The server goes into a kernel panic due to NULL pointer dereference occurring in __rb_erase_color()

Solution Unverified - Updated -

Issue

  • The kernel suddenly crashed due to nullptr-deref with a message and a call trace like this:
[   65.072359] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   65.072385] IP: [<ffffffffa2da48e7>] __rb_erase_color+0x87/0x2b0
[   65.072407] PGD 0 
[   65.072413] Oops: 0002 [#1] SMP  
[   65.072424] Modules linked in: ...
[   65.072642] CPU: 0 PID: 920 Comm: systemd-readahe Kdump: loaded Tainted: P           OE  ------------   3.10.0-1160.119.1.el7.x86_64 #1
[   65.072670] Hardware name: HPE ProLiant DL380 Gen10 Plus/ProLiant DL380 Gen10 Plus, BIOS U46 06/14/2024
[   65.072692] task: ffff8a33dcdee300 ti: ffff8a4d7b870000 task.ti: ffff8a4d7b870000
[   65.072709] RIP: 0010:[<ffffffffa2da48e7>]  [<ffffffffa2da48e7>] __rb_erase_color+0x87/0x2b0
[   65.072731] RSP: 0018:ffff8a4d7b873cd0  EFLAGS: 00010286
[   65.072744] RAX: ffff8a4d59cad721 RBX: ffff89cda858ac28 RCX: 0000000000000000
[   65.072760] RDX: ffff8a4d7b6e2b50 RSI: ffff8a4d7be85a40 RDI: ffff8a4d7b6e2b50
[   65.072776] RBP: ffff8a4d7b873cf8 R08: ffff8a4d7b6e2b50 R09: ffff8a4d7b6e2b50
[   65.072793] R10: ffff89cdbbd939a8 R11: 0000000000000000 R12: ffff8a4d59cad720
[   65.072810] R13: ffffffffa2bf4c40 R14: ffff8a4d7be85a40 R15: 0000000000000000
[   65.072826] FS:  0000000000000000(0000) GS:ffff89cdbfa00000(0000) knlGS:0000000000000000
[   65.072845] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   65.072858] CR2: 0000000000000000 CR3: 000000e49d210000 CR4: 0000000000760ff0
[   65.072875] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   65.072891] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   65.072907] PKRU: 55555554
[   65.072915] Call Trace:
[   65.072925]  [<ffffffffa2bf4f28>] vma_interval_tree_remove+0x188/0x240
[   65.072942]  [<ffffffffa2c05ad6>] __remove_shared_vm_struct+0x46/0x70
[   65.072958]  [<ffffffffa2c061b0>] unlink_file_vma+0x40/0x60
[   65.072972]  [<ffffffffa2bfc630>] free_pgtables+0xb0/0x130
[   65.072986]  [<ffffffffa2c095a6>] exit_mmap+0xc6/0x1a0
[   65.073000]  [<ffffffffa2a9c07f>] mmput+0x6f/0x100
[   65.073013]  [<ffffffffa2aa6128>] do_exit+0x288/0xa30
[   65.073027]  [<ffffffffa31bf7f8>] ? __do_page_fault+0x238/0x510
[   65.073042]  [<ffffffffa2aa694f>] do_group_exit+0x3f/0xa0
[   65.073055]  [<ffffffffa2aa69c4>] SyS_exit_group+0x14/0x20
[   65.073698]  [<ffffffffa31c539a>] system_call_fastpath+0x25/0x2a
[   65.074318] Code: e2 49 89 c4 49 8b 5c 24 08 48 39 d3 0f 84 ea 00 00 00 f6 03 01 75 ad 4c 8b 7b 10 4c 89 e0 48 83 c8 01 4d 89 7c 24 08 4c 89 63 10 <49> 89 07 49 8b 04 24 48 89 03 48 83 e0 fc 49 89 1c 24 0f 84 99
[   65.075667] RIP  [<ffffffffa2da48e7>] __rb_erase_color+0x87/0x2b0
[   65.076307]  RSP <ffff8a4d7b873cd0>
[   65.076921] CR2: 0000000000000000

Environment

  • Red Hat Enterprise Linux 7.9.z
  • HPE ProLiant DL380 Gen10 Plus

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content