Solaris 11.1 and 11.2 system can panic with heap corruption in qlc_8100_delete_queues (Doc ID 1927538.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 11.1 to 11.2 [Release 11.0]
Oracle Solaris on SPARC (64-bit)
Oracle Solaris on x86-64 (64-bit)

Symptoms

Systems running Solaris 11.1 or 11.2 may panic with a panic messages similar to the following:

kernel memory allocator: buffer freed to wrong cache
buffer was allocated from kmem_alloc_1152,
caller attempting free to kmem_alloc_8.
buffer=c4001c612540  bufctl=40018c757c0  cache: kmem_alloc_8

panic[cpu0]/thread=c4001c68e420: kernel heap corruption detected

000002a1013385f0 genunix:kmem_error+4b8 (40018c757c0, 18, c4001c612540, 30000670030, 40018c739e0, 6)
  %l0-3: 00000000012e1400 00000000012e1400 00000000012e1400 0000c4001c6129c0
  %l4-7: 00000000012e1400 0000030000572098 0000000000000006 0000000000000338
000002a1013386c0 qlc:qlc_8100_delete_queues+d8 (c400310314e8, 14e8, 14f0, c40031030000, 1480, 1480)
  %l0-3: 0000000000001400 0000000000000001 0000000000001488 0000000000000001
  %l4-7: 0000000000001488 0000000000000001 0000000000000000 0000000000000000
000002a101338770 qlc:qlc_hba_detach+19c (4000, c400310314e8, c40031030000, 14e8, 0, c40031bb5580)
  %l0-3: 0000c40031030000 0000000000001508 0000000000001400 000000007ab7e000
  %l4-7: 000000007aaef6ac 000000007ab36c50 000000007ab36c00 0000000000000000
000002a101338830 qlc:qlc_free_resources+17c (40009f7bb78, 0, 70322400, 2, c40031bb5580, 18400)
  %l0-3: 0000000000002000 0000000000000100 0000000000000800 0000000000004400
  %l4-7: 0000000070304e40 0000c40031030000 000000007ab37324 0000c4001ae48100
000002a1013388e0 qlc:qlc_detach+204 (40009f7bb78, 0, 16a8, c40031bb5580, c40031030000, c40031bb5580)
  %l0-3: 000000017f91c007 0000000070304e38 0000000070322400 0000000070304c00
  %l4-7: 0000000070322400 0000000000000002 0000c40031bb5580 0000c4001d19a7c0
000002a101338990 genunix:devi_detach+9c (40009f7bb78, 0, 40010, 0, 0, 7ab28ac8)
  %l0-3: 0000000000010bdd 0000c4003199f998 0000c4003199f948 0000c4003199f95a
  %l4-7: 0000c4003199f998 0000000000000000 0000000000003006 0000000000003000
000002a101338a60 genunix:detach_node+60 (40009f7bb78, 40010, 50000000, 0, 40010, 0)
  %l0-3: 00000000106588e8 0000000000000000 00000000012dc400 0000000010658800
  %l4-7: 00000000106588e8 00000000106b0400 0000000000000000 0000000000000001
000002a101338b10 genunix:i_ndi_unconfig_node+148 (40009f7bb78, 130, 20000, 4, 40010, 0)
  %l0-3: 0000040009f7bbe0 00000000fffdffff 00000000106478c0 00000000106478b8
  %l4-7: 0000000010647800 0000000010647800 00000000fffdfc00 0000000000000005
000002a101338bc0 genunix:i_ddi_detachchild+14 (40009f7bb78, 40010, 0, ffffffffffffffff, 0, 40009f7bbe0)
  %l0-3: 0000000000000000 0000000070304198 00000000703229f0 000000000000000a
  %l4-7: 0000000000000000 00000000012dc800 0000000000000000 0000000000000016
000002a101338c70 genunix:devi_detach_node+e4 (40009f7bb78, 40000, 0, 40009f7bb78, 10647800, ffffffffffffffff)
  %l0-3: 0000000000000001 0000000000040010 0000040009f7e940 0000000000000010
  %l4-7: 0000000000000002 0000000000000003 0000000000001000 0000000000040000
000002a101338d60 genunix:ndi_devi_offline+17c (40009f7bb78, 0, 0, 40009f7e940, 40000, ffffffffffffffff)
  %l0-3: 0000000000040010 0000c4001bfdc900 0000000000001000 0000000000000003
  %l4-7: 0000c4001c68e420 0000000000000003 0000000000040010 0000000000003000
000002a101338e20 genunix:ddihp_cn_change_children_state+178 (c4001b04ac08, 0, 0, 0, 2, c4003d1b8720)
  %l0-3: 0000040009f7bb78 0000c4001b04ac10 0000040009f7e940 0000000000001000
  %l4-7: 0000c4001b04aa28 0000000000000000 0000000000000000 0000040009f7e940
000002a101338ee0 genunix:ddihp_cn_pre_change_state+38 (c4001b04ac08, 2a1013390f8, ffffffffffffffff, 0, 0, 3000)
  %l0-3: 00000000000013fc 0000000000004000 0000000000004000 0000040009f7e940
  %l4-7: 0000000000ffffff 000002a101338e08 0000000000000001 0000000000000008
000002a101338f90 genunix:ddihp_connector_ops+20 (c4001b04ac08, 2, 2a1013390f8, 2a101339118, 2a101339118, 3000)
  %l0-3: 0000000000000000 0000040009f7e9a8 0000000010454270 0000040009f7e940
  %l4-7: 0000000000000002 000002a1013390f8 0000000000000007 0000000000000007
000002a101339040 genunix:ddihp_modctl+240 (2, c4001b04ac08, c4001c0bf1c0, ea8abcec, 0, 40009f7e940)
  %l0-3: 0000000000000002 0000000000000004 0000000010659400 000000000000000c
  %l4-7: 0000000000000003 0000000000000003 0000000000000004 0000000010659400
000002a101339120 genunix:modctl_hp+f4 (108, 12cd400, 0, ea8abcec, 0, 100)
  %l0-3: 0000000000000012 0000000000000012 0000000000000000 0000c4001dfb4640
  %l4-7: 0000000000000400 0000c4001c0bf1c0 00000000012cd428 0000000000000000
000002a1013391e0 genunix:modctl+50c (b4, 0, 6af938, 6af990, ea8abcec, 0)
  %l0-3: 0000000051030000 0000000000005103 000000000000002d 00000000012cd750
  %l4-7: 00000000012cd400 0000000000000000 000000000000002d 00000000000005b8

syncing file systems... done
dumping to /dev/zvol/dsk/rpool/dump, offset 65536, content: kernel

 ** Note: This panic stack has kmem_flags enabled which is the standard procedure when corruption is suspected.





Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms