Server panics with NULL pointer dereference in fnic driver
Issue
Server panics and leaves a vmcore or dmesg output indicating a NULL pointer dereference such as the following:
<1>BUG: unable to handle kernel NULL pointer dereference at (null)
<1>IP: [<ffffffffa00b1065>] fnic_queuecommand+0x555/0x960 [fnic]
<4>PGD 4012895067 PUD 2a82161067 PMD 0
<4>Oops: 0000 [#1] SMP
<4>last sysfs file: /sys/module/ipv6/initstate
<4>CPU 28
<4>Modules linked in: bridge ktap_57730(U) oracleacfs(P)(U) oracleadvm(P)(U) oracleoks(P)(U) nfs lockd fscache auth_rpcgss nfs_acl sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf bonding 8021q garp stp llc ipv6 iTCO_wdt iTCO_vendor_support microcode i2c_i801 i2c_core lpc_ich mfd_core i7core_edac edac_core sg enic(U) power_meter shpchp ext4 jbd2 mbcache dm_round_robin sd_mod crc_t10dif fnic(U) libfcoe libfc scsi_transport_fc scsi_tgt megaraid_sas dm_multipath dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]
<4>
<4>Pid: 22302, comm: oracle Tainted: P --------------- 2.6.32-431.17.1.el6.x86_64 #1 Cisco Systems Inc B230-BASE-M2/B230-BASE-M2
<4>RIP: 0010:[<ffffffffa00b1065>] [<ffffffffa00b1065>] fnic_queuecommand+0x555/0x960 [fnic]
<4>RSP: 0018:ffff8830d8c67828 EFLAGS: 00010002
<4>RAX: 0000000000000000 RBX: ffff88402069ca50 RCX: 0000000000002710
<4>RDX: 0000000000000002 RSI: 0000000000000056 RDI: 0000000000000056
<4>RBP: ffff8830d8c678d8 R08: 0000000000000000 R09: 0000000000000000
<4>R10: 0000000000000001 R11: 000000000000000a R12: ffff88309172f380
<4>R13: ffff88402069c000 R14: ffff8822b2338a40 R15: 0000000000000000
<4>FS: 00007f1e9f601700(0000) GS:ffff880193840000(0000) knlGS:0000000000000000
<4>CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>CR2: 0000000000000000 CR3: 00000030dd459000 CR4: 00000000000007e0
<4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
<4>Process oracle (pid: 22302, threadinfo ffff8830d8c66000, task ffff8840217d0ae0)
<4>Stack:
<4> ffff884016f44380 ffff884016f44380 ffff888022b582f8 ffff884016f44380
<4><d> ffff8830d8c678d8 ffffffffa00cdea1 ffff8830d8c67868 ffffffff00096300
<4><d> 0000271000000800 ffff8880000007d0 0000000000000056 ffff88402069d448
<4>Call Trace:
<4> [<ffffffffa00cdea1>] ? sd_prep_fn+0x81/0xf30 [sd_mod]
<4> [<ffffffff81380095>] scsi_dispatch_cmd+0xe5/0x310
<4> [<ffffffff813889ee>] scsi_request_fn+0x5ee/0x7a0
<4> [<ffffffff812656e1>] __blk_run_queue+0x31/0x40
<4> [<ffffffff81260b8a>] elv_insert+0xfa/0x190
<4> [<ffffffff81260c60>] __elv_add_request+0x40/0x90
<4> [<ffffffff812650cd>] blk_insert_cloned_request+0x7d/0xc0
<4> [<ffffffffa00022fc>] dm_dispatch_request+0x3c/0x70 [dm_mod]
<4> [<ffffffffa0003a92>] dm_request_fn+0x172/0x2e0 [dm_mod]
<4> [<ffffffff81260bb0>] ? elv_insert+0x120/0x190
<4> [<ffffffff81265882>] __generic_unplug_device+0x32/0x40
<4> [<ffffffff81267ad8>] blk_queue_bio+0x1b8/0x620
<4> [<ffffffffa00036f5>] dm_request+0x155/0x1a0 [dm_mod]
<4> [<ffffffff81266a40>] generic_make_request+0x240/0x5a0
<4> [<ffffffff81121d45>] ? mempool_alloc_slab+0x15/0x20
<4> [<ffffffff81121ee3>] ? mempool_alloc+0x63/0x140
<4> [<ffffffff81266e10>] submit_bio+0x70/0x120
<4> [<ffffffff8126b635>] __blkdev_issue_flush+0xa5/0xe0
<4> [<ffffffff8126b686>] blkdev_issue_flush+0x16/0x20
<4> [<ffffffff811c52af>] blkdev_fsync+0x3f/0x70
<4> [<ffffffff811ba6f1>] vfs_fsync_range+0xa1/0x100
<4> [<ffffffff811ba79b>] generic_write_sync+0x4b/0x50
<4> [<ffffffff811c45de>] blkdev_aio_write+0x7e/0xa0
<4> [<ffffffff811c4560>] ? blkdev_aio_write+0x0/0xa0
<4> [<ffffffff811d4bf4>] aio_rw_vect_retry+0x84/0x200
<4> [<ffffffff811d65b4>] aio_run_iocb+0x64/0x170
<4> [<ffffffff811d79e1>] do_io_submit+0x291/0x920
<4> [<ffffffff811d8080>] sys_io_submit+0x10/0x20
<4> [<ffffffff8100b072>] system_call_fastpath+0x16/0x1b
<4>Code: 7e 0e 48 8b 83 10 03 00 00 48 89 83 18 03 00 00 41 8b 84 24 c0 00 00 00 45 31 ff 83 c8 02 41 89 84 24 c0 00 00 00 49 8b 44 24 50 <44> 0f b6 00 0f b6 78 07 0f b6 70 08 0f b6 48 02 0f b6 50 03 44
<1>RIP [<ffffffffa00b1065>] fnic_queuecommand+0x555/0x960 [fnic]
<4> RSP <ffff8830d8c67828>
<4>CR2: 0000000000000000
Environment
Red Hat Enterprise Linux (RHEL) 5
Red Hat Enterprise Linux (RHEL) 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
