RHEL6.7: kernel crash due to one-bit use-after-free memory corruption in small size kmem cache, with NFS4 client in nfs4_do_reclaim

Solution Unverified - Updated 2024-06-17T12:48:23+00:00 -

Issue

NFS4 client kernel crashes with one bit of memory cleared when it should be set, and the memory is in a smaller generic kmem cache at a specific offset and bit position
NFS4 client kernel crashes in nfs4_do_reclaim with BUG: unable to handle kernel paging request at ffff88009d1a8f40

Environment

Red Hat Enterprise Linux 7 (NFS4 client)
- kernel-3.10.0-327.el7 or above
- kernel-3.10.0-229.24.1.el7 or above
- kernel prior to kernel-3.10.0-514.el7
Red Hat Enterprise Linux 6.7 (NFS4 client)
- kernel-2.6.32-642.el6 or above
- kernel-2.6.32-573.30.1.el6 or above
- kernel prior to kernel-2.6.32-696.el6
NFS4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2026 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)