kernel crash in sctp code

Solution Verified - Updated -

Issue

  • RHEL 8.3/RHEL 7.9 kernel crashes in sctp code with one of these RIPs:
[exception RIP: sctp_ulpevent_notify_peer_addr_change+0x30]
    RIP: ffffffffc06b76c0  RSP: ffff9d2133b83b08  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: 0000000000001000  RCX: 0000000000000000
    RDX: 0000000000000000  RSI: 0000000000000001  RDI: ffff9d20f24a4400
    RBP: ffff9d21245d8000   R8: 0000000000000003   R9: ffff9d2133b83ce0
    R10: ffffffffc06d8d10  R11: ffff9d2133b83e20  R12: 0000000000000000
    R13: ffff9d21245d8000  R14: 0000000000000003  R15: ffff9d2133b83ce0
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #7 [ffff9d2133b83bc0] sctp_assoc_control_transport at ffffffffc06aef4b [sctp]
 #8 [ffff9d2133b83c00] sctp_do_8_2_transport_strike at ffffffffc06aa712 [sctp]
 #9 [ffff9d2133b83c20] sctp_cmd_interpreter at ffffffffc06abbdf [sctp]
#10 [ffff9d2133b83ca0] sctp_do_sm at ffffffffc06aa873 [sctp]
#11 [ffff9d2133b83e68] sctp_generate_timeout_event at ffffffffc06aaec1 [sctp]
#12 [ffff9d2133b83ea8] call_timer_fn at ffffffffb353dfbd
#13 [ffff9d2133b83ed8] run_timer_softirq at ffffffffb353eb18
#14 [ffff9d2133b83f68] __softirqentry_text_start at ffffffffb40000e4
#15 [ffff9d2133b83fc8] irq_exit at ffffffffb34bc217
#16 [ffff9d2133b83fd8] smp_apic_timer_interrupt at ffffffffb3e027e4
#17 [ffff9d2133b83ff0] apic_timer_interrupt at ffffffffb3e01d6f

 [exception RIP: sctp_generate_heartbeat_event+0x24]
    RIP: ffffffffc0ab2b54  RSP: ffff9384afc03e60  RFLAGS: 00010286
    RAX: dead000000000200  RBX: 0000000000000100  RCX: 0000000000000240
    RDX: 0000000100133380  RSI: ffffffffc0ab2b30  RDI: ffff9383dcd415c8
    RBP: ffff9383dcd415c8   R8: ffff9384afc1af60   R9: ffff9384afc03ef0
    R10: ffff9384afc1aaf0  R11: 003b9aca00000000  R12: ffff9383dcd415c8
    R13: ffff9383dcd41400  R14: ffff9383dcd415c8  R15: 0040f03740004845
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #5 [ffff9384afc03ea8] call_timer_fn at ffffffffb333dfbd
 #6 [ffff9384afc03ed8] run_timer_softirq at ffffffffb333eb18
 #7 [ffff9384afc03f68] __softirqentry_text_start at ffffffffb3e000e4
 #8 [ffff9384afc03fc8] irq_exit at ffffffffb32bc217
 #9 [ffff9384afc03fd8] smp_apic_timer_interrupt at ffffffffb3c027e4
#10 [ffff9384afc03ff0] apic_timer_interrupt at ffffffffb3c01d6f

  [exception RIP: unknown or invalid address]
    RIP: 0000000000000000  RSP: ffff89be6fd83ea8  RFLAGS: 00010206
    RAX: dead000000000200  RBX: 0000000000000100  RCX: 0000000000000240
    RDX: 0000000101abc440  RSI: 0000000000000000  RDI: ffff89be3dccf5c8
    RBP: 0000000000000000   R8: ffff89be6fd9af78   R9: ffff89be6fd83ef0
    R10: ffff89be6fd9aaf0  R11: 0000000000000000  R12: ffff89be3dccf5c8
    R13: 0000000000000000  R14: ffff89be3dccf5c8  R15: ffffffffb0805100
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #7 [ffff89be6fd83ea8] call_timer_fn at ffffffffaf73dfbd
 #8 [ffff89be6fd83ed8] run_timer_softirq at ffffffffaf73eb18
 #9 [ffff89be6fd83f68] __softirqentry_text_start at ffffffffb02000e4
#10 [ffff89be6fd83fc8] irq_exit at ffffffffaf6bc217
#11 [ffff89be6fd83fd8] smp_apic_timer_interrupt at ffffffffb00027e4
#12 [ffff89be6fd83ff0] apic_timer_interrupt at ffffffffb0001d6f

[460769.460712] general protection fault: 0000 [#1] SMP
[460769.464454] CPU: 16 PID: 4329 Comm: udrad Kdump: loaded Not tainted 3.10.0-1160.el7.x86_64 #1
[460769.465018] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 05/17/2022
[460769.465575] task: ffff9ed595e21080 ti: ffff9ed462e58000 task.ti: ffff9ed462e58000
[460769.466136] RIP: 0010:[<ffffffffc03854bf>]  [<ffffffffc03854bf>] sctp_assoc_control_transport+0x20f/0x2a0 [sctp]
[460769.466756] RSP: 0018:ffff9ed59fa03ac0  EFLAGS: 00010286
[460769.467380] RAX: 3130636e6d2e736d RBX: 0000000000000000 RCX: 0000000000000000
[460769.468014] RDX: 0000000000000001 RSI: ffff9ecdde6c8890 RDI: ffff9ed59fa03ac0
[460769.468652] RBP: ffff9ed59fa03b70 R08: 0000000000000003 R09: ffff9ed59fa03c90
[460769.469261] R10: ffff9ed59fa03ac0 R11: 0000000000000005 R12: 0000000000000001
[460769.469885] R13: 0000000000000000 R14: 0000000000000003 R15: ffff9ed455f4f000
[460769.470494] FS:  00007fa7c7ff7700(0000) GS:ffff9ed59fa00000(0000) knlGS:0000000000000000
[460769.471122] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[460769.471783] CR2: 00007fa68e125131 CR3: 000000016efea000 CR4: 00000000007607e0
[460769.472371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[460769.472959] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[460769.473544] PKRU: 55555554
[460769.474124] Call Trace:
[460769.474727]  <IRQ>
[460769.474740]  [<ffffffffc0380a26>] sctp_do_8_2_transport_strike.isra.18+0x106/0x290 [sctp]
[460769.475927]  [<ffffffffc0382385>] sctp_cmd_interpreter.isra.22+0xf55/0x1450 [sctp]
[460769.476526]  [<ffffffffc0380c91>] sctp_do_sm+0xe1/0x350 [sctp]
[460769.477160]  [<ffffffffc03a2280>] ? sctp_oname+0x30/0x30 [sctp]
[460769.477828]  [<ffffffffc0381305>] sctp_generate_timeout_event+0xc5/0x110 [sctp]
[460769.478505]  [<ffffffffc03813d0>] ? sctp_generate_t4_rto_event+0x20/0x20 [sctp]
[460769.479208]  [<ffffffffc03813e3>] sctp_generate_t2_shutdown_event+0x13/0x20 [sctp]
[460769.479863]  [<ffffffff8f6abd58>] call_timer_fn+0x38/0x110
[460769.480543]  [<ffffffffc03813d0>] ? sctp_generate_t4_rto_event+0x20/0x20 [sctp]
[460769.481231]  [<ffffffff8f6ae1ed>] run_timer_softirq+0x24d/0x300
[460769.481866]  [<ffffffff8f6a4b95>] __do_softirq+0xf5/0x280
[460769.482511]  [<ffffffff8fd974ec>] call_softirq+0x1c/0x30
[460769.483178]  [<ffffffff8f62f715>] do_softirq+0x65/0xa0
[460769.483836]  [<ffffffff8f6a4f15>] irq_exit+0x105/0x110
[460769.484499]  [<ffffffff8fd98a88>] smp_apic_timer_interrupt+0x48/0x60
[460769.485158]  [<ffffffff8fd94fba>] apic_timer_interrupt+0x16a/0x170
[460769.498412] Code: 00 00 00 41 bc 01 00 00 00 4c 8d 95 50 ff ff ff 31 c0 b9 10 00 00 00 48 81 c6 90 00 00 00 4c 89 d7 f3 48 ab 48 8b 46 20 4c 89 d7 <48> 63 90 bc 00 00 00 e8 95 19 61 cf 31 d2 41 b9 20 00 00 00 41
[460769.499550] RIP  [<ffffffffc03854bf>] sctp_assoc_control_transport+0x20f/0x2a0 [sctp]
[460769.500150]  RSP <ffff9ed59fa03ac0>

[702302.031564] general protection fault: 0000 [#1] SMP
[702302.031839] CPU: 14 PID: 0 Comm: swapper/14 Kdump: loaded Not tainted 3.10.0-1160.el7.x86_64 #1
[702302.031864] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 05/17/2022
[702302.031888] task: ffff97bab2f51080 ti: ffff97bab2f5c000 task.ti: ffff97bab2f5c000
[702302.031915] RIP: 0010:[<ffffffffc038f991>]  [<ffffffffc038f991>] sctp_do_8_2_transport_strike.isra.18+0x71/0x290 [sctp]
[702302.031952] RSP: 0018:ffff97c15f983b80  EFLAGS: 00010246
[702302.031968] RAX: 6d2e303130636e6d RBX: ffff97b96590fc00 RCX: 0000000000000001
[702302.031998] RDX: ce665c60626ac6c6 RSI: ffff97b96590fc00 RDI: ffff97baa4bb5000
[702302.032030] RBP: ffff97c15f983b98 R08: 0000000000000003 R09: ffff97c15f983c90
[702302.032050] R10: ffff97babfc03600 R11: 0000000000000005 R12: ffff97baa4bb5000
[702302.032071] R13: 0000000000000000 R14: 0000000000000003 R15: ffff97c15f983c90
[702302.032103] FS:  0000000000000000(0000) GS:ffff97c15f980000(0000) knlGS:0000000000000000
[702302.032125] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[702302.032141] CR2: 00007f066ee55ca0 CR3: 0000000eae410000 CR4: 00000000007607e0
[702302.032161] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[702302.032181] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[702302.032201] PKRU: 00000000
[702302.032210] Call Trace:
[702302.032219]  <IRQ>
[702302.032233]  [<ffffffffc0391385>] sctp_cmd_interpreter.isra.22+0xf55/0x1450 [sctp]
[702302.032258]  [<ffffffffc038fc91>] sctp_do_sm+0xe1/0x350 [sctp]
[702302.032281]  [<ffffffffc03b1280>] ? sctp_oname+0x30/0x30 [sctp]
[702302.032301]  [<ffffffffc0390305>] sctp_generate_timeout_event+0xc5/0x110 [sctp]
[702302.032324]  [<ffffffffc03903d0>] ? sctp_generate_t4_rto_event+0x20/0x20 [sctp]
[702302.032347]  [<ffffffffc03903e3>] sctp_generate_t2_shutdown_event+0x13/0x20 [sctp]
[702302.032371]  [<ffffffff85aabd58>] call_timer_fn+0x38/0x110
[702302.032389]  [<ffffffffc03903d0>] ? sctp_generate_t4_rto_event+0x20/0x20 [sctp]
[702302.032411]  [<ffffffff85aae1ed>] run_timer_softirq+0x24d/0x300
[702302.032430]  [<ffffffff85aa4b95>] __do_softirq+0xf5/0x280
[702302.032448]  [<ffffffff861974ec>] call_softirq+0x1c/0x30
[702302.032466]  [<ffffffff85a2f715>] do_softirq+0x65/0xa0
[702302.032492]  [<ffffffff85aa4f15>] irq_exit+0x105/0x110
[702302.032518]  [<ffffffff86198a88>] smp_apic_timer_interrupt+0x48/0x60
[702302.032539]  [<ffffffff86194fba>] apic_timer_interrupt+0x16a/0x170
[702302.040088] Code: 09 83 f8 02 0f 84 70 01 00 00 85 c0 75 7c 45 85 ed 74 06 f6 43 24 02 74 35 48 8b 83 c0 00 00 00 48 8d 14 00 48 8b 83 b8 00 00 00 <48> 8b 80 68 02 00 00 48 39 c2 48 0f 46 c2 48 89 83 c0 00 00 00
[702302.041559] RIP  [<ffffffffc038f991>] sctp_do_8_2_transport_strike.isra.18+0x71/0x290 [sctp]
[702302.042265]  RSP <ffff97c15f983b80>

Environment

  • Red Hat Enterprise Linux (RHEL) 8.3
  • Red Hat Enterprise Linux (RHEL) 8.4
  • Red Hat Enterprise Linux (RHEL) 7.9 and earlier
  • SCTP (Streaming Control Transmission Protocol)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content