Kernel panics in net_rx_action() when creating large file on iSCSI device via network driver
Issue
- kernel panics whenever customer tries to write a large file (5GB)
- 100% reproducible via dd command
# dd if=/dev/zero of=/app01/bigfile bs=1024576 count=10000
- crash signature:
Unable to handle kernel NULL pointer dereference at 00000000000000dc RIP: <ffffffff803148c7>{__lock_text_start+1} PML4 0 Oops: 0000 [1] SMP CPU 2 Modules linked in: netconsole netdump emcpvlumd(U) emcpxcrypt(U) emcpdm(U) emcpmpx(U) emcpgpx(U) emcp(U) nfs lockd nfs_acl md5 ipv6 autofs4 i2c_dev i2c_core sg sunrpc crc32c iscsi_sfnet ds yenta_socket pcmcia_core cpufreq_powersave dm_mirror dm_mod joydev button battery ac ehci_hcd uhci_hcd bnx2x libcrc32c qla3xxx ext3 jbd cciss qla4xxx scsi_transport_iscsi sd_mod scsi_modsi_sfnet ds yenta_socket pcmcia_core cpufreq_powersave dm_mirro Pid: 0, comm: swapper Tainted: P 2.6.9-89.ELlargesmp RIP: 0010:[<ffffffff803148c7>] <ffffffff803148c7>{__lock_text_start+1} RSP: 0018:0000010037e93ef8 EFLAGS: 00010206 RAX: 0000000000005c00 RBX: 00000107fe845f80 RCX: 0000000000000012 RDX: 00000107fe840178 RSI: 0000000000000000 RDI: 00000000000000d8 RBP: 00000107fe840000 R08: 00000108038bc000 R09: 0000000000000030 R10: 0000000000000030 R11: 0000000000000000 R12: 0000010001134560 R13: 0000000000000000 R14: 0000000103e220ba R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffffffff80517480(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 00000000000000dc CR3: 00000008038be000 CR4: 00000000000006e0 Process swapper (pid: 0, threadinfo 00000108038bc000, task 0000010037ffa7f0) Stack: 00000107fe845f80 ffffffff802b9008 00000108038bde98 0000012c038bde98 0000000000000001 ffffffff8051d9b0 000000000000000a 0000000000000002 00000108038bde98 ffffffff8013d5e4 Call Trace:<IRQ> <ffffffff802b9008>{net_rx_action+164} <ffffffff8013d5e4>{__do_softirq+88} <ffffffff8013d68d>{do_softirq+49} <ffffffff801132f3>{do_IRQ+328} <ffffffff801108c3>{ret_from_intr+0} <EOI> <ffffffff8010e88c>{mwait_idle+86} <ffffffff8010e81c>{cpu_idle+26} Code: 81 7f 04 ad 4e ad de 48 89 fb 74 1f 48 8b 74 24 08 48 c7 c7 RIP <ffffffff803148c7>{__lock_text_start+1} RSP <0000010037e93ef8> CR2: 00000000000000dc
- Customer's system crashes anytime a large dd command (1-5GB) is done to to iscsi device controlled by qla3xxx driver.
Environment
-
Red Hat Enterprise Linux
-
Red Hat Enterprise Linux 4 using kernels before 2.6.9-100.EL.
-
Red Hat Enterprise Linux 5 using all kernels.
-
Red Hat Enterprise Linux 6 is not affected.
-
- Network Adapter
- Has been observed on QLA3000 and e1000e adapters, but is not limited to these versions.
- Issue occurs when iscsi storage is being scanned and initialized.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.