System crash in scsi_dma_unmap() due to use-after-free bug in qla2xxx driver
Issue
System crash in scsi_dma_unmap() due to use-after-free bug in qla2xxx driver:
lin_tape: set_blk_prot cannot set mode pg 0x0A sub 0xF0
qla2xxx [0000:12:00.1]-5037:2: Async-login failed: handle=65a pid=011200 wwpn=<wwpn> comp_status=31 iop0=4 iop1=703
qla2xxx [0000:12:00.1]-5013:2: RSCN database changed -- 0001 1200 0000.
qla2xxx [0000:12:00.1]-5013:2: RSCN database changed -- 0001 1200 0000.
qla2xxx [0000:12:00.1]-20f0:2: qla24xx_async_gnnft_done 3559 <wwpn> post del sess
....
rport-2:0-11: blocked FC remote port time out: removing target and saving binding
scsi 2:0:11:0: scsi scan: 70 byte inquiry failed. Consider BLIST_INQUIRY_36 for this device
qla2xxx [0000:12:00.1]-5013:2: RSCN database changed -- 0001 1200 0000.
qla2xxx [0000:12:00.1]-5037:2: Async-adisc failed: handle=66e pid=011200 wwpn=<wwpn> comp_status=31 iop0=4 iop1=0
general protection fault: 0000 [#1] SMP NOPTI
CPU: 14 PID: 986 Comm: kworker/14:1 Kdump: loaded Tainted: G W OE --------- - - 4.18.0-348.20.1.el8_5.x86_64 #1
Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 09/03/2021
Workqueue: qla2xxx_wq qla_do_work [qla2xxx]
RIP: 0010:scsi_dma_unmap+0x27/0x40
....
Call Trace:
qla2xxx_qpair_sp_free_dma+0x1f0/0x3d0 [qla2xxx]
qla2x00_sp_compl+0x26/0x60 [qla2xxx]
qla2x00_status_entry+0x4e6/0x19a0 [qla2xxx]
? __kprobes_text_end+0x7eb88/0x7eb88
? __kprobes_text_end+0x7eb88/0x7eb88
? entry_SYSCALL_64_after_hwframe+0xb8/0xca
? __switch_to_asm+0x35/0x70
....
qla24xx_process_response_queue+0x49d/0xdf0 [qla2xxx]
? __switch_to_asm+0x35/0x70
....
qla_do_work+0x2d/0x40 [qla2xxx]
process_one_work+0x1a7/0x360
? create_worker+0x1a0/0x1a0
worker_thread+0x30/0x390
? create_worker+0x1a0/0x1a0
kthread+0x116/0x130
? kthread_flush_work_fn+0x10/0x10
ret_from_fork+0x1f/0x40
....
Environment
- Red Hat Enterprise Linux 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
