On Thu, 2020-01-09 at 06:22 -0800, Christoph Hellwig wrote: > On Thu, Jan 09, 2020 at 02:27:25PM +0530, Abdul Haleem wrote: > > + CC Christoph Hellwig > > The only thing this commit changed for the dma coherent case (which > ppc64 uses) is that we now look up the page to free by the DMA address > instead of the virtual address passed in. Which suggests this call > stack passes in a broken dma address. I suspect we somehow managed > to disable the ppc iommu bypass mode after allocating memory, which > would cause symptoms like this, and thus the commit is just exposing > a pre-existing problem. Trace with printk added for page->addr, will this help ? mpt3sas_cm0: removing handle(0x000f), sas_addr(0x500304801f080d3d) mpt3sas_cm0: enclosure logical id(0x500304801f080d3f), slot(12) mpt3sas_cm0: enclosure level(0x0000), connector name( ) mpt3sas_cm0: mpt3sas_transport_port_remove: removed: sas_addr(0x500304801f080d3f) mpt3sas_cm0: expander_remove: handle(0x0009), sas_addr(0x500304801f080d3f) mpt3sas_cm0: sending diag reset !! mpt3sas_cm0: diag reset: SUCCESS page->vaddr = 0xc000003f2d200000 page->vaddr = 0xc000003f2ef00000 page->vaddr = 0xc000003f38430000 page->vaddr = 0xc000003f3d7d0000 page->vaddr = 0xc000003f75760000 BUG: Unable to handle kernel data access on write at 0xc04a000000017c34 Faulting instruction address: 0xc0000000002fb2b0 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: iptable_mangle xt_MASQUERADE iptable_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv4 ipt_REJECT nf_reject_ipv4 xt_tcpudp tun bridge stp llc btrfs blake2b_generic xor zstd_decompress zstd_compress lzo_compress iptable_filter raid6_pq mpt3sas(-) vmx_crypto gf128mul nfsd powernv_rng rng_core raid_class scsi_transport_sas kvm_hv kvm binfmt_misc ip_tables x_tables xfs libcrc32c qla2xxx ixgbe i40e nvme_fc nvme_fabrics mdio nvme_core autofs4 CPU: 13 PID: 17267 Comm: rmmod Not tainted 5.5.0-rc5-next-20200108-autotest-00002-g36e1367-dirty #1 NIP: c0000000002fb2b0 LR: c0000000001aa5b4 CTR: c00000000004a010 REGS: c000003fc3f9f5d0 TRAP: 0380 Not tainted (5.5.0-rc5-next-20200108-autotest-00002-g36e1367-dirty) MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 22002424 XER: 20000000 CFAR: c0000000001aa5b0 IRQMASK: 0 GPR00: c00000000004a0a8 c000003fc3f9f860 c000000001311300 c04a000000017c00 GPR04: 0000000000000000 c000003f75760000 003e000000017c00 0000000000000000 GPR08: 0000000000000000 c0000000013bd000 c04a000000017c34 00000000000005bf GPR12: c00000000004a010 c000003fffff4a80 0000000000000000 0000000000000000 GPR16: 0000000000000000 0000000000000000 000001001b4e0180 0000000010020098 GPR20: 0000000010020050 0000000010020038 0000000010020078 0000000005f00000 GPR24: c000000000d4e8a8 c000000000d4e8c8 0000000005f00000 0000000000000000 GPR28: c000000001299398 c000003f75760000 0000000000010000 c000003fdde0d0a8 NIP [c0000000002fb2b0] __free_pages+0x10/0x50 LR [c0000000001aa5b4] dma_direct_free_pages+0x54/0x90 Call Trace: [c000003fc3f9f860] [c000000000d4e8a8] str_spec.72296+0x199114/0x2009cc (unreliable) [c000003fc3f9f880] [c00000000004a0a8] dma_iommu_free_coherent+0x98/0xd0 [c000003fc3f9f8d0] [c0000000001a95e8] dma_free_attrs+0xf8/0x100 [c000003fc3f9f920] [c00000000031205c] dma_pool_destroy+0x19c/0x230 [c000003fc3f9f9d0] [c00800001c181e98] _base_release_memory_pools+0x1d8/0x4b0 [mpt3sas] [c000003fc3f9fa60] [c00800001c18b9f0] mpt3sas_base_detach+0x40/0x150 [mpt3sas] [c000003fc3f9fad0] [c00800001c19c92c] scsih_remove+0x24c/0x3e0 [mpt3sas] [c000003fc3f9fb90] [c0000000006126a4] pci_device_remove+0x64/0x110 [c000003fc3f9fbd0] [c0000000006c7ea4] device_release_driver_internal+0x154/0x260 [c000003fc3f9fc10] [c0000000006c807c] driver_detach+0x8c/0x140 [c000003fc3f9fc50] [c0000000006c6188] bus_remove_driver+0x78/0x100 [c000003fc3f9fc80] [c0000000006c8d90] driver_unregister+0x40/0x90 [c000003fc3f9fcf0] [c000000000611dc8] pci_unregister_driver+0x38/0x110 [c000003fc3f9fd40] [c00800001c1af108] _mpt3sas_exit+0x50/0x40c8 [mpt3sas] [c000003fc3f9fda0] [c0000000001d8ed8] sys_delete_module+0x1a8/0x2a0 [c000003fc3f9fe20] [c00000000000b9d0] system_call+0x5c/0x68 Instruction dump: 88830051 2fa40000 41de0008 4bffe87c 7d234b78 4bfffe94 60000000 60420000 3c4c0101 38426060 39430034 7c0004ac <7d005028> 3108ffff 7d00512d 40c2fff4 ---[ end trace c5ab52378eb942ad ]--- Segmentation fault -- Regard's Abdul Haleem IBM Linux Technology Centre