BUG: Null deref with pscsi backstore, iscsi fabric, and Windows XP initiator

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, I'm trying to pass my host computer's DVD drive through to a VM via 
iscsi (because libvirt's scsi passthrough uses scsi-disc rather than scsi-
generic, I can't use that.) I used targetcli to set up the DVD drive via the 
pSCSI backstore, added an iSCSI target, created a LUN backed by the drive, 
set up authentication (both discovery and node-acl), and tried to connect 
using the Windows XP software initiator. When I did, I met the NULL deref 
bug in the subject. I have attached both the backtrace and my 
tcm_start.sh/lio_start.sh scripts, though the latter has had userids and 
passwords sanitized.

I'm running 3.5.0 with target-pending/for-next-merge pulled in.
[368823.707243] BUG: unable to handle kernel NULL pointer dereference at 000000000000006c
[368823.708634] IP: [<ffffffffa011c7bb>] pscsi_transport_complete+0x2b/0x1b0 [target_core_pscsi]
[368823.709607] PGD 0 
[368823.710656] Oops: 0000 [#2] PREEMPT SMP 
[368823.711731] CPU 1 
[368823.711737] Modules linked in: target_core_pscsi target_core_file target_core_iblock tcm_vhost tcm_loop iscsi_target_mod loop ppdev parport_pc parport pata_pcmcia pcmcia yenta_socket pcmcia_rsrc pcmcia_core
[368823.713951] 
[368823.715103] Pid: 5447, comm: iscsi_trx Tainted: G      D      3.5.0-rc7-02438-gcfdb5c6 #60 Hewlett-Packard HP EliteBook 8540p/1521
[368823.716328] RIP: 0010:[<ffffffffa011c7bb>]  [<ffffffffa011c7bb>] pscsi_transport_complete+0x2b/0x1b0 [target_core_pscsi]
[368823.717574] RSP: 0018:ffff880142271b90  EFLAGS: 00010086
[368823.718846] RAX: ffff88011c28fa00 RBX: ffff88010be20720 RCX: ffffffffa011c790
[368823.720137] RDX: 0000000000000212 RSI: ffff88016ba486c0 RDI: ffff88010be20720
[368823.721445] RBP: ffff880142271bc0 R08: 0000000000000000 R09: 00000000000046f7
[368823.722774] R10: 0000000000000002 R11: 0000000000000004 R12: 0000000000000000
[368823.724113] R13: 0000000000000000 R14: ffff88011c28fa00 R15: 0000000000000282
[368823.725458] FS:  0000000000000000(0000) GS:ffff88023bc40000(0000) knlGS:0000000000000000
[368823.726809] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[368823.728181] CR2: 000000000000006c CR3: 000000000240c000 CR4: 00000000000027f0
[368823.729568] DR0: 00000000000000a0 DR1: 0000000000000000 DR2: 0000000000000003
[368823.730969] DR3: 00000000000000b0 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[368823.732371] Process iscsi_trx (pid: 5447, threadinfo ffff880142270000, task ffff880185d10000)
[368823.733785] Stack:
[368823.735201]  ffff880142271ba0 ffffffff81d0c281 ffff88010be20720 ffff88010be20858
[368823.736577]  0000000000000000 ffff88011c28fa00 ffff880142271c00 ffffffff81739dd8
[368823.737903]  ffff880142271bf0 0000000000000800 ffff88010be20720 ffff880113ab1bd0
[368823.739217] Call Trace:
[368823.740510]  [<ffffffff81d0c281>] ? add_preempt_count+0x41/0x50
[368823.741817]  [<ffffffff81739dd8>] target_complete_cmd+0x78/0x1c0
[368823.743130]  [<ffffffff81727d72>] target_report_luns+0xf2/0x130
[368823.744408]  [<ffffffff8173a6ea>] __target_execute_cmd+0x4a/0x80
[368823.745623]  [<ffffffff8173ace0>] target_execute_cmd+0x40/0x170
[368823.746824]  [<ffffffff8173aed2>] transport_generic_new_cmd+0xb2/0x340
[368823.748005]  [<ffffffff8173b1ad>] transport_handle_cdb_direct+0x4d/0xb0
[368823.749225]  [<ffffffffa00b796c>] iscsit_execute_cmd+0x24c/0x2a0 [iscsi_target_mod]
[368823.750575]  [<ffffffffa00bf5a5>] iscsit_sequence_cmd+0xb5/0x180 [iscsi_target_mod]
[368823.751897]  [<ffffffffa00c2f26>] iscsit_handle_scsi_cmd+0x3a6/0xa60 [iscsi_target_mod]
[368823.753224]  [<ffffffffa00c464b>] iscsi_target_rx_thread+0x66b/0x1980 [iscsi_target_mod]
[368823.754574]  [<ffffffff8104257b>] ? __switch_to+0x12b/0x420
[368823.755896]  [<ffffffff81d0c239>] ? sub_preempt_count+0x59/0x60
[368823.757212]  [<ffffffffa00c3fe0>] ? iscsit_thread_get_cpumask+0x90/0x90 [iscsi_target_mod]
[368823.758543]  [<ffffffff810c9393>] kthread+0x93/0xa0
[368823.759845]  [<ffffffff81d11174>] kernel_thread_helper+0x4/0x10
[368823.761317]  [<ffffffff810d5536>] ? finish_task_switch+0x46/0xe0
[368823.762818]  [<ffffffff81d08522>] ? _raw_spin_unlock_irq+0x22/0x50
[368823.764289]  [<ffffffff81d08de1>] ? retint_restore_args+0x13/0x13
[368823.765781]  [<ffffffff810c9300>] ? kthread_freezable_should_stop+0x70/0x70
[368823.767300]  [<ffffffff81d11170>] ? gs_change+0x13/0x13
[368823.768775] Code: 55 48 89 e5 48 83 ec 30 48 89 5d e0 4c 89 65 e8 4c 89 6d f0 4c 89 75 f8 66 66 66 66 90 4c 8b a7 20 02 00 00 48 89 fb 48 8b 47 78 <41> 0f b6 54 24 6c 48 8b 40 28 45 8b 6c 24 64 83 e2 bf 80 fa 1a 
[368823.770575] RIP  [<ffffffffa011c7bb>] pscsi_transport_complete+0x2b/0x1b0 [target_core_pscsi]
[368823.772079]  RSP <ffff880142271b90>
[368823.773680] CR2: 000000000000006c
[368823.786807] ---[ end trace fb48527ee6760fb2 ]---

Attachment: lio_start.sh
Description: application/shellscript

Attachment: tcm_start.sh
Description: application/shellscript

[Index of Archives]     [Linux SCSI]     [Kernel Newbies]     [Linux SCSI Target Infrastructure]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Device Mapper]

  Powered by Linux