Kernel NULL pointer dereference at ipoib_cm_tx_reap+0xc9 / list_del+0x1b

Solution Verified - Updated -

Issue

  • An NFS server under a medium to high load with Infiniband network cards has crashed with the kernel NULL pointer dereference at ipoib_cm_tx_reap+0xc9 / list_del+0x1b with the following call trace:
PID: 18499  TASK: ffff8824202b2080  CPU: 0   COMMAND: "ipoib"
 #7 [ffff882412d67cd0] do_page_fault at ffffffff8151339e
 #8 [ffff882412d67d00] page_fault at ffffffff81510755
    [exception RIP: list_del+0x1b]
    RIP: ffffffff81288eeb  RSP: ffff882412d67db0  RFLAGS: 00010046
    RAX: 0000000000000000  RBX: ffff88120ffafad0  RCX: 000000000000af76
    RDX: 0000000000000246  RSI: 0000000000000000  RDI: ffff88120ffafad0
    RBP: ffff882412d67dc0   R8: ffff88120ffafad0   R9: 0040000000000000
    R10: ffffea003b2a59d0  R11: 0000000000000002  R12: ffff88241d564020
    R13: 0000000000000246  R14: ffff88241bd7f880  R15: ffff88241d5646e0
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff882412d67dc8] ipoib_cm_tx_reap at ffffffffa037c619 [ib_ipoib]
#10 [ffff882412d67e38] worker_thread at ffffffff81090ae0
#11 [ffff882412d67ee8] kthread at ffffffff81096936

Environment

  • Red Hat Enterprise Linux 6.4, kernel-2.6.32-345.el6 and later (including 2.6.32-358.2.1)
  • Red Hat Enterprise Linux 6.3, kernel-2.6.32-279.21.1.el6 and later

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content