s390x RHEL guest running on z/VM OS crashes in cgroup_iter_next(). A possible process data corruption caused by a possible slab use-after-free bug.
Issue
- s390x RHEL guest running on z/VM OS crashes in cgroup_iter_next().
[4369428.629284] Unable to handle kernel pointer dereference at virtual kernel address aa064e77a0e25000
[4369428.629320] Oops: 0038 [#1] SMP
[4369428.629324] Modules linked in: tcp_diag inet_diag rpcsec_gss_krb5 nfsv4 dns_resolver nfs lockd appldata_net_sum grace appldata_mem fscache appldata_os ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG xt_limit nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter dm_mirror dm_region_hash dm_log dm_mod vmur zcrypt_cex4 auth_rpcgss binfmt_misc sunrpc ip_tables xfs libcrc32c dasd_fba_mod dasd_eckd_mod dasd_mod pkey zcrypt ap sha512_s390 ghash_s390 des_s390 des_generic aes_s390 qeth_l2 qeth ccwgroup qdio prng 8021q garp stp llc mrp [last unloaded: sg]
[4369428.629384] CPU: 0 PID: 1 Comm: systemd Kdump: loaded Not tainted 3.10.0-1160.11.1.el7.s390x #1
[4369428.629388] task: 00000000f4c18000 ti: 00000000f4c14000 task.ti: 00000000f4c14000
[4369428.629391] Krnl PSW : 0704e00180000000 00000000001ebfe4 (cgroup_iter_next+0x4c/0xd0)
[4369428.629401] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 EA:3
Krnl GPRS: 00000000001ebfb0 0000000074a63f80 00000000ea73fa00 00000000f4c17bf8
[4369428.630278] 00000000001ec1f0 00000000f3d1d680 00000000f30f6f00 00000000f153bb00
[4369428.630280] 000000004d410c00 00000000001e8838 0000000000000050 00000000ea73fa00
[4369428.630283] aa064e77a0e25ee5 0000000000000089 00000000f4c17b48 00000000f4c17b20
[4369428.654391] Krnl Code: 00000000001ebfd4: e3c030080004 lg %r12,8(%r3)
00000000001ebfda: a7840040 brc 8,1ec05a
#00000000001ebfde: e35010280004 lg %r5,40(%r1)
>00000000001ebfe4: e340c0000004 lg %r4,0(%r12)
00000000001ebfea: a75b0018 aghi %r5,24
00000000001ebfee: ec4500128064 cgrj %r4,%r5,8,1ec012
00000000001ebff4: e34030080024 stg %r4,8(%r3)
00000000001ebffa: e320c820ff71 lay %r2,-2016(%r12)
[4369428.654469] Call Trace:
[4369428.654474] ([<00000000001e8838>] cgroup_file_open+0x0/0x138)
[4369428.654496] [<00000000001ec1f0>] cgroup_pidlist_open+0x128/0x3d0
[4369428.654499] [<00000000003039b6>] do_dentry_open+0x206/0x300
[4369428.654503] [<000000000031af42>] do_last+0x392/0x9d8
[4369428.654506] [<000000000031b670>] path_openat+0xe8/0x678
[4369428.654508] [<000000000031d2ae>] do_filp_open+0x5e/0xc0
[4369428.654510] [<00000000003056fc>] do_sys_open+0x18c/0x270
[4369428.654512] [<0000000000763a00>] sysc_nr_ok+0x26/0x2c
[4369428.654518] [<000003ffafb7c63c>] 0x3ffafb7c63c
[4369428.665741] Last Breaking-Event-Address:
[4369428.665745] [<00000000001ebf9e>] cgroup_iter_next+0x6/0xd0
[4369428.665755]
[4369428.665760] Kernel panic - not syncing: Fatal exception: panic_on_oops
Environment
- rhel7.9.z kernel-3.10.0-1160.11.1.el7.s390x
- RHEL guest running on IBM z/VM OS
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.