On Fri, 2019-01-11 at 13:01 -0500, Douglas Gilbert wrote: +AD4 On 2019-01-10 6:22 p.m., Bart Van Assche wrote: +AD4 +AD4 Hi Doug, +AD4 +AD4 +AD4 +AD4 Have you ever tried to run the libiscsi conformance tests against +AD4 +AD4 the scsi+AF8-debug driver? I tried the following: +AD4 +AD4 +AD4 +AD4 modprobe scsi+AF8-debug delay+AD0-0 max+AF8-luns+AD0-3 +AD4 +AD4 dev+AD0AJA(for f in /sys/bus/pseudo/drivers/scsi+AF8-debug/adapter+ACo-/host+ACo-/target+ACo-/+AFs-0-9+AF0AKg-/block/+ACoAOw do echo +ACQ-f+ADs break+ADs done) +AD4 +AD4 dev+AD0-/dev/+ACQ(basename +ACQ-dev) +AD4 +AD4 libiscsi/test-tool/iscsi-test-cu --dataloss --allow-sanitize +ACIAJA-dev+ACI +AD4 +AD4 +AD4 +AD4 That test triggers the following output: +AD4 +AD4 +AD4 +AD4 BUG: unable to handle kernel paging request at ffffa8d741235e00 +AD4 +AD4 PGD 13b141067 P4D 13b141067 PUD 13b146067 PMD 6fc5a067 PTE 0 +AD4 +AD4 Oops: 0002 +AFsAIw-1+AF0 SMP PTI +AD4 +AD4 CPU: 3 PID: 4967 Comm: iscsi-test-cu Not tainted 4.18.0-13-generic +ACM-14-Ubuntu +AD4 +AD4 Hardware name: QEMU Standard PC (i440FX +- PIIX, 1996), BIOS 1.10.2-1 04/01/2014 +AD4 +AD4 RIP: 0010:memcpy+AF8-erms+-0x6/0x10 +AD4 +AD4 Since memory corruption errors have been found elsewhere in +AD4 lk 5.0-rc1 and a fix looks like it is pending, I will leave this +AD4 one alone as I can't replicate it. Hi Doug, I can replicate this crash easily. I also noticed that this crash only occurs if the scsi+AF8-debug driver is loaded with fake+AF8-rw+AD0-0. It does not occur with fake+AF8-rw+AD0-1. It seems like the following code in resp+AF8-write+AF8-same() assumes that fake+AF8-storep +ACEAPQ NULL? /+ACo if ndob then zero 1 logical block, else fetch 1 logical block +ACo-/ if (ndob) +AHs memset(fake+AF8-storep +- lba+AF8-off, 0, sdebug+AF8-sector+AF8-size)+ADs ret +AD0 0+ADs +AH0 else ret +AD0 fetch+AF8-to+AF8-dev+AF8-buffer(scp, fake+AF8-storep +- lba+AF8-off, sdebug+AF8-sector+AF8-size)+ADs Bart.
