Kernel panic after mounting nfsv3 share at `lockd_down_net()` in Red Hat Enterprise Linux 7
Issue
-
The exact cause of the panic can be any of the following:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000ce8 general protection fault: 0000 [#1] SMP BUG: unable to handle kernel paging request at 0000000100000000 -
Example stack trace from client panic with
BUG: unable to handle kernel NULL pointer dereference at 0000000000000ce8:crash> bt PID: 75420 TASK: ffff9f24bfb46eb0 CPU: 26 COMMAND: "mount.nfs" #0 [ffff9f343d69b880] machine_kexec at ffffffffa58629da #1 [ffff9f343d69b8e0] __crash_kexec at ffffffffa5916692 #2 [ffff9f343d69b9b0] crash_kexec at ffffffffa5916780 #3 [ffff9f343d69b9c8] oops_end at ffffffffa5f1d728 #4 [ffff9f343d69b9f0] no_context at ffffffffa5f0c6cd #5 [ffff9f343d69ba40] __bad_area_nosemaphore at ffffffffa5f0c764 #6 [ffff9f343d69ba90] bad_area at ffffffffa5f0ca74 #7 [ffff9f343d69bab8] __do_page_fault at ffffffffa5f2088f #8 [ffff9f343d69bb20] do_page_fault at ffffffffa5f208d5 #9 [ffff9f343d69bb50] page_fault at ffffffffa5f1c758 [exception RIP: lockd_down_net+23] RIP: ffffffffc0ae1067 RSP: ffff9f343d69bc08 RFLAGS: 00010202 RAX: 0000000000000008 RBX: 0000000000000000 RCX: ffff9f343d69bfd8 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9f302ba0c200 RBP: ffff9f343d69bc18 R8: 000000000001bb00 R9: ffffffffc0aff64b R10: ffff9f4f41a9bb00 R11: ffffe440735e8280 R12: ffff9f4d97a0a700 R13: ffffffffffffffea R14: ffff9f343d69bdb0 R15: ffffffffc0bde000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #10 [ffff9f343d69bc20] lockd_down at ffffffffc0ae112f [lockd] #11 [ffff9f343d69bc38] nlmclnt_done at ffffffffc0add0de [lockd] #12 [ffff9f343d69bc50] nfs_destroy_server at ffffffffc0afd627 [nfs] #13 [ffff9f343d69bc60] nfs_free_server at ffffffffc0afe386 [nfs] #14 [ffff9f343d69bc78] nfs_create_server at ffffffffc0aff653 [nfs] #15 [ffff9f343d69bcb0] nfs3_create_server at ffffffffc0bd617f [nfsv3] #16 [ffff9f343d69bcc8] nfs_try_mount at ffffffffc0b0c891 [nfs] #17 [ffff9f343d69bd88] nfs_fs_mount at ffffffffc0b0bcdb [nfs] #18 [ffff9f343d69be10] mount_fs at ffffffffa5a23c2e #19 [ffff9f343d69be58] vfs_kern_mount at ffffffffa5a41157 #20 [ffff9f343d69be90] do_mount at ffffffffa5a4377f #21 [ffff9f343d69bf18] sys_mount at ffffffffa5a445b3 #22 [ffff9f343d69bf50] system_call_fastpath at ffffffffa5f2579b RIP: 00007f4249d3629a RSP: 00007ffc231e07e8 RFLAGS: 00000216 RAX: 00000000000000a5 RBX: 0000000000000000 RCX: ffffffffffffffff RDX: 000056456582b280 RSI: 000056456582b490 RDI: 000056456582b420 RBP: 00007ffc231e0a70 R8: 000056456582e130 R9: 000000000000004d R10: 0000000000000000 R11: 0000000000000246 R12: 00007f424a67f7e0 R13: 00007ffc231e0a70 R14: 00007ffc231e0950 R15: 000056456582e110 ORIG_RAX: 00000000000000a5 CS: 0033 SS: 002b -
Another patter of log
[83058.975122] BUG: unable to handle kernel
[83058.975148] NULL pointer dereference at 0000000000000ce8
[83058.975161] IP: [<ffffffffc01d7059>] lockd_down_net+0x19/0xc0 [lockd]
[83058.975194] PGD 0
[83058.975204] Oops: 0000 [#1] SMP
[83058.975647] CPU: 27 PID: 12083 Comm: umount.nfs Tainted: G OE ------------ 3.10.0-693.el7.x86_64 #1
[83058.975677] Hardware name: LENOVO System x3550 M5: -[8869AC1]-/01DC327, BIOS -[TBE132H-2.50]- 10/11/2017
[83058.975706] task: ffff88b3df3d9fa0 ti: ffff88b87a7f8000 task.ti: ffff88b87a7f8000
[83058.975728] RIP: 0010:[<ffffffffc01d7059>] [<ffffffffc01d7059>] lockd_down_net+0x19/0xc0 [lockd]
[83058.975761] RSP: 0018:ffff88b87a7fbdf8 EFLAGS: 00010206
[83058.975778] RAX: 0000000000000003 RBX: 0000000000000000 RCX: ffff88b87a7fbfd8
[83058.975800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88beb3701100
[83058.975822] RBP: ffff88b87a7fbe10 R08: ffff88b87a7fbd88 R09: 000000000023d2f6
[83058.975843] R10: ffff8860ae84bdf0 R11: 00000000007fffff R12: 0000000000000000
[83058.975865] R13: ffff88b3df3d9fa0 R14: ffffffff81e8af50 R15: ffff88b3df3da770
[83058.975887] FS: 00007f9e0d38b700(0000) GS:ffff88c07f4c0000(0000) knlGS:0000000000000000
[83058.975911] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[83058.975930] CR2: 0000000000000ce8 CR3: 000000b88560d000 CR4: 00000000003407e0
[83058.975951] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[83058.975973] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[83058.975995] Stack:
[83058.976003] 0000000000000000 ffff88af15b0a000 ffff88b3df3d9fa0 ffff88b87a7fbe28
[83058.976032] ffffffffc01d712f 0000000000000000 ffff88b87a7fbe40 ffffffffc01d30de
[83058.976057] ffff88af15b0a000 ffff88b87a7fbe50 ffffffffc0862627 ffff88b87a7fbe68
[83058.976082] Call Trace:
[83058.976098] [<ffffffffc01d712f>] lockd_down+0x2f/0xe0 [lockd]
[83058.976120] [<ffffffffc01d30de>] nlmclnt_done+0x1e/0x30 [lockd]
[83058.976146] [<ffffffffc0862627>] nfs_destroy_server+0x17/0x20 [nfs]
[83058.976168] [<ffffffffc0863373>] nfs_free_server+0x33/0xd0 [nfs]
[83058.976193] [<ffffffffc086fe3b>] nfs_kill_super+0x2b/0x30 [nfs]
[83058.976216] [<ffffffff81203e99>] deactivate_locked_super+0x49/0x60
[83058.976236] [<ffffffff81204606>] deactivate_super+0x46/0x60
[83058.976257] [<ffffffff812216af>] cleanup_mnt+0x3f/0x80
[83058.976275] [<ffffffff81221742>] __cleanup_mnt+0x12/0x20
[83058.976295] [<ffffffff810ad247>] task_work_run+0xa7/0xf0
[83058.976314] [<ffffffff8102ab62>] do_notify_resume+0x92/0xb0
[83058.977092] [<ffffffff816b527d>] int_signal+0x12/0x17
[83058.977850] Code: ff ff ff 5b 41 5c 41 5d 5d c3 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 8b 05 34 dd 00 00 48 89 e5 41 55 41 54 49 89 f4 53 85 c0 <48> 8b 8e e8 0c 00 00 74 75 3b 01 77 71 83 e8 01 48 98 48 8b 5c
[83058.979463] RIP [<ffffffffc01d7059>] lockd_down_net+0x19/0xc0 [lockd]
[83058.980245] RSP <ffff88b87a7fbdf8>
[83058.981013] CR2: 0000000000000ce8
Environment
- Red Hat Enterprise Linux 7
- kernel-3.10.0-693.el7~862.11.6.el7
- nfsv3 (client or server)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
