Kernel crashes in configfs_readdir() and fs/configfs/dir.c

Solution Unverified - Updated -

Issue

  • Kernel crashes with following messages when trying to capture debug data from the mount /sys/kernel/debug:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
IP: [<ffffffffa0274444>] configfs_readdir+0xf4/0x230 [configfs]
PGD 35595e067 PUD b7bf60067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/module/ipv6/initstate
CPU 9 
Modules linked in: nfs fscache nfsd lockd nfs_acl auth_rpcgss exportfs dlm configfs mptctl mptbase sunrpc pcc_cpufreq bonding 8021q garp stp llc ipv6 dm_round_robin dm_multipath video output hpilo hpwdt microcode serio_raw iTCO_wdt iTCO_vendor_support power_meter sg be2net ioatdma dca shpchp ext4 mbcache jbd2 sd_mod crc_t10dif lpfc scsi_transport_fc scsi_tgt hpsa dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]

Pid: 59185, comm: bpbkar Tainted: G        W  ---------------    2.6.32-279.1.1.el6.x86_64 #1
RIP: 0010:[<ffffffffa0274444>]  [<ffffffffa0274444>] configfs_readdir+0xf4/0x230 [configfs]
RSP: 0018:ffff8825a19d9e78  EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff883ff08d6ae0 RCX: ffff883ff08d6ad8
RDX: 0000000000000006 RSI: ffff883ff08d6a40 RDI: ffffffffa0349950
RBP: ffff8825a19d9ed8 R08: ffff883ff08d6ae0 R09: 0000000000000004
R10: 00000000000000a8 R11: 0000000000000246 R12: ffff883ff1b34800
R13: ffffffffa0349950 R14: ffff883ff08d6710 R15: ffff883ff08d6718
FS:  00007f6f6b40e720(0000) GS:ffff8820b0c20000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000040 CR3: 000000049744f000 CR4: 00000000000406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process bpbkar (pid: 59185, threadinfo ffff8825a19d8000, task ffff883d2f49caa0)
Stack:
 ffff8825a19d9ee8 0000000000000286 ffff883ff08d6ad8 ffffffff8118ef80
<d> ffff8825a19d9f38 ffff883ff08d6a40 ffff883ff37f9720 ffff883ff1b34800
<d> ffff8825a19d9f38 ffffffff8118ef80 ffff883ff37f9720 ffff883ff37f9668
Call Trace:
 [<ffffffff8118ef80>] ? filldir+0x0/0xe0
 [<ffffffff8118ef80>] ? filldir+0x0/0xe0
 [<ffffffff8118f200>] vfs_readdir+0xc0/0xe0
 [<ffffffff8117b0f2>] ? vfs_write+0x132/0x1a0
 [<ffffffff8118f389>] sys_getdents+0x89/0xf0
 [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
Code: 48 83 f8 02 4d 8d 7e 08 48 89 55 c8 0f 84 15 01 00 00 49 8b 5e 08 48 3b 5d c8 0f 85 7c 00 00 00 e9 da 00 00 00 66 90 48 8b 40 10 <4c> 8b 40 40 44 0f b7 49 44 4c 89 ee 49 8b 4c 24 40 48 8b 7d c0 
RIP  [<ffffffffa0274444>] configfs_readdir+0xf4/0x230 [configfs]
 RSP <ffff8825a19d9e78>
CR2: 0000000000000040
  • Kernel crashes with following messages when trying to capture debug data for GFS2 issue from the mount /sys/kernel/debug:
------------[ cut here ]------------
kernel BUG at fs/configfs/dir.c:59!
invalid opcode: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/0000:04:00.0/host3/rport-3:0-0/target3:0:0/3:0:0:0/state
CPU 19 
Modules linked in: bridge gfs2 dlm configfs autofs4 ipmi_devintf nfs lockd fscache auth_rpcgss nfs_acl lin_tape(U) sunrpc pcc_cpufreq bonding 8021q garp stp llc ipv6 xfs exportfs microcode serio_raw hpwdt hpilo iTCO_wdt iTCO_vendor_support ioatdma dca osst st ch power_meter sg tg3 be2net shpchp ext4 mbcache jbd2 raid1 dm_round_robin sd_mod crc_t10dif sr_mod cdrom iomemory_vsl(P)(U) qla2xxx scsi_transport_fc scsi_tgt hpsa pata_acpi ata_generic ata_piix dm_multipath dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]

Pid: 63470, comm: glocktop Tainted: P           ---------------    2.6.32-358.14.1.el6.x86_64 #1 HP ProLiant DL380p Gen8
RIP: 0010:[<ffffffffa04b640b>]  [<ffffffffa04b640b>] configfs_d_iput+0x7b/0xa0 [configfs]
RSP: 0018:ffff882b6f63be48  EFLAGS: 00010287
RAX: ffffffffa04b6390 RBX: ffff881813d65710 RCX: 0000000000000001
RDX: ffff8804aec765d8 RSI: ffff8804aec765a8 RDI: ffff8817aac6d240
RBP: ffff882b6f63be58 R08: ffff8817aac6d290 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8804aec765a8
R13: ffff8804aec765a8 R14: ffff8817aac6d240 R15: ffff882fcb2fed80
FS:  00007fa721c10700(0000) GS:ffff88007db60000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa721c1f000 CR3: 0000000309fa1000 CR4: 00000000000407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process glocktop (pid: 63470, threadinfo ffff882b6f63a000, task ffff8820ef644040)
Stack:
 ffff8817aac6d240 ffff8804aec765a8 ffff882b6f63be78 ffffffff8119932c
<d> ffff8817aac6d240 ffff8817aac6d248 ffff882b6f63be98 ffffffff811994a1
<d> ffff8817aac6d240 ffff8817aac6d248 ffff882b6f63beb8 ffffffff8119b04c
Call Trace:
 [<ffffffff8119932c>] dentry_iput+0x7c/0x100
 [<ffffffff811994a1>] d_kill+0x31/0x60
 [<ffffffff8119b04c>] dput+0x7c/0x150
 [<ffffffff81182959>] __fput+0x189/0x210
 [<ffffffff81182a05>] fput+0x25/0x30
 [<ffffffff8117de5d>] filp_close+0x5d/0x90
 [<ffffffff8117df35>] sys_close+0xa5/0x100
 [<ffffffff8100b072>] system_call_fastpath+0x16/0x1b
Code: f6 43 40 01 75 e3 48 8b 7b 50 e8 01 2e cb e0 48 8b 3d 72 34 00 00 48 89 de e8 c2 26 cb e0 4c 89 e7 e8 8a 62 ce e0 5b 41 5c c9 c3 <0f> 0b eb fe be 9c 00 00 00 48 c7 c7 90 8a 4b a0 e8 20 7f bb e0 
RIP  [<ffffffffa04b640b>] configfs_d_iput+0x7b/0xa0 [configfs]
 RSP <ffff882b6f63be48>

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • configfs (typically used by clustering software)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.