RHEL6.5: nfs client nfsiod kernel crash in __put_nfs_open_context - NULL pointer dereference at 0000000000000010

Solution Unverified - Updated -

Issue

  • Multiple kernel crashes in __put_nfs_open_context while freeing NFS write RPC task data, with the following message:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: [<ffffffffa038692f>] __put_nfs_open_context+0x2f/0x110 [nfs]
PGD 123606067 PUD 51692f067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:01.0/0000:07:00.0/host1/rport-1:0-2/target1:0:2/1:0:2:1/state
CPU 1 
Modules linked in: nfs lockd fscache auth_rpcgss nfs_acl sunrpc ext4 jbd2 fuse ses enclosure usb_storage dm_round_robin dm_multipath cpufreq_ondemand freq_table pcc_cpufreq bonding 8021q garp stp llc ipv6 iTCO_wdt iTCO_vendor_support microcode serio_raw lpc_ich mfd_core hpilo hpwdt sg power_meter tg3 ptp pps_core shpchp ext3 jbd mbcache sd_mod crc_t10dif pata_acpi ata_generic ata_piix hpsa qla2xxx scsi_transport_fc scsi_tgt dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]

Pid: 34611, comm: nfsiod Not tainted 2.6.32-431.el6.x86_64 #1 HP ProLiant DL380p Gen8
RIP: 0010:[<ffffffffa038692f>]  [<ffffffffa038692f>] __put_nfs_open_context+0x2f/0x110 [nfs]
RSP: 0018:ffff8802324ffd50  EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff8807cdbf325c RCX: ffffe8ffff618c08
RDX: ffff8808309b71b8 RSI: 0000000000000000 RDI: ffff8807cdbf325c
RBP: ffff8802324ffd90 R08: 0000000000000000 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8808309b7080
R13: ffff8807cdbf32cc R14: 0000000000000000 R15: ffffe8ffff618c08
FS:  0000000000000000(0000) GS:ffff880045820000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000010 CR3: 000000051696a000 CR4: 00000000001407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsiod (pid: 34611, threadinfo ffff8802324fe000, task ffff88041f84e080)
Stack:
 0000000000016840 0000000000000000 0000000000000000 ffff8808309b7118
<d> ffff8808309b7080 ffffffffa02f2d80 ffff8802324fffd8 ffffe8ffff618c08
<d> ffff8802324ffda0 ffffffffa0386ac0 ffff8802324ffdc0 ffffffffa0395c18
Call Trace:
 [<ffffffffa02f2d80>] ? rpc_async_release+0x0/0x20 [sunrpc]
 [<ffffffffa0386ac0>] put_nfs_open_context+0x10/0x20 [nfs]
 [<ffffffffa0395c18>] nfs_writedata_release+0x28/0x90 [nfs]
 [<ffffffffa0395ccd>] nfs_writeback_release_common+0x4d/0xf0 [nfs]
 [<ffffffffa02f2d80>] ? rpc_async_release+0x0/0x20 [sunrpc]
 [<ffffffffa02f1847>] rpc_release_calldata+0x17/0x20 [sunrpc]
 [<ffffffffa02f2c5e>] rpc_free_task+0x2e/0x70 [sunrpc]
 [<ffffffffa02f2d95>] rpc_async_release+0x15/0x20 [sunrpc]
 [<ffffffff81094d20>] worker_thread+0x170/0x2a0
 [<ffffffff8109b2a0>] ? autoremove_wake_function+0x0/0x40
 [<ffffffff81094bb0>] ? worker_thread+0x0/0x2a0
 [<ffffffff8109aef6>] kthread+0x96/0xa0
 [<ffffffff8100c20a>] child_rip+0xa/0x20
 [<ffffffff8109ae60>] ? kthread+0x0/0xa0
 [<ffffffff8100c200>] ? child_rip+0x0/0x20
Code: 48 83 ec 40 48 89 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 0f 1f 44 00 00 48 8b 47 40 4c 8d 6f 70 48 89 fb 41 89 f6 <4c> 8b 60 10 48 8b 80 90 00 00 00 48 89 45 c8 4c 3b 6f 70 0f 84 
RIP  [<ffffffffa038692f>] __put_nfs_open_context+0x2f/0x110 [nfs]
 RSP <ffff8802324ffd50>
CR2: 0000000000000010

Environment

  • Red Hat Enterprise Linux 6 (NFS client)
    • kernels prior to kernel-2.6.32-573.el6
    • seen on kernel-2.6.32-431.el6
  • nfs4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content