On Tue, 2014-02-11 at 15:59 +0530, santosh kulkarni wrote: > Hi, > > I did read a mail thread containing references to issue with LIO when > out of range run lengths are provided Run Lengths. Here in this case we > are generating a SNACK pdu with RunLength set to 0x00001000 > And the target is crashing. Here's the dump stack. > Yes, this is a ERL=2 specific bug that requires the following workaround: http://www.spinics.net/lists/target-devel/msg06163.html This has not been included in target-pending/queue just yet, as I'm still debugging another seperate ERL=2 related issue. However, the patch above will at least get you past the NULL pointer dereference in iscsit_build_conn_drop_async_message(). --nab > [root@wfs ~]# dmesg -c > > [ 177.026419] Initiator requesting BegRun: 0x00000000, RunLength: > 0x00001000 greater than maximum DataSN: 0x00000003. > > [ 177.026438] CPU: 0 PID: 1128 Comm: iscsi_trx Tainted: GF O 3.12.6 #1 > [ 177.026439] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS > VirtualBox 12/01/2006 > [ 177.026440] ffff88003c513ef8 ffff880037107d08 ffffffff8164dc00 > ffff88003c513ec8 > [ 177.026443] ffff88003d50c800 ffff880037107d68 ffffffffa04a08bd > ffff880037107d48 > [ 177.026444] ffffffffa049ab17 08ff880037107d58 0000000000000000 > ffff880013c9e480 > [ 177.026446] Call Trace: > [ 177.026452] [<ffffffff8164dc00>] dump_stack+0x46/0x58 > [ 177.026462] [<ffffffffa04a08bd>] iscsit_close_connection+0x64d/0x6a0 > [iscsi_target_mod] > [ 177.026467] [<ffffffffa049ab17>] ? > iscsit_add_reject_from_cmd+0xa7/0x140 [iscsi_target_mod] > [ 177.026472] [<ffffffffa048f8d8>] > iscsit_connection_recovery_transport_reset+0x18/0x20 [iscsi_target_mod] > [ 177.026477] [<ffffffffa048d0bc>] > iscsit_take_action_for_connection_exit+0xbc/0x110 [iscsi_target_mod] > [ 177.026481] [<ffffffffa049d9f5>] iscsi_target_rx_thread+0x1f5/0xf60 > [iscsi_target_mod] > [ 177.026484] [<ffffffff8108a9cf>] ? __dequeue_entity+0x2f/0x50 > [ 177.026486] [<ffffffff8108c180>] ? set_next_entity+0x80/0x90 > [ 177.026490] [<ffffffff816525ce>] ? __schedule+0x3ce/0x800 > [ 177.026494] [<ffffffffa049d800>] ? > iscsi_target_tx_thread+0x230/0x230 [iscsi_target_mod] > [ 177.026497] [<ffffffff81076e80>] kthread+0xc0/0xd0 > [ 177.026499] [<ffffffff81076dc0>] ? kthread_create_on_node+0x120/0x120 > [ 177.026500] [<ffffffff8165cc2c>] ret_from_fork+0x7c/0xb0 > [ 177.026502] [<ffffffff81076dc0>] ? kthread_create_on_node+0x120/0x120 > [ 177.029906] BUG: unable to handle kernel paging request at > ffffffff00000000 > [ 177.029911] IP: [<ffffffff81540ef8>] kfree_skb_list+0x18/0x30 > [ 177.029917] PGD 1c0c067 PUD 0 > [ 177.029920] Oops: 0000 [#1] SMP > [ 177.029922] Modules linked in: nfnetlink_log nfnetlink fuse > xt_CHECKSUM target_core_pscsi target_core_file target_core_iblock > iscsi_target_mod(F) target_core_mod nf_conntrack_netbios_ns > nf_conntrack_broadcast ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 bnep > bluetooth nf_conntrack_ipv4 nf_defrag_ipv4 rfkill xt_conntrack > nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter > ebtables ip6table_mangle ip6table_security ip6table_raw ip6table_filter > ip6_tables iptable_mangle iptable_security iptable_raw be2iscsi > iscsi_boot_sysfs bnx2i cnic uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi > ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp > libiscsi_tcp libiscsi scsi_transport_iscsi vboxsf(OF) vboxvideo(OF) > snd_intel8x0 drm snd_ac97_codec ppdev ac97_bus snd_seq snd_seq_device > snd_pcm > [ 177.029961] snd_page_alloc snd_timer i2c_piix4 snd serio_raw > microcode i2c_core pcspkr joydev ata_generic parport_pc e1000 soundcore > vboxguest(OF) parport pata_acpi uinput > [ 177.029973] CPU: 0 PID: 288 Comm: systemd-journal Tainted: > GF O 3.12.6 #1 > [ 177.029975] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS > VirtualBox 12/01/2006 > [ 177.029977] task: ffff880000022f20 ti: ffff880036cb0000 task.ti: > ffff880036cb0000 > [ 177.029979] RIP: 0010:[<ffffffff81540ef8>] [<ffffffff81540ef8>] > kfree_skb_list+0x18/0x30 > [ 177.029983] RSP: 0018:ffff880036cb1ac8 EFLAGS: 00010292 > [ 177.029985] RAX: 0000000000000000 RBX: ffff88003c513ac0 RCX: > 0000000000000000 > [ 177.029986] RDX: 0000000000000000 RSI: ffff88003c04d900 RDI: > ffffffff00000000 > [ 177.029988] RBP: ffff880036cb1ad8 R08: ffff880036cb1bfc R09: > 000000000000001c > [ 177.029989] R10: 0000000000000000 R11: 0000000000000001 R12: > ffff88003c04d900 > [ 177.029991] R13: ffff88003c04d900 R14: ffff880036cb1f10 R15: > ffff88003c04d900 > [ 177.029994] FS: 00007f6993398840(0000) GS:ffff88003fc00000(0000) > knlGS:0000000000000000 > [ 177.029995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 177.030002] CR2: ffffffff00000000 CR3: 000000003d4e1000 CR4: > 00000000000006f0 > [ 177.030003] Stack: > [ 177.030004] 0000000000000000 ffff88003c513ac0 ffff880036cb1b08 > ffffffff81540ff3 > [ 177.030007] ffff880036cb1b08 ffff88003c04d900 ffff88003c04d900 > ffff88003cc87b80 > [ 177.030009] ffff880036cb1b28 ffffffff81540c28 0000000052f9c720 > ffff88003c04d900 > [ 177.030011] Call Trace: > [ 177.030016] [<ffffffff81540ff3>] skb_release_data+0xe3/0x130 > [ 177.030018] [<ffffffff81540c28>] skb_release_all+0x28/0x30 > [ 177.030021] [<ffffffff81540c86>] __kfree_skb+0x16/0xa0 > [ 177.030023] [<ffffffff815414cc>] consume_skb+0x2c/0x80 > [ 177.030026] [<ffffffff81544be9>] skb_free_datagram+0x19/0x50 > [ 177.030029] [<ffffffff815f2c61>] unix_dgram_recvmsg+0x2f1/0x4d0 > [ 177.030033] [<ffffffff811300db>] ? find_lock_page+0x3b/0x80 > [ 177.030037] [<ffffffff815371ed>] sock_recvmsg+0xad/0xe0 > [ 177.030040] [<ffffffff81536e61>] ___sys_recvmsg+0x131/0x2e0 > [ 177.030043] [<ffffffff81159b19>] ? handle_mm_fault+0x3b9/0xdd0 > [ 177.030046] [<ffffffff815f1995>] ? unix_inq_len+0x25/0xa0 > [ 177.030048] [<ffffffff815f1a7a>] ? unix_ioctl+0x6a/0x80 > [ 177.030051] [<ffffffff81534a20>] ? sock_do_ioctl+0x30/0x70 > [ 177.030053] [<ffffffff81534d36>] ? sock_ioctl+0x76/0x2a0 > [ 177.030057] [<ffffffff811abef0>] ? do_vfs_ioctl+0x90/0x520 > [ 177.030059] [<ffffffff8115e493>] ? remove_vma+0x63/0x70 > [ 177.030063] [<ffffffff81538769>] __sys_recvmsg+0x49/0x90 > [ 177.030066] [<ffffffff815387c2>] SyS_recvmsg+0x12/0x20 > [ 177.030066] [<ffffffff8165ccd2>] system_call_fastpath+0x16/0x1b > [ 177.030066] Code: 48 83 c4 08 5b 5d c3 66 66 66 2e 0f 1f 84 00 00 00 > 00 00 66 66 66 66 90 48 85 ff 74 24 55 48 89 e5 53 48 83 ec 08 0f 1f 44 > 00 00 <48> 8b 1f e8 10 fe ff ff 48 85 db 48 89 df 75 f0 48 83 c4 08 5b > [ 177.030066] RIP [<ffffffff81540ef8>] kfree_skb_list+0x18/0x30 > [ 177.030068] RSP <ffff880036cb1ac8> > [ 177.030072] CR2: ffffffff00000000 > [ 177.030074] ---[ end trace 0092d2c98560c530 ]--- > [ 177.038589] systemd-journald[1993]: File > /run/log/journal/36ed5bb2aa2e458bbaeca12c31578f4a/system.journal > corrupted or uncleanly shut down, renaming and replacing. > [ 177.041321] systemd-journald[1993]: Vacuuming done, freed 0 bytes > > > > Regards > Santosh > -- > To unsubscribe from this list: send the line "unsubscribe target-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
