Bug#445987: Oops reproducable with iSCSI
This bug is reproducable with iSCSI as well. iSCSI works in dom0 but
oopses in domU.
Since I need to get this working, I can help you test patches. Here is
a post that suggests a patch exists:
http://groups.google.com/group/open-iscsi/browse_thread/thread/c4ddd07c06546864
Here is the oops I got with linux-image-2.6.18-6-xen-amd64 2.6.18.dfsg.1-18etch6:
scsi0 : iSCSI Initiator over TCP/IP
Unable to handle kernel NULL pointer dereference at 0000000000000078 RIP:
[<ffffffff881ae3a2>] :scsi_mod:scsi_calculate_bounce_limit+0x15/0x49
PGD 4dbb067 PUD 4db9067 PMD 0
Oops: 0000 [1] SMP
CPU 0
Modules linked in: ib_iser rdma_cm ib_addr ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi scsi_transport_iscsi scsi_mod nfs lockd nfs_acl sunrpc ip6t_REJECT xt_tcpudp ipt_REJECT xt_state ip_conntrack nfnetlink ip6table_filter ip6_tables ipt
able_filter ip_tables x_tables dm_snapshot dm_mirror ipv6 8021q dm_multipath dm_mod evdev pcspkr 8250 serial_core ext3 jbd mbcache bridge unionfs
Pid: 1690, comm: iscsid Not tainted 2.6.18-6-xen-amd64 #1
RIP: e030:[<ffffffff881ae3a2>] [<ffffffff881ae3a2>] :scsi_mod:scsi_calculate_bounce_limit+0x15/0x49
RSP: e02b:ffff880004d2dc30 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88000725c048 RCX: 0000000000000071
RDX: 0000000000000067 RSI: 0000000000000400 RDI: ffff8800071b3800
RBP: ffff8800071b3800 R08: ffff880007194000 R09: 0000000000000014
R10: ffffffff881af8d0 R11: 0000000000000048 R12: ffff880004ca3828
R13: ffff8800071b3800 R14: 0000000000000000 R15: ffff880004ca3800
FS: 00002b4797f056d0(0000) GS:ffffffff804c3000(0000) knlGS:0000000000000000
CS: e033 DS: 0000 ES: 0000
Process iscsid (pid: 1690, threadinfo ffff880004d2c000, task ffff88000722d0c0)
Stack: ffffffff881ae9f2 ffff880004cf2800 ffff880004cf2800 ffff880004ca3800
ffffffff881b0641 ffff8800071b3968 00000001881aa1fe ffff8800071b3800
0000000000000000 0000000000000000
Call Trace:
[<ffffffff881ae9f2>] :scsi_mod:scsi_alloc_queue+0x65/0xb6
[<ffffffff881b0641>] :scsi_mod:scsi_alloc_sdev+0x12e/0x1d2
[<ffffffff881b0870>] :scsi_mod:scsi_probe_and_add_lun+0x10d/0x9c6
[<ffffffff881b146c>] :scsi_mod:scsi_alloc_target+0x21e/0x327
[<ffffffff881b16b8>] :scsi_mod:__scsi_scan_target+0xc3/0x5e7
[<ffffffff8020ba57>] do_page_fault+0xdce/0x112f
[<ffffffff8024c23e>] sscanf+0x49/0x51
[<ffffffff881b1e86>] :scsi_mod:scsi_scan_target+0x6c/0x83
[<ffffffff881d1e2a>] :scsi_transport_iscsi:iscsi_user_scan+0x65/0x94
[<ffffffff881b26f9>] :scsi_mod:store_scan+0x9b/0xc5
[<ffffffff802da599>] sysfs_write_file+0xb4/0xe3
[<ffffffff80216ac9>] vfs_write+0xce/0x174
[<ffffffff802172ec>] sys_write+0x45/0x6e
[<ffffffff8025be4a>] system_call+0x86/0x8b
[<ffffffff8025bdc4>] system_call+0x0/0x8b
Code: 83 78 78 00 75 0c 48 8b 05 59 fa 39 f8 48 c1 e0 0c c3 48 8b
RIP [<ffffffff881ae3a2>] :scsi_mod:scsi_calculate_bounce_limit+0x15/0x49
RSP <ffff880004d2dc30>
CR2: 0000000000000078
--
Göran Weinholt <weinholt@csbnet.se>
Reply to: