System crash in lpfc_nlp_get() due to use-after-free

Solution Unverified - Updated -

Issue

  • System crash in lpfc_nlp_get() due to use-after-free:
lpfc 0000:b1:00.0: 155: [399346.864332] 0:(0):0102 PLOGI completes to NPort xfffffc Data: x0 x3 x103 x0 x0
lpfc 0000:b1:00.0: 156: [399346.864334] 0:(0):0108 No retry ELS command x3 to remote NPORT xfffffc Retried:0 Error:x3/103
lpfc 0000:b1:00.0: 0:(0):2753 PLOGI failure DID:FFFFFC Status:x3/x103
BUG: unable to handle kernel NULL pointer dereference at 0000000000000340
PGD 0 
Oops: 0000 [#1] SMP NOPTI
CPU: 16 PID: 1500 Comm: lpfc_worker_0 Kdump: loaded Tainted: P           OE    --------- -  - 4.18.0-425.13.1.el8_7.x86_64 #1
Hardware name: Dell Inc. PowerEdge R750/04V528, BIOS 1.8.2 09/14/2022
RIP: 0010:lpfc_nlp_get+0xd2/0x140 [lpfc]
....
Call Trace:
 __lpfc_sli_release_iocbq_s4+0x1d5/0x2a0 [lpfc]
 lpfc_sli_release_iocbq+0x32/0x50 [lpfc]
 lpfc_els_free_iocb+0x198/0x240 [lpfc]
 ? lpfc_nlp_put+0x86/0xa0 [lpfc]
 ? lpfc_disc_state_machine+0x127/0x1e0 [lpfc]
 lpfc_cmpl_els_plogi+0x2a0/0x460 [lpfc]
 lpfc_sli_sp_handle_rspiocb+0x5d9/0x6c0 [lpfc]
 lpfc_sli_handle_slow_ring_event_s4+0x195/0x240 [lpfc]
 lpfc_do_work+0xbcb/0x15b0 [lpfc]
 ? finish_wait+0x80/0x80
 ? lpfc_unregister_unused_fcf+0x90/0x90 [lpfc]
....

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content