RHEL5.8: repeated system crashes with RIP __d_path from show_vfsmnt

Solution Verified - Updated -

Issue

  • After upgrade to RHEL5.8 kernel (2.6.18.308.*) we started seeing automount crashing the kernel in __d_path
  • Kernel crashes while process reading /proc/<pid>/mounts file containing NFS mounts which are crossmounted
  • Server crashed and rebooted with the following message
Unable to handle kernel NULL pointer dereference at 0000000000000028 RIP: 
 [<ffffffff80032021>] __d_path+0x92/0x133
PGD 2333bc067 PUD 0 
Oops: 0000 [1] SMP 
last sysfs file: /devices/pci0000:00/0000:00:11.0/0000:02:02.0/irq
CPU 0 
Modules linked in: autofs4 nls_utf8 cifs nfs nfs_acl lockd sunrpc ipv6 xfrm_nalgo crypto_api
vsock(U) vmci(U) vmmemctl(U)
acpiphp dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery
asus_acpi acpi_memhotplug ac lp sg ide_cd i2c_piix4 cdrom e1000 pcspkr i2c_core floppy serio_raw
parport_pc shpchp parport tpm_tis tpm tpm_bios dm_raid45 dm_message dm_region_hash dm_mem_cache
dm_snapshot dm_zero dm_mirror dm_log dm_mod ata_piix libata mptspi mptscsih mptbase
scsi_transport_spi sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 14460, comm: automount Tainted: G     ---- 2.6.18-308.13.1.el5 #1
RIP: 0010:[<ffffffff80032021>]  [<ffffffff80032021>] __d_path+0x92/0x133
RSP: 0018:ffff810185929dc8  EFLAGS: 00010203
RAX: ffff8101a4eeafaf RBX: ffff8101a4eeafae RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8101a4eeafaf
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000c6c
R10: ffffffffffffffff R11: 0000000000000000 R12: ffff8101a4eeafae
R13: 0000000000000c1a R14: ffff81023f5555c0 R15: ffff81023f5550c0
FS:  0000000042c70940(0063) GS:ffffffff80431000(0000) knlGS:00000000e32e2b90
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000028 CR3: 0000000233970000 CR4: 00000000000006e0
Process automount (pid: 14460, threadinfo ffff810185928000, task ffff8101eaf6d0c0)
Stack:  00000000ffffffff 0000000000000001 ffff81023e661588 ffff81023e661588
 ffff81023f5550c0 0000000000000c6c ffff8101a4eea394 ffff81013c370080
 ffff8101f6b0dc48 ffffffff80041f26 0000000000000400 ffff8101893195c0
Call Trace:
 [<ffffffff80041f26>] d_path+0xb8/0xf0
 [<ffffffff8003d2aa>] seq_path+0x3b/0xde
 [<ffffffff80030ac7>] show_vfsmnt+0x4b/0x129
 [<ffffffff8003f535>] seq_read+0x1b8/0x28c
 [<ffffffff8000b735>] vfs_read+0xcb/0x171
 [<ffffffff80011d8a>] sys_read+0x45/0x6e
 [<ffffffff8005d28d>] tracesys+0xd5/0xe0

Code: 4c 8b 45 28 4c 39 c5 75 28 48 c7 c7 80 85 45 80 e8 2f 2a 03 
RIP  [<ffffffff80032021>] __d_path+0x92/0x133
 RSP <ffff810185929dc8>

Environment

  • Red Hat Enterprise Linux 5.8
    • kernels at least 2.6.18-308.el5 and less than 2.6.18-308.20.1.el5
  • NFS mounts in /proc/<pid>/mounts at least one of which is cross-mounted (one NFS filesystem mounted on top of a second NFS filesystem)
  • Often seen with automount / autofs

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content