RHEL 7 crash in xfs_buf_offset() because of bp->b_pages = NULL while b_page_count is more than zero
Issue
System crashes with console messages:
[195531.170532] BUG: unable to handle kernel NULL pointer dereference at (null)
[195531.171784] IP: [<ffffffffc0c01428>] xfs_buf_offset+0x38/0x60 [xfs]
[195531.172622] PGD 0
[195531.173349] Oops: 0000 [#1] SMP
...
[195531.187554] CPU: 48 PID: 18731 Comm: xfsaild/dm-37 Kdump: loaded Tainted: P OE ------------ 3.10.0-1160.76.1.el7.x86_64 #1
[195531.189212] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 07/14/2022
[195531.190057] task: ffff93e733b65280 ti: ffff94455ef20000 task.ti: ffff94455ef20000
[195531.190901] RIP: 0010:[<ffffffffc0c01428>] [<ffffffffc0c01428>] xfs_buf_offset+0x38/0x60 [xfs]
[195531.191772] RSP: 0018:ffff94455ef23c10 EFLAGS: 00010246
[195531.192613] RAX: 0000000000000000 RBX: ffff94455a58f000 RCX: 0000000000000009
[195531.193470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff943e45621e00
[195531.194301] RBP: ffff94455ef23c50 R08: ffff943e45621e80 R09: 0000000000000000
[195531.195132] R10: 0000000000000000 R11: 0000000000000400 R12: 0000000000000000
[195531.195958] R13: ffff943e45621e00 R14: 0000000000000000 R15: 0000000000000020
[195531.196777] FS: 0000000000000000(0000) GS:ffff9448bf800000(0000) knlGS:0000000000000000
[195531.197597] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[195531.198410] CR2: 0000000000000000 CR3: 000000a532410000 CR4: 00000000007607e0
[195531.199219] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[195531.200023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[195531.200815] PKRU: 00000000
[195531.201600] Call Trace:
[195531.202375] [<ffffffffc0bf4a72>] ? xfs_inode_buf_verify+0x82/0x160 [xfs]
[195531.203142] [<ffffffffc0c012e0>] ? xfs_buf_delwri_submit_buffers+0x130/0x240 [xfs]
[195531.203912] [<ffffffffc0bf4b60>] xfs_inode_buf_write_verify+0x10/0x20 [xfs]
[195531.204690] [<ffffffffc0bff027>] _xfs_buf_ioapply+0x97/0x460 [xfs]
[195531.205464] [<ffffffff9dedb2e0>] ? wake_up_state+0x20/0x20
[195531.206246] [<ffffffffc0c012e0>] ? xfs_buf_delwri_submit_buffers+0x130/0x240 [xfs]
[195531.207047] [<ffffffffc0c00c72>] __xfs_buf_submit+0x72/0x250 [xfs]
[195531.207837] [<ffffffffc0c012e0>] xfs_buf_delwri_submit_buffers+0x130/0x240 [xfs]
[195531.208623] [<ffffffffc0c01bd0>] ? xfs_buf_delwri_submit_nowait+0x10/0x20 [xfs]
[195531.209409] [<ffffffffc0c30a80>] ? xfs_trans_ail_cursor_first+0x90/0x90 [xfs]
[195531.210204] [<ffffffffc0c01bd0>] xfs_buf_delwri_submit_nowait+0x10/0x20 [xfs]
[195531.210989] [<ffffffffc0c30d0a>] xfsaild+0x28a/0x780 [xfs]
[195531.211767] [<ffffffffc0c30a80>] ? xfs_trans_ail_cursor_first+0x90/0x90 [xfs]
[195531.212553] [<ffffffff9dec5f91>] kthread+0xd1/0xe0
[195531.213296] [<ffffffff9dec5ec0>] ? insert_kthread_work+0x40/0x40
[195531.214023] [<ffffffff9e599ddd>] ret_from_fork_nospec_begin+0x7/0x21
[195531.214739] [<ffffffff9dec5ec0>] ? insert_kthread_work+0x40/0x40
[195531.215439] Code: 48 89 e5 48 85 c0 74 0b 48 01 f0 5d c3 66 0f 1f 44 00 00 8b 87 4c 01 00 00 5d 48 01 c6 48 8b 87 08 01 00 00 48 89 f2 48 c1 ea 0c <48> 8b 14 d0 48 2b 15 bd 48 e4 dd 48 89 f0 25 ff 0f 00 00 48 c1
[195531.216897] RIP [<ffffffffc0c01428>] xfs_buf_offset+0x38/0x60 [xfs]
[195531.217599] RSP <ffff94455ef23c10>
[195531.218278] CR2: 0000000000000000
The kernel panic stack trace:
crash> bt
PID: 18731 TASK: ffff93e733b65280 CPU: 48 COMMAND: "xfsaild/dm-37"
#0 [ffff94455ef238a0] machine_kexec at ffffffff9de663d4
#1 [ffff94455ef23900] __crash_kexec at ffffffff9df22ae2
#2 [ffff94455ef239d0] crash_kexec at ffffffff9df22bd0
#3 [ffff94455ef239e8] oops_end at ffffffff9e591798
#4 [ffff94455ef23a10] no_context at ffffffff9de75d14
#5 [ffff94455ef23a60] __bad_area_nosemaphore at ffffffff9de75fe2
#6 [ffff94455ef23ab0] bad_area_nosemaphore at ffffffff9de76104
#7 [ffff94455ef23ac0] __do_page_fault at ffffffff9e594750
#8 [ffff94455ef23b30] do_page_fault at ffffffff9e594975
#9 [ffff94455ef23b60] page_fault at ffffffff9e590778
[exception RIP: xfs_buf_offset+0x38]
RIP: ffffffffc0c01428 RSP: ffff94455ef23c10 RFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff94455a58f000 RCX: 0000000000000009
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff943e45621e00
RBP: ffff94455ef23c50 R8: ffff943e45621e80 R9: 0000000000000000
R10: 0000000000000000 R11: 0000000000000400 R12: 0000000000000000
R13: ffff943e45621e00 R14: 0000000000000000 R15: 0000000000000020
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#10 [ffff94455ef23c10] xfs_inode_buf_verify at ffffffffc0bf4a72 [xfs]
#11 [ffff94455ef23c58] xfs_inode_buf_write_verify at ffffffffc0bf4b60 [xfs]
#12 [ffff94455ef23c68] _xfs_buf_ioapply at ffffffffc0bff027 [xfs]
#13 [ffff94455ef23d18] __xfs_buf_submit at ffffffffc0c00c72 [xfs]
#14 [ffff94455ef23d48] xfs_buf_delwri_submit_buffers at ffffffffc0c012e0 [xfs]
#15 [ffff94455ef23de8] xfs_buf_delwri_submit_nowait at ffffffffc0c01bd0 [xfs]
#16 [ffff94455ef23df8] xfsaild at ffffffffc0c30d0a [xfs]
#17 [ffff94455ef23ec8] kthread at ffffffff9dec5f91
#18 [ffff94455ef23f50] ret_from_fork_nospec_begin at ffffffff9e599ddd
Environment
- Red Hat Enterprise Linux 7.9
- The problem was detected on kernel-3.10.0-1160.76.1.el7
- XFS file system in use
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.