The kernel crashes due to NULL pointer dereference occurring in rmap_get_first()

Solution Unverified - Updated -

Issue

  • The kernel crashes due to NULL pointer dereference occurring in rmap_get_first()
[10812977.307481] BUG: unable to handle kernel NULL pointer dereference at 0000000000000100
[10812977.315603] PGD 43e2b57067 P4D 0 
[10812977.319193] Oops: 0000 [#1] SMP NOPTI
[10812977.323133] CPU: 85 PID: 540803 Comm: qemu-kvm Kdump: loaded Tainted: G        W        --------- -  - 4.18.0-305.el8.x86_64 #1
[10812977.334904] Hardware name: Inspur NF5468M6/NF5468M6, BIOS 06.01.01 04/25/2022
[10812977.342351] RIP: 0010:rmap_get_first.isra.71+0x21/0x60 [kvm]
[10812977.348288] Code: 4d 8f 05 00 0f 94 c0 c3 90 0f 1f 44 00 00 48 8b 07 48 85 c0 74 38 a8 01 74 37 48 83 e0 fe 48 89 06 c7 02 00 00 00 00 48 8b 00 <48> 8b 10 48 89 d1 48 0f ba f1 3b 48 85 c9 74 12 48 b9 00 00 00 00
[10812977.367353] RSP: 0000:ff545847cfb43bc8 EFLAGS: 00010246
[10812977.372854] RAX: 0000000000000100 RBX: 0000000000000001 RCX: 00000000009a389a
[10812977.380269] RDX: ff545847cfb43bd8 RSI: ff545847cfb43bd0 RDI: ff545848a451d4d0
[10812977.387686] RBP: ff545848a451d4d0 R08: 0000000000000001 R09: 0000000000000000
[10812977.395097] R10: 00bce0b409d07a3d R11: 00266aa5078f8800 R12: 0000000000000000
[10812977.402514] R13: ff545847cfb43bd8 R14: ff1cd4a93044b410 R15: 0000000000000000
[10812977.409926] FS:  00007fc9ba3bef00(0000) GS:ff1cd4c92f940000(0000) knlGS:0000000000000000
[10812977.418300] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[10812977.424324] CR2: 0000000000000100 CR3: 00000041eefc4006 CR4: 0000000000773ee0
[10812977.431739] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[10812977.439158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[10812977.446582] Call Trace:
[10812977.449334]  kvm_zap_rmapp.constprop.144+0x53/0x80 [kvm]
[10812977.454941]  ? kvm_zap_rmapp.constprop.144+0x80/0x80 [kvm]
[10812977.460719]  kvm_unmap_rmapp+0xd/0x20 [kvm]
[10812977.465937]  kvm_handle_hva_range+0x151/0x1c0 [kvm]
[10812977.471827]  kvm_unmap_hva_range+0x22/0x50 [kvm]
[10812977.477431]  kvm_mmu_notifier_invalidate_range_start+0x49/0x80 [kvm]
[10812977.484767]  __mmu_notifier_invalidate_range_start+0xfc/0x120
[10812977.491483]  change_p4d_range+0x967/0xa60
[10812977.496459]  ? set_fd_set.part.7+0x40/0x40
[10812977.501515]  ? seccomp_run_filters+0x6b/0x120
[10812977.506909]  change_protection+0x12f/0x1c0
[10812977.511961]  change_prot_numa+0x18/0x30
[10812977.516747]  task_numa_work+0x1ed/0x300
[10812977.521535]  task_work_run+0x8a/0xb0
[10812977.526067]  exit_to_usermode_loop+0xeb/0xf0
[10812977.531309]  prepare_exit_to_usermode+0x9b/0xa0
[10812977.536819]  retint_user+0x8/0x8
[10812977.541013] RIP: 0033:0x557763af690b
[10812977.545552] Code: 31 c0 48 8b 47 18 48 c7 44 24 40 00 00 00 00 49 89 c7 48 89 44 24 10 e8 83 e4 0c 00 90 4c 89 f8 48 05 b0 00 00 00 48 89 04 24 <48> 85 db 0f 84 4c 02 00 00 48 8d 44 24 40 45 31 ed 48 89 44 24 08
[10812977.566028] RSP: 002b:00007fbe962f0be0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
[10812977.574627] RAX: 0000557764ccfd00 RBX: 0000000000001000 RCX: 0000557764ba6778
[10812977.582792] RDX: 0000000000001000 RSI: 00000007d816e000 RDI: 0000557764cd0360
[10812977.590963] RBP: 00000007d816e000 R08: 0000000000000000 R09: 0000000000000000
[10812977.599149] R10: 0000000008ccfd04 R11: 00000000692affff R12: 0000557764cd0360
[10812977.607329] R13: 0000557764ba6778 R14: 0000000000000000 R15: 0000557764ccfc50
[10812977.615519] Modules linked in: ...
[10812977.615558]  ...
[10812977.749640] Features: eBPF/rawtrace
[10812977.754313] CR2: 0000000000000100

Environment

  • Red Hat Enterprise Linux 8.4 GA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content