In Red Hat Enterprise Linux 6 nfs4_file_put_access calls fput resulting in NULL pointer dereference at 0000000000000016

Solution Verified - Updated -

Issue

BUG: unable to handle kernel NULL pointer dereference at 0000000000000016
IP: [<ffffffff81177fa9>] fput+0x9/0x30
PGD 62ee19067 PUD 62d2c0067 PMD 0 
Oops: 0002 [#1] SMP 
last sysfs file: /sys/devices/system/cpu/cpu31/cache/index2/shared_cpu_map
CPU 0 
Modules linked in: ipmi_si mpt2sas scsi_transport_sas raid_class mptctl mptbase ipmi_devintf ipmi_msghandler dell_rbu iptable_filter ip_tables bridge stp llc nfsd lockd nfs_acl auth_rpcgss autofs4 sunrpc bonding ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 xfs exportfs ext4 jbd2 uinput power_meter sg shpchp tg3 bnx2x libcrc32c mdio dcdbas microcode sb_edac edac_core iTCO_wdt iTCO_vendor_support ext3 jbd mbcache sd_mod crc_t10dif wmi megaraid_sas dm_mirror dm_region_hash dm_log dm_mod [last unloaded: ipmi_si]

Pid: 4588, comm: nfsd Tainted: G        W  ----------------   2.6.32-220.el6.x86_64 #1 Dell Inc. PowerEdge R720xd/0C4Y3R
RIP: 0010:[<ffffffff81177fa9>]  [<ffffffff81177fa9>] fput+0x9/0x30
RSP: 0018:ffff88062e365c90  EFLAGS: 00010282
RAX: ffff880c2b3d99cc RBX: ffff880c2b3d9978 RCX: 0000000000000002
RDX: dead000000100101 RSI: 0000000000000001 RDI: ffffffffffffffe6
RBP: ffff88062e365c90 R08: ffff88041fe797d8 R09: ffff88062e365d58
R10: 0000000000000008 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000007 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff880028200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000016 CR3: 000000062f0bb000 CR4: 00000000000406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsd (pid: 4588, threadinfo ffff88062e364000, task ffff88062e3be040)
Stack:
 ffff88062e365cc0 ffffffffa0562334 0000000000000001 ffff880c2b3d9978
<0> 0000000000000002 ffff88041fe79818 ffff88062e365ce0 ffffffffa05623ab
<0> ffff88062e365d30 ffff88041fe797b8 ffff88062e365d10 ffffffffa056634d
Call Trace:
 [<ffffffffa0562334>] __nfs4_file_put_access+0x44/0xa0 [nfsd]
 [<ffffffffa05623ab>] nfs4_file_put_access+0x1b/0x50 [nfsd]
 [<ffffffffa056634d>] free_generic_stateid+0x5d/0xe0 [nfsd]
 [<ffffffffa0566e4b>] release_open_stateid+0x4b/0x60 [nfsd]
 [<ffffffffa0567401>] nfsd4_close+0xc1/0x140 [nfsd]
 [<ffffffffa0557f28>] nfsd4_proc_compound+0x3d8/0x490 [nfsd]
 [<ffffffffa054543e>] nfsd_dispatch+0xfe/0x240 [nfsd]
 [<ffffffffa04ba5a4>] svc_process_common+0x344/0x640 [sunrpc]
 [<ffffffff8105fa50>] ? default_wake_function+0x0/0x20
 [<ffffffffa04babe0>] svc_process+0x110/0x160 [sunrpc]
 [<ffffffffa0545b62>] nfsd+0xc2/0x160 [nfsd]
 [<ffffffffa0545aa0>] ? nfsd+0x0/0x160 [nfsd]
 [<ffffffff81090886>] kthread+0x96/0xa0
 [<ffffffff8100c14a>] child_rip+0xa/0x20
 [<ffffffff810907f0>] ? kthread+0x0/0xa0
 [<ffffffff8100c140>] ? child_rip+0x0/0x20
Code: fe ff ff 31 d2 48 89 de 83 cf ff ff d0 e9 da fe ff ff 48 89 df e8 38 15 04 00 e9 bb fe ff ff 0f 1f 00 55 48 89 e5 0f 1f 44 00 00 <f0> 48 ff 4f 30 0f 94 c0 84 c0 75 0b c9 c3 66 0f 1f 84 00 00 00 
RIP  [<ffffffff81177fa9>] fput+0x9/0x30
 RSP <ffff88062e365c90>
CR2: 0000000000000016

Environment

  • Red Hat Enterprise Linux 6.2 (NFS Server)
  • kernel 2.6.32-220.el6.x86_64
  • NFSv4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content