A vast number of "BUG: Bad page map" and "BUG: Bad page state" messages followed by null-ptr-deref crash in pgtable_trans_huge_withdraw()

Solution Unverified - Updated 2024-05-18T00:52:38+00:00 -

Issue

A vast number of "BUG: Bad page map" and "BUG: Bad page state" messages followed by null-ptr-deref crash in pgtable_trans_huge_withdraw()

    ...
[16307.760090] BUG: Bad page map in process rpc reactor-221  pte:8000000000002063 pmd:71828a7067
[16307.760449] page:ffffdb3300000080 count:1 mapcount:-1 mapping:          (null) index:0x0
[16307.760805] page flags: 0xfffff00000414(referenced|dirty|reserved)
[16307.761089] page dumped because: bad pte
[16307.761247] addr:00009ed2c0002000 vm_flags:08100070 anon_vma:ffff9f8f8dd80f78 mapping:          (null) index:9ed2c0002
[16307.761720] CPU: 61 PID: 367438 Comm: rpc reactor-221 Kdump: loaded Tainted: P    B       E  ------------ T 3.10.0-1160.99.1.el7.x86_64 #1
[16307.761721] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 09/29/2022
[16307.761722] Call Trace:
[16307.761723]  [<ffffffffad7b1bec>] dump_stack+0x19/0x1f
[16307.761725]  [<ffffffffad1fa579>] print_bad_pte+0x1f9/0x290
[16307.761727]  [<ffffffffad1fd5ea>] unmap_page_range+0xbfa/0xc80
[16307.761729]  [<ffffffffad1fd6f1>] unmap_single_vma+0x81/0x100
[16307.761731]  [<ffffffffad1ff149>] unmap_vmas+0x49/0x90
[16307.761733]  [<ffffffffad20953c>] exit_mmap+0xac/0x1a0
[16307.761735]  [<ffffffffad09c07f>] mmput+0x6f/0x100
[16307.761737]  [<ffffffffad0a6128>] do_exit+0x288/0xa30
[16307.761739]  [<ffffffffad0b4d63>] ? __sigqueue_free.part.13+0x33/0x40
[16307.761740]  [<ffffffffad0a694f>] do_group_exit+0x3f/0xa0
[16307.761742]  [<ffffffffad0b825e>] get_signal_to_deliver+0x1ce/0x5e0
[16307.761744]  [<ffffffffad02d5b7>] do_signal+0x57/0x6f0
[16307.761746]  [<ffffffffad7bfa47>] ? __do_page_fault+0x487/0x510
[16307.761748]  [<ffffffffad02dcca>] do_notify_resume+0x7a/0xd0
[16307.761749]  [<ffffffffad7bb5bc>] retint_signal+0x48/0x8c
    ...
[16312.063489] BUG: Bad page state in process rpc reactor-221  pfn:00002
[16312.078611] page:ffffdb3300000080 count:0 mapcount:-1 mapping:          (null) index:0x0
[16312.094195] page flags: 0xfffff00000414(referenced|dirty|reserved)
[16312.109262] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[16312.124156] bad because of flags:
[16312.138871] page flags: 0x400(reserved)
[16312.154889] Modules linked in: [...]
    ...
[16312.154941] CPU: 61 PID: 367438 Comm: rpc reactor-221 Kdump: loaded Tainted: P    B       E  ------------ T 3.10.0-1160.99.1.el7.x86_64 #1
[16312.154942] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 09/29/2022
[16312.154943] Call Trace:
[16312.154946]  [<ffffffffad7b1bec>] dump_stack+0x19/0x1f
[16312.154949]  [<ffffffffad7acdfc>] bad_page.part.75+0xdc/0xfd
[16312.154953]  [<ffffffffad1d1f16>] free_pages_prepare+0x1f6/0x220
[16312.154955]  [<ffffffffad1d29ac>] free_hot_cold_page+0x7c/0x170
[16312.154956]  [<ffffffffad1d2ae6>] free_hot_cold_page_list+0x46/0xa0
[16312.154959]  [<ffffffffad1d88de>] release_pages+0x24e/0x430
[16312.154963]  [<ffffffffad21614d>] free_pages_and_swap_cache+0xad/0xd0
[16312.154965]  [<ffffffffad1fbb64>] tlb_flush_mmu_free+0x34/0x60
[16312.154967]  [<ffffffffad1fd1d4>] unmap_page_range+0x7e4/0xc80
[16312.154969]  [<ffffffffad1fd6f1>] unmap_single_vma+0x81/0x100
[16312.154971]  [<ffffffffad1ff149>] unmap_vmas+0x49/0x90
[16312.154972]  [<ffffffffad20953c>] exit_mmap+0xac/0x1a0
[16312.154974]  [<ffffffffad09c07f>] mmput+0x6f/0x100
[16312.154976]  [<ffffffffad0a6128>] do_exit+0x288/0xa30
[16312.154978]  [<ffffffffad0b4d63>] ? __sigqueue_free.part.13+0x33/0x40
[16312.154980]  [<ffffffffad0a694f>] do_group_exit+0x3f/0xa0
[16312.154982]  [<ffffffffad0b825e>] get_signal_to_deliver+0x1ce/0x5e0
[16312.154984]  [<ffffffffad02d5b7>] do_signal+0x57/0x6f0
[16312.154986]  [<ffffffffad7bfa47>] ? __do_page_fault+0x487/0x510
[16312.154987]  [<ffffffffad02dcca>] do_notify_resume+0x7a/0xd0
[16312.154989]  [<ffffffffad7bb5bc>] retint_signal+0x48/0x8c
    ...
[Sun Jan  7 04:47:42 EST 2024] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[Sun Jan  7 04:47:42 EST 2024] IP: [<ffffffffad214403>] pgtable_trans_huge_withdraw+0x43/0xa0
[Sun Jan  7 04:47:42 EST 2024] PGD 0 
[Sun Jan  7 04:47:42 EST 2024] Oops: 0000 [#1] SMP 
[Sun Jan  7 04:47:42 EST 2024] Modules linked in: iptable_filter nfsv3 nfs_acl rpcsec_gss_krb5 nfsv4 dns_resolver nfs lockd grace fscache unix_diag af_packet_diag netlink_diag tcp_diag udp_diag inet_diag falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE) falcon_kal(E) falcon_lsm_pinned_15508(E) bonding vfat fat ext4 skx_edac nfit mbcache libnvdimm jbd2 intel_powerclamp coretemp intel_rapl iosf_mbi kvm irqbypass crc32_pclmul ghash_clmulni_intel ipmi_ssif aesni_intel lrw gf128mul glue_helper ablk_helper cryptd pcspkr ses enclosure sg mei_me lpc_ich mei hpilo hpwdt wmi tpm_crb ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter binfmt_misc auth_rpcgss sunrpc ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic i2c_algo_bit drm_kms_helper mlx5_core syscopyarea sysfillrect sysimgblt fb_sys_fops ttm uas drm tg3
[Sun Jan  7 04:47:42 EST 2024]  crct10dif_pclmul smartpqi crct10dif_common usb_storage crc32c_intel mlxfw devlink scsi_transport_sas ptp pps_core drm_panel_orientation_quirks dm_mirror dm_region_hash dm_log dm_mod
[Sun Jan  7 04:47:42 EST 2024] CPU: 61 PID: 367438 Comm: rpc reactor-221 Kdump: loaded Tainted: P    B       E  ------------ T 3.10.0-1160.99.1.el7.x86_64 #1
[Sun Jan  7 04:47:42 EST 2024] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 09/29/2022
[Sun Jan  7 04:47:42 EST 2024] task: ffff9f8379e7a100 ti: ffff9f81f54f8000 task.ti: ffff9f81f54f8000
[Sun Jan  7 04:47:42 EST 2024] RIP: 0010:[<ffffffffad214403>]  [<ffffffffad214403>] pgtable_trans_huge_withdraw+0x43/0xa0
[Sun Jan  7 04:47:42 EST 2024] RSP: 0000:ffff9f81f54fba60  EFLAGS: 00010202
[Sun Jan  7 04:47:42 EST 2024] RAX: ffffdb34c60a2980 RBX: 0000000000000000 RCX: ffffdb3300000000
[Sun Jan  7 04:47:42 EST 2024] RDX: 0000000000000001 RSI: ffff9f44c28a6008 RDI: ffff9f8fefa95780
[Sun Jan  7 04:47:42 EST 2024] RBP: ffff9f81f54fba68 R08: 0000612cc0000000 R09: 0000000000000001
[Sun Jan  7 04:47:42 EST 2024] R10: 0000000000000001 R11: 0000000000100000 R12: ffff9f44428a6008
[Sun Jan  7 04:47:42 EST 2024] R13: ffff9f81f54fbc18 R14: ffffdb3300008000 R15: 00009ed2c0400000
[Sun Jan  7 04:47:42 EST 2024] FS:  00007f13d5c54700(0000) GS:ffffa052ffb40000(0000) knlGS:0000000000000000
[Sun Jan  7 04:47:42 EST 2024] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Sun Jan  7 04:47:42 EST 2024] CR2: 0000000000000020 CR3: 0000007182210000 CR4: 00000000007607e0
[Sun Jan  7 04:47:42 EST 2024] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[Sun Jan  7 04:47:42 EST 2024] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[Sun Jan  7 04:47:42 EST 2024] PKRU: 55555554
[Sun Jan  7 04:47:42 EST 2024] Call Trace:
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad244591>] zap_huge_pmd+0x241/0x350
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad1fd43f>] unmap_page_range+0xa4f/0xc80
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad1fd6f1>] unmap_single_vma+0x81/0x100
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad1ff149>] unmap_vmas+0x49/0x90
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad20953c>] exit_mmap+0xac/0x1a0
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad09c07f>] mmput+0x6f/0x100
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad0a6128>] do_exit+0x288/0xa30
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad0b4d63>] ? __sigqueue_free.part.13+0x33/0x40
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad0a694f>] do_group_exit+0x3f/0xa0
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad0b825e>] get_signal_to_deliver+0x1ce/0x5e0
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad02d5b7>] do_signal+0x57/0x6f0
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad7bfa47>] ? __do_page_fault+0x487/0x510
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad02dcca>] do_notify_resume+0x7a/0xd0
[Sun Jan  7 04:47:42 EST 2024]  [<ffffffffad7bb5bc>] retint_signal+0x48/0x8c
[Sun Jan  7 04:47:42 EST 2024] Code: 53 72 55 49 c7 c0 00 00 00 80 4c 2b 05 17 19 a3 00 4a 8d 04 06 48 c1 e8 0c 48 c1 e0 06 48 01 c8 8b 50 30 85 d2 74 5f 48 8b 58 10 <48> 8b 53 20 48 8d 7b 20 48 39 d7 74 30 48 83 ea 20 48 89 50 10 
[Sun Jan  7 04:47:42 EST 2024] RIP  [<ffffffffad214403>] pgtable_trans_huge_withdraw+0x43/0xa0
[Sun Jan  7 04:47:42 EST 2024]  RSP <ffff9f81f54fba60>
[Sun Jan  7 04:47:42 EST 2024] CR2: 0000000000000020

Environment

Red Hat Enterprise Linux 7.9.z

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Select Your Language

A vast number of "BUG: Bad page map" and "BUG: Bad page state" messages followed by null-ptr-deref crash in pgtable_trans_huge_withdraw()

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links