The kernel-rt crashes in eventpoll_release_file() due to a possible use-after-free bug fixed with a patch from upstream ebe06187bf2a

Solution Unverified - Updated -

Issue

  • The kernel crashes in eventpoll_release_file() due to a possible use-after-free bug fixed with a patch from upstream ebe06187bf2a
[2029170.978424] BUG: unable to handle kernel paging request at fffffffffffffff8
[2029170.978430] IP: [<ffffffff8dc8dec0>] eventpoll_release_file+0x50/0xc0
[2029170.978433] PGD fcec18067 PUD fcec1a067 PMD 0 
[2029170.978436] Oops: 0000 [#1] PREEMPT SMP 
         ...
[2029170.978534] CPU: 1 PID: 227464 Comm: containerd Kdump: loaded Tainted: G        W  OEL ------------ T 3.10.0-1127.18.2.rt56.1116.el7.x86_64 #1
[2029170.978535] Hardware name: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[2029170.978536] task: ffff8ff0f8084540 ti: ffff8ff04c248000 task.ti: ffff8ff04c248000
[2029170.978541] RIP: 0010:[<ffffffff8dc8dec0>]  [<ffffffff8dc8dec0>] eventpoll_release_file+0x50/0xc0
[2029170.978542] RSP: 0018:ffff8ff04c24bc10  EFLAGS: 00010286
[2029170.978544] RAX: 0000000000000000 RBX: ffffffffffffffa8 RCX: 0000000000000000
[2029170.978545] RDX: ffffffff8e667e40 RSI: ffffffff8dc8ca50 RDI: ffff8fef959d8430
[2029170.978546] RBP: ffff8ff04c24bc40 R08: 0000000000000000 R09: ffffffff8dc8cfd3
[2029170.978547] R10: ffff8feed6ed1530 R11: ffff8ff20d2c1990 R12: ffff8fef959d8430
[2029170.978549] R13: ffff8fef959d8400 R14: ffff8ff20d2c1a88 R15: ffff8fe60cb908e0
[2029170.978551] FS:  00007f5a963fb740(0000) GS:ffff8ffb5c640000(0000) knlGS:0000000000000000
[2029170.978552] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[2029170.978553] CR2: fffffffffffffff8 CR3: 00000005165ea000 CR4: 00000000007607a0
[2029170.978555] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[2029170.978556] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[2029170.978557] PKRU: 55555554
[2029170.978557] Call Trace:
[2029170.978564]  [<ffffffff8dc3d73b>] __fput+0x1cb/0x230
[2029170.978568]  [<ffffffff8dc3d88e>] ____fput+0xe/0x10
[2029170.978573]  [<ffffffff8dab612b>] task_work_run+0xbb/0xe0
[2029170.978577]  [<ffffffff8da92f9f>] do_exit+0x2df/0xa50
[2029170.978583]  [<ffffffff8e185ae0>] ? kprobe_flush_task+0xd0/0x170
[2029170.978586]  [<ffffffff8da9379c>] do_group_exit+0x4c/0xd0
[2029170.978590]  [<ffffffff8daa61fe>] get_signal_to_deliver+0x2ce/0x650
[2029170.978595]  [<ffffffff8da1b5d7>] do_signal+0x57/0x730
[2029170.978599]  [<ffffffff8dabed19>] ? __hrtimer_nanosleep+0xc9/0x190
[2029170.978602]  [<ffffffff8dabd770>] ? hrtimer_get_res+0x50/0x50
[2029170.978605]  [<ffffffff8da1bd68>] do_notify_resume+0xb8/0x110
[2029170.978608]  [<ffffffff8e1884f3>] int_signal+0x12/0x17
[2029170.978640] Code: 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 e8 67 02 4f 00 49 8b 06 48 89 45 d0 48 8b 45 d0 49 39 c6 48 8d 58 a8 74 3b 0f 1f 00 <4c> 8b 6b 50 4d 8d 65 30 4c 89 e7 e8 40 02 4f 00 48 89 de 4c 89 
[2029170.978643] RIP  [<ffffffff8dc8dec0>] eventpoll_release_file+0x50/0xc0
[2029170.978644]  RSP <ffff8ff04c24bc10>
[2029170.978644] CR2: fffffffffffffff8

Environment

  • Red Hat Enterprise Linux 7.8 Realtime (kernel-rt-3.10.0-1127.18.2.rt56.1116.el7)
  • Red Hat Enterprise Linux 7.9 (kernel-3.10.0-1160.el7)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content