The kernel often crashes due to a corrupted freelist pointer. A possible secpath_cache slab use-after-free.

Solution Unverified - Updated -

Issue

The kernel often crashes due to a corrupted freelist pointer. A possible secpath_cache slab use-after-free.

[ 9120.120187] stack segment: 0000 [#1] SMP PTI
[ 9120.120213] CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Not tainted 4.18.0-240.1.1.el8_3.x86_64 #1
[ 9120.120239] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/19/2018
[ 9120.120271] RIP: 0010:kmem_cache_alloc+0x78/0x1b0
[ 9120.120319] Code: 01 00 00 4d 8b 06 65 49 8b 50 08 65 4c 03 05 8f 88 16 5b 49 8b 28 48 85 ed 0f 84 03 01 00 00 41 8b 46 20 49 8b 3e 48 8d 4a 01 <48> 8b 5c 05 00 48 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 c5 41 8b
[ 9120.120369] RSP: 0018:ffff8a1f3bb03bb8 EFLAGS: 00010286
[ 9120.120385] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000049b852
[ 9120.120404] RDX: 000000000049b851 RSI: 0000000000480020 RDI: 00000000000343b0
[ 9120.120424] RBP: ff8a1f3841277f00 R08: ffff8a1f3bb343b0 R09: ffff8a1f3bb03a00
[ 9120.120443] R10: 0000000000000000 R11: 00000000b9bea22c R12: 0000000000480020
[ 9120.120462] R13: ffffffffa542fb4a R14: ffff8a1f071a0e00 R15: ffff8a1f071a0e00
[ 9120.120483] FS:  0000000000000000(0000) GS:ffff8a1f3bb00000(0000) knlGS:0000000000000000
[ 9120.120505] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9120.120541] CR2: 00007fa5fe4de000 CR3: 000000012800a003 CR4: 00000000003606e0
[ 9120.120608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 9120.120633] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 9120.120654] Call Trace:
[ 9120.120693]  <IRQ>
[ 9120.120705]  secpath_dup+0x1a/0xd0
[ 9120.120723]  secpath_set+0x24/0x60
[ 9120.120735]  xfrm_input+0xa3/0x990
[ 9120.120750]  xfrm4_esp_rcv+0x34/0x46
[ 9120.120767]  ip_local_deliver_finish+0x1ea/0x210
[ 9120.120788]  ip_local_deliver+0x6b/0xe0
[ 9120.120801]  ? ip_rcv_finish+0x410/0x410
[ 9120.120818]  ip_rcv+0x27b/0x36a
[ 9120.120831]  ? inet_add_protocol.cold.1+0x1e/0x1e
[ 9120.120847]  __netif_receive_skb_core+0xb41/0xc40
[ 9120.120866]  ? __build_skb+0x1d/0x50
[ 9120.120879]  netif_receive_skb_internal+0x3d/0xb0
[ 9120.120895]  napi_gro_receive+0xba/0xe0
[ 9120.120911]  vmxnet3_rq_rx_complete+0x8f1/0xec0 [vmxnet3]
[ 9120.120943]  vmxnet3_poll_rx_only+0x31/0x90 [vmxnet3]
[ 9120.120959]  net_rx_action+0x149/0x3b0
[ 9120.120974]  __do_softirq+0xe4/0x2f8
[ 9120.120996]  irq_exit+0xf7/0x100
[ 9120.121011]  do_IRQ+0x7f/0xd0
[ 9120.121027]  common_interrupt+0xf/0xf
[ 9120.121039]  </IRQ>
[ 9120.121049] RIP: 0010:native_safe_halt+0xe/0x10
[ 9120.121064] Code: ff ff 7f c3 65 48 8b 04 25 80 5c 01 00 f0 80 48 02 20 48 8b 00 a8 08 75 c4 eb 80 90 e9 07 00 00 00 0f 00 2d a6 2c 53 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 96 2c 53 00 f4 c3 90 90 0f 1f 44 00
[ 9120.122207] RSP: 0018:ffffa9fdc06afea0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffc4
[ 9120.122781] RAX: ffffffffa54d62d0 RBX: 0000000000000001 RCX: 7ffff7b4a0f6eb7f
[ 9120.123435] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8a1f3bb1d5c0
[ 9120.124172] RBP: 0000000000000001 R08: ffff8a1f3bb1d5c0 R09: ffffa9fdc0e27a58
[ 9120.124736] R10: 0000000000000000 R11: 0000084b5daa20c0 R12: ffffffffffffffff
[ 9120.125287] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 9120.125818]  ? __sched_text_end+0x7/0x7
[ 9120.126409]  default_idle+0x1c/0x130
[ 9120.126902]  do_idle+0x207/0x290
[ 9120.127376]  cpu_startup_entry+0x6f/0x80
[ 9120.127825]  start_secondary+0x1b1/0x200
[ 9120.128280]  secondary_startup_64+0xb7/0xc0
[ 9120.128730] Modules linked in: echainiv esp4 nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nf_tables_set nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6_tables nft_compat ip_set nf_tables nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock intel_rapl_msr intel_rapl_common sb_edac crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vmw_balloon intel_rapl_perf joydev pcspkr vmw_vmci i2c_piix4 ip_tables xfs libcrc32c sr_mod cdrom ata_generic vmwgfx drm_kms_helper sd_mod syscopyarea sysfillrect sysimgblt fb_sys_fops sg ttm drm ata_piix crc32c_intel serio_raw ahci libahci vmxnet3 libata vmw_pvscsi fuse

Environment

  • Red Hat Enterprise Linux 8.3 (kernel-4.18.0-240.1.1.el8_3)
  • A RHEL guest running on VMware hypervisor without any 3rd-party/proprietary modules/drivers installed/loaded.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In