RHEL7 crashes when the filesystem gets unmouted and the uprobe is being released after the umount

Solution Unverified - Updated -

Issue

  • Kernel crash with the following call trace (during umount or reboot):
PANIC: "BUG: unable to handle kernel NULL pointer dereference at 0000000000000058"

PID: 1234     TASK: ffff9360df3eb180  CPU: 4    COMMAND: "task"
 #0 [ffff936047f37930] machine_kexec at ffffffffab8662f4
 #1 [ffff936047f37990] __crash_kexec at ffffffffab922a32
 #2 [ffff936047f37a60] crash_kexec at ffffffffab922b20
 #3 [ffff936047f37a78] oops_end at ffffffffabf91798
 #4 [ffff936047f37aa0] no_context at ffffffffab875d14
 #5 [ffff936047f37af0] __bad_area_nosemaphore at ffffffffab875fe2
 #6 [ffff936047f37b40] bad_area_nosemaphore at ffffffffab876104
 #7 [ffff936047f37b50] __do_page_fault at ffffffffabf94750
 #8 [ffff936047f37bc0] trace_do_page_fault at ffffffffabf94a26
 #9 [ffff936047f37c00] do_async_page_fault at ffffffffabf93fa2
#10 [ffff936047f37c20] async_page_fault at ffffffffabf907a8
    [exception RIP: _raw_spin_lock+0xc]
    RIP: ffffffffabf8ecfc  RSP: ffff936047f37cd8  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: ffff9359ecf11210  RCX: 0000000000000034
    RDX: 0000000000000001  RSI: ffff9359f0135868  RDI: 0000000000000058
    RBP: ffff936047f37cf8   R8: d018000000000000   R9: 59f01358680c0000
    R10: 0000000000000000  R11: 0000000000000002  R12: ffff9359ecf11208
    R13: 0000000000000058  R14: ffffffffc042e3e0  R15: ffff9360854c5228
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
#11 [ffff936047f37cd8] selinux_inode_free_security at ffffffffabb0ef2e
#12 [ffff936047f37d00] security_inode_free at ffffffffabb08d08
#13 [ffff936047f37d18] __destroy_inode at ffffffffaba6c752
#14 [ffff936047f37d30] destroy_inode at ffffffffaba6c842
#15 [ffff936047f37d48] evict at ffffffffaba6c995
#16 [ffff936047f37d70] iput at ffffffffaba6cd6c
#17 [ffff936047f37da0] free_trace_uprobe at ffffffffab98d48b
#18 [ffff936047f37dc0] destroy_local_trace_uprobe at ffffffffab98f1f2
#19 [ffff936047f37de0] perf_uprobe_destroy at ffffffffab983754
#20 [ffff936047f37df8] _free_event at ffffffffab9af49a
#21 [ffff936047f37e18] put_event at ffffffffab9af6f9
#22 [ffff936047f37e28] perf_event_release_kernel at ffffffffab9af923
#23 [ffff936047f37e88] perf_release at ffffffffab9afa10
#24 [ffff936047f37e98] __fput at ffffffffaba5088c
#25 [ffff936047f37ee0] ____fput at ffffffffaba50abe
#26 [ffff936047f37ef0] task_work_run at ffffffffab8c299b
#27 [ffff936047f37f30] do_notify_resume at ffffffffab82cc65
#28 [ffff936047f37f50] int_signal at ffffffffabf9a2ef
    RIP: 00007f5c6f53938e  RSP: 000000c000685d18  RFLAGS: 00000202
    RAX: 0000000000000000  RBX: 0000000000000039  RCX: ffffffffffffffff
    RDX: 0000000000000000  RSI: 0000000000000000  RDI: 0000000000000039
    RBP: 000000c000685d58   R8: 0000000000000000   R9: 0000000000000000
    R10: 0000000000000000  R11: 0000000000000202  R12: 000000c000685da8
    R13: 0000000000000010  R14: 000000c0000d9880  R15: 000000c0005e0a90
    ORIG_RAX: 0000000000000003  CS: 0033  SS: 002b
  • Prior to crash we can see VFS error:
VFS: Busy inodes after unmount of dm-N. Self-destruct in 5 seconds.  Have a nice day...

Environment

  • Red Hat Enterprise Linux 7.9
  • kernel-3.10.0-1160.59.1.el7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content