Kernel crash due to a NULL pointer dereference in sysfs_follow_link()

Solution Unverified - Updated -

Issue

  • A system experienced a kobject_add failed kernel warning (with a call trace involving scsi_mod functions) followed by a "crash" due to a NULL pointer dereference which occurred at sysfs_follow_link+0xfc.

  • Kernel warning:

    kobject_add failed for 1:0:1:1 with -EEXIST, don't try to register things with the same
     name in the same directory.

    Call Trace:
     [<ffffffff801512e5>] kobject_add+0x170/0x19b
     [<ffffffff801c6085>] device_add+0x85/0x372
     [<ffffffff8807e22e>] :scsi_mod:scsi_sysfs_add_sdev+0x35/0x21b
     [<ffffffff8807c618>] :scsi_mod:scsi_probe_and_add_lun+0x8b1/0x9c9
     [<ffffffff8807ac4d>] :scsi_mod:scsi_execute_req+0x78/0xce
     [<ffffffff8807d00f>] :scsi_mod:__scsi_scan_target+0x410/0x5c7
     [<ffffffff8807d46f>] :scsi_mod:scsi_scan_target+0x6c/0x83
     [<ffffffff881f8267>] :scsi_transport_fc:fc_scsi_scan_rport+0x0/0x85
     [<ffffffff881f82cc>] :scsi_transport_fc:fc_scsi_scan_rport+0x65/0x85
     [<ffffffff8004d6b3>] run_workqueue+0x94/0xe4
     [<ffffffff80049eee>] worker_thread+0x0/0x122
     [<ffffffff800a07bc>] keventd_create_kthread+0x0/0xc4
     [<ffffffff80049fde>] worker_thread+0xf0/0x122
     [<ffffffff8008cf9d>] default_wake_function+0x0/0xe
     [<ffffffff800a07bc>] keventd_create_kthread+0x0/0xc4
     [<ffffffff8003290a>] kthread+0xfe/0x132
     [<ffffffff8005dfb1>] child_rip+0xa/0x11
     [<ffffffff800a07bc>] keventd_create_kthread+0x0/0xc4
     [<ffffffff8003280c>] kthread+0x0/0x132
     [<ffffffff8005dfa7>] child_rip+0x0/0x11
  • Subsequent kernel crash:
    Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: 
     [<ffffffff8010e0b8>] sysfs_follow_link+0xfc/0x1e6
    PGD ba56e0067 PUD 9fe01c067 PMD 0 
    Oops: 0000 [1] SMP 
    last sysfs file: /devices/pci0000:00/0000:00:06.0/0000:18:00.1/host1/rport-1:0-3/target1:0:1/1:0:1:0/type
    CPU 16 
    Modules linked in: mptctl vxodm(PFU) autofs4 nfs fscache nfs_acl lin_tape(U) dmpaa(PU) vxspec(PFU) vxio(PFU) vxdmp(PU) lockd sunrpc bonding rdma_ucm(U) ib_ucm(U) ib_sdp(U) rdma_cm(U) iw_cm(U) ib_addr(U) ib_ipoib(U) ipoib_helper(U) ib_cm(U) ib_sa(U) ipv6 xfrm_nalgo crypto_api ib_uverbs(U) ib_umad(U) iw_nes(U) iw_cxgb3(U) cxgb3(U) ib_qib(U) dca mlx4_ib(U) mlx4_en(U) mlx4_core(U) ib_mthca(U) ib_mad(U) ib_core(U) vxportal(PFU) fdd(PFU) vxfs(PU) dm_round_robin dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec i2c_core dell_wmi wmi button battery asus_acpi acpi_memhotplug ac parport_pc lp parport st sg joydev shpchp lpfc hpilo scsi_transport_fc bnx2 serio_raw pcspkr dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod mptspi mptscsih scsi_transport_spi mptbase cciss sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
    Pid: 31206, comm: cat Tainted: PF     2.6.18-194.11.4.el5 #1
    RIP: 0010:[<ffffffff8010e0b8>]  [<ffffffff8010e0b8>] sysfs_follow_link+0xfc/0x1e6
    RSP: 0018:ffff810bb68e1cc8  EFLAGS: 00010246
    RAX: 0000000000000000 RBX: ffff81012abf3588 RCX: ffffffffffffffff
    RDX: ffff811825638918 RSI: 0000000000000001 RDI: 0000000000000000
    RBP: ffff811827e118e8 R08: ffff810c5230298e R09: 0000000000a7fd40
    R10: 0000000000000000 R11: 0000000000000002 R12: 0000000000000003
    R13: ffff810c255ca9d8 R14: ffffffff8809be78 R15: ffff810bf2c10000
    FS:  00002ae7a24e3260(0000) GS:ffff81012a9b71c0(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: 0000000000000000 CR3: 0000000bb2043000 CR4: 00000000000006e0
    Process cat (pid: 31206, threadinfo ffff810bb68e0000, task ffff810a1ee8b7a0)
    Stack:  00000000000084d0 ffff810bb68e1d38 ffff810bb68e1ea8 0000000000000000
     ffff810bb68e1ea8 ffff8118235f1d70 ffff811827e118e8 0000000000000000
     ffff810baf12501e ffffffff80009dad ffff810a1ee8b7a0 0000010100000000
    Call Trace:
     [<ffffffff80009dad>] __link_path_walk+0x512/0xf5b
     [<ffffffff8000ea4b>] link_path_walk+0x42/0xb2
     [<ffffffff8000cd72>] do_path_lookup+0x275/0x2f1
     [<ffffffff800237b5>] __path_lookup_intent_open+0x56/0x97
     [<ffffffff8001afaf>] open_namei+0x73/0x6d5
     [<ffffffff80066b88>] do_page_fault+0x4fe/0x874
     [<ffffffff80027533>] do_filp_open+0x1c/0x38
     [<ffffffff80019e5d>] do_sys_open+0x44/0xbe
     [<ffffffff8005d116>] system_call+0x7e/0x83

    Code: f2 ae f7 d1 01 ce 48 85 d2 75 e7 43 8d 04 64 4c 89 fb 8d 6c 
    RIP  [<ff RSP <ffff810bb68e1cc8>
    ffffff8010e0b8>] sysfs_follow_link+0xfc/0x1e6

Environment

  • Red Hat Enterprise Linux 5.5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content