linux-iscsi / Bugs / #169 Kernel panic in 3.6.2

Kernel panic in 3.6.2

#169 Kernel panic in 3.6.2

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2005-03-20

Created: 2005-03-20

Creator: Mark Malcolm

Private: No

While running the iscsi driver version 3.6.2 on RedHat
AS 3.0 Update 4 I keep getting the following kernel panic:

------------[ cut here ]------------

kernel BUG at timer.c:316!

invalid operand: 0000

iscsi_sfnet mousedev input usbserial usbcore parport_pc lp
parport autofs4 audit e1000 tg3 e100 floppy sg microcode
ext3 jbd aic7xxx diskdumplib sd_mod scsi_m

CPU: 0

EIP: 0060:[<c0134060>] Not tainted

EFLAGS: 00010082

EIP is at add_timer [kernel] 0x60 (2.4.21-27.ELsmp/i686)

eax: c0383180 ebx: f62b8400 ecx: 00000000 edx:
f62b8470

esi: 0000001e edi: f7ff8000 ebp: f62d0000 esp:
f62d1f4c

ds: 0068 es: 0068 ss: 0068

Process iscsi-tx (pid: 2575, stackpage=f62d1000)

Stack: 0000001e f7ff8000 f8a99fd6 f62b8470 f7ff8000
0000001e 0001a364 0001af3d

00000000 00000000 00000000 f7ff872c f7ff8720
00000000 00000000 00000000

00000000 f62d0000 00000046 00000286 00000001
00000000 f62d0000 00000000

Call Trace: [<f8a99fd6>] iscsi_tx_thread [iscsi_sfnet]
0x346 (0xf62d1f54)

[<f8a99c90>] iscsi_tx_thread [iscsi_sfnet] 0x0 (0xf62d1fe0)

[<c01095ad>] kernel_thread_helper [kernel] 0x5
(0xf62d1ff0)

Code: 0f 0b 3c 01 2e c1 2b c0 eb b5 81 b8 0c 10 00 00 6e
ad 87 4b

Kernel panic: Fatal exception

I looked through the code and found that the problem is
being generated at line 6906 in iscsi.c. The following code
snipet from lines 6900-6911 of iscsi.c shows a call to
add_completion_timer, but at the time of the call the
command_timer is pending and since it is the same timer
as the completion timer the kernel panics:

/* FIXME: if this is the last retry of a disk
* write, log a warning about possible data loss
* from the buffer cache?
*/

if (sc->scsi_done) {
add_completion_timer(sc);
DEBUG_EH("iSCSI: session %p
replacement timeout "
"completing %p at %lu\n",
session, sc, jiffies);
sc->scsi_done(sc);
}

fix is to add del_command_timer(sc); as shown below:

/* FIXME: if this is the last retry of a disk
* write, log a warning about possible data loss
* from the buffer cache?
*/

if (sc->scsi_done) {
del_command_timer(sc); /* addd by
mam80 */
add_completion_timer(sc);
DEBUG_EH("iSCSI: session %p
replacement timeout "
"completing %p at %lu\n",
session, sc, jiffies);
sc->scsi_done(sc);
}

Discussion

Nobody/Anonymous - 2006-11-07

Logged In: NO

This was fixed in 3.6.3.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kernel panic in 3.6.2

Group

Searches

Help

#169 Kernel panic in 3.6.2

Discussion