ba from within the tcm_loop_drop_naa_tpg() release path. This bug was manifesting itself with the following OOPs: [176289.430909] BUG: unable to handle kernel NULL pointer dereference at 0000000000000090 [176289.431337] IP: [] transport_processing_thread+0x1e3/0x794 [target_core_mod] [176289.431399] PGD 22e9b067 PUD 23375067 PMD 0 [176289.431399] Oops: 0000 [#1] SMP [176289.431815] CPU 1 [176289.431815] Modules linked in: tcm_loop target_core_stgt target_core_pscsi target_core_file target_core_iblock target_core_mod crc32c ib_cm ib_sa ib_mad ib_core qla2xxx scsi_tgt configfs fcoe libfcoe libfc scsi_transport_fc ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi sr_mod cdrom sd_mod ata_piix libata e1000 mptspi mptscsih mptbase [last unloaded: target_core_mod] [176289.431815] [176289.431815] Pid: 12339, comm: LIO_iblock Tainted: G W 3.1.0-rc8+ [176289.431815] RIP: 0010:[] [] transport_processing_thread+0x1e3/0x794 [target_core_mod] [176289.431815] RSP: 0018:ffff880023bfbe10 EFLAGS: 00010283 [176289.431815] RAX: 0000000000000000 RBX: ffff88002d600040 RCX: ffff88002d600108 [176289.431815] RDX: ffff88000c9e50bc RSI: 0000000000000246 RDI: 0000000000000246 [176289.431815] RBP: ffff880023bfbee0 R08: ffff88002d600108 R09: 0000000000000000 [176289.431815] R10: ffff88002fc8cc80 R11: ffffffff81671b60 R12: ffff88002d600108 [176289.431815] R13: ffff88000c9e4f38 R14: ffff88000c9e50b8 R15: 0000000000000000 [176289.431815] FS: 0000000000000000(0000) GS:ffff88002fc80000(0000) knlGS:0000000000000000 [176289.431815] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [176289.431815] CR2: 0000000000000090 CR3: 000000002a33f000 CR4: 00000000000006e0 [176289.431815] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [176289.431815] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [176289.431815] Process LIO_iblock (pid: 12339, threadinfo ffff880023bfa000, task ffff88002a2e0000) [176289.431815] Stack: [176289.431815] 0000000000011280 0000000000000246 ffff88002a2e0000 ffff880023a58900 [176289.431815] ffff880023bfbed0 ffff880023bfa000 ffff880023bfa000 ffff88000c9e50d0 [176289.431815] ffff88000c9e50c0 ffff88000c9e50bc ffff880023bfa000 ffff880023bfbfd8 [176289.431815] Call Trace: [176289.431815] [] ? wake_up_bit+0x25/0x25 [176289.431815] [] ? transport_handle_cdb_direct+0x92/0x92 [target_core_mod] [176289.431815] [] kthread+0x7d/0x85 [176289.431815] [] kernel_thread_helper+0x4/0x10 [176289.431815] [] ? kthread_worker_fn+0x16d/0x16d [176289.431815] [] ? gs_change+0x13/0x13 [176289.431815] Code: 67 05 00 00 41 8b 84 24 4c ff ff ff ff c8 83 f8 11 0f 87 f0 04 00 00 89 c0 ff 24 c5 b0 c6 39 a0 0f 0b eb fe 48 8b 83 d8 00 00 00 [176289.431815] RIP [] transport_processing_thread+0x1e3/0x794 [target_core_mod] [176289.431815] RSP [176289.431815] CR2: 0000000000000090 [176295.041004] ---[ end trace 85dc6865b23b8f3e ]--- Reported-by: Paolo Bonzini Cc: Paolo Bonzini Signed-off-by: Nicholas Bellinger õ ž<’Jx