NULL pointer dereference in devpts_kill_sb() in Red Hat Enterprise Linux 7

Solution Verified - Updated -

Issue

  • Kernel panic due to NULL pointer dereference in devpts_kill_sb():
crash> bt
PID: 62335  TASK: ffff9b9fb30edee0  CPU: 25  COMMAND: "runc:[2:INIT]"
 #0 [ffff9b9c13333958] machine_kexec at ffffffffa4e60b2a
 #1 [ffff9b9c133339b8] __crash_kexec at ffffffffa4f13402
 #2 [ffff9b9c13333a88] crash_kexec at ffffffffa4f134f0
 #3 [ffff9b9c13333aa0] oops_end at ffffffffa5517768
 #4 [ffff9b9c13333ac8] no_context at ffffffffa5506f98
 #5 [ffff9b9c13333b18] __bad_area_nosemaphore at ffffffffa550702f
 #6 [ffff9b9c13333b68] bad_area_nosemaphore at ffffffffa55071a0
 #7 [ffff9b9c13333b78] __do_page_fault at ffffffffa551a720
 #8 [ffff9b9c13333be0] do_page_fault at ffffffffa551a915
 #9 [ffff9b9c13333c10] page_fault at ffffffffa5516768
    [exception RIP: __idr_remove_all+0x14]
    RIP: ffffffffa514b474  RSP: ffff9b9c13333cc8  RFLAGS: 00010292
    RAX: ffffffffa50a8fa0  RBX: 0000000000000000  RCX: dead000000000200
    RDX: ffffffff00000001  RSI: 0000000000000000  RDI: 0000000000000000
    RBP: ffff9b9c13333d28   R8: ffff9b91d5eec3c8   R9: ffff9b613fc03a00
    R10: 0000000000004cf6  R11: ffff9b9c13333916  R12: 0000000000000000
    R13: ffff9b9fbc7d7000  R14: 0000000000000000  R15: ffff9b91d5eec000
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
#10 [ffff9b9c13333d30] idr_destroy at ffffffffa514b5cd
#11 [ffff9b9c13333d48] ida_destroy at ffffffffa514b88d
#12 [ffff9b9c13333d60] devpts_kill_sb at ffffffffa50a8fbe
#13 [ffff9b9c13333d80] deactivate_locked_super at ffffffffa501de9e
#14 [ffff9b9c13333da0] devpts_mount at ffffffffa50a96df
#15 [ffff9b9c13333e10] mount_fs at ffffffffa501f77e
#16 [ffff9b9c13333e58] vfs_kern_mount at ffffffffa503cd47
#17 [ffff9b9c13333e90] do_mount at ffffffffa503f36f
#18 [ffff9b9c13333f18] sys_mount at ffffffffa50401a3
#19 [ffff9b9c13333f50] system_call_fastpath at ffffffffa551f7d5
    RIP: 000000000047c0da  RSP: 000000c4201047c8  RFLAGS: 00010202
    RAX: 00000000000000a5  RBX: 0000000000000000  RCX: 0000000000000073
    RDX: 000000c4200facc0  RSI: 000000c420155f80  RDI: 000000c4200faba8
    RBP: 000000c420104868   R8: 000000c4200f8e40   R9: 0000000000000000
    R10: 000000000000000a  R11: 0000000000000216  R12: 0000000000000000
    R13: 00000000ffffffee  R14: 0000000000000200  R15: 0000000000000049
    ORIG_RAX: 00000000000000a5  CS: 0033  SS: 002b
  • CGroup oom events and slab oom issue can be observed prior to kernel panic:
[373928.447701] Memory cgroup out of memory: Kill process 62222 (runc:[2:INIT]) score 0 or sacrifice child
[373928.447703] Killed process 62216 (runc:[2:INIT]) total-vm:125712kB, anon-rss:3404kB, file-rss:2840kB, shmem-rss:0kB

[373929.459072] SLUB: Unable to allocate memory on node -1 (gfp=0x80d0)
[373929.459076]   cache: kmalloc-96(1951:5772b6a17fe384bce50e994a5532d2cb007d448257c00a0351e3b33a24df33f5), object size: 96, buffer size: 96, default order: 0, min order: 0
[373929.459078]   node 0: slabs: 0, objs: 0, free: 0
[373929.459079]   node 1: slabs: 0, objs: 0, free: 0
[373929.459115] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008

Environment

  • Red Hat Enterprise Linux 7
    • seen on kernel-3.10.0-862.el7
    • seen on kernel-3.10.0-957.el7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content