000000001407e0
[ 42.524474] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.534165] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 42.543845] Stack:
[ 42.553476] ffffffff8117289a 0000000000000000 ffff88047ffdb008 0000000000000002
[ 42.563447] 00000000fcdb1129 000000007ffd7000 00000000ffffffff 0000000000000000
[ 42.573425] ffff88047ffdb000 0000035200000014 0000000000000000 000000023eed7300
[ 42.583388] Call Trace:
[ 42.593115] [<ffffffff8117289a>] ? get_page_from_freelist+0x4ea/0x9b0
[ 42.602966] [<ffffffff81189749>] ? zone_statistics+0x89/0xa0
[ 42.612727] [<ffffffff81172ef9>] __alloc_pages_nodemask+0x199/0xb90
[ 42.622454] [<ffffffff81172ef9>] ? __alloc_pages_nodemask+0x199/0xb90
[ 42.632031] [<ffffffff811b43f9>] alloc_pages_current+0xa9/0x170
[ 42.641394] [<ffffffff81064677>] pte_alloc_one+0x17/0x40
[ 42.650514] [<ffffffff81193893>] __pte_alloc+0x23/0x170
[ 42.659416] [<ffffffff811953bf>] copy_pte_range+0x3ef/0x500
[ 42.668085] [<ffffffff811963ff>] copy_page_range+0x2ff/0x480
[ 42.677169] [<ffffffff810788d2>] dup_mm+0x362/0x670
[ 42.687105] [<ffffffff81079cf9>] copy_process.part.25+0x10e9/0x1610
[ 42.695867] [<ffffffff8112c65e>] ? ftrace_ops_list_func+0xee/0x110
[ 42.704444] [<ffffffff8107a401>] do_fork+0xe1/0x320
[ 42.712898] [<ffffffff8107a6c6>] SyS_clone+0x16/0x20
[ 42.721080] [<ffffffff81645c59>] stub_clone+0x69/0x90
[ 42.728325] [<ffffffff81645b12>] ? tracesys+0xdd/0xe2
[ 42.735276] Code: bc 0f 1f 00 e8 2b b3 d7 ff 90 90 90 90 90 90 90 90 90 90 90 b9 00 02 00 00 31 c0 f3 48 ab c3 0f 1f 44 00 00 b9 00 10 00 00 31 c0 <f3> aa c3 66 0f 1f 44 00 00 eb ee 0f 1f 84 00 00 00 00 00 0f 1f
[ 42.756873] RIP [<ffffffff812ffce7>] clear_page_c_e+0x7/0x10
[ 42.763774] RSP <ffff8808674e3980>
[ 42.770492] CR2: ffff88045d833000
Environment
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
