Null dereference crash in dma_pool_alloc()
Issue
- Null dereference crash caused an unexpected server reboot.
[658891.282334] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[658891.282426] IP: [<ffffffff816abbc2>] _raw_spin_lock_irqsave+0x22/0x40
[658891.282497] PGD 56ca728067 PUD 5606215067 PMD 0
[658891.282551] Oops: 0002 [#1] SMP
[658891.282588] Modules linked in: oracleacfs(POE) oracleadvm(POE) oracleoks(POE) sctp_diag sctp dccp_diag dccp tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag bnx2i(OE) cnic(OE) uio libiscsi xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables scsi_transport_iscsi team_mode_activebackup team ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport xt_conntrack nf_conntrack iptable_filter dm_service_time vfat fat skx_edac edac_core intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ipmi_ssif dm_multipath ablk_helper cryptd pcspkr qla2xxx(OE)
[658891.287230] ses enclosure joydev scsi_transport_fc mei_me hpwdt scsi_tgt sg hpilo mei lpc_ich shpchp wmi ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc ip_tables xfs sd_mod crc_t10dif crct10dif_generic sr_mod cdrom mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ahci libahci crct10dif_pclmul crct10dif_common crc32c_intel libata smartpqi(OE) bnx2x(OE) scsi_transport_sas tg3(OE) mdio ptp i2c_core libcrc32c pps_core dm_mirror dm_region_hash dm_log dm_mod
[658891.290985] CPU: 2 PID: 17109 Comm: horcmgr Tainted: P OE ------------ 3.10.0-693.el7.x86_64 #1
[658891.291767] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 10/02/2018
[658891.292561] task: ffff88181d7b6eb0 ti: ffff881907768000 task.ti: ffff881907768000
[658891.293361] RIP: 0010:[<ffffffff816abbc2>] [<ffffffff816abbc2>] _raw_spin_lock_irqsave+0x22/0x40
[658891.294168] RSP: 0018:ffff88190776b778 EFLAGS: 00010046
[658891.294963] RAX: 0000000000000000 RBX: 0000000000000046 RCX: 0000000000000001
[658891.295762] RDX: 0000000000000001 RSI: 0000000000000020 RDI: 0000000000000010
[658891.296565] RBP: ffff88190776b780 R08: ffff882f4bdec000 R09: 0000000000000200
[658891.297342] R10: 0000000000000002 R11: ffff880b1832abc0 R12: 0000000000000000
[658891.298117] R13: 0000000000000020 R14: 0000000000000010 R15: ffff88190776b830
[658891.298892] FS: 0000000000000000(0000) GS:ffff883f40080000(0063) knlGS:00000000f758c900
[658891.299667] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[658891.300437] CR2: 0000000000000010 CR3: 00000054ffa45000 CR4: 00000000003407e0
[658891.301215] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[658891.301989] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[658891.302748] Stack:
[658891.303495] ffff882f6b2e0740 ffff88190776b7c0 ffffffff811c9806 ffff881928617900
[658891.304271] ffff882f6b2e0740 ffff880b1832abc0 ffff882f3119e800 ffff880126bc6a80
[658891.305044] ffff8858556a4640 ffff88190776b868 ffffffffc045fb17 ffffffff81185599
[658891.305809] Call Trace:
[658891.306565] [<ffffffff811c9806>] dma_pool_alloc+0x36/0x290
[658891.307364] [<ffffffffc045fb17>] qla24xx_tgt_dif_start_scsi+0x327/0xa00 [qla2xxx]
[658891.308139] [<ffffffff81185599>] ? mempool_alloc+0x69/0x170
[658891.308909] [<ffffffff812fee47>] ? __blk_segment_map_sg+0x57/0x1a0
[658891.309684] [<ffffffffc04611e2>] qla24xx_dif_start_scsi+0xff2/0x1060 [qla2xxx]
[658891.310465] [<ffffffff812ff13b>] ? blk_rq_map_sg+0x9b/0x220
[658891.311227] [<ffffffff81185455>] ? mempool_alloc_slab+0x15/0x20
[658891.311977] [<ffffffff8146be2e>] ? scsi_init_io+0x4e/0x200
[658891.312729] [<ffffffffc0434063>] qla2xxx_queuecommand+0x3d3/0x520 [qla2xxx]
[658891.313477] [<ffffffff8146540a>] scsi_dispatch_cmd+0xaa/0x230
[658891.314216] [<ffffffff8146e1cf>] scsi_request_fn+0x4df/0x680
[658891.314950] [<ffffffff812f71d3>] __blk_run_queue+0x33/0x40
[658891.315680] [<ffffffff812f2db3>] __elv_add_request+0xd3/0x2d0
[658891.316410] [<ffffffff812fe94d>] blk_execute_rq_nowait+0xad/0x170
[658891.317109] [<ffffffff812fea9b>] blk_execute_rq+0x8b/0x150
[658891.317802] [<ffffffff812fe3f5>] ? blk_rq_append_bio+0x45/0x60
[658891.318494] [<ffffffff812fe586>] ? blk_rq_map_user+0x176/0x2e0
[658891.319170] [<ffffffff8130b2c1>] sg_io+0x2c1/0x480
[658891.319827] [<ffffffff8130bb77>] scsi_cmd_ioctl+0x337/0x4d0
[658891.320471] [<ffffffff8130bd52>] scsi_cmd_blk_ioctl+0x42/0x50
[658891.321101] [<ffffffffc009369e>] sd_ioctl+0xbe/0x140 [sd_mod]
[658891.321707] [<ffffffff81308140>] blkdev_ioctl+0x270/0x980
[658891.322298] [<ffffffff8125bea0>] ? compat_core_sys_select+0x2a0/0x2d0
[658891.322875] [<ffffffff8123d9e1>] block_ioctl+0x41/0x50
[658891.323435] [<ffffffff812151cd>] do_vfs_ioctl+0x33d/0x540
[658891.323975] [<ffffffff81215471>] SyS_ioctl+0xa1/0xc0
[658891.324497] [<ffffffff8125c9b1>] do_ioctl_trans+0x1d1/0xc60
[658891.325001] [<ffffffff81320b51>] ? compat_blkdev_ioctl+0x1a1/0xab0
[658891.325495] [<ffffffff8123cdab>] ? block_llseek+0x7b/0xa0
[658891.325976] [<ffffffff8125d728>] compat_sys_ioctl+0x2e8/0x330
[658891.326471] [<ffffffff816b6fcc>] sysenter_dispatch+0x7/0x21
[658891.326934] Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 53 9c 58 0f 1f 44 00 00 48 89 c3 fa 66 0f 1f 44 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 17 85 c0 75 06 48 89 d8 5b 5d c3 89 c6 e8 1d 2a ff ff
[658891.327945] RIP [<ffffffff816abbc2>] _raw_spin_lock_irqsave+0x22/0x40
[658891.328439] RSP <ffff88190776b778>
[658891.328925] CR2: 0000000000000010
Environment
- Red Hat Enterprise Linux 7.4 (kernel-3.10.0-693.el7)
- Proprietary (non kernel inbox) qla2xxx driver
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
