Out of Range Run length in SNACK (Type 0)- Kernel Oops

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I did read a mail thread containing references to issue with LIO when out of range run lengths are provided Run Lengths. Here in this case we are generating a SNACK pdu with RunLength set to 0x00001000 
And the target is crashing. Here's the dump stack.

[root@wfs ~]# dmesg -c
[ 177.026419] Initiator requesting BegRun: 0x00000000, RunLength: 0x00001000 greater than maximum DataSN: 0x00000003. 

[  177.026438] CPU: 0 PID: 1128 Comm: iscsi_trx Tainted: GF O 3.12.6 #1
[ 177.026439] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 177.026440] ffff88003c513ef8 ffff880037107d08 ffffffff8164dc00 ffff88003c513ec8 [ 177.026443] ffff88003d50c800 ffff880037107d68 ffffffffa04a08bd ffff880037107d48 [ 177.026444] ffffffffa049ab17 08ff880037107d58 0000000000000000 ffff880013c9e480 
[  177.026446] Call Trace:
[  177.026452]  [<ffffffff8164dc00>] dump_stack+0x46/0x58
[ 177.026462] [<ffffffffa04a08bd>] iscsit_close_connection+0x64d/0x6a0 [iscsi_target_mod] [ 177.026467] [<ffffffffa049ab17>] ? iscsit_add_reject_from_cmd+0xa7/0x140 [iscsi_target_mod] [ 177.026472] [<ffffffffa048f8d8>] iscsit_connection_recovery_transport_reset+0x18/0x20 [iscsi_target_mod] [ 177.026477] [<ffffffffa048d0bc>] iscsit_take_action_for_connection_exit+0xbc/0x110 [iscsi_target_mod] [ 177.026481] [<ffffffffa049d9f5>] iscsi_target_rx_thread+0x1f5/0xf60 [iscsi_target_mod] 
[  177.026484]  [<ffffffff8108a9cf>] ? __dequeue_entity+0x2f/0x50
[  177.026486]  [<ffffffff8108c180>] ? set_next_entity+0x80/0x90
[  177.026490]  [<ffffffff816525ce>] ? __schedule+0x3ce/0x800
[ 177.026494] [<ffffffffa049d800>] ? iscsi_target_tx_thread+0x230/0x230 [iscsi_target_mod] 
[  177.026497]  [<ffffffff81076e80>] kthread+0xc0/0xd0
[  177.026499]  [<ffffffff81076dc0>] ? kthread_create_on_node+0x120/0x120
[  177.026500]  [<ffffffff8165cc2c>] ret_from_fork+0x7c/0xb0
[  177.026502]  [<ffffffff81076dc0>] ? kthread_create_on_node+0x120/0x120
[ 177.029906] BUG: unable to handle kernel paging request at ffffffff00000000 
[  177.029911] IP: [<ffffffff81540ef8>] kfree_skb_list+0x18/0x30
[  177.029917] PGD 1c0c067 PUD 0
[  177.029920] Oops: 0000 [#1] SMP
[ 177.029922] Modules linked in: nfnetlink_log nfnetlink fuse xt_CHECKSUM target_core_pscsi target_core_file target_core_iblock iscsi_target_mod(F) target_core_mod nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 bnep bluetooth nf_conntrack_ipv4 nf_defrag_ipv4 rfkill xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi vboxsf(OF) vboxvideo(OF) snd_intel8x0 drm snd_ac97_codec ppdev ac97_bus snd_seq snd_seq_device snd_pcm [ 177.029961] snd_page_alloc snd_timer i2c_piix4 snd serio_raw microcode i2c_core pcspkr joydev ata_generic parport_pc e1000 soundcore vboxguest(OF) parport pata_acpi uinput [ 177.029973] CPU: 0 PID: 288 Comm: systemd-journal Tainted: GF O 3.12.6 #1 [ 177.029975] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 177.029977] task: ffff880000022f20 ti: ffff880036cb0000 task.ti: ffff880036cb0000 [ 177.029979] RIP: 0010:[<ffffffff81540ef8>] [<ffffffff81540ef8>] kfree_skb_list+0x18/0x30 
[  177.029983] RSP: 0018:ffff880036cb1ac8  EFLAGS: 00010292
[ 177.029985] RAX: 0000000000000000 RBX: ffff88003c513ac0 RCX: 0000000000000000 [ 177.029986] RDX: 0000000000000000 RSI: ffff88003c04d900 RDI: ffffffff00000000 [ 177.029988] RBP: ffff880036cb1ad8 R08: ffff880036cb1bfc R09: 000000000000001c [ 177.029989] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88003c04d900 [ 177.029991] R13: ffff88003c04d900 R14: ffff880036cb1f10 R15: ffff88003c04d900 [ 177.029994] FS: 00007f6993398840(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000 
[  177.029995] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 177.030002] CR2: ffffffff00000000 CR3: 000000003d4e1000 CR4: 00000000000006f0 
[  177.030003] Stack:
[ 177.030004] 0000000000000000 ffff88003c513ac0 ffff880036cb1b08 ffffffff81540ff3 [ 177.030007] ffff880036cb1b08 ffff88003c04d900 ffff88003c04d900 ffff88003cc87b80 [ 177.030009] ffff880036cb1b28 ffffffff81540c28 0000000052f9c720 ffff88003c04d900 
[  177.030011] Call Trace:
[  177.030016]  [<ffffffff81540ff3>] skb_release_data+0xe3/0x130
[  177.030018]  [<ffffffff81540c28>] skb_release_all+0x28/0x30
[  177.030021]  [<ffffffff81540c86>] __kfree_skb+0x16/0xa0
[  177.030023]  [<ffffffff815414cc>] consume_skb+0x2c/0x80
[  177.030026]  [<ffffffff81544be9>] skb_free_datagram+0x19/0x50
[  177.030029]  [<ffffffff815f2c61>] unix_dgram_recvmsg+0x2f1/0x4d0
[  177.030033]  [<ffffffff811300db>] ? find_lock_page+0x3b/0x80
[  177.030037]  [<ffffffff815371ed>] sock_recvmsg+0xad/0xe0
[  177.030040]  [<ffffffff81536e61>] ___sys_recvmsg+0x131/0x2e0
[  177.030043]  [<ffffffff81159b19>] ? handle_mm_fault+0x3b9/0xdd0
[  177.030046]  [<ffffffff815f1995>] ? unix_inq_len+0x25/0xa0
[  177.030048]  [<ffffffff815f1a7a>] ? unix_ioctl+0x6a/0x80
[  177.030051]  [<ffffffff81534a20>] ? sock_do_ioctl+0x30/0x70
[  177.030053]  [<ffffffff81534d36>] ? sock_ioctl+0x76/0x2a0
[  177.030057]  [<ffffffff811abef0>] ? do_vfs_ioctl+0x90/0x520
[  177.030059]  [<ffffffff8115e493>] ? remove_vma+0x63/0x70
[  177.030063]  [<ffffffff81538769>] __sys_recvmsg+0x49/0x90
[  177.030066]  [<ffffffff815387c2>] SyS_recvmsg+0x12/0x20
[  177.030066]  [<ffffffff8165ccd2>] system_call_fastpath+0x16/0x1b
[ 177.030066] Code: 48 83 c4 08 5b 5d c3 66 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 48 85 ff 74 24 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00 00 <48> 8b 1f e8 10 fe ff ff 48 85 db 48 89 df 75 f0 48 83 c4 08 5b 
[  177.030066] RIP  [<ffffffff81540ef8>] kfree_skb_list+0x18/0x30
[  177.030068]  RSP <ffff880036cb1ac8>
[  177.030072] CR2: ffffffff00000000
[  177.030074] ---[ end trace 0092d2c98560c530 ]---
[ 177.038589] systemd-journald[1993]: File /run/log/journal/36ed5bb2aa2e458bbaeca12c31578f4a/system.journal corrupted or uncleanly shut down, renaming and replacing. 
[  177.041321] systemd-journald[1993]: Vacuuming done, freed 0 bytes



Regards
Santosh
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux SCSI]     [Kernel Newbies]     [Linux SCSI Target Infrastructure]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Device Mapper]

  Powered by Linux