Bug 1119498

Summary: libiscsi, iser patch causes kernel NULL pointer dereference
Product: [Fedora] Fedora Reporter: Pat Blair <redstar3894>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: alex.williamson, gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, mchehab, redstar3894
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: kernel-3.15.5-200.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-17 04:29:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
kernel lockup 1
none
kernel lockup 2 none

Description Pat Blair 2014-07-14 23:15:34 UTC 
Created attachment 918010 [details]
kernel lockup 1

Description of problem:
When booting to an iSCSI target on kernel 3.15.3 and 3.15.4 it appears that a recent commit is causing a NULL pointer dereference

Version-Release number of selected component (if applicable):
kernel-3.15.4-200.fc20.x86_64
kernel-3.15.3-200.fc20.x86_64

How reproducible:
Booting multi-user or single-user to an iSCSI target

Actual results:
Kernel locks up with the following messages, to name a few:
[   19.672549] BUG: unable to handle kernel NULL pointer dereference at 000000000000000c [   19.680405] IP: [] iscsi_tcp_segment_done+0x2a8/0x370 [libiscsi_tcp]

Expected results:
System boots multi/single-user successfully

Additional info:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/drivers/scsi?h=linux-3.15.y&id=04423ddea30a7fb7232636eda8aed55ea5b972fe 
Looks to be the problem commit as referenced in this message: http://www.spinics.net/linux/lists/kernel/msg1776379.html

The fix may have already been commited to -stable upstream here: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv3.15.5&qt=grep&q=iscsi
but does not appear to be in the fedora kernel yet

Apologies for the attached pictures, it's been difficult to gather boot messages with our setup, but if more information is needed we can definitely provide it!
Comment 1 Pat Blair 2014-07-14 23:16:40 UTC 
Created attachment 918012 [details]
kernel lockup 2
Comment 2 Josh Boyer 2014-07-15 12:51:48 UTC 
Could you please try the 3.15.5 kernel build?  It contains this commit:

commit 65e98a83a95c5c3e5b6e686173054a557626909c
Author: Martin K. Petersen <martin.petersen>
Date:   Tue Jun 24 16:59:35 2014 +0200

    SCSI: use the scsi data buffer length to extract transfer size
    
    commit 5616b0a46ed82eb9a093f752fc4d7bd3cc688583 upstream.
    

which is the commit you pointed to in the mailing list threads.
Comment 3 Pat Blair 2014-07-15 13:49:34 UTC 
Just tested 3.15.5-200.fc20.x86_64 and this resolves the error, thanks!
Comment 4 Fedora Update System 2014-07-15 14:19:51 UTC 
kernel-3.15.5-200.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/kernel-3.15.5-200.fc20
Comment 5 Fedora Update System 2014-07-17 04:29:46 UTC 
kernel-3.15.5-200.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.