[#LU-5678] kernel crash due to NULL pointer dereference in kiblnd_pool_alloc

kib_conn_t *conn = rx->rx_conn; ...... rc = ib_post_recv(conn->ibc_cmid->qp, &rx->rx_wrq, &bad_wrq); if (rc != 0) { CERROR("Can't post rx for %s: %d, bad_wrq: %p\n", libcfs_nid2str(conn->ibc_peer->ibp_nid), rc, bad_wrq); rx->rx_nob = 0; }

spin_lock(&conn->ibc_lock); if (credit == IBLND_POSTRX_PEER_CREDIT) conn->ibc_outstanding_credits++; else conn->ibc_reserved_credits++; spin_unlock(&conn->ibc_lock); kiblnd_check_sends(conn);

crash> bt
PID: 9622   TASK: ffff881066c50080  CPU: 1   COMMAND: "kiblnd_sd_00_02"
 #0 [ffff880f23ee3630] machine_kexec at ffffffff8103b71b
 #1 [ffff880f23ee3690] crash_kexec at ffffffff810c9852
 #2 [ffff880f23ee3760] oops_end at ffffffff8152ec30
 #3 [ffff880f23ee3790] no_context at ffffffff8104c80b
 #4 [ffff880f23ee37e0] __bad_area_nosemaphore at ffffffff8104ca95
 #5 [ffff880f23ee3830] bad_area_nosemaphore at ffffffff8104cb63
 #6 [ffff880f23ee3840] __do_page_fault at ffffffff8104d2bf
 #7 [ffff880f23ee3960] do_page_fault at ffffffff81530b7e
 #8 [ffff880f23ee3990] page_fault at ffffffff8152df35
    [exception RIP: kiblnd_pool_alloc_node+73]
    RIP: ffffffffa0b77439  RSP: ffff880f23ee3a40  RFLAGS: 00010207
    RAX: 0000000000000000  RBX: ffff880fec59ce40  RCX: 000000000000003f
    RDX: 0000000000000010  RSI: 0000000000000002  RDI: ffff880fec59ce40
    RBP: ffff880f23ee3a80   R8: 72f8000000000000   R9: 97c0000000000000
    R10: 0000000000000000  R11: 0000000000000000  R12: ffff880fec59ce70
    R13: ffff880f23ee3a48  R14: ffff880fec59ce50  R15: 0000000000000012
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff880f23ee3a88] kiblnd_get_idle_tx at ffffffffa0b81fa9 [ko2iblnd]
#10 [ffff880f23ee3aa8] kiblnd_check_sends at ffffffffa0b857b5 [ko2iblnd]
#11 [ffff880f23ee3b08] kiblnd_post_rx at ffffffffa0b87dd8 [ko2iblnd]
#12 [ffff880f23ee3b58] kiblnd_recv at ffffffffa0b882c6 [ko2iblnd]
#13 [ffff880f23ee3be8] lnet_ni_recv at ffffffffa05f9ecb [lnet]
#14 [ffff880f23ee3c38] lnet_drop_message at ffffffffa05facf1 [lnet]
#15 [ffff880f23ee3c78] lnet_parse at ffffffffa05ff672 [lnet]
#16 [ffff880f23ee3d58] kiblnd_handle_rx at ffffffffa0b889db [ko2iblnd]
#17 [ffff880f23ee3da8] kiblnd_rx_complete at ffffffffa0b896c3 [ko2iblnd]
#18 [ffff880f23ee3df8] kiblnd_complete at ffffffffa0b89872 [ko2iblnd]
#19 [ffff880f23ee3e08] kiblnd_scheduler at ffffffffa0b89c2a [ko2iblnd]
#20 [ffff880f23ee3ee8] kthread at ffffffff8109e66e
#21 [ffff880f23ee3f48] kernel_thread at ffffffff8100c20a
crash> 

(gdb) l *kiblnd_pool_alloc_node+73
0x3469 is in kiblnd_pool_alloc_node (/home/ashehata/LU-5678/lnet/klnds/o2iblnd/o2iblnd.c:1855).
1850            int                    rc;
1851
1852     again:
1853            spin_lock(&ps->ps_lock);
1854            cfs_list_for_each_entry(pool, &ps->ps_pool_list, po_list) {
1855                    if (cfs_list_empty(&pool->po_free_list))
1856                            continue;
1857
1858                    pool->po_allocated ++;
1859                    pool->po_deadline = cfs_time_shift(IBLND_POOL_DEADLINE);
(gdb)

We're looking at the possibility that this might not be the same race condition as the one addressed by the previous patch.

[LU-5678] kernel crash due to NULL pointer dereference in kiblnd_pool_alloc_node() Created: 29/Sep/14 Updated: 14/Jun/18 Resolved: 09/Jul/15
Status:	Resolved
Project:	Lustre
Component/s:	None
Affects Version/s:	Lustre 2.7.0, Lustre 2.8.0, Lustre 2.5.4
Fix Version/s:	Lustre 2.7.0

[LU-5678] kernel crash due to NULL pointer dereference in kiblnd_pool_alloc_node() Created: 29/Sep/14 Updated: 14/Jun/18 Resolved: 09/Jul/15