Bug 193041
| Summary: | iSCSI initiator: mkfs.ext4 + mount triggers kernel oops | ||
|---|---|---|---|
| Product: | IO/Storage | Reporter: | Bart Van Assche (bvanassche) |
| Component: | SCSI | Assignee: | linux-scsi (linux-scsi) |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | ||
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | v4.10-rc4 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: | netconsole output | ||
Fixed in v4.10-rc6 by commit 08965c2eba135bdfb6e86cf25308e01421c7e0ce (Revert "sd: remove __data_len hack for WRITE SAME"). |
Created attachment 252661 [details] netconsole output The following command sequence worked with previous kernels but triggers a kernel oops with kernel v4.10-rc4: ./restart-lio-iscsi iscsiadm -m discovery -t st -p localhost iscsiadm -m node -p localhost -l mkfs.ext4 /dev/sda mount /dev/sda /mnt gdb translates the crash address into the following: $ gdb ./drivers/scsi/iscsi_tcp.ko (gdb) list *(iscsi_sw_tcp_xmit_segment+0x84) 0xf54 is in iscsi_sw_tcp_xmit_segment (drivers/scsi/iscsi_tcp.c:272). 267 struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data; 268 struct socket *sk = tcp_sw_conn->sock; 269 unsigned int copied = 0; 270 int r = 0; 271 272 while (!iscsi_tcp_segment_done(tcp_conn, segment, 0, r)) { 273 struct scatterlist *sg; 274 unsigned int offset, copy; 275 int flags = 0; 276