nvme-tcp: kernel NULL pointer dereference, address: 0000000000000034

Daniel Wagner dwagner at suse.de
Tue Mar 21 01:49:17 PDT 2023 

On Tue, Mar 21, 2023 at 09:23:08AM +0100, Daniel Wagner wrote:
> On Sun, Mar 19, 2023 at 03:10:40PM +0200, Sagi Grimberg wrote:
> > Thoughts?
> 
> It still crashes in the same way with both patches from this
> disucssion applied.

annoted the __nvme_submit_sync_cmd:


[  210.019050] nvme nvme0: rq ffff8881122a0000 bio ffff88810d8cdd00
[  210.022653] nvme nvme0: rq ffff8881122a0200 bio 0000000000000000
[  210.023571] CPU: 4 PID: 15752 Comm: nvme Tainted: G        W          6.3.0-rc1+ #9 d97c09c311a99b3c39b25760658850e8f66ae67b
[  210.025120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
[  210.026224] Call Trace:
[  210.026679]  <TASK>
[  210.027069]  dump_stack_lvl+0x5a/0x80
[  210.027695]  __nvme_submit_sync_cmd+0x518/0x750 [nvme_core f2d2b58d969ec189999606e54c8a53895e280d91]
[  210.029076]  nvmf_reg_read64+0x14f/0x2a0 [nvme_fabrics a56b21f9a9f011a785bd0916f38d0deca6de166d]
[  210.030331]  ? nvmf_reg_read32+0x290/0x290 [nvme_fabrics a56b21f9a9f011a785bd0916f38d0deca6de166d]
[  210.031669]  ? nvmf_connect_admin_queue+0x381/0x5d0 [nvme_fabrics a56b21f9a9f011a785bd0916f38d0deca6de166d]
[  210.033031]  ? nvmf_reg_write32+0x260/0x260 [nvme_fabrics a56b21f9a9f011a785bd0916f38d0deca6de166d]
[  210.034329]  nvme_enable_ctrl+0xcb/0x580 [nvme_core f2d2b58d969ec189999606e54c8a53895e280d91]
[  210.035589]  ? nvme_wait_ready+0x2f0/0x2f0 [nvme_core f2d2b58d969ec189999606e54c8a53895e280d91]
[  210.036882]  ? nvme_tcp_start_queue+0x87/0x360 [nvme_tcp 8413e4e242b091568613e66c1cbb42a8845a3aa7]
[  210.038156]  nvme_tcp_setup_ctrl+0x210/0x1690 [nvme_tcp 8413e4e242b091568613e66c1cbb42a8845a3aa7]
[  210.039439]  ? nvme_reset_ctrl_work+0xf0/0xf0 [nvme_tcp 8413e4e242b091568613e66c1cbb42a8845a3aa7]
[  210.040692]  ? _raw_spin_unlock_irqrestore+0x32/0x50
[  210.041452]  ? nvme_change_ctrl_state+0xec/0x2d0 [nvme_core f2d2b58d969ec189999606e54c8a53895e280d91]
[  210.042805]  nvme_tcp_create_ctrl+0x71e/0xa80 [nvme_tcp 8413e4e242b091568613e66c1cbb42a8845a3aa7]
[  210.044080]  nvmf_dev_write+0x498/0x790 [nvme_fabrics a56b21f9a9f011a785bd0916f38d0deca6de166d]
[  210.045325]  vfs_write+0x1fc/0xaa0
[  210.045895]  ? n_tty_read+0x1250/0x1250
[  210.046530]  ? file_end_write+0x1a0/0x1a0
[  210.047164]  ? vfs_write+0x57f/0xaa0
[  210.047758]  ? file_end_write+0x1a0/0x1a0
[  210.048406]  ? do_user_addr_fault+0x747/0x8e0
[  210.049096]  ? __fdget_pos+0x51/0x250
[  210.049703]  ksys_write+0x128/0x210
[  210.050285]  ? __ia32_sys_read+0x80/0x80
[  210.050929]  ? syscall_enter_from_user_mode+0x2e/0x1c0
[  210.051714]  do_syscall_64+0x60/0x90
[  210.052302]  ? do_syscall_64+0x6e/0x90
[  210.052929]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  210.053693] RIP: 0033:0x7f7ef9f06af3


It looks like the register read/writes are the ones without a bio.

More information about the Linux-nvme mailing list