RHEL 7.2 kernel crashed in hpsa driver with NULL pointer dereference at 0000000000000048

Solution Verified - Updated -

Issue

  • crashed in hpsa driver during a disk add
  • crashed in hpsa driver when ruling hpssacli utility
crash> sys
     RELEASE: 3.10.0-327.3.1.el7.x86_64
     VERSION: #1 SMP Fri Nov 20 05:40:26 EST 2015
     MACHINE: x86_64  (2297 Mhz)
      MEMORY: 255.9 GB
       PANIC: "BUG: unable to handle kernel NULL pointer dereference at 0000000000000048"
...
crash> bt
PID: 14999  TASK: ffff881fed0ef300  CPU: 31  COMMAND: "systemd-udevd"
 #0 [ffff881fba90f640] machine_kexec at ffffffff81051beb
 #1 [ffff881fba90f6a0] crash_kexec at ffffffff810f2522
 #2 [ffff881fba90f770] oops_end at ffffffff8163e128
 #3 [ffff881fba90f798] no_context at ffffffff8162e27b
 #4 [ffff881fba90f7e8] __bad_area_nosemaphore at ffffffff8162e311
 #5 [ffff881fba90f830] bad_area at ffffffff8162e635
 #6 [ffff881fba90f858] __do_page_fault at ffffffff81640f95
 #7 [ffff881fba90f8b8] do_page_fault at ffffffff816410c3
 #8 [ffff881fba90f8e0] page_fault at ffffffff8163d388
    [exception RIP: hpsa_scsi_ioaccel_queue_command+50]
    RIP: ffffffffa004cc62  RSP: ffff881fba90f998  RFLAGS: 00010246
    RAX: 0000000000000001  RBX: ffff880036602700  RCX: ffff881fba90fa40
    RDX: 0000000006170007  RSI: ffff880036602700  RDI: ffff881feed08000
    RBP: ffff881fba90fa08   R8: 000000000000000a   R9: ffff881fce536010
    R10: 0000000000000000  R11: 0000000000000001  R12: ffff881feed08000
    R13: 0000000000000000  R14: 00000000df8ee1b0  R15: 0000000000000200
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff881fba90fa10] hpsa_ioaccel_submit at ffffffffa004d4f6 [hpsa]
#10 [ffff881fba90fa88] hpsa_scsi_queue_command at ffffffffa004de7f [hpsa]
#11 [ffff881fba90fad0] scsi_dispatch_cmd at ffffffff81417a9a
#12 [ffff881fba90faf8] scsi_request_fn at ffffffff81420a21
#13 [ffff881fba90fb60] __blk_run_queue at ffffffff812c7323
#14 [ffff881fba90fb78] queue_unplugged at ffffffff812c73da
#15 [ffff881fba90fbb0] blk_flush_plug_list at ffffffff812cbc58
#16 [ffff881fba90fc10] blk_finish_plug at ffffffff812cc064
#17 [ffff881fba90fc28] __do_page_cache_readahead at ffffffff81175c9e
#18 [ffff881fba90fce8] force_page_cache_readahead at ffffffff811761f9
#19 [ffff881fba90fd28] page_cache_sync_readahead at ffffffff81176283
#20 [ffff881fba90fd38] generic_file_aio_read at ffffffff8116a93b
#21 [ffff881fba90fe08] blkdev_aio_read at ffffffff812195ec
#22 [ffff881fba90fe30] do_sync_read at ffffffff811ddbfd
#23 [ffff881fba90ff08] vfs_read at ffffffff811de35c
#24 [ffff881fba90ff38] sys_read at ffffffff811deeaf
#25 [ffff881fba90ff80] system_call_fastpath at ffffffff816458c9

[850164.165588] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
[850164.165593] IP: [<ffffffffa0043c52>] hpsa_scsi_ioaccel_queue_command+0x32/0x7f0 [hpsa]
[850164.165594] PGD 0 
[850164.165595] Oops: 0002 [#1] SMP 
[850164.165616] task: ffff881029148000 ti: ffff881029150000 task.ti: ffff881029150000
[850164.165620] RIP: 0010:[<ffffffffa0043c52>]  [<ffffffffa0043c52>] hpsa_scsi_ioaccel_queue_command+0x32/0x7f0 [hpsa]
[850164.165620] RSP: 0018:ffff88103fc63af0  EFLAGS: 00010246
[850164.165621] RAX: 0000000000000001 RBX: ffff880036a06600 RCX: ffff88103fc63b98
[850164.165622] RDX: 0000000007180008 RSI: ffff880036a06600 RDI: ffff881025560000
[850164.165622] RBP: ffff88103fc63b60 R08: 000000000000000a R09: ffff88102301a010
[850164.165622] R10: 0000000000000001 R11: 0000000000000002 R12: ffff881025560000
[850164.165623] R13: 0000000000000000 R14: 000000003b61ce00 R15: 0000000000000200
[850164.165624] FS:  0000000000000000(0000) GS:ffff88103fc60000(0000) knlGS:0000000000000000
[850164.165624] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[850164.165625] CR2: 0000000000000048 CR3: 000000012ba07000 CR4: 00000000001407e0
[850164.165626] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[850164.165626] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[850164.165626] Stack:
[850164.165630]  ffff88103fc63b98 ffffffff81631ada 0000000000000046 0000000123097300
[850164.165632]  ffff880e666f9e00 ffff88103fc63b98 ffff881007180008 ffffffff00000003
[850164.165633]  ba140e3c64ab85da ffff880036a06600 ffff881025560000 0000000000000400
[850164.165634] Call Trace:
[850164.165635]  <IRQ> 
[850164.165639]  [<ffffffff81631ada>] ? __slab_free+0x10e/0x277
[850164.165643]  [<ffffffffa00444e6>] hpsa_ioaccel_submit.isra.81+0xd6/0x690 [hpsa]
[850164.165646]  [<ffffffff811c0010>] ? process_slab+0x270/0x4a0
[850164.165649]  [<ffffffffa0044e6f>] hpsa_scsi_queue_command+0x18f/0x330 [hpsa]
[850164.165653]  [<ffffffff81417b1a>] scsi_dispatch_cmd+0xaa/0x230
[850164.165656]  [<ffffffff81420aa1>] scsi_request_fn+0x501/0x770
[850164.165660]  [<ffffffff812c73e3>] __blk_run_queue+0x33/0x40
[850164.165662]  [<ffffffff812c7456>] blk_run_queue+0x26/0x40
[850164.165663]  [<ffffffff8141eec8>] scsi_run_queue+0x258/0x2f0
[850164.165665]  [<ffffffff81420d50>] scsi_next_command+0x20/0x40
[850164.165667]  [<ffffffff81420ec5>] scsi_end_request+0x155/0x1d0
[850164.165669]  [<ffffffff814210a3>] scsi_io_completion+0x103/0x600
[850164.165670]  [<ffffffff814163e5>] scsi_finish_command+0xd5/0x130
[850164.165672]  [<ffffffff8142057a>] scsi_softirq_done+0x12a/0x150
[850164.165675]  [<ffffffff812d16a0>] blk_done_softirq+0x90/0xc0
[850164.165677]  [<ffffffff81084b0f>] __do_softirq+0xef/0x280
[850164.165681]  [<ffffffff8164721c>] call_softirq+0x1c/0x30
[850164.165686]  [<ffffffff81016fc5>] do_softirq+0x65/0xa0
[850164.165687]  [<ffffffff81084ea5>] irq_exit+0x115/0x120
[850164.165689]  [<ffffffff81647db8>] do_IRQ+0x58/0xf0
[850164.165691]  [<ffffffff8163d0ed>] common_interrupt+0x6d/0x6d
[850164.165692]  <EOI> 
[850164.165696]  [<ffffffff814d4552>] ? cpuidle_enter_state+0x52/0xc0
[850164.165698]  [<ffffffff814d4699>] cpuidle_idle_call+0xd9/0x210
[850164.165700]  [<ffffffff8101e4be>] arch_cpu_idle+0xe/0x30
[850164.165703]  [<ffffffff810d6305>] cpu_startup_entry+0x245/0x290
[850164.165706]  [<ffffffff810475fa>] start_secondary+0x1ba/0x230
[850164.165716] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 48 89 55 c0 48 89 4d b8 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 4c 8b 6d 10 b0 01 <f0> 41 0f c1 45 48 41 0f b7 55 42 83 c0 01 39 c2 0f 8c 00 02 00 
[850164.165718] RIP  [<ffffffffa0043c52>] hpsa_scsi_ioaccel_queue_command+0x32/0x7f0 [hpsa]
[850164.165719]  RSP <ffff88103fc63af0>
[850164.165719] CR2: 0000000000000048

Environment

  • Red Hat Enterprise Linux (RHEL) 7.2
  • Red Hat Enterprise MRG Realtime 2.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content