1119498 – libiscsi, iser patch causes kernel NULL pointer dereference

Bug 1119498 - libiscsi, iser patch causes kernel NULL pointer dereference

Summary: libiscsi, iser patch causes kernel NULL pointer dereference

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	20
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-07-14 23:15 UTC by Pat Blair
Modified:	2014-07-17 04:29 UTC (History)
CC List:	8 users (show)
Fixed In Version:	kernel-3.15.5-200.fc20
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-17 04:29:46 UTC
Dependent Products:

Attachments	(Terms of Use)
kernel lockup 1 (2.11 MB, image/jpeg) 2014-07-14 23:15 UTC, Pat Blair	no flags	Details
kernel lockup 2 (2.27 MB, image/jpeg) 2014-07-14 23:16 UTC, Pat Blair	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description Pat Blair 2014-07-14 23:15:34 UTC

Created attachment 918010 [details]
kernel lockup 1

Description of problem:
When booting to an iSCSI target on kernel 3.15.3 and 3.15.4 it appears that a recent commit is causing a NULL pointer dereference

Version-Release number of selected component (if applicable):
kernel-3.15.4-200.fc20.x86_64
kernel-3.15.3-200.fc20.x86_64

How reproducible:
Booting multi-user or single-user to an iSCSI target

Actual results:
Kernel locks up with the following messages, to name a few:
[   19.672549] BUG: unable to handle kernel NULL pointer dereference at 000000000000000c [   19.680405] IP: [] iscsi_tcp_segment_done+0x2a8/0x370 [libiscsi_tcp]

Expected results:
System boots multi/single-user successfully

Additional info:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/drivers/scsi?h=linux-3.15.y&id=04423ddea30a7fb7232636eda8aed55ea5b972fe 
Looks to be the problem commit as referenced in this message: http://www.spinics.net/linux/lists/kernel/msg1776379.html

The fix may have already been commited to -stable upstream here: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv3.15.5&qt=grep&q=iscsi
but does not appear to be in the fedora kernel yet

Apologies for the attached pictures, it's been difficult to gather boot messages with our setup, but if more information is needed we can definitely provide it!

Comment 1 Pat Blair 2014-07-14 23:16:40 UTC

Created attachment 918012 [details]
kernel lockup 2

Comment 2 Josh Boyer 2014-07-15 12:51:48 UTC

Could you please try the 3.15.5 kernel build?  It contains this commit:

commit 65e98a83a95c5c3e5b6e686173054a557626909c
Author: Martin K. Petersen <martin.petersen@oracle.com>
Date:   Tue Jun 24 16:59:35 2014 +0200

    SCSI: use the scsi data buffer length to extract transfer size
    
    commit 5616b0a46ed82eb9a093f752fc4d7bd3cc688583 upstream.
    

which is the commit you pointed to in the mailing list threads.

Comment 3 Pat Blair 2014-07-15 13:49:34 UTC

Just tested 3.15.5-200.fc20.x86_64 and this resolves the error, thanks!

Comment 4 Fedora Update System 2014-07-15 14:19:51 UTC

kernel-3.15.5-200.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/kernel-3.15.5-200.fc20

Comment 5 Fedora Update System 2014-07-17 04:29:46 UTC

kernel-3.15.5-200.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.