I got many crashes exactly in the same point: scsi_ifgetcap() is causing the crashes. This does not happen during the device attachment, but only in open() entry point. In order for our issue to be reproduced, the open() system call needs to be executed.
Got the stack dumps from all the crashes, and all the crashes happens exactly in the same point. ( fcp_commoncap+18 )
I discovered that crashes are caused by setting values in a scsi_device_t variable, right before scsi_ifsetcap() function.
/* next two lines causes system crashes */
scsi_device.sd_address.a_target = target;
scsi_device.sd_address.a_lun = lun;
rc = scsi_ifgetcap( scsi_device, "xxxxx", THIS);
Checking those lines, I realized that those values (scsi_device.sd_address.a_target and a_lun ) has incorrect data. Older Solaris versions has correct data, but solaris 11 does not. Something changed in Solaris 11 and that source code now hangs the entire system in scsi_ifgetcap function and this didn't happen before.