Kernel crash due to a NULL pointer dereference in sysfs_follow_link()
Issue
-
A system experienced a
kobject_add failed
kernel warning (with a call trace involvingscsi_mod
functions) followed by a "crash" due to aNULL
pointer dereference which occurred atsysfs_follow_link+0xfc
. -
Kernel warning:
kobject_add failed for 1:0:1:1 with -EEXIST, don't try to register things with the same
name in the same directory.
Call Trace:
[<ffffffff801512e5>] kobject_add+0x170/0x19b
[<ffffffff801c6085>] device_add+0x85/0x372
[<ffffffff8807e22e>] :scsi_mod:scsi_sysfs_add_sdev+0x35/0x21b
[<ffffffff8807c618>] :scsi_mod:scsi_probe_and_add_lun+0x8b1/0x9c9
[<ffffffff8807ac4d>] :scsi_mod:scsi_execute_req+0x78/0xce
[<ffffffff8807d00f>] :scsi_mod:__scsi_scan_target+0x410/0x5c7
[<ffffffff8807d46f>] :scsi_mod:scsi_scan_target+0x6c/0x83
[<ffffffff881f8267>] :scsi_transport_fc:fc_scsi_scan_rport+0x0/0x85
[<ffffffff881f82cc>] :scsi_transport_fc:fc_scsi_scan_rport+0x65/0x85
[<ffffffff8004d6b3>] run_workqueue+0x94/0xe4
[<ffffffff80049eee>] worker_thread+0x0/0x122
[<ffffffff800a07bc>] keventd_create_kthread+0x0/0xc4
[<ffffffff80049fde>] worker_thread+0xf0/0x122
[<ffffffff8008cf9d>] default_wake_function+0x0/0xe
[<ffffffff800a07bc>] keventd_create_kthread+0x0/0xc4
[<ffffffff8003290a>] kthread+0xfe/0x132
[<ffffffff8005dfb1>] child_rip+0xa/0x11
[<ffffffff800a07bc>] keventd_create_kthread+0x0/0xc4
[<ffffffff8003280c>] kthread+0x0/0x132
[<ffffffff8005dfa7>] child_rip+0x0/0x11
- Subsequent kernel crash:
Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP:
[<ffffffff8010e0b8>] sysfs_follow_link+0xfc/0x1e6
PGD ba56e0067 PUD 9fe01c067 PMD 0
Oops: 0000 [1] SMP
last sysfs file: /devices/pci0000:00/0000:00:06.0/0000:18:00.1/host1/rport-1:0-3/target1:0:1/1:0:1:0/type
CPU 16
Modules linked in: mptctl vxodm(PFU) autofs4 nfs fscache nfs_acl lin_tape(U) dmpaa(PU) vxspec(PFU) vxio(PFU) vxdmp(PU) lockd sunrpc bonding rdma_ucm(U) ib_ucm(U) ib_sdp(U) rdma_cm(U) iw_cm(U) ib_addr(U) ib_ipoib(U) ipoib_helper(U) ib_cm(U) ib_sa(U) ipv6 xfrm_nalgo crypto_api ib_uverbs(U) ib_umad(U) iw_nes(U) iw_cxgb3(U) cxgb3(U) ib_qib(U) dca mlx4_ib(U) mlx4_en(U) mlx4_core(U) ib_mthca(U) ib_mad(U) ib_core(U) vxportal(PFU) fdd(PFU) vxfs(PU) dm_round_robin dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec i2c_core dell_wmi wmi button battery asus_acpi acpi_memhotplug ac parport_pc lp parport st sg joydev shpchp lpfc hpilo scsi_transport_fc bnx2 serio_raw pcspkr dm_raid45 dm_message dm_region_hash dm_mem_cache dm_snapshot dm_zero dm_mirror dm_log dm_mod mptspi mptscsih scsi_transport_spi mptbase cciss sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 31206, comm: cat Tainted: PF 2.6.18-194.11.4.el5 #1
RIP: 0010:[<ffffffff8010e0b8>] [<ffffffff8010e0b8>] sysfs_follow_link+0xfc/0x1e6
RSP: 0018:ffff810bb68e1cc8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff81012abf3588 RCX: ffffffffffffffff
RDX: ffff811825638918 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff811827e118e8 R08: ffff810c5230298e R09: 0000000000a7fd40
R10: 0000000000000000 R11: 0000000000000002 R12: 0000000000000003
R13: ffff810c255ca9d8 R14: ffffffff8809be78 R15: ffff810bf2c10000
FS: 00002ae7a24e3260(0000) GS:ffff81012a9b71c0(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000bb2043000 CR4: 00000000000006e0
Process cat (pid: 31206, threadinfo ffff810bb68e0000, task ffff810a1ee8b7a0)
Stack: 00000000000084d0 ffff810bb68e1d38 ffff810bb68e1ea8 0000000000000000
ffff810bb68e1ea8 ffff8118235f1d70 ffff811827e118e8 0000000000000000
ffff810baf12501e ffffffff80009dad ffff810a1ee8b7a0 0000010100000000
Call Trace:
[<ffffffff80009dad>] __link_path_walk+0x512/0xf5b
[<ffffffff8000ea4b>] link_path_walk+0x42/0xb2
[<ffffffff8000cd72>] do_path_lookup+0x275/0x2f1
[<ffffffff800237b5>] __path_lookup_intent_open+0x56/0x97
[<ffffffff8001afaf>] open_namei+0x73/0x6d5
[<ffffffff80066b88>] do_page_fault+0x4fe/0x874
[<ffffffff80027533>] do_filp_open+0x1c/0x38
[<ffffffff80019e5d>] do_sys_open+0x44/0xbe
[<ffffffff8005d116>] system_call+0x7e/0x83
Code: f2 ae f7 d1 01 ce 48 85 d2 75 e7 43 8d 04 64 4c 89 fb 8d 6c
RIP [<ff RSP <ffff810bb68e1cc8>
ffffff8010e0b8>] sysfs_follow_link+0xfc/0x1e6
Environment
- Red Hat Enterprise Linux 5.5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.