Kernel panics in net_rx_action() when creating large file on iSCSI device via network driver
Issue
- kernel panics whenever customer tries to write a large file (5GB)
- 100% reproducible via dd command
# dd if=/dev/zero of=/app01/bigfile bs=1024576 count=10000 - crash signature:
Unable to handle kernel NULL pointer dereference at 00000000000000dc RIP: <ffffffff803148c7>{__lock_text_start+1} PML4 0 Oops: 0000 [1] SMP CPU 2 Modules linked in: netconsole netdump emcpvlumd(U) emcpxcrypt(U) emcpdm(U) emcpmpx(U) emcpgpx(U) emcp(U) nfs lockd nfs_acl md5 ipv6 autofs4 i2c_dev i2c_core sg sunrpc crc32c iscsi_sfnet ds yenta_socket pcmcia_core cpufreq_powersave dm_mirror dm_mod joydev button battery ac ehci_hcd uhci_hcd bnx2x libcrc32c qla3xxx ext3 jbd cciss qla4xxx scsi_transport_iscsi sd_mod scsi_modsi_sfnet ds yenta_socket pcmcia_core cpufreq_powersave dm_mirro Pid: 0, comm: swapper Tainted: P 2.6.9-89.ELlargesmp RIP: 0010:[<ffffffff803148c7>] <ffffffff803148c7>{__lock_text_start+1} RSP: 0018:0000010037e93ef8 EFLAGS: 00010206 RAX: 0000000000005c00 RBX: 00000107fe845f80 RCX: 0000000000000012 RDX: 00000107fe840178 RSI: 0000000000000000 RDI: 00000000000000d8 RBP: 00000107fe840000 R08: 00000108038bc000 R09: 0000000000000030 R10: 0000000000000030 R11: 0000000000000000 R12: 0000010001134560 R13: 0000000000000000 R14: 0000000103e220ba R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffffffff80517480(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 00000000000000dc CR3: 00000008038be000 CR4: 00000000000006e0 Process swapper (pid: 0, threadinfo 00000108038bc000, task 0000010037ffa7f0) Stack: 00000107fe845f80 ffffffff802b9008 00000108038bde98 0000012c038bde98 0000000000000001 ffffffff8051d9b0 000000000000000a 0000000000000002 00000108038bde98 ffffffff8013d5e4 Call Trace:<IRQ> <ffffffff802b9008>{net_rx_action+164} <ffffffff8013d5e4>{__do_softirq+88} <ffffffff8013d68d>{do_softirq+49} <ffffffff801132f3>{do_IRQ+328} <ffffffff801108c3>{ret_from_intr+0} <EOI> <ffffffff8010e88c>{mwait_idle+86} <ffffffff8010e81c>{cpu_idle+26} Code: 81 7f 04 ad 4e ad de 48 89 fb 74 1f 48 8b 74 24 08 48 c7 c7 RIP <ffffffff803148c7>{__lock_text_start+1} RSP <0000010037e93ef8> CR2: 00000000000000dc - Customer's system crashes anytime a large dd command (1-5GB) is done to to iscsi device controlled by qla3xxx driver.
Environment
-
Red Hat Enterprise Linux
-
Red Hat Enterprise Linux 4 using kernels before 2.6.9-100.EL.
-
Red Hat Enterprise Linux 5 using all kernels.
-
Red Hat Enterprise Linux 6 is not affected.
-
- Network Adapter
- Has been observed on QLA3000 and e1000e adapters, but is not limited to these versions.
- Issue occurs when iscsi storage is being scanned and initialized.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
