Bug 996551 - targetcli: kernel oops: BUG: unable to handle kernel NULL pointer dereference
targetcli: kernel oops: BUG: unable to handle kernel NULL pointer dereference
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: fcoe-target-utils (Show other bugs)
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Andy Grover
Bruno Goncalves
Depends On:
  Show dependency treegraph
Reported: 2013-08-13 08:29 EDT by Bruno Goncalves
Modified: 2013-08-29 11:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-29 11:59:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
vmcorre-dmesg from FCoE target (79.87 KB, text/plain)
2013-08-13 08:33 EDT, Bruno Goncalves
no flags Details

  None (edit)
Description Bruno Goncalves 2013-08-13 08:29:08 EDT
Description of problem:
Kernel oops during FCoE target test.

While trying to reproduce BZ#970471 this crash happened.

Version-Release number of selected component (if applicable):

How reproducible:
I only reproduced it once.

Steps to Reproduce:
1.configure a tcm_fc FCoE target to assign 1 LUN to initiator. 

2. Make sure initiator has multipathd is running, then do scsi scan to discovery the new luns.
echo 1> /sys/class/fc_host/host5/issue_lip
echo 1> /sys/class/fc_host/host6/issue_lip

3. on FCoE target: restart fcoe-target
# service fcoe-target restart

4. on Initiator: rescan the scsi bus
echo 1> /sys/class/fc_host/host6/issue_lip
echo 1> /sys/class/fc_host/host5/issue_lip

Additional info:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000184
IP: [<ffffffff8150feaf>] _spin_lock_irqsave+0x1f/0x40
PGD 204a8c067 PUD 204ad9067 PMD 0 
Oops: 0002 [#1] SMP 
last sysfs file: /sys/devices/virtual/net/eth1.802-fcoe/host5/rport-5:0-3/target5:0:1/5:0:1:2/state
CPU 1 
Modules linked in: target_core_iblock target_core_file target_core_pscsi tcm_fc scsi_dh_emc dm_round_robin target_core_mod configfs bnx2fc cnic uio fcoe libfcoe 8021q libfc garp stp scsi_transport_fc scsi_tgt llc sunrpc cpufreq_ondemand freq_table pcc_cpufreq ipv6 dm_multipath hpilo hpwdt e1000e microcode serio_raw iTCO_wdt iTCO_vendor_support shpchp ixgbe dca ptp pps_core mdio sg ext4 mbcache jbd2 sd_mod crc_t10dif pata_acpi ata_generic ata_piix hpsa dm_mirror dm_region_hash dm_log dm_mod [last unloaded: target_core_iblock]

Pid: 14415, comm: tcm_fc/1 Not tainted 2.6.32-358.el6.x86_64 #1 HP ProLiant DL120 G7
RIP: 0010:[<ffffffff8150feaf>]  [<ffffffff8150feaf>] _spin_lock_irqsave+0x1f/0x40
RSP: 0018:ffff8801de99dd80  EFLAGS: 00010006
RAX: 0000000000010000 RBX: ffff880200e95840 RCX: 0000000000000000
RDX: 0000000000000206 RSI: 0000000000000206 RDI: 0000000000000184
RBP: ffff8801de99dd80 R08: 0000000000000000 R09: ffff8801e0010840
R10: 0000000000000010 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000184 R14: ffff880200e958e0 R15: 0000000000000006
FS:  0000000000000000(0000) GS:ffff88002fa20000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000184 CR3: 0000000206d81000 CR4: 00000000000407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process tcm_fc/1 (pid: 14415, threadinfo ffff8801de99c000, task ffff8801e56d4aa0)
 ffff8801de99ddd0 ffffffffa03773fa ffff880200000009 0000000000000006
<d> ffff880200e95840 ffff880200e95a98 ffff8801dfac4c56 ffff880200e95800
<d> ffff880200e95840 0000000000000006 ffff8801de99dde0 ffffffffa0377505
Call Trace:
 [<ffffffffa03773fa>] transport_add_cmd_to_queue+0x4a/0x140 [target_core_mod]
 [<ffffffffa0377505>] transport_generic_handle_tmr+0x15/0x20 [target_core_mod]
 [<ffffffffa03c9d36>] ft_send_work+0x276/0x500 [tcm_fc]
 [<ffffffff81096f6e>] ? prepare_to_wait+0x4e/0x80
 [<ffffffffa03c9ac0>] ? ft_send_work+0x0/0x500 [tcm_fc]
 [<ffffffff81090ac0>] worker_thread+0x170/0x2a0
 [<ffffffff81096c80>] ? autoremove_wake_function+0x0/0x40
 [<ffffffff81090950>] ? worker_thread+0x0/0x2a0
 [<ffffffff81096916>] kthread+0x96/0xa0
 [<ffffffff8100c0ca>] child_rip+0xa/0x20
 [<ffffffff81096880>] ? kthread+0x0/0xa0
 [<ffffffff8100c0c0>] ? child_rip+0x0/0x20
Code: c9 c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 0f 1f 44 00 00 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 b8 00 00 01 00 <f0> 0f c1 07 0f b7 c8 c1 e8 10 39 c1 74 0e f3 90 0f b7 0f eb f5 
RIP  [<ffffffff8150feaf>] _spin_lock_irqsave+0x1f/0x40
 RSP <ffff8801de99dd80>
CR2: 0000000000000184
Comment 2 Bruno Goncalves 2013-08-13 08:33:17 EDT
Created attachment 786132 [details]
vmcorre-dmesg from FCoE target
Comment 3 Andy Grover 2013-08-19 20:55:17 EDT
last applied fcoe fixes were in kernel-404, does it repro on 404+?
Comment 4 Bruno Goncalves 2013-08-29 10:33:46 EDT
I can't confirm it, I hit this only once using 2.6.32-358. So I don't have a reproducer for it.

Do you think kernel-404 should have a fix to it? In that case I think we can close it and if this crash occurs again we can reopen it.
Comment 5 Andy Grover 2013-08-29 11:59:37 EDT
sounds good. Closing.

Note You need to log in before you can comment on or make changes to this bug.