Bug 193041 - iSCSI initiator: mkfs.ext4 + mount triggers kernel oops
Summary: iSCSI initiator: mkfs.ext4 + mount triggers kernel oops
Status: RESOLVED CODE_FIX
Alias: None
Product: IO/Storage
Classification: Unclassified
Component: SCSI (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: linux-scsi@vger.kernel.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-21 00:06 UTC by Bart Van Assche
Modified: 2017-02-01 00:15 UTC (History)
0 users

See Also:
Kernel Version: v4.10-rc4
Subsystem:
Regression: No
Bisected commit-id:

Attachments
netconsole output (3.25 KB, text/plain)
2017-01-21 00:06 UTC, Bart Van Assche 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Bart Van Assche 2017-01-21 00:06:13 UTC 
Created attachment 252661 [details]
netconsole output

The following command sequence worked with previous kernels but triggers a kernel oops with kernel v4.10-rc4:

./restart-lio-iscsi
iscsiadm -m discovery -t st -p localhost
iscsiadm -m node -p localhost -l
mkfs.ext4 /dev/sda
mount /dev/sda /mnt

gdb translates the crash address into the following:

$ gdb ./drivers/scsi/iscsi_tcp.ko
(gdb) list *(iscsi_sw_tcp_xmit_segment+0x84)
0xf54 is in iscsi_sw_tcp_xmit_segment (drivers/scsi/iscsi_tcp.c:272).
267             struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
268             struct socket *sk = tcp_sw_conn->sock;
269             unsigned int copied = 0;
270             int r = 0;
271
272             while (!iscsi_tcp_segment_done(tcp_conn, segment, 0, r)) {
273                     struct scatterlist *sg;
274                     unsigned int offset, copy;
275                     int flags = 0;
276
Comment 1 Bart Van Assche 2017-02-01 00:15:47 UTC 
Fixed in v4.10-rc6 by commit 08965c2eba135bdfb6e86cf25308e01421c7e0ce (Revert "sd: remove __data_len hack for WRITE SAME").
Note You need to log in before you can comment on or make changes to this bug.