| 2019-01-16 17:12:19 |
Juerg Haefliger |
bug |
|
|
added bug |
| 2019-01-16 17:12:29 |
Juerg Haefliger |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-01-16 17:13:48 |
Juerg Haefliger |
attachment added |
|
Kernel log https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1812086/+attachment/5229717/+files/dmesg.txt |
|
| 2019-01-16 17:30:06 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2019-01-16 17:30:07 |
Ubuntu Kernel Bot |
tags |
|
bionic |
|
| 2019-01-17 07:33:06 |
Juerg Haefliger |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2019-01-21 14:24:48 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2019-01-21 14:24:55 |
Stefan Bader |
linux (Ubuntu Bionic): importance |
Undecided |
Medium |
|
| 2019-01-21 15:42:25 |
Juerg Haefliger |
description |
Rebooting an iSCSI target while the initiator is writing to a LUN leads to the following trace:
[ 59.879202] ------------[ cut here ]------------
[ 59.879202] kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296!
[ 59.880636] invalid opcode: 0000 [#1] SMP PTI
[ 59.881569] Modules linked in: iscsi_target_mod target_core_pscsi target_core_file target_core_iblock target_core_user uio target_core_mod nls_iso8859_1 kvm_intel isofs kvm irqbypass joydev input_leds serio_raw sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear psmouse virtio_blk virtio_net floppy
[ 59.891096] CPU: 0 PID: 1027 Comm: iscsi_np Not tainted 4.15.0-43-generic #46-Ubuntu
[ 59.892726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 59.894606] RIP: 0010:kfree+0x16a/0x180
[ 59.895429] RSP: 0018:ffffac0d8050fe58 EFLAGS: 00010246
[ 59.896531] RAX: ffff9cf099475800 RBX: ffff9cf099475800 RCX: ffff9cf099475800
[ 59.898083] RDX: 0000000000011bbb RSI: ffff9cf09fc27140 RDI: ffff9cf09f002000
[ 59.899627] RBP: ffffac0d8050fe70 R08: 0000000000000000 R09: ffffffffc07a329b
[ 59.901186] R10: ffffe95780651d40 R11: ffffffffa511dc90 R12: ffff9cf099625600
[ 59.902769] R13: ffffffffc07a329b R14: ffff9cf09ee07600 R15: ffff9cf099475800
[ 59.904321] FS: 0000000000000000(0000) GS:ffff9cf09fc00000(0000) knlGS:0000000000000000
[ 59.906120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.907806] CR2: 00007f7153b88470 CR3: 000000001babe000 CR4: 00000000000006f0
[ 59.909376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.910950] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.913098] Call Trace:
[ 59.913783] iscsi_target_login_sess_out+0x1fb/0x250 [iscsi_target_mod]
[ 59.915292] iscsi_target_login_thread+0x44d/0x1060 [iscsi_target_mod]
[ 59.916775] kthread+0x121/0x140
[ 59.917622] ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod]
[ 59.919244] ? kthread_create_worker_on_cpu+0x70/0x70
[ 59.920483] ? do_syscall_64+0x73/0x130
[ 59.921460] ? SyS_exit_group+0x14/0x20
[ 59.922583] ret_from_fork+0x35/0x40
[ 59.923523] Code: c4 80 74 04 41 8b 72 6c 4c 89 d7 e8 61 1c f9 ff eb 86 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 d6 e8 8b f6 ff ff e9 6d ff ff ff <0f> 0b 48 8b 3d 6d c4 1c 01 e9 c9 fe ff ff 0f 1f 84 00 00 00 00
[ 59.927778] RIP: kfree+0x16a/0x180 RSP: ffffac0d8050fe58
[ 59.929063] ---[ end trace 082da4d341633d3e ]--- |
== SRU Justification ==
Rebooting an iSCSI target while the initiator is writing to a LUN leads to the following trace:
[ 59.879202] ------------[ cut here ]------------
[ 59.879202] kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296!
[ 59.880636] invalid opcode: 0000 [#1] SMP PTI
[ 59.881569] Modules linked in: iscsi_target_mod target_core_pscsi target_core_file target_core_iblock target_core_user uio target_core_mod nls_iso8859_1 kvm_intel isofs kvm irqbypass joydev input_leds serio_raw sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear psmouse virtio_blk virtio_net floppy
[ 59.891096] CPU: 0 PID: 1027 Comm: iscsi_np Not tainted 4.15.0-43-generic #46-Ubuntu
[ 59.892726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 59.894606] RIP: 0010:kfree+0x16a/0x180
[ 59.895429] RSP: 0018:ffffac0d8050fe58 EFLAGS: 00010246
[ 59.896531] RAX: ffff9cf099475800 RBX: ffff9cf099475800 RCX: ffff9cf099475800
[ 59.898083] RDX: 0000000000011bbb RSI: ffff9cf09fc27140 RDI: ffff9cf09f002000
[ 59.899627] RBP: ffffac0d8050fe70 R08: 0000000000000000 R09: ffffffffc07a329b
[ 59.901186] R10: ffffe95780651d40 R11: ffffffffa511dc90 R12: ffff9cf099625600
[ 59.902769] R13: ffffffffc07a329b R14: ffff9cf09ee07600 R15: ffff9cf099475800
[ 59.904321] FS: 0000000000000000(0000) GS:ffff9cf09fc00000(0000) knlGS:0000000000000000
[ 59.906120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.907806] CR2: 00007f7153b88470 CR3: 000000001babe000 CR4: 00000000000006f0
[ 59.909376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.910950] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.913098] Call Trace:
[ 59.913783] iscsi_target_login_sess_out+0x1fb/0x250 [iscsi_target_mod]
[ 59.915292] iscsi_target_login_thread+0x44d/0x1060 [iscsi_target_mod]
[ 59.916775] kthread+0x121/0x140
[ 59.917622] ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod]
[ 59.919244] ? kthread_create_worker_on_cpu+0x70/0x70
[ 59.920483] ? do_syscall_64+0x73/0x130
[ 59.921460] ? SyS_exit_group+0x14/0x20
[ 59.922583] ret_from_fork+0x35/0x40
[ 59.923523] Code: c4 80 74 04 41 8b 72 6c 4c 89 d7 e8 61 1c f9 ff eb 86 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 d6 e8 8b f6 ff ff e9 6d ff ff ff <0f> 0b 48 8b 3d 6d c4 1c 01 e9 c9 fe ff ff 0f 1f 84 00 00 00 00
[ 59.927778] RIP: kfree+0x16a/0x180 RSP: ffffac0d8050fe58
[ 59.929063] ---[ end trace 082da4d341633d3e ]---
== Fix ==
Backport the following 3 commits:
* scsi: iscsi: target: Fix conn_ops double free
* scsi: iscsi: target: Set conn->sess to NULL when
iscsi_login_set_conn_values fails
* iscsi target: fix session creation failure handling
== Regression Potential ==
Low. Clean cherry-picks that modify a very isolated area
== Test ==
Setup an iSCSI target using the scsi_target_user module and tcmu_runner. Setup an initiator to connect to the target and do IOs. Reboot the target. When the target comes back, the kernel falls over when the initiator tries to re-connect. |
|
| 2019-01-21 15:42:53 |
Juerg Haefliger |
description |
== SRU Justification ==
Rebooting an iSCSI target while the initiator is writing to a LUN leads to the following trace:
[ 59.879202] ------------[ cut here ]------------
[ 59.879202] kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296!
[ 59.880636] invalid opcode: 0000 [#1] SMP PTI
[ 59.881569] Modules linked in: iscsi_target_mod target_core_pscsi target_core_file target_core_iblock target_core_user uio target_core_mod nls_iso8859_1 kvm_intel isofs kvm irqbypass joydev input_leds serio_raw sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear psmouse virtio_blk virtio_net floppy
[ 59.891096] CPU: 0 PID: 1027 Comm: iscsi_np Not tainted 4.15.0-43-generic #46-Ubuntu
[ 59.892726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 59.894606] RIP: 0010:kfree+0x16a/0x180
[ 59.895429] RSP: 0018:ffffac0d8050fe58 EFLAGS: 00010246
[ 59.896531] RAX: ffff9cf099475800 RBX: ffff9cf099475800 RCX: ffff9cf099475800
[ 59.898083] RDX: 0000000000011bbb RSI: ffff9cf09fc27140 RDI: ffff9cf09f002000
[ 59.899627] RBP: ffffac0d8050fe70 R08: 0000000000000000 R09: ffffffffc07a329b
[ 59.901186] R10: ffffe95780651d40 R11: ffffffffa511dc90 R12: ffff9cf099625600
[ 59.902769] R13: ffffffffc07a329b R14: ffff9cf09ee07600 R15: ffff9cf099475800
[ 59.904321] FS: 0000000000000000(0000) GS:ffff9cf09fc00000(0000) knlGS:0000000000000000
[ 59.906120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.907806] CR2: 00007f7153b88470 CR3: 000000001babe000 CR4: 00000000000006f0
[ 59.909376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.910950] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.913098] Call Trace:
[ 59.913783] iscsi_target_login_sess_out+0x1fb/0x250 [iscsi_target_mod]
[ 59.915292] iscsi_target_login_thread+0x44d/0x1060 [iscsi_target_mod]
[ 59.916775] kthread+0x121/0x140
[ 59.917622] ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod]
[ 59.919244] ? kthread_create_worker_on_cpu+0x70/0x70
[ 59.920483] ? do_syscall_64+0x73/0x130
[ 59.921460] ? SyS_exit_group+0x14/0x20
[ 59.922583] ret_from_fork+0x35/0x40
[ 59.923523] Code: c4 80 74 04 41 8b 72 6c 4c 89 d7 e8 61 1c f9 ff eb 86 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 d6 e8 8b f6 ff ff e9 6d ff ff ff <0f> 0b 48 8b 3d 6d c4 1c 01 e9 c9 fe ff ff 0f 1f 84 00 00 00 00
[ 59.927778] RIP: kfree+0x16a/0x180 RSP: ffffac0d8050fe58
[ 59.929063] ---[ end trace 082da4d341633d3e ]---
== Fix ==
Backport the following 3 commits:
* scsi: iscsi: target: Fix conn_ops double free
* scsi: iscsi: target: Set conn->sess to NULL when
iscsi_login_set_conn_values fails
* iscsi target: fix session creation failure handling
== Regression Potential ==
Low. Clean cherry-picks that modify a very isolated area
== Test ==
Setup an iSCSI target using the scsi_target_user module and tcmu_runner. Setup an initiator to connect to the target and do IOs. Reboot the target. When the target comes back, the kernel falls over when the initiator tries to re-connect. |
== SRU Justification ==
Rebooting an iSCSI target while the initiator is writing to a LUN leads to the following trace:
[ 59.879202] ------------[ cut here ]------------
[ 59.879202] kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296!
[ 59.880636] invalid opcode: 0000 [#1] SMP PTI
[ 59.881569] Modules linked in: iscsi_target_mod target_core_pscsi target_core_file target_core_iblock target_core_user uio target_core_mod nls_iso8859_1 kvm_intel isofs kvm irqbypass joydev input_leds serio_raw sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear psmouse virtio_blk virtio_net floppy
[ 59.891096] CPU: 0 PID: 1027 Comm: iscsi_np Not tainted 4.15.0-43-generic #46-Ubuntu
[ 59.892726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 59.894606] RIP: 0010:kfree+0x16a/0x180
[ 59.895429] RSP: 0018:ffffac0d8050fe58 EFLAGS: 00010246
[ 59.896531] RAX: ffff9cf099475800 RBX: ffff9cf099475800 RCX: ffff9cf099475800
[ 59.898083] RDX: 0000000000011bbb RSI: ffff9cf09fc27140 RDI: ffff9cf09f002000
[ 59.899627] RBP: ffffac0d8050fe70 R08: 0000000000000000 R09: ffffffffc07a329b
[ 59.901186] R10: ffffe95780651d40 R11: ffffffffa511dc90 R12: ffff9cf099625600
[ 59.902769] R13: ffffffffc07a329b R14: ffff9cf09ee07600 R15: ffff9cf099475800
[ 59.904321] FS: 0000000000000000(0000) GS:ffff9cf09fc00000(0000) knlGS:0000000000000000
[ 59.906120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.907806] CR2: 00007f7153b88470 CR3: 000000001babe000 CR4: 00000000000006f0
[ 59.909376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.910950] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.913098] Call Trace:
[ 59.913783] iscsi_target_login_sess_out+0x1fb/0x250 [iscsi_target_mod]
[ 59.915292] iscsi_target_login_thread+0x44d/0x1060 [iscsi_target_mod]
[ 59.916775] kthread+0x121/0x140
[ 59.917622] ? iscsi_target_login_sess_out+0x250/0x250 [iscsi_target_mod]
[ 59.919244] ? kthread_create_worker_on_cpu+0x70/0x70
[ 59.920483] ? do_syscall_64+0x73/0x130
[ 59.921460] ? SyS_exit_group+0x14/0x20
[ 59.922583] ret_from_fork+0x35/0x40
[ 59.923523] Code: c4 80 74 04 41 8b 72 6c 4c 89 d7 e8 61 1c f9 ff eb 86 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 d6 e8 8b f6 ff ff e9 6d ff ff ff <0f> 0b 48 8b 3d 6d c4 1c 01 e9 c9 fe ff ff 0f 1f 84 00 00 00 00
[ 59.927778] RIP: kfree+0x16a/0x180 RSP: ffffac0d8050fe58
[ 59.929063] ---[ end trace 082da4d341633d3e ]---
== Fix ==
Backport the following 3 commits:
* scsi: iscsi: target: Fix conn_ops double free
* scsi: iscsi: target: Set conn->sess to NULL when
iscsi_login_set_conn_values fails
* iscsi target: fix session creation failure handling
== Regression Potential ==
Low. Clean cherry-picks that modify a very isolated area.
== Test ==
Setup an iSCSI target using the scsi_target_user module and tcmu_runner. Setup an initiator to connect to the target and do IOs. Reboot the target. When the target comes back, the kernel falls over when the initiator tries to re-connect. |
|
| 2019-02-04 06:02:47 |
Khaled El Mously |
linux (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2019-02-15 14:42:38 |
Brad Figg |
tags |
bionic |
bionic verification-needed-bionic |
|
| 2019-02-18 13:16:53 |
Juerg Haefliger |
tags |
bionic verification-needed-bionic |
bionic verification-done-bionic |
|
| 2019-03-05 15:00:44 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-03-05 15:00:44 |
Launchpad Janitor |
cve linked |
|
2018-18397 |
|
| 2019-03-05 15:00:44 |
Launchpad Janitor |
cve linked |
|
2018-19854 |
|
| 2019-03-05 15:00:44 |
Launchpad Janitor |
cve linked |
|
2019-6133 |
|
| 2019-06-13 07:42:46 |
Juerg Haefliger |
linux (Ubuntu): status |
Confirmed |
Invalid |
|
| 2020-12-18 08:45:21 |
Andryu |
bug |
|
|
added subscriber Andryu |
