My HP C8000 (an PA-RISC based system) crashed with an HPMC. That triggered the HPMC handler in the kernel, and i got a crash in _base_fault_reset_work() from mpt3sas. It looks like this function calls ioc->schedule_dead_ioc_flush_running_cmds() without checking whether there's actually a function set, so it dereferences a NULL pointer on that system. The c8000 actually uses the mptspi driver instead of mpt3sas which doesn't seem to set this handler. Signed-off-by: Sven Schnelle <svens@xxxxxxxxxxxxxx> --- Disclaimer: I have no idea about the inner workings of the MPT Fusion drivers. So this might be completely wrong. drivers/message/fusion/mptbase.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c index 7f7abc9069f7..38f5aa43b457 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c @@ -381,7 +381,8 @@ mpt_fault_reset_work(struct work_struct *work) * since dead ioc will never return any command back from HW. */ hd = shost_priv(ioc->sh); - ioc->schedule_dead_ioc_flush_running_cmds(hd); + if (ioc->schedule_dead_ioc_flush_running_cmds) + ioc->schedule_dead_ioc_flush_running_cmds(hd); /*Remove the Dead Host */ p = kthread_run(mpt_remove_dead_ioc_func, ioc, -- 2.33.0
