RHEL6: kernel crash with RIP memcpy called from sunrpc code xdr_skb_read_bits

Solution Unverified - Updated -


  • kernel crashed inside a memcpy in sunrpc code called from TCP receive data path
  • System crashed with the following message, indicating RIP in memcpy called from xdr_skb_read_bits
general protection fault: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:05.0/local_cpus
CPU 0 
Modules linked in: fuse iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 bridge stp llc iptable_filter ip_tables openafs(P)(U) autofs4 nfs fscache nfs_acl auth_rpcgss lockd sunrpc sg microcode virtio_console virtio_net i2c_piix4 i2c_core ext4 mbcache jbd2 virtio_blk sr_mod cdrom virtio_pci virtio_ring virtio pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mperf]

Pid: 7818, comm: cp Tainted: P           ---------------    2.6.32-279.14.1.el6.x86_64 #1 Red Hat RHEV Hypervisor
RIP: 0010:[<ffffffff8127e5ab>]  [<ffffffff8127e5ab>] memcpy+0xb/0x120
RSP: 0018:ffff880028203868  EFLAGS: 00010246
RAX: 9248ac92a847a000 RBX: 000000000000047c RCX: 000000000000001e
RDX: 0000000000000000 RSI: ffff88015ad81990 RDI: 9248ac92a847a000
RBP: ffff8800282038d0 R08: 0000000000000000 R09: 9248ac92a847a000
R10: 000000000000512c R11: 0000000000000002 R12: 000000000000012c
R13: ffff8801107781c0 R14: 000000000000021c R15: 00000000000000f0
FS:  00007f5237ab57a0(0000) GS:ffff880028200000(0000) knlGS:00000000f779d830
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f502ef2f000 CR3: 000000012dde9000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Process cp (pid: 7818, threadinfo ffff88011e76c000, task ffff8801c07eeae0)
 ffffffff814314e3 ffff8800282038c0 ffffffff8143fb2c ffff880028203900
<d> ffffffff00000000 9248ac92a847a000 0000000000000000 ffff88041023bc00
<d> ffff8800282039c0 000000000000047c 0000000000001000 ffff88041034f498
Call Trace:
 [<ffffffff814314e3>] ? skb_copy_bits+0x63/0x2e0
 [<ffffffff8143fb2c>] ? dev_queue_xmit+0x19c/0x6f0
 [<ffffffffa015c83b>] xdr_skb_read_bits+0x3b/0x60 [sunrpc]
 [<ffffffffa015c55f>] xdr_partial_copy_from_skb+0xbf/0x240 [sunrpc]
 [<ffffffffa015c800>] ? xdr_skb_read_bits+0x0/0x60 [sunrpc]
 [<ffffffffa0160414>] xs_tcp_data_recv+0x6a4/0xba0 [sunrpc]
 [<ffffffff81481db6>] tcp_read_sock+0x106/0x230
 [<ffffffffa015fd70>] ? xs_tcp_data_recv+0x0/0xba0 [sunrpc]
 [<ffffffffa015ee52>] xs_tcp_data_ready+0x72/0xb0 [sunrpc]
 [<ffffffff81484cae>] ? __tcp_ack_snd_check+0x5e/0xa0
 [<ffffffff8148a314>] tcp_rcv_established+0x294/0x800
 [<ffffffff81492463>] tcp_v4_do_rcv+0x2e3/0x430
 [<ffffffffa0038557>] ? ipv4_confirm+0x87/0x1d0 [nf_conntrack_ipv4]
 [<ffffffff81493d1e>] tcp_v4_rcv+0x4fe/0x8d0
 [<ffffffff814718d0>] ? ip_local_deliver_finish+0x0/0x2d0
 [<ffffffff814719ad>] ip_local_deliver_finish+0xdd/0x2d0
 [<ffffffff81471c38>] ip_local_deliver+0x98/0xa0
 [<ffffffff814710fd>] ip_rcv_finish+0x12d/0x440
 [<ffffffff81471685>] ip_rcv+0x275/0x350
 [<ffffffff8143adcb>] __netif_receive_skb+0x49b/0x6f0
 [<ffffffff8143d048>] netif_receive_skb+0x58/0x60
 [<ffffffffa013355d>] virtnet_poll+0x5ed/0x8e0 [virtio_net]
 [<ffffffff8143f7a3>] net_rx_action+0x103/0x2f0
 [<ffffffffa01320b9>] ? skb_recv_done+0x39/0x40 [virtio_net]
 [<ffffffff81073f61>] __do_softirq+0xc1/0x1e0
 [<ffffffff810dbb60>] ? handle_IRQ_event+0x60/0x170
 [<ffffffff8100c24c>] call_softirq+0x1c/0x30
 [<ffffffff8100de85>] do_softirq+0x65/0xa0
 [<ffffffff81073d45>] irq_exit+0x85/0x90
 [<ffffffff81506365>] do_IRQ+0x75/0xf0
 [<ffffffff8100ba53>] ret_from_intr+0x0/0x11
 [<ffffffff8117cae9>] ? fget_light+0x19/0x90
 [<ffffffff8117bff8>] sys_read+0x28/0x90
 [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
Code: 49 89 70 50 19 c0 49 89 70 58 41 c6 40 4c 04 83 e0 fc 83 c0 08 41 88 40 4d c9 c3 90 90 90 90 90 48 89 f8 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 20 48 83 ea 20 4c 8b 06 4c 8b 4e 08 4c 
RIP  [<ffffffff8127e5ab>] memcpy+0xb/0x120
 RSP <ffff880028203868>


  • Red Hat Enterprise Linux 6
    • 2.6.32-279.14.1.el6
  • NFS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content