From: "Paul E. Erkkila" <pee@erkkila.org>
To: Neil Brown <neilb@cse.unsw.edu.au>
Cc: Zwane Mwaikambo <zwane@linuxpower.ca>,
Helge Hafting <helgehaf@aitel.hist.no>,
William Lee Irwin III <wli@holomorphy.com>,
Andrew Morton <akpm@digeo.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: 2.5.70-mm1 bootcrash, possibly RAID-1
Date: Sat, 31 May 2003 16:13:27 +0000 [thread overview]
Message-ID: <3ED8D4A7.3080607@erkkila.org> (raw)
In-Reply-To: <16086.47874.272564.71572@notabene.cse.unsw.edu.au>
With patch applied to lastest BK I get this on bootup.
(manual copy)
blk_queue_segment_boundary: set to minimum fff
raid1: raid set md0 active with 2 out of 2 mirrors
md: ... autorun DONE.
---------------[ cut here ] -------------
kernbel BUG at drivers/md/raid1.c:145!
invalid operand: 000 [#1]
CPU: 0
EIP: 0060:[<c025d7df>] Not tainted
EFLAGS: 00010097
EIP is at put_all_bios+0x59/0x85
eax: 00000000 ebx: 00000001 exc: 00000010 edx: f7ffb800
esi: f7d5ddb4 edi: 00000003 ebp: c036bdf8 esp: c036bde8
ds: 007 es: 007b ss:0068
Process swapper (pid: 0, threadinfo=c036a000 task=c02f3000)
Stack: f7fcf900 f7d80480 00000046 f7d5dd80 c036be18 c025d8fc f7d80480
f7d4dd80
00000000 f7d5dd80 00000001 0000000c c036be18 c025da43 f7d5dd80
f7f9f880
00000003 00000000 00000001 00000004 00000000 c18f5ch4 f7d6fce0
0000000c
Call Trace:
[<c025d8fc>] raid_end_bio_io+0x55/0x92
[<c025da43>] raid1_end_request+0x10a/0x196
[<c013042c>] mempool_free+0x32/0x65
[<c014a420>] bio_endio+0x55/0x7a
[<c01ef559>] __end_that_request_first+0x1f1/0x20d
[<c023c0a4>] ide_end_request+0x58/0x118
[<c024f3cb>] ide_dma_intr+0x9d/0xba
[<c023d43f>] ide_intr+0xb9/0x12e
[<c024f34e>] ide_dma_intr+0x0/0xba
[<c010c279>] handle_IRQ_event+0x3c/0xfd
[<c010c48f>] do_IRQ+0x80/0xd6
[<c0108be9>] default_idle+0x0/0x2c
[<c0108be9>] default_idle+0x0/0x2c
[<c010acd4>] common_interrupt+0x18/0x20
[<c0108be9>] default_idle+0x0/0x2c
[<c0108be9>] default_idle+0x0/0x2c
[<c0108c10>] default_idle+0x27/0x2c
[<c0108c81>] cpu_idle+0x31/0x3a
[<c0105000>] _stext+0x0/0x2a
[<c036c678>] start_kernel+0x152/0x177
[<c036c401>] unknown_bootoption+0x0/0xfa
Code: 0f 0b 91 00 85 96 2d c0 89 14 24 e8 7e c2 ee ff c7 06 00 00
<0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing
Neil Brown wrote:
>On Thursday May 29, zwane@linuxpower.ca wrote:
>
>
>>How does the following patch look for the double free.
>>
>>
>>
>
>Thanks. It is a good start, but there are other problems with freeing
>things on error paths. This patch should fix it all.
>
>NeilBrown
>
>--------------------------------------------
>Fix up freeing of kmalloc structures
>
>Some paths free things twice, others free un-initialised values :-(
>Not any more.
>
>
> ----------- Diffstat output ------------
> ./drivers/md/raid0.c | 17 ++++++++---------
> 1 files changed, 8 insertions(+), 9 deletions(-)
>
>diff ./drivers/md/raid0.c~current~ ./drivers/md/raid0.c
>--- ./drivers/md/raid0.c~current~ 2003-05-30 11:40:06.000000000 +1000
>+++ ./drivers/md/raid0.c 2003-05-30 11:47:03.000000000 +1000
>@@ -85,10 +85,8 @@ static int create_strip_zones (mddev_t *
> conf->devlist = kmalloc(sizeof(mdk_rdev_t*)*
> conf->nr_strip_zones*mddev->raid_disks,
> GFP_KERNEL);
>- if (!conf->devlist) {
>- kfree(conf);
>+ if (!conf->devlist)
> return 1;
>- }
>
> memset(conf->strip_zone, 0,sizeof(struct strip_zone)*
> conf->nr_strip_zones);
>@@ -235,6 +233,8 @@ static int raid0_run (mddev_t *mddev)
> goto out;
> mddev->private = (void *)conf;
>
>+ mddev->strip_zone = NULL;
>+ mddev->devlist = NULL;
> if (create_strip_zones (mddev))
> goto out_free_conf;
>
>@@ -273,7 +273,7 @@ static int raid0_run (mddev_t *mddev)
> nb_zone*sizeof(struct strip_zone*));
> conf->hash_table = kmalloc (sizeof (struct strip_zone *)*nb_zone, GFP_KERNEL);
> if (!conf->hash_table)
>- goto out_free_zone_conf;
>+ goto out_free_conf;
> size = conf->strip_zone[cur].size;
>
> for (i=0; i< nb_zone; i++) {
>@@ -296,12 +296,11 @@ static int raid0_run (mddev_t *mddev)
> blk_queue_merge_bvec(&mddev->queue, raid0_mergeable_bvec);
> return 0;
>
>-out_free_zone_conf:
>- kfree(conf->strip_zone);
>- conf->strip_zone = NULL;
>-
> out_free_conf:
>- kfree (conf->devlist);
>+ if (conf->strip_zone)
>+ kfree(conf->strip_zone);
>+ if (conf->devlist)
>+ kfree (conf->devlist);
> kfree(conf);
> mddev->private = NULL;
> out:
>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at http://www.tux.org/lkml/
>
>
WARNING: multiple messages have this Message-ID (diff)
From: "Paul E. Erkkila" <pee@erkkila.org>
To: Neil Brown <neilb@cse.unsw.edu.au>
Cc: Zwane Mwaikambo <zwane@linuxpower.ca>,
Helge Hafting <helgehaf@aitel.hist.no>,
William Lee Irwin III <wli@holomorphy.com>,
Andrew Morton <akpm@digeo.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: 2.5.70-mm1 bootcrash, possibly RAID-1
Date: Sat, 31 May 2003 16:13:27 +0000 [thread overview]
Message-ID: <3ED8D4A7.3080607@erkkila.org> (raw)
In-Reply-To: <16086.47874.272564.71572@notabene.cse.unsw.edu.au>
With patch applied to lastest BK I get this on bootup.
(manual copy)
blk_queue_segment_boundary: set to minimum fff
raid1: raid set md0 active with 2 out of 2 mirrors
md: ... autorun DONE.
---------------[ cut here ] -------------
kernbel BUG at drivers/md/raid1.c:145!
invalid operand: 000 [#1]
CPU: 0
EIP: 0060:[<c025d7df>] Not tainted
EFLAGS: 00010097
EIP is at put_all_bios+0x59/0x85
eax: 00000000 ebx: 00000001 exc: 00000010 edx: f7ffb800
esi: f7d5ddb4 edi: 00000003 ebp: c036bdf8 esp: c036bde8
ds: 007 es: 007b ss:0068
Process swapper (pid: 0, threadinfo=c036a000 task=c02f3000)
Stack: f7fcf900 f7d80480 00000046 f7d5dd80 c036be18 c025d8fc f7d80480
f7d4dd80
00000000 f7d5dd80 00000001 0000000c c036be18 c025da43 f7d5dd80
f7f9f880
00000003 00000000 00000001 00000004 00000000 c18f5ch4 f7d6fce0
0000000c
Call Trace:
[<c025d8fc>] raid_end_bio_io+0x55/0x92
[<c025da43>] raid1_end_request+0x10a/0x196
[<c013042c>] mempool_free+0x32/0x65
[<c014a420>] bio_endio+0x55/0x7a
[<c01ef559>] __end_that_request_first+0x1f1/0x20d
[<c023c0a4>] ide_end_request+0x58/0x118
[<c024f3cb>] ide_dma_intr+0x9d/0xba
[<c023d43f>] ide_intr+0xb9/0x12e
[<c024f34e>] ide_dma_intr+0x0/0xba
[<c010c279>] handle_IRQ_event+0x3c/0xfd
[<c010c48f>] do_IRQ+0x80/0xd6
[<c0108be9>] default_idle+0x0/0x2c
[<c0108be9>] default_idle+0x0/0x2c
[<c010acd4>] common_interrupt+0x18/0x20
[<c0108be9>] default_idle+0x0/0x2c
[<c0108be9>] default_idle+0x0/0x2c
[<c0108c10>] default_idle+0x27/0x2c
[<c0108c81>] cpu_idle+0x31/0x3a
[<c0105000>] _stext+0x0/0x2a
[<c036c678>] start_kernel+0x152/0x177
[<c036c401>] unknown_bootoption+0x0/0xfa
Code: 0f 0b 91 00 85 96 2d c0 89 14 24 e8 7e c2 ee ff c7 06 00 00
<0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing
Neil Brown wrote:
>On Thursday May 29, zwane@linuxpower.ca wrote:
>
>
>>How does the following patch look for the double free.
>>
>>
>>
>
>Thanks. It is a good start, but there are other problems with freeing
>things on error paths. This patch should fix it all.
>
>NeilBrown
>
>--------------------------------------------
>Fix up freeing of kmalloc structures
>
>Some paths free things twice, others free un-initialised values :-(
>Not any more.
>
>
> ----------- Diffstat output ------------
> ./drivers/md/raid0.c | 17 ++++++++---------
> 1 files changed, 8 insertions(+), 9 deletions(-)
>
>diff ./drivers/md/raid0.c~current~ ./drivers/md/raid0.c
>--- ./drivers/md/raid0.c~current~ 2003-05-30 11:40:06.000000000 +1000
>+++ ./drivers/md/raid0.c 2003-05-30 11:47:03.000000000 +1000
>@@ -85,10 +85,8 @@ static int create_strip_zones (mddev_t *
> conf->devlist = kmalloc(sizeof(mdk_rdev_t*)*
> conf->nr_strip_zones*mddev->raid_disks,
> GFP_KERNEL);
>- if (!conf->devlist) {
>- kfree(conf);
>+ if (!conf->devlist)
> return 1;
>- }
>
> memset(conf->strip_zone, 0,sizeof(struct strip_zone)*
> conf->nr_strip_zones);
>@@ -235,6 +233,8 @@ static int raid0_run (mddev_t *mddev)
> goto out;
> mddev->private = (void *)conf;
>
>+ mddev->strip_zone = NULL;
>+ mddev->devlist = NULL;
> if (create_strip_zones (mddev))
> goto out_free_conf;
>
>@@ -273,7 +273,7 @@ static int raid0_run (mddev_t *mddev)
> nb_zone*sizeof(struct strip_zone*));
> conf->hash_table = kmalloc (sizeof (struct strip_zone *)*nb_zone, GFP_KERNEL);
> if (!conf->hash_table)
>- goto out_free_zone_conf;
>+ goto out_free_conf;
> size = conf->strip_zone[cur].size;
>
> for (i=0; i< nb_zone; i++) {
>@@ -296,12 +296,11 @@ static int raid0_run (mddev_t *mddev)
> blk_queue_merge_bvec(&mddev->queue, raid0_mergeable_bvec);
> return 0;
>
>-out_free_zone_conf:
>- kfree(conf->strip_zone);
>- conf->strip_zone = NULL;
>-
> out_free_conf:
>- kfree (conf->devlist);
>+ if (conf->strip_zone)
>+ kfree(conf->strip_zone);
>+ if (conf->devlist)
>+ kfree (conf->devlist);
> kfree(conf);
> mddev->private = NULL;
> out:
>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at http://www.tux.org/lkml/
>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"aart@kvack.org"> aart@kvack.org </a>
next prev parent reply other threads:[~2003-05-31 16:01 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-08 11:22 2.5.67-mm1 Andrew Morton
2003-04-08 11:22 ` 2.5.67-mm1 Andrew Morton
2003-04-08 13:01 ` 2.5.67-mm1 William Lee Irwin III
2003-04-08 13:01 ` 2.5.67-mm1 William Lee Irwin III
2003-04-08 13:17 ` 2.5.67-mm1 Ed Tomlinson
2003-04-08 13:17 ` 2.5.67-mm1 Ed Tomlinson
2003-04-08 15:31 ` 2.5.67-mm1 Randy.Dunlap
2003-04-08 15:31 ` 2.5.67-mm1 Randy.Dunlap
2003-04-08 15:39 ` 2.5.67-mm1 Ed Tomlinson
2003-04-08 15:39 ` 2.5.67-mm1 Ed Tomlinson
2003-04-08 16:14 ` 2.5.67-mm1 Randy.Dunlap
2003-04-08 16:14 ` 2.5.67-mm1 Randy.Dunlap
2003-04-08 16:18 ` 2.5.67-mm1 Ed Tomlinson
2003-04-08 16:18 ` 2.5.67-mm1 Ed Tomlinson
2003-04-08 16:10 ` 2.5.67-mm1 Andrew Morton
2003-04-08 16:10 ` 2.5.67-mm1 Andrew Morton
2003-04-08 16:50 ` 2.5.67-mm1 Ed Tomlinson
2003-04-08 16:50 ` 2.5.67-mm1 Ed Tomlinson
2003-04-08 14:08 ` 2.5.67-mm1 William Lee Irwin III
2003-04-08 14:08 ` 2.5.67-mm1 William Lee Irwin III
2003-04-08 16:43 ` 2.5.67-mm1 Helge Hafting
2003-04-08 16:43 ` 2.5.67-mm1 Helge Hafting
2003-04-09 9:42 ` 2.5.67-mm1 cause framebuffer crash at bootup Helge Hafting
2003-04-09 9:42 ` Helge Hafting
2003-04-09 10:05 ` Andrew Morton
2003-04-09 10:05 ` Andrew Morton
2003-04-09 10:18 ` Andrew Morton
2003-04-09 10:18 ` Andrew Morton
2003-04-09 20:30 ` Randy.Dunlap
2003-04-09 20:30 ` Randy.Dunlap
2003-05-28 11:14 ` 2.5.67-mm1 bootcrash, possibly IDE or RAID Helge Hafting
2003-05-28 11:14 ` Helge Hafting
2003-05-28 11:13 ` William Lee Irwin III
2003-05-28 11:13 ` William Lee Irwin III
2003-05-28 11:34 ` 2.5.70-mm1 " Helge Hafting
2003-05-28 11:34 ` Helge Hafting
2003-05-28 11:35 ` William Lee Irwin III
2003-05-28 11:35 ` William Lee Irwin III
2003-05-28 22:59 ` 2.5.70-mm1 bootcrash, possibly RAID-1 Helge Hafting
2003-05-28 22:59 ` Helge Hafting
2003-05-28 23:18 ` Andrew Morton
2003-05-28 23:18 ` Andrew Morton
2003-05-28 23:30 ` Paul E. Erkkila
2003-05-28 23:30 ` Paul E. Erkkila
2003-05-29 1:08 ` Neil Brown
2003-05-29 1:08 ` Neil Brown
2003-05-29 7:14 ` Zwane Mwaikambo
2003-05-29 7:14 ` Zwane Mwaikambo
2003-05-29 7:32 ` Zwane Mwaikambo
2003-05-29 7:32 ` Zwane Mwaikambo
2003-05-30 1:59 ` Neil Brown
2003-05-30 1:59 ` Neil Brown
2003-05-31 16:13 ` Paul E. Erkkila [this message]
2003-05-31 16:13 ` Paul E. Erkkila
2003-05-29 4:27 ` Alain Toussaint
2003-05-29 13:22 ` John Stoffel
2003-05-29 13:22 ` John Stoffel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ED8D4A7.3080607@erkkila.org \
--to=pee@erkkila.org \
--cc=akpm@digeo.com \
--cc=helgehaf@aitel.hist.no \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=neilb@cse.unsw.edu.au \
--cc=wli@holomorphy.com \
--cc=zwane@linuxpower.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.