RHEL7: The kernel crashed with a NULL pointer dereference taken place in qla2x00_sp_free_dma().

Solution Verified - Updated -

Issue

  • The kernel crashed with a NULL pointer dereference taken place in qla2x00_sp_free_dma().

  • The panic message observed in kernel ring buffer:

[553875.802902] BUG: unable to handle kernel NULL pointer dereference at 0000000000000374
[553875.802932] IP: [<ffffffffa02458e7>] qla2x00_sp_free_dma+0xe7/0x280 [qla2xxx]
[553875.802963] PGD 0 
[553875.802971] Oops: 0002 [#1] SMP 
[553875.802984] Modules linked in: dccp_diag dccp unix_diag af_packet_diag netlink_diag tcp_diag udp_diag inet_diag clpka(OE) clpkhb(OE) symap_rh_ES_7_3_10_0_123_el7_x86_64(POE) symev_rh_ES_7_3_10_0_123_el7_x86_64(OE) lin_tape(OE) binfmt_misc pfo(OE) bonding intel_powerclamp coretemp intel_rapl kvm_intel kvm iTCO_wdt ch iTCO_vendor_support mxm_wmi crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd dm_service_time pcspkr osst st sb_edac ses edac_core enclosure ipmi_ssif lpc_ich sg mfd_core mei_me mei shpchp ipmi_si wmi ipmi_msghandler acpi_pad acpi_power_meter nfsd auth_rpcgss nfs_acl lockd grace sunrpc dm_multipath ip_tables ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif crct10dif_generic usb_storage crct10dif_pclmul crct10dif_common crc32c_intel mgag200 syscopyarea
[553875.803208]  sysfillrect ahci sysimgblt libahci drm_kms_helper ttm libata drm qla2xxx(OE) igb(OE) ptp scsi_transport_fc pps_core dca i2c_algo_bit scsi_tgt i2c_core megaraid_sas(OE) dm_mirror dm_region_hash dm_log dm_mod
[553875.803269] CPU: 0 PID: 0 Comm: swapper/0 Tainted: P           OE  ------------   3.10.0-327.el7.x86_64 #1
[553875.803294] Hardware name: Cisco Systems Inc UCSC-C240-M4SX/UCSC-C240-M4SX, BIOS C240M4.3.0.3a.0.0321172111 03/21/2017
[553875.803320] task: ffffffff81951440 ti: ffffffff8193c000 task.ti: ffffffff8193c000
[553875.803339] RIP: 0010:[<ffffffffa02458e7>]  [<ffffffffa02458e7>] qla2x00_sp_free_dma+0xe7/0x280 [qla2xxx]
[553875.803368] RSP: 0018:ffff88085fc03c48  EFLAGS: 00010046
[553875.803382] RAX: 0000000000000000 RBX: ffff881050d90a00 RCX: 0000000180190000
[553875.803400] RDX: 0000000180190001 RSI: ffffea0041436400 RDI: 0000000040002000
[553875.803418] RBP: ffff88085fc03c90 R08: ffff881050d90a00 R09: 0000000180190000
[553875.803436] R10: ffffffff8116be27 R11: ffffea0041436400 R12: 0000000000000000
[553875.803454] R13: ffff880035e10740 R14: ffff88084e424000 R15: ffff881050d90a00
[553875.803473] FS:  0000000000000000(0000) GS:ffff88085fc00000(0000) knlGS:0000000000000000
[553875.803493] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[553875.803508] CR2: 0000000000000374 CR3: 000000000194a000 CR4: 00000000003407f0
[553875.803526] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[553875.803544] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[553875.803562] Stack:
[553875.803569]  ffff8810520a0e00 ffff8810520a0380 ffff8810512b1bc0 ffff88085fc03c70
[553875.803592]  ffff881050d90a00 ffff8810520a0380 ffff880035e10740 ffff88084e436000
[553875.803615]  ffff88084e424000 ffff88085fc03cb0 ffffffffa0245e95 ffff880035e10740
[553875.803637] Call Trace:
[553875.803645]  <IRQ> 
[553875.803655] 
[553875.803665]  [<ffffffffa0245e95>] qla2x00_sp_compl+0x35/0x90 [qla2xxx]
[553875.803685]  [<ffffffffa0271292>] qla2x00_process_completed_request+0x42/0xd0 [qla2xxx]
[553875.803711]  [<ffffffffa027192c>] qla2x00_status_entry+0x3ec/0x1360 [qla2xxx]
[553875.803733]  [<ffffffff8141eec8>] ? scsi_run_queue+0x258/0x2f0
[553875.803750]  [<ffffffff810bd008>] ? __enqueue_entity+0x78/0x80
[553875.803767]  [<ffffffff810c34b7>] ? enqueue_entity+0x237/0x890
[553875.803788]  [<ffffffffa027328e>] qla24xx_process_response_queue+0x19e/0x510 [qla2xxx]
[553875.803810]  [<ffffffff813da6b4>] ? add_interrupt_randomness+0x184/0x1b0
[553875.803830]  [<ffffffff810aa209>] ? hrtimer_get_next_event+0x49/0x70
[553875.803851]  [<ffffffffa02757eb>] qla24xx_msix_rsp_q+0x8b/0xe0 [qla2xxx]
[553875.803870]  [<ffffffff8111c2be>] handle_irq_event_percpu+0x3e/0x1e0
[553875.804520]  [<ffffffff8111c49d>] handle_irq_event+0x3d/0x60
[553875.805156]  [<ffffffff8111f137>] handle_edge_irq+0x77/0x130
[553875.805796]  [<ffffffff81016ecf>] handle_irq+0xbf/0x150
[553875.806429]  [<ffffffff810e131a>] ? tick_check_idle+0x8a/0xd0
[553875.807051]  [<ffffffff81647daf>] do_IRQ+0x4f/0xf0
[553875.807656]  [<ffffffff8163d0ed>] common_interrupt+0x6d/0x6d
[553875.808260]  <EOI> 
[553875.808266] 
[553875.808864]  [<ffffffff814d4552>] ? cpuidle_enter_state+0x52/0xc0
[553875.809460]  [<ffffffff814d4548>] ? cpuidle_enter_state+0x48/0xc0
[553875.810034]  [<ffffffff814d4699>] cpuidle_idle_call+0xd9/0x210
[553875.810598]  [<ffffffff8101e4be>] arch_cpu_idle+0xe/0x30
[553875.811142]  [<ffffffff810d6305>] cpu_startup_entry+0x245/0x290
[553875.811674]  [<ffffffff81624e07>] rest_init+0x77/0x80
[553875.812187]  [<ffffffff81a8d057>] start_kernel+0x429/0x44a
[553875.812679]  [<ffffffff81a8ca37>] ? repair_env_string+0x5c/0x5c
[553875.813155]  [<ffffffff81a8c120>] ? early_idt_handlers+0x120/0x120
[553875.813622]  [<ffffffff81a8c5ee>] x86_64_start_reservations+0x2a/0x2c
[553875.814068]  [<ffffffff81a8c742>] x86_64_start_kernel+0x152/0x175
[553875.814516] Code: 43 48 8b 45 c0 4c 89 ff 48 c7 80 18 01 00 00 00 00 00 00 49 8b 47 10 48 8b 80 28 02 00 00 48 8b 70 08 e8 fd 68 f2 e0 49 8b 47 10 <f0> ff 88 74 03 00 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d 
[553875.815447] RIP  [<ffffffffa02458e7>] qla2x00_sp_free_dma+0xe7/0x280 [qla2xxx]
[553875.815898]  RSP <ffff88085fc03c48>
[553875.816339] CR2: 0000000000000374

Environment

  • kernel-3.10.0-327.el7
  • qla2xxx driver (3rd party)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content