Kernel panic in hugetlbfs_fill_super

Solution In Progress - Updated -

Environment

  • RHEL 8
  • RHEL 9

Issue

The system panics in hugetlbfs_fill_super()

Resolution

This is due to CVE-2024-0841. The issue is currently under investigation.

Diagnostic Steps

The panic occurs with this stack:

[    9.591805] IPv6: ADDRCONF(NETDEV_UP): ens3: link is not ready
[406481.604885] hugetlbfs: Unsupported page size 0 MB
[406481.614526] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[406481.616319] PGD 800000010562e067 P4D 800000010562e067 PUD 102d30067 PMD 0 
[406481.617854] Oops: 0000 [#1] SMP PTI
[406481.618649] CPU: 0 PID: 191183 Comm: apoc Kdump: loaded Not tainted 4.18.0-477.36.1.el8_8.x86_64 #1
[406481.620637] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[406481.621910] RIP: 0010:hugetlbfs_fill_super+0xbd/0x1b0
[406481.623030] Code: 48 8b 3b e8 b5 a2 f0 ff 49 89 44 24 20 48 85 c0 0f 84 e0 00 00 00
[406481.627036] RSP: 0018:ffffa47f816bbe20 EFLAGS: 00010246
[406481.628073] RAX: 0000000000000000 RBX: ffff88848425ed80 RCX: 0000000000000000
[406481.629478] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff888482dbd800
[406481.630888] RBP: ffffa47f816bbe40 R08: ffffa47f816bbdd8 R09: ffff800000000002
[406481.632275] R10: 00000000006000c0 R11: 0000000000000246 R12: ffff888484807340
[406481.633842] R13: ffff888482dbd800 R14: 0000000000000000 R15: 0000000000000000
[406481.635420] FS:  00007f0984bcc600(0000) GS:ffff8885a0600000(0000) knlGS:0000000000000000
[406481.637197] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[406481.638358] CR2: 0000000000000008 CR3: 0000000104b3e006 CR4: 00000000007706f0
[406481.639745] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[406481.641141] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[406481.642551] PKRU: 55555554
[406481.643277] Call Trace:
[406481.643916]  ? hugetlbfs_init_fs_context+0xa0/0xa0
[406481.644986]  vfs_get_super+0x7f/0x110
[406481.645814]  vfs_get_tree+0x25/0xc0
[406481.646597]  vfs_fsconfig_locked+0x79/0x160
[406481.647535]  __x64_sys_fsconfig+0x3c4/0x440
[406481.648480]  do_syscall_64+0x5b/0x1b0
[406481.649301]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[406481.650423] RIP: 0033:0x7f09846139bd
[406481.651239] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 
[406481.655302] RSP: 002b:00007fffa64a1388 EFLAGS: 00000286 ORIG_RAX: 00000000000001af
[406481.656966] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f09846139bd
[406481.658533] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
[406481.660117] RBP: 00007fffa64a13a0 R08: 0000000000000000 R09: 00007fffa64a1470
[406481.661696] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000400510
[406481.663281] R13: 00007fffa64a1470 R14: 0000000000000000 R15: 0000000000000000
[406481.664871] Modules linked in: intel_rapl_msr intel_rapl_common intel_uncore_frequency_common isst_if_common nfit libnvdimm crct10dif_pclmul crc32
[406481.672003] CR2: 0000000000000008

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments