crash analysis of "BUG: unable to handle kernel NULL pointer dereference"

1. crash vmlinux vmcore
2. mod -S all_ko_files_directory
3. dmesg
[   40.793066] BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
[   40.793241] PGD 0 P4D 0
[   40.793304] Oops: 0002 [#1] SMP NOPTI
[   40.793386] CPU: 1 PID: 7 Comm: kworker/u4:0 Kdump: loaded Tainted: G            E     4.18.0+ #2
[   40.793558] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[   40.793883] Workqueue: ib_addr process_one_req [ib_core]
[   40.794006] RIP: 0010:rds_rdma_cm_event_handler+0x197/0x2b0 [rds_rdma]
[   40.794134] Code: c6 10 38 88 c0 48 c7 c7 28 40 88 c0 e8 d0 ba 86 f6 0f b6 83 90 00 00 00 48 8b 95 a0 01 00 00 be 88 13 00 00 48 89 ef 83 e0 0f <88> 42 34 e8 01 70 e5 ff 41 89 c5 e9 76 ff ff ff 4c 89 e6 48 89 ef
[   40.794571] RSP: 0018:ffffb1fc0034fdb8 EFLAGS: 00010246
[   40.794677] RAX: 0000000000000000 RBX: ffff981bf7902000 RCX: 0000000000000000
[   40.794816] RDX: 0000000000000000 RSI: 0000000000001388 RDI: ffff981bf756e400
[   40.794955] RBP: ffff981bf756e400 R08: 0000000000000001 R09: 0000000000000202
[   40.795094] R10: 0000000000000001 R11: 0000000000000202 R12: ffffb1fc0034fde0
[   40.795232] R13: 0000000000000000 R14: 0000000000000000 R15: 0ffff981bf41bce0
[   40.795386] FS:  0000000000000000(0000) GS:ffff981bffd00000(0000) knlGS:0000000000000000
[   40.795544] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.795658] CR2: 0000000000000034 CR3: 0000000074058000 CR4: 00000000000006e0
[   40.795802] Call Trace:
[   40.795979]  addr_handler+0xaa/0x210 [rdma_cm]
[   40.796122]  process_one_req+0x30/0x140 [ib_core]
[   40.796256]  process_one_work+0x15e/0x3d0
[   40.796376]  worker_thread+0x4c/0x440
[   40.796460]  kthread+0xf8/0x130
[   40.796529]  ? rescuer_thread+0x350/0x350
[   40.796615]  ? kthread_associate_blkcg+0x90/0x90
[   40.796712]  ret_from_fork+0x35/0x40
[   40.796790] Modules linked in: crc32_generic rdma_ucm rds_rdma(E) rds(E) ib_uverbs rdma_rxe ip6_udp_tunnel udp_tunnel ppdev edac_mce_amd kvm_amd ccp kvm irqbypass joydev input_leds serio_raw parport_pc parport mac_hid i2c_piix4 ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear psmouse floppy e1000 pata_acpi
[   40.808272] CR2: 0000000000000034
4. crash> dis -l rds_rdma_cm_event_handler+0x197
/mnt/sde/rds-qos/net/rds/rdma_transport.c: 82
0xffffffffc0879197 <rds_rdma_cm_event_handler+407>:     mov    %al,0x34(%rdx)
5. dis -s rds_rdma_cm_event_handler
82                                    cm_id->route.path_rec->sl = conn->c_tos &0xF;
6 crash> struct rdma_cm_id 0xffff981bf756e400
struct rdma_cm_id {
  device = 0xffff981bfbf6c000,
  context = 0xffff981bf7902000,
  qp = 0x0,
  event_handler = 0xffffffffc0879000 <rds_rdma_cm_event_handler>,
  route = {
    addr = {
      src_addr = {
        ss_family = 2,
        __data = "\326f\300\250ȃ\000\066)\364\033\230\377\377\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
      },
      dst_addr = {
        ss_family = 2,
        __data = "H\312\300\250Ȅ\300\214Q\367\033\230\377\377\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
      },
      dev_addr = {
        src_dev_addr = "RT\000\022\064V\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
        dst_dev_addr = "RT\000\022\064W\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
        broadcast = "\377\377\377\377\377\377\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
        dev_type = 1,
        bound_dev_if = 2,
        transport = RDMA_TRANSPORT_IB,
        net = 0xffffffffb831b040,
        network = RDMA_NETWORK_IB,
        hoplimit = 64
      }
    },
    path_rec = 0x0,  <-----patch_rec is NULL
    num_paths = 0