RHEL6.7: kernel crash due to one-bit use-after-free memory corruption in small size kmem cache, with NFS4 client in nfs4_do_reclaim
Issue
- NFS4 client kernel crashes with one bit of memory cleared when it should be set, and the memory is in a smaller generic kmem cache at a specific offset and bit position
- NFS4 client kernel crashes in nfs4_do_reclaim with
BUG: unable to handle kernel paging request at ffff88009d1a8f40
Environment
- Red Hat Enterprise Linux 7 (NFS4 client)
- kernel-3.10.0-327.el7 or above
- kernel-3.10.0-229.24.1.el7 or above
- kernel prior to kernel-3.10.0-514.el7
- Red Hat Enterprise Linux 6.7 (NFS4 client)
- kernel-2.6.32-642.el6 or above
- kernel-2.6.32-573.30.1.el6 or above
- kernel prior to kernel-2.6.32-696.el6
- NFS4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
