My Oracle Support Banner

[ PCA/OVM ] Unexpected crash/reboots of guest VM's running UEK-6-U1 with stack trace "ip_sublist_rcv+0x17e/0x1e0 [ksplice_XXXXXXXX_vmlinux_new]" (Doc ID 2764675.1)

Last updated on JULY 25, 2021

Applies to:

Private Cloud Appliance - Version 1.0.1 and later
Oracle VM - Version 2.1 and later
Linux x86-64

Symptoms

VM's running on 5.4.17-2036.101.2.el7uek.x86_64 experiencing sudden reboots on OVM 3.4.6 (PCA 2.4.2).  

vmcore dump shows the following stack trace for the error condition:

Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G O 5.4.17-2036.101.2.el7uek.x86_64 #2
Hardware name: Xen HVM domU, BIOS 4.4.4OVM 09/04/2019
RIP: 0010:ip_sublist_rcv+0x17e/0x1e0 [ksplice_giqwx3w4_vmlinux_new]
Code: 38 0a b6 d5 48 8b 45 d0 65 48 33 04 25 28 00 00 00 75 66 48 83 c4 50 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 8b 45 90 4c 8d 65 a0 <48> 8b 90 30 0b 00 00 48 85 d2 74 3e 48 8b 45 90 4c 8d 65 a0 48 89
RSP: 0018:ffffa5cec000cbb0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffa5cec000ccd0 RCX: 0000000000013aea
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffa5cec000cc50
RBP: ffffa5cec000cc28 R08: ffff916087e06000 R09: 0000000000000008
R10: ffff916085ae10a0 R11: ffff916087e06000 R12: ffffa5cec000cbc8
R13: ffffffff96fbcf40 R14: ffffa5cec000cc50 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff91608b840000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000b30 CR3: 00000000de102005 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
? kfree_skbmem+0x5d/0x70
? kfree_skb+0x3a/0x94
ip_list_rcv+0x139/0x15c
__netif_receive_skb_list_core+0x2bc/0x2e5
netif_receive_skb_list_internal+0x1ca/0x2d8
? napi_gro_complete.constprop.156+0x96/0xf5
gro_normal_list.part.135+0x1e/0x3b
napi_complete_done+0xcd/0x115
xennet_poll+0x9ea/0xc20 [xen_netfront]
net_rx_action+0x289/0x3f7
__do_softirq+0xe1/0x2b4
irq_exit+0xdb/0xe5
xen_evtchn_do_upcall+0x30/0x3b
xen_hvm_callback_vector+0xf/0x14
IRQ>
RIP: 0010:native_safe_halt+0x12/0x14
Code: 48 8b 00 a8 08 0f 84 64 ff ff ff eb ba cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 e9 07 00 00 00 0f 00 2d 92 87 42 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00
RSP: 0018:ffffa5cec0083e68 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff0c
RAX: ffffffff963e3240 RBX: ffff916087e06000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000087 RDI: 0000000000000087
RBP: ffffa5cec0083e68 R08: 00000000e93df942 R09: 000000000001e5c0
R10: 0000000000000201 R11: ffff91608932f438 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffff916087e06000
? __cpuidle_text_start+0x8/0x0
default_idle+0x20/0x149
arch_cpu_idle+0x15/0x17
default_idle_call+0x23/0x31
do_idle+0x199/0x265
cpu_startup_entry+0x1d/0x22
start_secondary+0x169/0x1bb
secondary_startup_64+0xb6/0xb6
Modules linked in: nfsv3 nfs_acl nfs lockd grace nfs_ssc fscache ksplice_giqwx3w4_vmlinux_new(O) ksplice_giqwx3w4(O) ksplice_bejfpj61_vmlinux_new(O) ksplice_bejfpj61(O) ksplice_deaczra8(O) ksplice_5kxmu88h(O) ksplice_h31a3g4q_vmlinux_new(O) ksplice_h31a3g4q(O) ksplice_oha6ehwf(O) ksplice_9qwq4nan(O) ksplice_fwgwlqie_vmlinux_new(O) ksplice_fwgwlqie(O) rfkill ksplice_mfx65e1q_vmlinux_new(O) ksplice_mfx65e1q(O) ksplice_sl0u6649(O) ip6t_REJECT nf_reject_ipv6 ip6table_filter ip6_tables ipt_REJECT nf_reject_ipv4 xt_comment xt_multiport xt_conntrack iptable_filter iptable_nat nf_nat nf_conntrack ovmapi nf_defrag_ipv6 nf_defrag_ipv4 sunrpc intel_rapl_msr intel_rapl_common sb_edac crct10dif_pclmul crc32_pclmul ghash_clmulni_intel cirrus drm_kms_helper drm ppdev aesni_intel crypto_simd xen_fbfront cryptd syscopyarea sysfillrect sg sysimgblt glue_helper pcspkr i2c_piix4 fb_sys_fops parport_pc parport binfmt_misc ip_tables xfs libcrc32c sr_mod cdrom ata_generic pata_acpi ata_piix libata
xen_blkfront xen_netfront serio_raw floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: ksplice_giqwx3w4_vmlinux_old]
CR2: 0000000000000b30
---[ end trace f5ce8bfd88df13da ]---
RIP: 0010:ip_sublist_rcv+0x17e/0x1e0 [ksplice_giqwx3w4_vmlinux_new]
Code: 38 0a b6 d5 48 8b 45 d0 65 48 33 04 25 28 00 00 00 75 66 48 83 c4 50 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 8b 45 90 4c 8d 65 a0 <48> 8b 90 30 0b 00 00 48 85 d2 74 3e 48 8b 45 90 4c 8d 65 a0 48 89
RSP: 0018:ffffa5cec000cbb0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffa5cec000ccd0 RCX: 0000000000013aea
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffa5cec000cc50
RBP: ffffa5cec000cc28 R08: ffff916087e06000 R09: 0000000000000008
R10: ffff916085ae10a0 R11: ffff916087e06000 R12: ffffa5cec000cbc8
R13: ffffffff96fbcf40 R14: ffffa5cec000cc50 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff91608b840000(0000) knlGS:0000000000000000¬¬
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000b30 CR3: 00000000de102005 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: 0x14a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)¬¬

Changes

The following Ksplice patches were applied before the crash/reboots started:

[mxqduwcf] CVE-2020-29660: Use-after-free in tty subsystem.
[h3dp13oh] Restrict NLM interval based host rebinding to UDP.
[ad0q0yw2] CVE-2020-36158: Out-of-bounds memory write in wireless mwifiex driver.
[j9aadu9f] Warning message when offlining x86 CPU.
[zi506ec2] CVE-2021-20177: Malicious netfilter rule causes denial-of-service.
[bhk9fduj] CVE-2020-15436: Use-after-free in blk device locks allows privilege escalation.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.