Kernel NULL pointer dereference at ipoib_cm_tx_reap+0xc9 / list_del+0x1b

Solution Verified - Updated -


  • An NFS server under a medium to high load with Infiniband network cards has crashed with the kernel NULL pointer dereference at ipoib_cm_tx_reap+0xc9 / list_del+0x1b with the following call trace:
PID: 18499  TASK: ffff8824202b2080  CPU: 0   COMMAND: "ipoib"
 #7 [ffff882412d67cd0] do_page_fault at ffffffff8151339e
 #8 [ffff882412d67d00] page_fault at ffffffff81510755
    [exception RIP: list_del+0x1b]
    RIP: ffffffff81288eeb  RSP: ffff882412d67db0  RFLAGS: 00010046
    RAX: 0000000000000000  RBX: ffff88120ffafad0  RCX: 000000000000af76
    RDX: 0000000000000246  RSI: 0000000000000000  RDI: ffff88120ffafad0
    RBP: ffff882412d67dc0   R8: ffff88120ffafad0   R9: 0040000000000000
    R10: ffffea003b2a59d0  R11: 0000000000000002  R12: ffff88241d564020
    R13: 0000000000000246  R14: ffff88241bd7f880  R15: ffff88241d5646e0
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff882412d67dc8] ipoib_cm_tx_reap at ffffffffa037c619 [ib_ipoib]
#10 [ffff882412d67e38] worker_thread at ffffffff81090ae0
#11 [ffff882412d67ee8] kthread at ffffffff81096936


  • Red Hat Enterprise Linux 6.4, kernel-2.6.32-345.el6 and later (including 2.6.32-358.2.1)
  • Red Hat Enterprise Linux 6.3, kernel-2.6.32-279.21.1.el6 and later

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In