RHEL6.4: kernel panics with null pointer dereference in sget()

Solution Verified - Updated -

Issue

  • Kernel crashes in sget after updating from RHEL6.3 to RHEL6.4
  • Null pointer dereference in sget() with the following backtraces:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
IP: [<ffffffff81183f23>] sget+0x2c3/0x480
PGD 20283b4067 PUD 201ea5d067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/virtual/block/md1/md/level
CPU 20 
Modules linked in: autofs4 arc4 ecb nfs lockd fscache nfs_acl rpcsec_gss_krb5 auth_rpcgss sunrpc cpufreq_ondemand freq_table pcc_cpufreq ipv6 xfs exportfs ext3 jbd raid1 hpilo hpwdt tg3 microcode serio_raw sg iTCO_wdt iTCO_vendor_support ioatdma dca power_meter shpchp ext4 mbcache jbd2 raid10 sd_mod crc_t10dif sr_mod cdrom hpsa pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]

Pid: 37818, comm: java Not tainted 2.6.32-358.el6.x86_64 #1 HP ProLiant DL380p Gen8
RIP: 0010:[<ffffffff81183f23>]  [<ffffffff81183f23>] sget+0x2c3/0x480
RSP: 0018:ffff88102814ba38  EFLAGS: 00010257
RAX: 0000000000000000 RBX: ffffffffa03ea600 RCX: 0000000000000001
RDX: ffffffff00000001 RSI: 0000000000000002 RDI: ffff88101f4ad400
RBP: ffff88102814ba88 R08: ffff881021730000 R09: ffff88101d3ff000
R10: ffff8810278c1000 R11: 0000000000000000 R12: ffffffffa042d420
R13: ffff88101f4ad400 R14: ffffffffa042d450 R15: ffff88102814ba98
FS:  00007fd31d78d700(0000) GS:ffff880061780000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000009 CR3: 000000201a9fe000 CR4: 00000000000407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process java (pid: 37818, threadinfo ffff88102814a000, task ffff88101ddae080)
Stack:
 ffff88102814ba88 ffff88101f4ad470 ffffffffa03ea5b0 ffff8810278c1000
<d> ffff88101bf65fc5 ffff88102814bb58 ffff88101d3ff000 ffff88101c59fcc0
<d> ffff88101bf65fc5 0000000000000000 ffff88102814bad8 ffffffffa03eb189
Call Trace:
 [<ffffffffa03ea5b0>] ? nfs_set_super+0x0/0x50 [nfs]
 [<ffffffffa03eb189>] nfs4_xdev_get_sb+0xa9/0x2b0 [nfs]
 [<ffffffff8118381b>] vfs_kern_mount+0x7b/0x1b0
 [<ffffffffa03f6803>] nfs_d_automount+0x3c3/0x4d0 [nfs]
 [<ffffffffa03e2a32>] ? nfs_open_revalidate+0x52/0x2f0 [nfs]
 [<ffffffff811901a9>] follow_managed+0x219/0x2d0
 [<ffffffff811902ff>] do_lookup+0x9f/0x230
 [<ffffffffa0307f30>] ? put_rpccred+0x50/0x150 [sunrpc]
 [<ffffffff8119069d>] __link_path_walk+0x20d/0x1030
 [<ffffffff8119174a>] path_walk+0x6a/0xe0
 [<ffffffff8119191b>] do_path_lookup+0x5b/0xa0
 [<ffffffff81182460>] ? get_empty_filp+0xa0/0x180
 [<ffffffff8119285b>] do_filp_open+0xfb/0xdd0
 [<ffffffff8105e203>] ? perf_event_task_sched_out+0x33/0x80
 [<ffffffff8119f562>] ? alloc_fd+0x92/0x160
 [<ffffffff8117de79>] do_sys_open+0x69/0x140
 [<ffffffff8117df90>] sys_open+0x20/0x30
 [<ffffffff8100b072>] system_call_fastpath+0x16/0x1b
Code: 48 8b 7d c8 e8 1f fc ff ff 85 c0 0f 84 81 fd ff ff 4d 85 ed 74 5f 49 8d 7d 70 e8 69 82 f1 ff 4c 89 ef e8 21 79 09 00 49 8b 45 30 <f6> 40 09 02 74 24 49 8d bd d8 02 00 00 e8 fb 85 10 00 49 8d bd 
RIP  [<ffffffff81183f23>] sget+0x2c3/0x480
 RSP <ffff88102814ba38>
CR2: 0000000000000009

Environment

  • Red Hat Enterprise Linux 6.4
    • kernels after 2.6.32-279.* and prior to 2.6.32-358.2.1.el6
  • NFS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content