kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296!
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Unassigned |
Bug Description
== SRU Justification ==
Rebooting an iSCSI target while the initiator is writing to a LUN leads to the following trace:
[ 59.879202] ------------[ cut here ]------------
[ 59.879202] kernel BUG at /build/
[ 59.880636] invalid opcode: 0000 [#1] SMP PTI
[ 59.881569] Modules linked in: iscsi_target_mod target_core_pscsi target_core_file target_core_iblock target_core_user uio target_core_mod nls_iso8859_1 kvm_intel isofs kvm irqbypass joydev input_leds serio_raw sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_
[ 59.891096] CPU: 0 PID: 1027 Comm: iscsi_np Not tainted 4.15.0-43-generic #46-Ubuntu
[ 59.892726] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 59.894606] RIP: 0010:kfree+
[ 59.895429] RSP: 0018:ffffac0d80
[ 59.896531] RAX: ffff9cf099475800 RBX: ffff9cf099475800 RCX: ffff9cf099475800
[ 59.898083] RDX: 0000000000011bbb RSI: ffff9cf09fc27140 RDI: ffff9cf09f002000
[ 59.899627] RBP: ffffac0d8050fe70 R08: 0000000000000000 R09: ffffffffc07a329b
[ 59.901186] R10: ffffe95780651d40 R11: ffffffffa511dc90 R12: ffff9cf099625600
[ 59.902769] R13: ffffffffc07a329b R14: ffff9cf09ee07600 R15: ffff9cf099475800
[ 59.904321] FS: 000000000000000
[ 59.906120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.907806] CR2: 00007f7153b88470 CR3: 000000001babe000 CR4: 00000000000006f0
[ 59.909376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.910950] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.913098] Call Trace:
[ 59.913783] iscsi_target_
[ 59.915292] iscsi_target_
[ 59.916775] kthread+0x121/0x140
[ 59.917622] ? iscsi_target_
[ 59.919244] ? kthread_
[ 59.920483] ? do_syscall_
[ 59.921460] ? SyS_exit_
[ 59.922583] ret_from_
[ 59.923523] Code: c4 80 74 04 41 8b 72 6c 4c 89 d7 e8 61 1c f9 ff eb 86 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 d6 e8 8b f6 ff ff e9 6d ff ff ff <0f> 0b 48 8b 3d 6d c4 1c 01 e9 c9 fe ff ff 0f 1f 84 00 00 00 00
[ 59.927778] RIP: kfree+0x16a/0x180 RSP: ffffac0d8050fe58
[ 59.929063] ---[ end trace 082da4d341633d3e ]---
== Fix ==
Backport the following 3 commits:
* scsi: iscsi: target: Fix conn_ops double free
* scsi: iscsi: target: Set conn->sess to NULL when
iscsi_
* iscsi target: fix session creation failure handling
== Regression Potential ==
Low. Clean cherry-picks that modify a very isolated area.
== Test ==
Setup an iSCSI target using the scsi_target_user module and tcmu_runner. Setup an initiator to connect to the target and do IOs. Reboot the target. When the target comes back, the kernel falls over when the initiator tries to re-connect.
CVE References
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
description: | updated |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Confirmed → Invalid |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1812086
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.