> From: Chuck Lever [mailto:chuck.lever@xxxxxxxxxx] > Sent: Tuesday, January 30, 2018 6:47 PM > To: Kalderon, Michal <Michal.Kalderon@xxxxxxxxxx> > Cc: linux-rdma@xxxxxxxxxxxxxxx > Subject: Re: NULL ptr dereference in rpcrdma_regbuf_is_mapped > > > > > On Jan 30, 2018, at 11:43 AM, Kalderon, Michal > <Michal.Kalderon@xxxxxxxxxx> wrote: > > > > Hi Chuck, > > > > Different issue, so started different thread. > > If I unload our driver while there is an open NFS connection I get a > > null pointer dereference in rpcrdma_regbuf_is_mapped the pointer to buf > received in this function is NULL. > > Hi Michal, let's see the backtrace. Sure [root@GAD17990 ~]# [ 169.085616] ib_srpt srpt_remove_one(qedr0): nothing to do. [ 169.112490] rpcrdma: removing device qedr0 for 192.168.110.146:20049 [ 169.143909] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 [ 169.181837] IP: rpcrdma_dma_unmap_regbuf+0xa/0x60 [rpcrdma] [ 169.209157] PGD 0 P4D 0 [ 169.221720] Oops: 0000 [#1] SMP [ 169.237123] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm 8021q garp mrp qedr(-) ib_core xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 tun bridge stp llc fuse ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter dm_mirror dm_region_hash dm_log dm_mod dax vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel sg iTCO_wdt hpilo crypto_simd iTCO_vendor_support [ 169.590977] i2c_i801 glue_helper hpwdt cryptd ioatdma pcspkr lpc_ich ipmi_si shpchp i2c_core wmi dca pcc_cpufreq acpi_power_meter ipmi_devintf mfd_core ipmi_msghandler nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c qede sd_mod qed tg3 ptp crc32c_intel hpsa pps_core scsi_transport_sas [ 169.725580] CPU: 30 PID: 2798 Comm: kworker/30:1H Not tainted 4.14.0-rc8+ #1 [ 169.759488] Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 02/17/2017 [ 169.800084] Workqueue: xprtiod xprt_autoclose [sunrpc] [ 169.824940] task: ffff9f4b6966c380 task.stack: ffffbae6041c4000 [ 169.854591] RIP: 0010:rpcrdma_dma_unmap_regbuf+0xa/0x60 [rpcrdma] [ 169.884029] RSP: 0018:ffffbae6041c7dd0 EFLAGS: 00010287 [ 169.910009] RAX: ffff9f476aa18220 RBX: ffff9f476aa18000 RCX: 0000000000000001 [ 169.945042] RDX: 0000000000000184 RSI: 000000046c1ba100 RDI: 0000000000000000 [ 169.980932] RBP: ffffbae6041c7dd8 R08: 0000000000000000 R09: 000000018020001e [ 170.016169] R10: 000000006b2c6601 R11: ffff9f476b2c6400 R12: ffff9f4768295550 [ 170.051560] R13: ffff9f4768295878 R14: ffff9f47682958e0 R15: ffff9f47682953d0 [ 170.086745] FS: 0000000000000000(0000) GS:ffff9f4b7f980000(0000) knlGS:0000000000000000 [ 170.126491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.154565] CR2: 0000000000000010 CR3: 00000005cec09005 CR4: 00000000001606e0 [ 170.189497] Call Trace: [ 170.201856] rpcrdma_ia_remove+0xca/0x110 [rpcrdma] [ 170.225375] xprt_rdma_close+0x70/0x90 [rpcrdma] [ 170.248093] xprt_autoclose+0x38/0x70 [sunrpc] [ 170.269801] process_one_work+0x149/0x360 [ 170.290135] worker_thread+0x4d/0x3e0 [ 170.308004] kthread+0x109/0x140 [ 170.323668] ? rescuer_thread+0x380/0x380 [ 170.343204] ? kthread_park+0x60/0x60 [ 170.360671] ret_from_fork+0x25/0x30 [ 170.378242] Code: 48 c7 c6 c0 e4 89 c0 48 c7 c7 70 fa 89 c0 31 c0 e8 9f 36 85 d6 e9 e5 fe ff ff 0f 1f 80 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 53 <48> 8b 47 10 48 89 fb 48 85 c0 74 38 8b 4f 18 8b 57 08 48 8b 37 [ 170.469580] RIP: rpcrdma_dma_unmap_regbuf+0xa/0x60 [rpcrdma] RSP: ffffbae6041c7dd0 [ 170.505477] CR2: 0000000000000010 [ 170.522257] ---[ end trace 0f69dc0bd121b690 ]--- [ 170.546716] Kernel panic - not syncing: Fatal exception [ 170.572952] Kernel Offset: 0x16000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 170.628837] ---[ end Kernel panic - not syncing: Fatal exception [ 170.657647] ------------[ cut here ]------------ [ 170.679659] WARNING: CPU: 30 PID: 2798 at kernel/sched/core.c:1179 set_task_cpu+0x191/0x1a0 [ 170.719367] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm 8021q garp mrp qedr(-) ib_core xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 tun bridge stp llc fuse ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter dm_mirror dm_region_hash dm_log dm_mod dax vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel sg iTCO_wdt hpilo crypto_simd iTCO_vendor_support [ 171.072372] i2c_i801 glue_helper hpwdt cryptd ioatdma pcspkr lpc_ich ipmi_si shpchp i2c_core wmi dca pcc_cpufreq acpi_power_meter ipmi_devintf mfd_core ipmi_msghandler nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c qede sd_mod qed tg3 ptp crc32c_intel hpsa pps_core scsi_transport_sas [ 171.204786] CPU: 30 PID: 2798 Comm: kworker/30:1H Tainted: G D 4.14.0-rc8+ #1 [ 171.245766] Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 02/17/2017 [ 171.286989] Workqueue: xprtiod xprt_autoclose [sunrpc] [ 171.311991] task: ffff9f4b6966c380 task.stack: ffffbae6041c4000 [ 171.340762] RIP: 0010:set_task_cpu+0x191/0x1a0 [ 171.362691] RSP: 0018:ffff9f4b7f983c38 EFLAGS: 00010046 [ 171.388519] RAX: 0000000000000200 RBX: ffff9f4b66652d00 RCX: 0000000000000008 [ 171.423127] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff9f4b66652d00 [ 171.457854] RBP: ffff9f4b7f983c58 R08: 00000000ff00ff00 R09: 0000000000000000 [ 171.493635] R10: 0000000000000005 R11: 0000000000000c6c R12: ffff9f4b666537ec [ 171.528287] R13: 0000000000000008 R14: 0000000000000008 R15: 000000000001bb80 [ 171.562311] FS: 0000000000000000(0000) GS:ffff9f4b7f980000(0000) knlGS:0000000000000000 [ 171.602138] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 171.630792] CR2: 0000000000000010 CR3: 00000005cec09005 CR4: 00000000001606e0 [ 171.666624] Call Trace: [ 171.678579] <IRQ> [ 171.688847] try_to_wake_up+0x15d/0x440 [ 171.707708] default_wake_function+0x12/0x20 [ 171.728711] __wake_up_common+0x8a/0x160 [ 171.747913] __wake_up_locked+0x16/0x20 [ 171.766944] ep_poll_callback+0xd0/0x300 [ 171.786061] ? find_next_bit+0xb/0x10 [ 171.804356] __wake_up_common+0x8a/0x160 [ 171.823705] __wake_up_common_lock+0x7e/0xc0 [ 171.844238] __wake_up+0x13/0x20 [ 171.860037] wake_up_klogd_work_func+0x40/0x60 [ 171.881812] irq_work_run_list+0x4d/0x70 [ 171.900977] ? tick_sched_do_timer+0x70/0x70 [ 171.921688] irq_work_tick+0x40/0x50 [ 171.939208] update_process_times+0x42/0x60 [ 171.959871] tick_sched_handle+0x2d/0x60 [ 171.979125] tick_sched_timer+0x39/0x70 [ 171.998012] __hrtimer_run_queues+0xe5/0x230 [ 172.019188] hrtimer_interrupt+0xa8/0x1a0 [ 172.038449] smp_apic_timer_interrupt+0x5f/0x130 [ 172.061660] apic_timer_interrupt+0x9d/0xb0 [ 172.082865] </IRQ> [ 172.092655] RIP: 0010:panic+0x1fd/0x245 [ 172.111274] RSP: 0018:ffffbae6041c7b10 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 172.148505] RAX: 0000000000000034 RBX: 0000000000000000 RCX: 0000000000000006 [ 172.183145] RDX: 0000000000000000 RSI: 0000000000000092 RDI: ffff9f4b7f98e030 [ 172.218508] RBP: ffffbae6041c7b80 R08: 00000000fffffffe R09: 0000000000000c6d [ 172.253436] R10: 0000000000000005 R11: 0000000000000c6c R12: ffffffff97a304c0 [ 172.288829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000046 [ 172.323876] oops_end+0xb8/0xd0 [ 172.339074] no_context+0x1a8/0x400 [ 172.355962] __bad_area_nosemaphore+0xee/0x1d0 [ 172.377507] bad_area_nosemaphore+0x14/0x20 [ 172.397830] __do_page_fault+0x9a/0x4f0 [ 172.416720] ? __slab_free+0x9b/0x2c0 [ 172.434427] do_page_fault+0x38/0x130 [ 172.452423] page_fault+0x22/0x30 [ 172.468930] RIP: 0010:rpcrdma_dma_unmap_regbuf+0xa/0x60 [rpcrdma] [ 172.499075] RSP: 0018:ffffbae6041c7dd0 EFLAGS: 00010287 [ 172.524585] RAX: ffff9f476aa18220 RBX: ffff9f476aa18000 RCX: 0000000000000001 [ 172.559900] RDX: 0000000000000184 RSI: 000000046c1ba100 RDI: 0000000000000000 [ 172.594323] RBP: ffffbae6041c7dd8 R08: 0000000000000000 R09: 000000018020001e [ 172.628972] R10: 000000006b2c6601 R11: ffff9f476b2c6400 R12: ffff9f4768295550 [ 172.664614] R13: ffff9f4768295878 R14: ffff9f47682958e0 R15: ffff9f47682953d0 [ 172.699424] rpcrdma_ia_remove+0xca/0x110 [rpcrdma] [ 172.723165] xprt_rdma_close+0x70/0x90 [rpcrdma] [ 172.745492] xprt_autoclose+0x38/0x70 [sunrpc] [ 172.766956] process_one_work+0x149/0x360 [ 172.786682] worker_thread+0x4d/0x3e0 [ 172.804538] kthread+0x109/0x140 [ 172.820117] ? rescuer_thread+0x380/0x380 [ 172.839845] ? kthread_park+0x60/0x60 [ 172.857255] ret_from_fork+0x25/0x30 [ 172.874616] Code: ff 80 8b ec 07 00 00 04 e9 23 ff ff ff 0f ff e9 bf fe ff ff f7 83 84 00 00 00 fd ff ff ff 0f 84 c9 fe ff ff 0f ff e9 c2 fe ff ff <0f> ff e9 d1 fe ff ff 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 [ 172.964520] ---[ end trace 0f69dc0bd121b691 ]--- [ 172.986715] sched: Unexpected reschedule of offline CPU#8! [ 173.013434] ------------[ cut here ]------------ [ 173.036387] WARNING: CPU: 30 PID: 2798 at arch/x86/kernel/smp.c:128 native_smp_send_reschedule+0x3c/0x40 [ 173.084056] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm 8021q garp mrp qedr(-) ib_core xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 tun bridge stp llc fuse ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter dm_mirror dm_region_hash dm_log dm_mod dax vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel sg iTCO_wdt hpilo crypto_simd iTCO_vendor_support [ 173.436980] i2c_i801 glue_helper hpwdt cryptd ioatdma pcspkr lpc_ich ipmi_si shpchp i2c_core wmi dca pcc_cpufreq acpi_power_meter ipmi_devintf mfd_core ipmi_msghandler nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c qede sd_mod qed tg3 ptp crc32c_intel hpsa pps_core scsi_transport_sas [ 173.571732] CPU: 30 PID: 2798 Comm: kworker/30:1H Tainted: G D W 4.14.0-rc8+ #1 [ 173.612509] Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 02/17/2017 [ 173.652963] Workqueue: xprtiod xprt_autoclose [sunrpc] [ 173.676765] task: ffff9f4b6966c380 task.stack: ffffbae6041c4000 [ 173.705121] RIP: 0010:native_smp_send_reschedule+0x3c/0x40 [ 173.732678] RSP: 0018:ffff9f4b7f983bc0 EFLAGS: 00010046 [ 173.758761] RAX: 000000000000002e RBX: 0000000000000008 RCX: 0000000000000006 [ 173.793600] RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff9f4b7f98e030 [ 173.828260] RBP: ffff9f4b7f983bc0 R08: 00000000fffffffe R09: 0000000000000cb8 [ 173.863983] R10: 0000000000000005 R11: 0000000000000cb7 R12: ffff9f4b7f61bb80 [ 173.898845] R13: ffff9f4b66652d00 R14: ffff9f4b7f983c78 R15: ffff9f4b7f61bb80 [ 173.933362] FS: 0000000000000000(0000) GS:ffff9f4b7f980000(0000) knlGS:0000000000000000 [ 173.973149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 174.001483] CR2: 0000000000000010 CR3: 00000005cec09005 CR4: 00000000001606e0 [ 174.036495] Call Trace: [ 174.048417] <IRQ> [ 174.058474] resched_curr+0xa1/0xc0 [ 174.075648] check_preempt_curr+0x79/0x90 [ 174.095247] ttwu_do_wakeup+0x1e/0x160 [ 174.113663] ttwu_do_activate+0x7a/0x90 [ 174.132487] try_to_wake_up+0x1d4/0x440 [ 174.151326] default_wake_function+0x12/0x20 [ 174.172536] __wake_up_common+0x8a/0x160 [ 174.191867] __wake_up_locked+0x16/0x20 [ 174.210537] ep_poll_callback+0xd0/0x300 [ 174.230062] ? find_next_bit+0xb/0x10 [ 174.248307] __wake_up_common+0x8a/0x160 [ 174.267633] __wake_up_common_lock+0x7e/0xc0 [ 174.288376] __wake_up+0x13/0x20 [ 174.305441] wake_up_klogd_work_func+0x40/0x60 [ 174.327468] irq_work_run_list+0x4d/0x70 [ 174.346526] ? tick_sched_do_timer+0x70/0x70 [ 174.366836] irq_work_tick+0x40/0x50 [ 174.384200] update_process_times+0x42/0x60 [ 174.404774] tick_sched_handle+0x2d/0x60 [ 174.424463] tick_sched_timer+0x39/0x70 [ 174.443012] __hrtimer_run_queues+0xe5/0x230 [ 174.464378] hrtimer_interrupt+0xa8/0x1a0 [ 174.484072] smp_apic_timer_interrupt+0x5f/0x130 [ 174.506656] apic_timer_interrupt+0x9d/0xb0 [ 174.527140] </IRQ> [ 174.537197] RIP: 0010:panic+0x1fd/0x245 [ 174.556508] RSP: 0018:ffffbae6041c7b10 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 174.594707] RAX: 0000000000000034 RBX: 0000000000000000 RCX: 0000000000000006 [ 174.629573] RDX: 0000000000000000 RSI: 0000000000000092 RDI: ffff9f4b7f98e030 [ 174.664900] RBP: ffffbae6041c7b80 R08: 00000000fffffffe R09: 0000000000000c6d [ 174.699889] R10: 0000000000000005 R11: 0000000000000c6c R12: ffffffff97a304c0 [ 174.734379] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000046 [ 174.768961] oops_end+0xb8/0xd0 [ 174.784712] no_context+0x1a8/0x400 [ 174.802290] __bad_area_nosemaphore+0xee/0x1d0 [ 174.823836] bad_area_nosemaphore+0x14/0x20 [ 174.844449] __do_page_fault+0x9a/0x4f0 [ 174.863790] ? __slab_free+0x9b/0x2c0 [ 174.881658] do_page_fault+0x38/0x130 [ 174.899896] page_fault+0x22/0x30 [ 174.916071] RIP: 0010:rpcrdma_dma_unmap_regbuf+0xa/0x60 [rpcrdma] [ 174.945525] RSP: 0018:ffffbae6041c7dd0 EFLAGS: 00010287 [ 174.971363] RAX: ffff9f476aa18220 RBX: ffff9f476aa18000 RCX: 0000000000000001 [ 175.006604] RDX: 0000000000000184 RSI: 000000046c1ba100 RDI: 0000000000000000 [ 175.041286] RBP: ffffbae6041c7dd8 R08: 0000000000000000 R09: 000000018020001e [ 175.075703] R10: 000000006b2c6601 R11: ffff9f476b2c6400 R12: ffff9f4768295550 [ 175.109678] R13: ffff9f4768295878 R14: ffff9f47682958e0 R15: ffff9f47682953d0 [ 175.143959] rpcrdma_ia_remove+0xca/0x110 [rpcrdma] [ 175.167172] xprt_rdma_close+0x70/0x90 [rpcrdma] [ 175.188870] xprt_autoclose+0x38/0x70 [sunrpc] [ 175.209659] process_one_work+0x149/0x360 [ 175.229048] worker_thread+0x4d/0x3e0 [ 175.246899] kthread+0x109/0x140 [ 175.262894] ? rescuer_thread+0x380/0x380 [ 175.282497] ? kthread_park+0x60/0x60 [ 175.301315] ret_from_fork+0x25/0x30 [ 175.318548] Code: db 00 0f 92 c0 84 c0 74 14 48 8b 05 cf bf a9 00 be fd 00 00 00 ff 90 a0 00 00 00 5d c3 89 fe 48 c7 c7 d0 74 a3 97 e8 57 7f 09 00 <0f> ff 5d c3 0f 1f 44 00 00 55 48 89 e5 48 83 ec 20 65 48 8b 04 [ 175.411188] ---[ end trace 0f69dc0bd121b692 ]--- [ 175.434569] unchecked MSR access error: WRMSR to 0x83f (tried to write 0x00000000000000f6) at rIP: 0xffffffff97064044 (native_write_msr+0x4/0x30) [ 175.497555] Call Trace: [ 175.509756] <IRQ> [ 175.519920] ? native_apic_msr_write+0x30/0x40 [ 175.541602] x2apic_send_IPI_self+0x1d/0x20 [ 175.562384] arch_irq_work_raise+0x28/0x40 [ 175.582084] irq_work_queue+0x6e/0x80 [ 175.600412] dbs_update_util_handler+0x8a/0xb0 [ 175.621994] task_tick_fair+0x6cb/0x7f0 [ 175.640991] scheduler_tick+0x62/0xe0 [ 175.659042] ? tick_sched_do_timer+0x70/0x70 [ 175.679307] update_process_times+0x47/0x60 [ 175.699836] tick_sched_handle+0x2d/0x60 [ 175.718917] tick_sched_timer+0x39/0x70 [ 175.737191] __hrtimer_run_queues+0xe5/0x230 [ 175.757635] hrtimer_interrupt+0xa8/0x1a0 [ 175.777022] smp_apic_timer_interrupt+0x5f/0x130 [ 175.799455] apic_timer_interrupt+0x9d/0xb0 [ 175.819696] </IRQ> [ 175.830023] RIP: 0010:panic+0x1fd/0x245 [ 175.849324] RSP: 0018:ffffbae6041c7b10 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 175.886349] RAX: 0000000000000034 RBX: 0000000000000000 RCX: 0000000000000006 [ 175.921984] RDX: 0000000000000000 RSI: 0000000000000092 RDI: ffff9f4b7f98e030 [ 175.957360] RBP: ffffbae6041c7b80 R08: 00000000fffffffe R09: 0000000000000c6d [ 175.992424] R10: 0000000000000005 R11: 0000000000000c6c R12: ffffffff97a304c0 [ 176.027292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000046 [ 176.062516] oops_end+0xb8/0xd0 [ 176.078137] no_context+0x1a8/0x400 [ 176.095725] __bad_area_nosemaphore+0xee/0x1d0 [ 176.117534] bad_area_nosemaphore+0x14/0x20 [ 176.137970] __do_page_fault+0x9a/0x4f0 [ 176.156564] ? __slab_free+0x9b/0x2c0 [ 176.174433] do_page_fault+0x38/0x130 [ 176.192638] page_fault+0x22/0x30 [ 176.209165] RIP: 0010:rpcrdma_dma_unmap_regbuf+0xa/0x60 [rpcrdma] [ 176.239509] RSP: 0018:ffffbae6041c7dd0 EFLAGS: 00010287 [ 176.266224] RAX: ffff9f476aa18220 RBX: ffff9f476aa18000 RCX: 0000000000000001 [ 176.302139] RDX: 0000000000000184 RSI: 000000046c1ba100 RDI: 0000000000000000 [ 176.339413] RBP: ffffbae6041c7dd8 R08: 0000000000000000 R09: 000000018020001e [ 176.375049] R10: 000000006b2c6601 R11: ffff9f476b2c6400 R12: ffff9f4768295550 [ 176.410088] R13: ffff9f4768295878 R14: ffff9f47682958e0 R15: ffff9f47682953d0 [ 176.446853] rpcrdma_ia_remove+0xca/0x110 [rpcrdma] [ 176.471509] xprt_rdma_close+0x70/0x90 [rpcrdma] [ 176.494036] xprt_autoclose+0x38/0x70 [sunrpc] [ 176.515339] process_one_work+0x149/0x360 [ 176.534945] worker_thread+0x4d/0x3e0 [ 176.553011] kthread+0x109/0x140 [ 176.568810] ? rescuer_thread+0x380/0x380 [ 176.588222] ? kthread_park+0x60/0x60 [ 176.606412] ret_from_fork+0x25/0x30 [ 176.624241] sched: Unexpected reschedule of offline CPU#0! [ 176.651713] ------------[ cut here ]------------ [ 176.675084] WARNING: CPU: 30 PID: 2798 at arch/x86/kernel/smp.c:128 native_smp_send_reschedule+0x3c/0x40 [ 176.721703] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm 8021q garp mrp qedr(-) ib_core xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 tun bridge stp llc fuse ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter dm_mirror dm_region_hash dm_log dm_mod dax vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel sg iTCO_wdt hpilo crypto_simd iTCO_vendor_support [ 177.076380] i2c_i801 glue_helper hpwdt cryptd ioatdma pcspkr lpc_ich ipmi_si shpchp i2c_core wmi dca pcc_cpufreq acpi_power_meter ipmi_devintf mfd_core ipmi_msghandler nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c qede sd_mod qed tg3 ptp crc32c_intel hpsa pps_core scsi_transport_sas [ 177.209069] CPU: 30 PID: 2798 Comm: kworker/30:1H Tainted: G D W 4.14.0-rc8+ #1 [ 177.250754] Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 02/17/2017 [ 177.290959] Workqueue: xprtiod xprt_autoclose [sunrpc] [ 177.315723] task: ffff9f4b6966c380 task.stack: ffffbae6041c4000 [ 177.345409] RIP: 0010:native_smp_send_reschedule+0x3c/0x40 [ 177.372066] RSP: 0018:ffff9f4b7f983e60 EFLAGS: 00010046 [ 177.396735] RAX: 000000000000002e RBX: 0000000000000000 RCX: 0000000000000000 [ 177.430540] RDX: 0000000000000000 RSI: ffff9f4b7f98e038 RDI: ffff9f4b7f98e038 [ 177.464537] RBP: ffff9f4b7f983e60 R08: 00000000fffffffe R09: 0000000000000d39 [ 177.499327] R10: 0000000000000005 R11: 0000000000000d38 R12: 000000000000001e [ 177.534782] R13: 00000000fffe07b2 R14: ffff9f4b6966c380 R15: ffff9f4b7f994768 [ 177.569257] FS: 0000000000000000(0000) GS:ffff9f4b7f980000(0000) knlGS:0000000000000000 [ 177.609059] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.637131] CR2: 0000000000000010 CR3: 00000005cec09005 CR4: 00000000001606e0 [ 177.672422] Call Trace: [ 177.684361] <IRQ> [ 177.693996] trigger_load_balance+0x105/0x1f0 [ 177.715180] scheduler_tick+0xab/0xe0 [ 177.733058] ? tick_sched_do_timer+0x70/0x70 [ 177.754008] update_process_times+0x47/0x60 [ 177.774941] tick_sched_handle+0x2d/0x60 [ 177.793687] tick_sched_timer+0x39/0x70 [ 177.812071] __hrtimer_run_queues+0xe5/0x230 [ 177.832929] hrtimer_interrupt+0xa8/0x1a0 [ 177.852686] smp_apic_timer_interrupt+0x5f/0x130 [ 177.875204] apic_timer_interrupt+0x9d/0xb0 [ 177.895378] </IRQ> [ 177.905441] RIP: 0010:panic+0x1fd/0x245 [ 177.923668] RSP: 0018:ffffbae6041c7b10 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 [ 177.960074] RAX: 0000000000000034 RBX: 0000000000000000 RCX: 0000000000000006 [ 177.995687] RDX: 0000000000000000 RSI: 0000000000000092 RDI: ffff9f4b7f98e030 [ 178.031336] RBP: ffffbae6041c7b80 R08: 00000000fffffffe R09: 0000000000000c6d [ 178.066983] R10: 0000000000000005 R11: 0000000000000c6c R12: ffffffff97a304c0 [ 178.102127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000046 [ 178.136976] oops_end+0xb8/0xd0 [ 178.152223] no_context+0x1a8/0x400 [ 178.169104] __bad_area_nosemaphore+0xee/0x1d0 [ 178.191361] bad_area_nosemaphore+0x14/0x20 [ 178.211956] __do_page_fault+0x9a/0x4f0 [ 178.231161] ? __slab_free+0x9b/0x2c0 [ 178.248982] do_page_fault+0x38/0x130 [ 178.267162] page_fault+0x22/0x30 [ 178.283360] RIP: 0010:rpcrdma_dma_unmap_regbuf+0xa/0x60 [rpcrdma] [ 178.313151] RSP: 0018:ffffbae6041c7dd0 EFLAGS: 00010287 [ 178.339653] RAX: ffff9f476aa18220 RBX: ffff9f476aa18000 RCX: 0000000000000001 [ 178.373929] RDX: 0000000000000184 RSI: 000000046c1ba100 RDI: 0000000000000000 [ 178.408422] RBP: ffffbae6041c7dd8 R08: 0000000000000000 R09: 000000018020001e [ 178.443865] R10: 000000006b2c6601 R11: ffff9f476b2c6400 R12: ffff9f4768295550 [ 178.478532] R13: ffff9f4768295878 R14: ffff9f47682958e0 R15: ffff9f47682953d0 [ 178.514716] rpcrdma_ia_remove+0xca/0x110 [rpcrdma] [ 178.539078] xprt_rdma_close+0x70/0x90 [rpcrdma] [ 178.561619] xprt_autoclose+0x38/0x70 [sunrpc] [ 178.583680] process_one_work+0x149/0x360 [ 178.603772] worker_thread+0x4d/0x3e0 [ 178.621660] kthread+0x109/0x140 [ 178.637765] ? rescuer_thread+0x380/0x380 [ 178.657000] ? kthread_park+0x60/0x60 [ 178.674977] ret_from_fork+0x25/0x30 [ 178.692351] Code: db 00 0f 92 c0 84 c0 74 14 48 8b 05 cf bf a9 00 be fd 00 00 00 ff 90 a0 00 00 00 5d c3 89 fe 48 c7 c7 d0 74 a3 97 e8 57 7f 09 00 <0f> ff 5d c3 0f 1f 44 00 00 55 48 89 e5 48 83 ec 20 65 48 8b 04 [ 178.784645] ---[ end trace 0f69dc0bd121b693 ]--- > > > If I check buf for NULL and return false I am able to unload the driver, > though I'm not sure this is sufficient. > > > > diff --git a/net/sunrpc/xprtrdma/xprt_rdma.h > > b/net/sunrpc/xprtrdma/xprt_rdma.h index 1342f743..73066a6 100644 > > --- a/net/sunrpc/xprtrdma/xprt_rdma.h > > +++ b/net/sunrpc/xprtrdma/xprt_rdma.h > > @@ -588,7 +588,7 @@ struct rpcrdma_regbuf > > *rpcrdma_alloc_regbuf(size_t, enum dma_data_direction, static inline > > bool rpcrdma_regbuf_is_mapped(struct rpcrdma_regbuf *rb) { > > - return rb->rg_device != NULL; > > + return rb && (rb->rg_device != NULL); > > : > > > > > > Will be great if you could take a look Thanks, Michal > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-rdma" > > in the body of a message to majordomo@xxxxxxxxxxxxxxx More > majordomo > > info at http://vger.kernel.org/majordomo-info.html > > -- > Chuck Lever > > -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
