2072877 – [RHEL9] kernel panic when create raid1 with lvcreate command

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2072877 - [RHEL9] kernel panic when create raid1 with lvcreate command

Summary: [RHEL9] kernel panic when create raid1 with lvcreate command

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	mdadm
Sub Component:
Version:	9.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Nigel Croxon
QA Contact:	Fine Fan
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2066174 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-04-07 07:56 UTC by ChanghuiZhong
Modified:	2022-09-09 00:04 UTC (History)
CC List:	6 users (show)
Fixed In Version:	kernel-5.14.0-94.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-05-19 16:05:29 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-118211	0	None	None	None	2022-04-07 08:46:38 UTC

Description ChanghuiZhong 2022-04-07 07:56:59 UTC

Description of problem:
found a known issue on 5.14.0-76.mr626_220401_0216.el9,kernel panic when create raid1 with lvcreate command

[ 3308.408252] BUG: kernel NULL pointer dereference, address: 0000000000000060 
[ 3308.416022] #PF: supervisor write access in kernel mode 
[ 3308.421851] #PF: error_code(0x0002) - not-present page 
[ 3308.427585] PGD 0 P4D 0  
[ 3308.430409] Oops: 0002 [#1] PREEMPT SMP PTI 
[ 3308.435075] CPU: 1 PID: 1655 Comm: lvcreate Kdump: loaded Not tainted 5.14.0-76.mr626_220401_0216.el9.x86_64 #1 
[ 3308.446333] Hardware name: Dell Inc. PowerEdge R730/0599V5, BIOS 2.4.3 01/17/2017 
[ 3308.454681] RIP: 0010:blk_queue_flag_set+0x7/0x10 
[ 3308.459931] Code: 00 00 00 0f 1f 44 00 00 48 8b 35 b4 5c 50 02 48 8d 57 38 bf 00 20 00 00 e9 66 2e c5 ff 66 0f 1f 44 00 00 0f 1f 44 00 00 89 ff <f0> 48 0f ab 7e 60 c3 66 90 0f 1f 44 00 00 65 48 8b 04 25 40 6f 01 
[ 3308.480884] RSP: 0018:ffff9808c17dfb98 EFLAGS: 00010202 
[ 3308.486712] RAX: ffff8b1289dcb000 RBX: ffff8b128390c070 RCX: 0000000000000000 
[ 3308.494672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001d 
[ 3308.502633] RBP: ffff8b128390c058 R08: ffffffff92c61310 R09: ffff9808c17dfa58 
[ 3308.510593] R10: 0000000000000000 R11: 0000000000000060 R12: ffff8b128390c070 
[ 3308.518554] R13: ffff8b128487d440 R14: 0000000000000000 R15: 0000000000000001 
[ 3308.526514] FS:  00007fdf36cf88c0(0000) GS:ffff8b15efc40000(0000) knlGS:0000000000000000 
[ 3308.535541] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[ 3308.541949] CR2: 0000000000000060 CR3: 0000000104008002 CR4: 00000000001706e0 
[ 3308.549909] Call Trace: 
[ 3308.552634]  md_run+0x48f/0x9b0 
[ 3308.556139]  ? super_validate+0x10e/0x190 [dm_raid] 
[ 3308.561580]  raid_ctr+0x47d/0xb2a [dm_raid] 
[ 3308.566248]  dm_table_add_target+0x177/0x360 [dm_mod] 
[ 3308.571890]  table_load+0x127/0x370 [dm_mod] 
[ 3308.576656]  ctl_ioctl+0x16b/0x280 [dm_mod] 
[ 3308.581328]  dm_ctl_ioctl+0xa/0x10 [dm_mod] 
[ 3308.585997]  __x64_sys_ioctl+0x82/0xb0 
[ 3308.590179]  do_syscall_64+0x3b/0x90 
[ 3308.594168]  entry_SYSCALL_64_after_hwframe+0x44/0xae 
[ 3308.599804] RIP: 0033:0x7fdf37194c0b 
[ 3308.603788] Code: 73 01 c3 48 8b 0d 1d 62 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed 61 1b 00 f7 d8 64 89 01 48 
[ 3308.624741] RSP: 002b:00007ffde2a860f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 
[ 3308.633187] RAX: ffffffffffffffda RBX: 000055892fc361b0 RCX: 00007fdf37194c0b 
[ 3308.641148] RDX: 000055893163f090 RSI: 00000000c138fd09 RDI: 0000000000000003 
[ 3308.649108] RBP: 000055892fd0d0d6 R08: 000055892fd84500 R09: 00007ffde2a85f50 
[ 3308.657068] R10: 0000000000000007 R11: 0000000000000206 R12: 000055893163f0c0 
[ 3308.665028] R13: 000055893163f140 R14: 000055893163f090 R15: 000055893161f430 
[ 3308.672990] Modules linked in: raid1 dm_raid raid456 async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs rfkill sunrpc dm_multipath intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm dcdbas irqbypass mgag200 i2c_algo_bit drm_kms_helper rapl iTCO_wdt iTCO_vendor_support syscopyarea sysfillrect intel_cstate sysimgblt fb_sys_fops cec intel_uncore pcspkr lpc_ich ses mxm_wmi enclosure mei_me mei ipmi_ssif scsi_transport_sas ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter drm fuse xfs libcrc32c sd_mod t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel ahci libahci ghash_clmulni_intel libata tg3 megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod 
[ 3308.751764] CR2: 0000000000000060 




Version-Release number of selected component (if applicable):
5.14.0-76.mr626_220401_0216.el9

How reproducible:
100%

Steps to Reproduce:
parted -s /dev/sdb  mklabel gpt  mkpart primary 1M 100G
parted -s /dev/sdc  mklabel gpt  mkpart primary 1M 100G
parted -s /dev/sdd  mklabel gpt  mkpart primary 1M 100G
parted -s /dev/sde  mklabel gpt  mkpart primary 1M 100G

mkfs -t xfs -f /dev/sdb1
mkfs -t xfs -f /dev/sdc1
mkfs -t xfs -f /dev/sdd1
mkfs -t xfs -f /dev/sde1

pvcreate -y /dev/{"sdb"1,"sdc"1,"sdd"1,"sde"1}
vgcreate  black_bird  /dev/{"sdb"1,"sdc"1,"sdd"1,"sde"1}
lvcreate --type raid1 -m 3 -n non_synced_primary_raid1_3legs_1 -L 3G black_bird /dev/"sdb"1:0-2400 /dev/"sdc"1:0-2400 /dev/"sdd"1:0-2400 /dev/"sde"1:0-2400

Actual results:
kernel panic

Expected results:
no issue

Additional info:

it is one known issue,and it can be fixed by the commit:

commit 0f9650bd838efe5c52f7e5f40c3204ad59f1964d
Author: Song Liu <song>
Date:   Wed Feb 2 09:24:10 2022 -0800

    md: fix NULL pointer deref with nowait but no mddev->queue


more detail see https://bugzilla.redhat.com/show_bug.cgi?id=2066297#c9

Comment 3 ChanghuiZhong 2022-04-16 09:38:37 UTC

reproduce this issue on 5.14.0-78.el9,

[   66.259633] BUG: kernel NULL pointer dereference, address: 0000000000000060 
[   66.266592] #PF: supervisor write access in kernel mode 
[   66.271821] #PF: error_code(0x0002) - not-present page 
[   66.276958] PGD 0 P4D 0  
[   66.279500] Oops: 0002 [#1] PREEMPT SMP NOPTI 
[   66.283857] CPU: 29 PID: 2270 Comm: lvcreate Kdump: loaded Not tainted 5.14.0-78.el9.x86_64 #1 
[   66.292465] Hardware name: Dell Inc. PowerEdge R7525/0590KW, BIOS 2.6.6 01/13/2022 
[   66.300028] RIP: 0010:blk_queue_flag_set+0x7/0x10 
[   66.304735] Code: d2 74 11 48 8b 52 78 48 85 d2 74 08 e8 02 79 94 00 0f b6 c0 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 0f 1f 44 00 00 89 ff <f0> 48 0f ab 7e 60 c3 66 90 0f 1f 44 00 00 89 ff f0 48 0f b3 7e 60 
[   66.323483] RSP: 0018:ffffb9ddc4e7bb98 EFLAGS: 00010202 
[   66.328709] RAX: ffff9346135dab70 RBX: ffff934601074070 RCX: 0000000000000000 
[   66.335841] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001d 
[   66.342973] RBP: ffff934601074058 R08: ffffffffae261e10 R09: ffffb9ddc4e7ba58 
[   66.350108] R10: 0000000000000000 R11: 0000000000000000 R12: ffff934601074070 
[   66.357240] R13: ffff9346067bf840 R14: 0000000000000000 R15: 0000000000000001 
[   66.364372] FS:  00007f48695698c0(0000) GS:ffff9347f7d40000(0000) knlGS:0000000000000000 
[   66.372460] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[   66.378204] CR2: 0000000000000060 CR3: 0000000289b3c000 CR4: 0000000000350ee0 
[   66.385337] Call Trace: 
[   66.387791]  md_run+0x48f/0x9b0 
[   66.390939]  ? super_validate+0x10e/0x190 [dm_raid] 
[   66.395815]  raid_ctr+0x47d/0xb2a [dm_raid] 
[   66.400005]  dm_table_add_target+0x177/0x360 [dm_mod] 
[   66.405091]  table_load+0x127/0x370 [dm_mod] 
[   66.409370]  ctl_ioctl+0x16b/0x280 [dm_mod] 
[   66.413560]  dm_ctl_ioctl+0xa/0x10 [dm_mod] 
[   66.417752]  __x64_sys_ioctl+0x82/0xb0 
[   66.421504]  do_syscall_64+0x3b/0x90 
[   66.425084]  entry_SYSCALL_64_after_hwframe+0x44/0xae 
[   66.430136] RIP: 0033:0x7f4869a05c0b 
[   66.433716] Code: 73 01 c3 48 8b 0d 1d 62 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed 61 1b 00 f7 d8 64 89 01 48 
[   66.452460] RSP: 002b:00007ffc83a85a58 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 
[   66.460030] RAX: ffffffffffffffda RBX: 0000561972f6f1b0 RCX: 00007f4869a05c0b 
[   66.467160] RDX: 00005619747bc780 RSI: 00000000c138fd09 RDI: 0000000000000003 
[   66.474285] RBP: 00005619730460d6 R08: 00005619730bd500 R09: 00007ffc83a858b0 
[   66.481417] R10: 0000000000000007 R11: 0000000000000206 R12: 00005619747bc7b0 
[   66.488550] R13: 00005619747bc830 R14: 00005619747bc780 R15: 00005619747aecd0 
[   66.495677] Modules linked in: raid1 dm_raid raid456 async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq loop rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs rfkill sunrpc dm_multipath intel_rapl_msr dcdbas intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass rapl pcspkr dell_smbios dell_wmi_descriptor wmi_bmof ipmi_ssif mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec k10temp i2c_piix4 acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter drm fuse xfs libcrc32c sd_mod t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel ahci libahci ghash_clmulni_intel libata tg3 ccp wmi dm_mirror dm_region_hash dm_log dm_mod 
[   66.558916] CR2: 0000000000000060

Comment 6 Nigel Croxon 2022-05-19 16:05:29 UTC

https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/858

Fixed in Version: kernel-5.14.0-94.el9

Comment 7 guazhang@redhat.com 2022-09-09 00:04:17 UTC

*** Bug 2066174 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.