diff options
author | Duane Grigsby <Duane.Grigsby@cavium.com> | 2017-08-23 15:05:01 -0700 |
---|---|---|
committer | Martin K. Petersen <martin.petersen@oracle.com> | 2017-08-24 22:29:20 -0400 |
commit | a17305954d732ace786095ed6c911782c18529b9 (patch) | |
tree | 78d1aabef3400983794a5feb8ace6def1054e5f0 /drivers/scsi/qla2xxx | |
parent | efdb57607fb0447e05eb0ce404d6a708a76e4ba7 (diff) |
scsi: qla2xxx: Fix system panic due to pointer access problem
[ 1013.772926] BUG: unable to handle kernel paging request at 0000000300000020
[ 1013.772950] IP: qla24xx_els_ct_entry.isra.17+0x78/0x2a0 [qla2xxx]
[ 1013.772951] PGD 0
[ 1013.772952] P4D 0
[ 1013.772952]
[ 1013.772953] Oops: 0000 [#1] SMP
[ 1013.772955] Modules linked in: qla2xxx(+) scsi_transport_fc nvme_fc
nvme_fabrics nvme_core netconsole configfs af_packet iscsi_ibft
iscsi_boot_sysfs xfs intel_rapl sb_edac libcrc32c x86_pkg_temp_thermal
intel_powerclamp coretemp mgag200 kvm_intel ttm kvm drm_kms_helper
ipmi_ssif irqbypass tg3 drm fb_sys_fops crct10dif_pclmul syscopyarea
crc32_pclmul ghash_clmulni_intel ptp pcbc sysfillrect pps_core
aesni_intel joydev aes_x86_64 sysimgblt crypto_simd iTCO_wdt libphy
iTCO_vendor_support i2c_algo_bit glue_helper ipmi_si lpc_ich hpwdt
ioatdma cryptd ipmi_devintf pcspkr mfd_core pcc_cpufreq ipmi_msghandler
hpilo thermal dca button shpchp btrfs xor raid6_pq hid_generic usbhid
sr_mod cdrom sd_mod ata_generic crc32c_intel serio_raw ata_piix ahci
libahci uhci_hcd ehci_pci ehci_hcd libata usbcore hpsa scsi_transport_sas
[ 1013.772994] sg scsi_mod autofs4
[ 1013.772998] CPU: 0 PID: 374 Comm: systemd-journal Not tainted 4.13.0-rc1-2-default #2
[ 1013.772999] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 07/15/2012
[ 1013.773000] task: ffff88082c188380 task.stack: ffffc90004d7c000
[ 1013.773011] RIP: 0010:qla24xx_els_ct_entry.isra.17+0x78/0x2a0 [qla2xxx]
[ 1013.773012] RSP: 0000:ffff88042f603d90 EFLAGS: 00010082
[ 1013.773013] RAX: ffff88039f723ac8 RBX: ffff88039f723ac8 RCX: ffff8803a2e18010
[ 1013.773014] RDX: ffff88039f723ac0 RSI: ffff88042f603dc4 RDI: ffff88041b6787c0
[ 1013.773015] RBP: ffff88042f603e00 R08: 0000000000000002 R09: 000000000000000d
[ 1013.773016] R10: 0000000000000002 R11: 0000000000000000 R12: ffff8803a2e80080
[ 1013.773016] R13: ffff88041b6787c0 R14: 0000000300000000 R15: 0000000000000102
[ 1013.773018] FS: 00007fa2e0a73880(0000) GS:ffff88042f600000(0000) knlGS:0000000000000000
[ 1013.773019] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1013.773020] CR2: 0000000300000020 CR3: 000000042cd7e000 CR4: 00000000000406f0
[ 1013.773021] Call Trace:
[ 1013.773022] <IRQ>
[ 1013.773026] ? consume_skb+0x34/0xa0
[ 1013.773040] qla24xx_process_response_queue+0x319/0x700 [qla2xxx]
[ 1013.773050] qla24xx_msix_rsp_q+0x7b/0xd0 [qla2xxx]
[ 1013.773054] __handle_irq_event_percpu+0x3c/0x1b0
[ 1013.773056] handle_irq_event_percpu+0x23/0x60
[ 1013.773057] handle_irq_event+0x42/0x70
[ 1013.773059] handle_edge_irq+0x8f/0x190
[ 1013.773062] handle_irq+0x1d/0x30
[ 1013.773065] do_IRQ+0x48/0xd0
[ 1013.773067] common_interrupt+0x93/0x93
[ 1013.773068] RIP: 0033:0xed622c6e42
[ 1013.773069] RSP: 002b:00007ffee8b5c820 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff17
[ 1013.773071] RAX: 000000ed6316a3f0 RBX: 000000ed6316a840 RCX: 00000000000c4e33
[ 1013.773071] RDX: 000000ed6316a878 RSI: 000000ed6316a840 RDI: 000000ed631682d0
[ 1013.773072] RBP: 0000000000000001 R08: 0000000000000001 R09: 000000ed63179b70
[ 1013.773073] R10: 000000000005f6f8 R11: 0000000000000202 R12: 0000000000000001
[ 1013.773074] R13: 00007ffee8b5c85c R14: 000000ed6316a840 R15: 00007ffee8b5c850
[ 1013.773074] </IRQ>
[ 1013.773076] Code: a9 8a 9a e0 48 8d 75 c4 48 89 da 4c 89 e1 4c 89 ef
e8 54 6e fb ff 48 85 c0 48 89 c3 0f 84 0e 02 00 00 44 0f b7 48 36 4c 8b
70 58 <4d> 8b 7e 20 41 8d 41 fd 66 83 f8 0c 77 6c 0f b7 c0 ff 24 c5 88
[ 1013.773102] RIP: qla24xx_els_ct_entry.isra.17+0x78/0x2a0 [qla2xxx] RSP: ffff88042f603d90
[ 1013.773102] CR2: 0000000300000020
[ 1013.773129] ---[ end trace 532363559924f426 ]---
[ 1013.773131] Kernel panic - not syncing: Fatal exception in interrupt
[ 1013.777719] Kernel Offset: disabled
[ 1013.827528] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
Signed-off-by: Duane Grigsby <Duane.Grigsby@cavium.com>
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/qla2xxx')
-rw-r--r-- | drivers/scsi/qla2xxx/qla_isr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index d3a51df27b0d..c6c066186d97 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -1537,8 +1537,6 @@ qla24xx_els_ct_entry(scsi_qla_host_t *vha, struct req_que *req, sp = qla2x00_get_sp_from_handle(vha, func, req, pkt); if (!sp) return; - bsg_job = sp->u.bsg_job; - bsg_reply = bsg_job->reply; type = NULL; switch (sp->type) { @@ -1577,6 +1575,8 @@ qla24xx_els_ct_entry(scsi_qla_host_t *vha, struct req_que *req, /* return FC_CTELS_STATUS_OK and leave the decoding of the ELS/CT * fc payload to the caller */ + bsg_job = sp->u.bsg_job; + bsg_reply = bsg_job->reply; bsg_reply->reply_data.ctels_reply.status = FC_CTELS_STATUS_OK; bsg_job->reply_len = sizeof(struct fc_bsg_reply) + sizeof(fw_status); |