RHEL 7 crash in xfs_buf_offset() because of bp->b_pages = NULL while b_page_count is more than zero

Solution Unverified - Updated -

Issue

System crashes with console messages:

[195531.170532] BUG: unable to handle kernel NULL pointer dereference at           (null)
[195531.171784] IP: [<ffffffffc0c01428>] xfs_buf_offset+0x38/0x60 [xfs]
[195531.172622] PGD 0 
[195531.173349] Oops: 0000 [#1] SMP 
...
[195531.187554] CPU: 48 PID: 18731 Comm: xfsaild/dm-37 Kdump: loaded Tainted: P           OE  ------------   3.10.0-1160.76.1.el7.x86_64 #1
[195531.189212] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 07/14/2022
[195531.190057] task: ffff93e733b65280 ti: ffff94455ef20000 task.ti: ffff94455ef20000
[195531.190901] RIP: 0010:[<ffffffffc0c01428>]  [<ffffffffc0c01428>] xfs_buf_offset+0x38/0x60 [xfs]
[195531.191772] RSP: 0018:ffff94455ef23c10  EFLAGS: 00010246
[195531.192613] RAX: 0000000000000000 RBX: ffff94455a58f000 RCX: 0000000000000009
[195531.193470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff943e45621e00
[195531.194301] RBP: ffff94455ef23c50 R08: ffff943e45621e80 R09: 0000000000000000
[195531.195132] R10: 0000000000000000 R11: 0000000000000400 R12: 0000000000000000
[195531.195958] R13: ffff943e45621e00 R14: 0000000000000000 R15: 0000000000000020
[195531.196777] FS:  0000000000000000(0000) GS:ffff9448bf800000(0000) knlGS:0000000000000000
[195531.197597] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[195531.198410] CR2: 0000000000000000 CR3: 000000a532410000 CR4: 00000000007607e0
[195531.199219] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[195531.200023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[195531.200815] PKRU: 00000000
[195531.201600] Call Trace:
[195531.202375]  [<ffffffffc0bf4a72>] ? xfs_inode_buf_verify+0x82/0x160 [xfs]
[195531.203142]  [<ffffffffc0c012e0>] ? xfs_buf_delwri_submit_buffers+0x130/0x240 [xfs]
[195531.203912]  [<ffffffffc0bf4b60>] xfs_inode_buf_write_verify+0x10/0x20 [xfs]
[195531.204690]  [<ffffffffc0bff027>] _xfs_buf_ioapply+0x97/0x460 [xfs]
[195531.205464]  [<ffffffff9dedb2e0>] ? wake_up_state+0x20/0x20
[195531.206246]  [<ffffffffc0c012e0>] ? xfs_buf_delwri_submit_buffers+0x130/0x240 [xfs]
[195531.207047]  [<ffffffffc0c00c72>] __xfs_buf_submit+0x72/0x250 [xfs]
[195531.207837]  [<ffffffffc0c012e0>] xfs_buf_delwri_submit_buffers+0x130/0x240 [xfs]
[195531.208623]  [<ffffffffc0c01bd0>] ? xfs_buf_delwri_submit_nowait+0x10/0x20 [xfs]
[195531.209409]  [<ffffffffc0c30a80>] ? xfs_trans_ail_cursor_first+0x90/0x90 [xfs]
[195531.210204]  [<ffffffffc0c01bd0>] xfs_buf_delwri_submit_nowait+0x10/0x20 [xfs]
[195531.210989]  [<ffffffffc0c30d0a>] xfsaild+0x28a/0x780 [xfs]
[195531.211767]  [<ffffffffc0c30a80>] ? xfs_trans_ail_cursor_first+0x90/0x90 [xfs]
[195531.212553]  [<ffffffff9dec5f91>] kthread+0xd1/0xe0
[195531.213296]  [<ffffffff9dec5ec0>] ? insert_kthread_work+0x40/0x40
[195531.214023]  [<ffffffff9e599ddd>] ret_from_fork_nospec_begin+0x7/0x21
[195531.214739]  [<ffffffff9dec5ec0>] ? insert_kthread_work+0x40/0x40
[195531.215439] Code: 48 89 e5 48 85 c0 74 0b 48 01 f0 5d c3 66 0f 1f 44 00 00 8b 87 4c 01 00 00 5d 48 01 c6 48 8b 87 08 01 00 00 48 89 f2 48 c1 ea 0c <48> 8b 14 d0 48 2b 15 bd 48 e4 dd 48 89 f0 25 ff 0f 00 00 48 c1 
[195531.216897] RIP  [<ffffffffc0c01428>] xfs_buf_offset+0x38/0x60 [xfs]
[195531.217599]  RSP <ffff94455ef23c10>
[195531.218278] CR2: 0000000000000000

The kernel panic stack trace:

crash> bt
PID: 18731    TASK: ffff93e733b65280  CPU: 48   COMMAND: "xfsaild/dm-37"
 #0 [ffff94455ef238a0] machine_kexec at ffffffff9de663d4
 #1 [ffff94455ef23900] __crash_kexec at ffffffff9df22ae2
 #2 [ffff94455ef239d0] crash_kexec at ffffffff9df22bd0
 #3 [ffff94455ef239e8] oops_end at ffffffff9e591798
 #4 [ffff94455ef23a10] no_context at ffffffff9de75d14
 #5 [ffff94455ef23a60] __bad_area_nosemaphore at ffffffff9de75fe2
 #6 [ffff94455ef23ab0] bad_area_nosemaphore at ffffffff9de76104
 #7 [ffff94455ef23ac0] __do_page_fault at ffffffff9e594750
 #8 [ffff94455ef23b30] do_page_fault at ffffffff9e594975
 #9 [ffff94455ef23b60] page_fault at ffffffff9e590778
    [exception RIP: xfs_buf_offset+0x38]
    RIP: ffffffffc0c01428  RSP: ffff94455ef23c10  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: ffff94455a58f000  RCX: 0000000000000009
    RDX: 0000000000000000  RSI: 0000000000000000  RDI: ffff943e45621e00
    RBP: ffff94455ef23c50   R8: ffff943e45621e80   R9: 0000000000000000
    R10: 0000000000000000  R11: 0000000000000400  R12: 0000000000000000
    R13: ffff943e45621e00  R14: 0000000000000000  R15: 0000000000000020
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
#10 [ffff94455ef23c10] xfs_inode_buf_verify at ffffffffc0bf4a72 [xfs]
#11 [ffff94455ef23c58] xfs_inode_buf_write_verify at ffffffffc0bf4b60 [xfs]
#12 [ffff94455ef23c68] _xfs_buf_ioapply at ffffffffc0bff027 [xfs]
#13 [ffff94455ef23d18] __xfs_buf_submit at ffffffffc0c00c72 [xfs]
#14 [ffff94455ef23d48] xfs_buf_delwri_submit_buffers at ffffffffc0c012e0 [xfs]
#15 [ffff94455ef23de8] xfs_buf_delwri_submit_nowait at ffffffffc0c01bd0 [xfs]
#16 [ffff94455ef23df8] xfsaild at ffffffffc0c30d0a [xfs]
#17 [ffff94455ef23ec8] kthread at ffffffff9dec5f91
#18 [ffff94455ef23f50] ret_from_fork_nospec_begin at ffffffff9e599ddd

Environment

  • Red Hat Enterprise Linux 7.9
  • The problem was detected on kernel-3.10.0-1160.76.1.el7
  • XFS file system in use

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content