Exception in xfrm_selector_match() on PowerPC64LE platform due to corrupt struct sock

Solution Unverified - Updated -

Issue

System crashes with the following kernel messages on PowerPC64LE platform:

[237871.737455] Unable to handle kernel paging request for data at address 0x000000d4
[237871.737456] Faulting instruction address: 0xc0000000008a2d50
[237871.737458] Oops: Kernel access of bad area, sig: 11 [#1]
[237871.737460] SMP NR_CPUS=2048 NUMA pSeries
[237871.737485] Modules linked in: tcp_diag inet_diag iptable_filter bridge stp llc binfmt_misc team_mode_activebackup team nls_utf8 isofs loop ext4 mbcache jbd2 pseries_rng dm_service_time ses enclosure sg nfsd auth_rpcgss nfs_acl lockd grace sunrpc dm_multipath ip_tables xfs sr_mod sd_mod cdrom lpfc bnx2x ipr libata tg3 crc_t10dif crct10dif_generic scsi_transport_fc mdio ptp scsi_tgt pps_core crct10dif_common libcrc32c dm_mirror dm_region_hash dm_log dm_mod
[237871.737488] CPU: 54 PID: 0 Comm: swapper/54 Not tainted 3.10.0-327.el7.ppc64le #1
[237871.737490] task: c000003e56293900 ti: c000007c9fe00000 task.ti: c000003e56300000
[237871.737491] NIP: c0000000008a2d50 LR: c0000000008a4824 CTR: c000000000402310
[237871.737492] REGS: c000007c9fe03370 TRAP: 0300   Not tainted  (3.10.0-327.el7.ppc64le)
[237871.737497] MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24882082  XER: 00000000
[237871.737521] CFAR: c000000000009368 DAR: 00000000000000d4 DSISR: 40000000 SOFTE: 1
                GPR00: c0000000008a4824 c000007c9fe035f0 c000000001123130 00000000000000aa
                GPR04: c000007c9fe03660 000000000000000a c000007c9fe036a0 c000003de49d2400
                GPR08: c0000053d4fc28b8 0000000000000002 0000000000000300 cf9104feff94be9a
                GPR12: c000000000402310 c000000007b2e600 000000000000000a c000007c344f9a80
                GPR16: c000003e4528d200 0000000000000000 0000000000010000 0000000000020000
                GPR20: 0000000000000000 0000000000000000 000000000000dd86 000000000000003a
                GPR24: c00000000153f530 0000000000000000 c00000000110f800 000000000000000e
                GPR28: c000000001110c74 c000003e4a6bcf00 c000007c9fe03660 00000000000000aa
[237871.737527] NIP [c0000000008a2d50] xfrm_selector_match+0x80/0x5c0
[237871.737529] LR [c0000000008a4824] __xfrm_policy_check+0x454/0xfb0
[237871.737529] Call Trace:
[237871.737532] [c000007c9fe03640] [c0000000008a4824] __xfrm_policy_check+0x454/0xfb0
[237871.737536] [c000007c9fe037f0] [c0000000008f7df0] rawv6_rcv+0x50/0x440
[237871.737539] [c000007c9fe03830] [c0000000008f8338] raw6_local_deliver+0x158/0x330
[237871.737542] [c000007c9fe038c0] [c0000000008cb194] ip6_input_finish+0xe4/0x5b0
[237871.737544] [c000007c9fe03930] [c0000000008cbee0] ip6_mc_input+0x110/0x330
[237871.737549] [c000007c9fe039b0] [c0000000008cba24] ipv6_rcv+0x3c4/0x6b0
[237871.737553] [c000007c9fe03a40] [c0000000007b5914] __netif_receive_skb_core+0x7b4/0x9d0
[237871.737556] [c000007c9fe03b30] [c0000000007b69bc] netif_receive_skb+0x4c/0x110
[237871.737559] [c000007c9fe03b70] [c0000000007bb6e0] napi_gro_receive+0x130/0x4f0
[237871.737564] [c000007c9fe03bd0] [d0000000334dbab8] tg3_rx+0x458/0x9b0 [tg3]
[237871.737568] [c000007c9fe03cf0] [d0000000334e74f8] tg3_poll_work+0x348/0xa50 [tg3]
[237871.737574] [c000007c9fe03da0] [d0000000334e7d40] tg3_poll_msix+0x140/0x260 [tg3]
[237871.737576] [c000007c9fe03df0] [c0000000007baf38] net_rx_action+0x268/0x4e0
[237871.737580] [c000007c9fe03ea0] [c0000000000de734] __do_softirq+0x154/0x380
237871.737584] [c000007c9fe03f90] [c000000000024fb8] call_do_softirq+0x14/0x24
[237871.737587] [c000007c9fdffea0] [c000000000011760] do_softirq+0x120/0x170
[237871.737589] [c000007c9fdffee0] [c0000000000decb4] irq_exit+0x1e4/0x1f0
[237871.737593] [c000007c9fdfff20] [c000000000011354] __do_irq+0x94/0x190
[237871.737596] [c000007c9fdfff90] [c000000000024fdc] call_do_irq+0x14/0x24
[237871.737598] [c000003e563039e0] [c0000000000114e4] do_IRQ+0x94/0x110
[237871.737602] [c000003e56303a30] [c000000000002794] hardware_interrupt_common+0x114/0x180
[237871.737607] --- Exception: 501 at plpar_hcall_norets+0x8c/0xdc
                    LR = dedicated_cede_loop+0xf8/0x150
[237871.737610] [c000003e56303d20] [0000000000000000]           (null) (unreliable)
[237871.737613] [c000003e56303da0] [c00000000074d33c] cpuidle_idle_call+0x11c/0x3d0
[237871.737615] [c000003e56303e10] [c000000000096148] pseries_lpar_idle+0x18/0x60
[237871.737617] [c000003e56303e70] [c000000000018138] arch_cpu_idle+0x68/0x160
[237871.737619] [c000003e56303ea0] [c00000000015d670] cpu_startup_entry+0x290/0x300
[237871.737621] [c000003e56303f20] [c00000000004be00] start_secondary+0x310/0x340
[237871.737624] [c000003e56303f90] [c000000000009a6c] start_secondary_prolog+0x10/0x14
[237871.737625] Instruction dump:
[237871.737628] e8010010 eb41ffd0 eb61ffd8 eb81ffe0 7c0803a6 eba1ffe8 ebc1fff0 ebe1fff8
[237871.737631] 4e800020 60000000 60000000 60420000 <8923002a> 3b840014 7d252e70 553d06fe
[237871.737642] ---[ end trace df8d2ece62bdf058 ]---

Environment

  • Red Hat Enterprise Linux 7
  • PPC64le based platform
  • Kernel 3.10.0-327.el7.ppc64le

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content