RHEL7: Kernel crash at nfs_readpage_async+0x43 or nfs_updatepage+0x1b9

Solution Verified - Updated -

Issue

  • The issue happens with below logs:
[25730.889956] BUG: unable to handle kernel NULL pointer dereference at           (null)
[25730.892166] IP: [<ffffffffc0ca0309>] nfs_updatepage+0x1b9/0x8e0 [nfs]
[25730.894326] PGD 800000084da1e067 PUD 84da1d067 PMD 0 
[25730.896345] Oops: 0000 [#1] SMP 
[25730.898328] Modules linked in: binfmt_misc nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache ext4 mbcache jbd2 loop iscsi_target_mod scsi_transport_iscsi target_core_mod scsi_transport_srp scsi_tgt sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass ipmi_ssif crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul ipmi_si glue_helper ablk_helper iTCO_wdt iTCO_vendor_support cryptd pcspkr ipmi_devintf ipmi_msghandler dcdbas sg mei_me shpchp lpc_ich mei acpi_power_meter nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ahci crct10dif_pclmul crct10dif_common libahci crc32c_intel tg3 libata i2c_core megaraid_sas be2net ptp pps_core
[25730.910833]  dm_mirror dm_region_hash dm_log dm_mod [last unloaded: ib_core]
[25730.912988] CPU: 0 PID: 15036 Comm: test_enospc-4 Kdump: loaded Tainted: G               ------------ T 3.10.0-862.11.6.el7.x86_64 #1
[25730.917083] Hardware name: Dell Inc. PowerEdge R430/0HFG24, BIOS 1.5.4 10/05/2015
[25730.919166] task: ffff9baed5f6bf40 ti: ffff9bad68aac000 task.ti: ffff9bad68aac000
[25730.921239] RIP: 0010:[<ffffffffc0ca0309>]  [<ffffffffc0ca0309>] nfs_updatepage+0x1b9/0x8e0 [nfs]
[25730.923331] RSP: 0018:ffff9bad68aafb68  EFLAGS: 00010246
[25730.925375] RAX: 0000000000000000 RBX: ffffdb691ada7980 RCX: ffff9bac50cfa800
[25730.927430] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9baedb7e0e98
[25730.929452] RBP: ffff9bad68aafbc0 R08: 000000000001bac0 R09: ffff9baecbfc8e80
[25730.931457] R10: 00001766f08df591 R11: 0000000000000006 R12: ffff9baecbfc8ec0
[25730.933442] R13: 0000000000000688 R14: ffff9baedb7e0e98 R15: ffff9baecbfc8e80
[25730.935413] FS:  00007f956eb58740(0000) GS:ffff9baedd200000(0000) knlGS:0000000000000000
[25730.937360] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[25730.939285] CR2: 0000000000000000 CR3: 0000000711e00000 CR4: 00000000001607f0
[25730.941195] Call Trace:
[25730.943077]  [<ffffffffc0c8f531>] nfs_write_end+0x141/0x350 [nfs]
[25730.944922]  [<ffffffff9b796b08>] generic_file_buffered_write+0x198/0x2c0
[25730.946760]  [<ffffffff9bd1e3e9>] kretprobe_trampoline_holder+0x9/0x9
[25730.948594]  [<ffffffff9bd1e3e9>] kretprobe_trampoline_holder+0x9/0x9
[25730.950380]  [<ffffffff9bd1e3e9>] kretprobe_trampoline_holder+0x9/0x9
[25730.952137]  [<ffffffff9bd1e3e9>] kretprobe_trampoline_holder+0x9/0x9
[25730.953818]  [<ffffffff9b81f180>] vfs_write+0xc0/0x1f0
[25730.955525]  [<ffffffff9b820172>] SyS_pwrite64+0x92/0xc0
[25730.957208]  [<ffffffff9bd25a1b>] tracesys+0xa3/0xc9
[25730.958827] Code: 1f 40 00 4d 85 ff 0f 84 49 03 00 00 49 81 ff 00 f0 ff ff 0f 87 13 06 00 00 e9 7b ed 79 ff 00 01 00 0f 85 f8 05 00 00 48 8b 43 08 <4c> 8b 20 49 8d 84 24 88 00 00 00 48 89 c7 48 89 45 c8 e8 90 b2 
[25730.962481] RIP  [<ffffffffc0ca0309>] nfs_updatepage+0x1b9/0x8e0 [nfs]
[25730.964183]  RSP <ffff9bad68aafb68>
[25730.965793] CR2: 0000000000000000
  • Another pattern with logs:
[10891930.243311] BUG: unable to handle kernel NULL pointer dereference at           (null)
[10891930.243352] IP: [<ffffffffc0931053>] nfs_flush_incompatible+0xb3/0x150 [nfs]
[10891930.243391] PGD 8000001f8621f067 PUD 1f57a02067 PMD 0 
[10891930.243414] Oops: 0000 [#1] SMP 
[10891930.243431] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache veth ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter xt_conntrack nf_nat nf_conntrack br_netfilter bridge stp llc overlay(T) vmw_vsock_vmci_transport vsock ppdev vmw_balloon sb_edac iosf_mbi crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd pcspkr joydev sg nfit vmw_vmci parport_pc i2c_piix4 shpchp libnvdimm parport nfsd auth_rpcgss binfmt_misc nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sr_mod cdrom ata_generic pata_acpi vmwgfx sd_mod crc_t10dif crct10dif_generic drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ahci ata_piix libahci crct10dif_pclmul
[10891930.243749]  libata crct10dif_common crc32c_intel serio_raw vmxnet3 i2c_core vmw_pvscsi dm_mirror dm_region_hash dm_log dm_mod
[10891930.243795] CPU: 4 PID: 12784 Comm: downaga Kdump: loaded Tainted: G               ------------ T 3.10.0-862.el7.x86_64 #1
[10891930.243832] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016
[10891930.243867] task: ffff9beb63ad9fa0 ti: ffff9beb622cc000 task.ti: ffff9beb622cc000
[10891930.243892] RIP: 0010:[<ffffffffc0931053>]  [<ffffffffc0931053>] nfs_flush_incompatible+0xb3/0x150 [nfs]
[10891930.243931] RSP: 0000:ffff9beb622cfbf0  EFLAGS: 00010246
[10891930.243951] RAX: 0000000000000000 RBX: ffffe8fc448799c0 RCX: 0000000000000000
[10891930.243975] RDX: 0000000000000000 RSI: ffff9bdb7efac900 RDI: ffffe8fc448799c0
[10891930.243999] RBP: ffff9beb622cfc18 R08: 000000000001ba80 R09: ffffffffc092bdb3
[10891930.244023] R10: ffff9beb7f31ba80 R11: ffffe8fc3efbeb00 R12: 0000000000000001
[10891930.244048] R13: ffff9beb0f7aac80 R14: ffff9beb63ad9fa0 R15: ffff9bd6129ad7c0
[10891930.244073] FS:  00007f15de6ef8c0(0000) GS:ffff9beb7f300000(0000) knlGS:0000000000000000
[10891930.244100] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[10891930.244123] CR2: 0000000000000000 CR3: 0000001fb4f08000 CR4: 00000000003607e0
[10891930.244196] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[10891930.244222] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[10891930.244248] Call Trace:
[10891930.244266]  [<ffffffffc091fcc4>] nfs_vm_page_mkwrite+0x124/0x1f0 [nfs]
[10891930.244292]  [<ffffffffbc7c06fa>] do_page_mkwrite+0x8a/0xe0
[10891930.244314]  [<ffffffffbc7c3ddf>] do_wp_page+0x41f/0x710
[10891930.244336]  [<ffffffffbcd1551e>] ? _raw_spin_unlock_bh+0x1e/0x20
[10891930.244360]  [<ffffffffbcbd1660>] ? release_sock+0x120/0x170
[10891930.244381]  [<ffffffffbc7c536d>] handle_pte_fault+0x36d/0xc30
[10891930.244403]  [<ffffffffbcbcb2cf>] ? sock_destroy_inode+0x2f/0x40
[10891930.244426]  [<ffffffffbc837f7b>] ? destroy_inode+0x3b/0x60
[10891930.244447]  [<ffffffffbc7c747d>] handle_mm_fault+0x39d/0x9b0
[10891930.244469]  [<ffffffffbc832c20>] ? d_free+0x60/0x70
[10891930.244489]  [<ffffffffbcd1a587>] __do_page_fault+0x197/0x4f0
[10891930.244510]  [<ffffffffbcd1a915>] do_page_fault+0x35/0x90
[10891930.244531]  [<ffffffffbcd16768>] page_fault+0x28/0x30
[10891930.244549] Code: 48 8b 43 08 48 8b 38 31 d2 48 89 de e8 d7 fd ff ff 85 c0 0f 85 81 00 00 00 48 8b 03 a9 00 00 01 00 0f 85 8b 00 00 00 48 8b 43 08 <4c> 8b 38 4d 8d a7 88 00 00 00 4c 89 e7 e8 fb 45 3e fc 49 8d bf 
[10891930.244690] RIP  [<ffffffffc0931053>] nfs_flush_incompatible+0xb3/0x150 [nfs]
[10891930.244721]  RSP <ffff9beb622cfbf0>
[10891930.244735] CR2: 0000000000000000

Environment

  • Red Hat Enterprise Linux 7
  • seen on 3.10.0-862.11.6.el7.x86_64 / 3.10.0-862.20.2.el7 / 3.10.0-957.el7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content