[RHEL 8] kernel crash in ch_release() during changer device release when multiple processes had it open
Issue
System crashes with kernel panic stack trace:
crash> bt
PID: 15217 TASK: ffff8a7602090000 CPU: 17 COMMAND: "scsieject"
#0 [ffffad1e4d84b9e8] machine_kexec at ffffffffaa8650ce
#1 [ffffad1e4d84ba40] __crash_kexec at ffffffffaa9a53dd
#2 [ffffad1e4d84bb08] crash_kexec at ffffffffaa9a62cd
#3 [ffffad1e4d84bb20] oops_end at ffffffffaa8264cd
#4 [ffffad1e4d84bb40] no_context at ffffffffaa8763bf
#5 [ffffad1e4d84bb98] __bad_area_nosemaphore at ffffffffaa87671c
#6 [ffffad1e4d84bbe0] do_page_fault at ffffffffaa876fb7
#7 [ffffad1e4d84bc10] page_fault at ffffffffab20111e
[exception RIP: scsi_device_put+0x6]
RIP: ffffffffaae5b766 RSP: ffffad1e4d84bcc8 RFLAGS: 00010286
RAX: ffffffffc0b3d990 RBX: ffff8a71877eb500 RCX: ffff8a7188efa880
RDX: ffff8a718ecf94d0 RSI: ffff8a718ecf9400 RDI: 0000000000000000
RBP: ffff8a718ecf9400 R8: 0000000000000000 R9: 0000000000000000
R10: ffffad1e4d84bcf0 R11: ffff8a718ecf9410 R12: 000000000008001f
R13: ffff8a7193c90078 R14: ffff8a7188efa8a0 R15: ffff8a718dbfb5c0
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#8 [ffffad1e4d84bcd0] ch_release at ffffffffc0b3d9aa [ch]
#9 [ffffad1e4d84bce8] __fput at ffffffffaab40f4e
#10 [ffffad1e4d84bd30] task_work_run at ffffffffaa91009a
#11 [ffffad1e4d84bd68] do_exit at ffffffffaa8f247d
#12 [ffffad1e4d84bdd8] do_group_exit at ffffffffaa8f2cda
#13 [ffffad1e4d84be00] get_signal at ffffffffaa8ff7c8
#14 [ffffad1e4d84be58] do_signal at ffffffffaa821fd6
#15 [ffffad1e4d84bf20] exit_to_usermode_loop at ffffffffaa803c59
#16 [ffffad1e4d84bf38] do_syscall_64 at ffffffffaa804448
#17 [ffffad1e4d84bf50] entry_SYSCALL_64_after_hwframe at ffffffffab2000ad
Environment
- Red Hat Enterprise Linux 8
- problem detected on kernel 4.18.0-372.13.1.el8_6.x86_64
- System has SCSI changer device connected driven by the "ch" driver
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
