RHEL6: oops when (cmd->allowed + 1) accessed in scsi_softirq_done() with hpsa

Solution Verified - Updated -

Issue

System crashes when oops messages are seen
System resets after seeing oops messages
problems with hpsa driver
* RHEL6 system crash with log message similar to the following wit RIP scsi_softirq_done

[366507.509481] ioctl32(.hpacucli:66681): Unknown cmd fd(4) cmd(cc770002){t:00;sz:3191} arg(0a0dde28) on /dev/mptctl
[366507.510077] ioctl32(.hpacucli:66681): Unknown cmd fd(4) cmd(cc770002){t:00;sz:3191} arg(0a0dde28) on /dev/mptctl
[468880.451608] hpsa 0000:03:00.0: resetting device 0:0:0:2
[468881.452539] hpsa 0000:03:00.0: device is ready.
[468908.784609] BUG: unable to handle kernel NULL pointer dereference at 0000000000000044
[468908.785465] IP: [<ffffffff81362a62>] scsi_softirq_done+0x32/0x170
[468908.786377] PGD 4056b5b067 PUD 0 
[468908.787304] Oops: 0000 [#1] SMP 
[468908.788252] last sysfs file: /sys/devices/system/cpu/cpu79/cache/index2/shared_cpu_map
[468908.789369] CPU 20 
[468908.789400] Modules linked in: mptctl mptbase nfs lockd fscache nfs_acl auth_rpcgss sunrpc bonding ipv6 power_meter bnx2 netxen_nic microcode serio_raw iTCO_wdt iTCO_vendor_support hpilo hpwdt sg i7core_edac edac_core shpchp ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif lpfc scsi_transport_fc scsi_tgt pata_acpi ata_generic ata_piix hpsa radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]
[468908.797076] 
[468908.798882] Pid: 0, comm: swapper Not tainted 2.6.32-220.13.1.el6.x86_64 #1 HP ProLiant DL580 G7
[468908.800908] RIP: 0010:[<ffffffff81362a62>]  [<ffffffff81362a62>] scsi_softirq_done+0x32/0x170
[468908.803079] RSP: 0018:ffff8820b8803e90  EFLAGS: 00010286
[468908.805237] RAX: 0000000000000018 RBX: 0000000000000000 RCX: ffff8820b8803ec0
[468908.807505] RDX: ffff8820b8803ec0 RSI: 0000000000000000 RDI: ffff882fedde6360
[468908.809813] RBP: ffff8820b8803eb0 R08: ffff8820b8812eb0 R09: 0000000000000bb8
[468908.812178] R10: 0001aabc8fbfdc29 R11: 0000000000000001 R12: ffffffff81a830a0
[468908.814622] R13: 0000000000000000 R14: 0000000000000100 R15: 0000000000000004
[468908.817119] FS:  0000000000000000(0000) GS:ffff8820b8800000(0000) knlGS:0000000000000000
[468908.819696] CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[468908.822326] CR2: 0000000000000044 CR3: 0000004058462000 CR4: 00000000000006e0
[468908.825058] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[468908.827827] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[468908.830611] Process swapper (pid: 0, threadinfo ffff883059f0a000, task ffff8820594c0100)
[468908.833500] Stack:
[468908.836394]  ffff8820b8803ec0 ffffffff81a830a0 0000000000000020 0000000000000100
[468908.836523] <0> ffff8820b8803ee0 ffffffff812566e5 ffff8820b8803ec0 ffff8820b8803ec0
[468908.839603] <0> ffffffff810a0f82 0000000000000001 ffff8820b8803f50 ffffffff81072191
[468908.845865] Call Trace:
[468908.849087]  <IRQ> 
[468908.852319]  [<ffffffff812566e5>] blk_done_softirq+0x85/0xa0
[468908.855668]  [<ffffffff810a0f82>] ? update_ts_time_stats+0x72/0x90
[468908.859072]  [<ffffffff81072191>] __do_softirq+0xc1/0x1d0
[468908.862508]  [<ffffffff81012b09>] ? sched_clock+0x9/0x10
[468908.865974]  [<ffffffff8100c24c>] call_softirq+0x1c/0x30
[468908.869471]  [<ffffffff8100de85>] do_softirq+0x65/0xa0
[468908.873010]  [<ffffffff81071f75>] irq_exit+0x85/0x90
[468908.876586]  [<ffffffff8102a3a5>] smp_call_function_single_interrupt+0x35/0x40
[468908.880254]  [<ffffffff8100bdb3>] call_function_single_interrupt+0x13/0x20
[468908.883971]  <EOI> 
[468908.888042]  [<ffffffff812c4e5e>] ? intel_idle+0xde/0x170
[468908.891873]  [<ffffffff812c4e41>] ? intel_idle+0xc1/0x170
[468908.895712]  [<ffffffff813fa3f7>] cpuidle_idle_call+0xa7/0x140
[468908.899608]  [<ffffffff81009e06>] cpu_idle+0xb6/0x110
[468908.903537]  [<ffffffff814e643c>] start_secondary+0x202/0x245
[468908.903539] Code: 20 48 89 1c 24 4c 89 64 24 08 4c 89 6c 24 10 4c 89 74 24 18 0f 1f 44 00 00 48 8b 9f d8 00 00 00 44 8b af 38 01 00 00 48 8d 43 18 <44> 8b 73 44 48 c7 43 30 00 00 00 00 48 89 43 18 48 89 43 20 48 
[468908.903558] RIP  [<ffffffff81362a62>] scsi_softirq_done+0x32/0x170
[468908.903562]  RSP <ffff8820b8803e90>
[468908.903563] CR2: 0000000000000044

Environment

  • Red Hat Enterprise Linux 6.3
  • HP Smart Array hardware
  • hpsa driver

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content