Re: 2.5.40-ac4 kernel BUG at slab.c:1477!

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Murray J. Root" <murrayr@brain.org>
To: linux-kernel@vger.kernel.org
Subject: Re: 2.5.40-ac4  kernel BUG at slab.c:1477!
Date: Mon, 7 Oct 2002 22:58:57 -0400	[thread overview]
Message-ID: <20021008025857.GB1848@Master.Wizards> (raw)
In-Reply-To: <20021006224326.GA1675@Master.Wizards>

On Sun, Oct 06, 2002 at 06:43:26PM -0400, Murray J. Root wrote:
> On Sun, Oct 06, 2002 at 03:31:03PM +0200, Manfred Spraul wrote:
> > > This happens at random during boot when loading modules.
> > > About half of the time ide-scsi works fine.
> > > The system continues to boot after the BUG with /dev/hdc unaccessible.
> > 
> > from mm/slab.c:
> > 
> > 1475 if (xchg((unsigned long *)objp, RED_MAGIC1) != RED_MAGIC2)
> > 1476     /* Either write before start, or a double free. */
> > 1477     BUG();
> > 
> > You run an uniprocessor kernel, with slab debugging enabled, and the 
> > red-zoning test notices a write before the beginning of the buffer 
> > during scsi_probe_and_add_lun, with ide-scsi.
> > 
> > Andre: Do you know if ide-scsi makes any assumptions about memory 
> > alignment of the input buffers? With slab debugging disabled, the 
> > alignment is 32 or 64 bytes, with debugging enabled, it's just 4 byte 
> > [actually sizeof(void*)] aligned.
> > 
> > Murray, could you apply the attached patch? It dumps the redzone value 
> > during scsi_probe_and_add_lun. Hopefully this will help to find who 
> > corrupts the buffers.
> > 
> After patching:
> Soft reboot:
>    kernel oops - rebooted (I'll try to get the oops data from a pic I 
> took of the screen later).
> 
> Hard reboot:
>  SCSI subsystem driver Revision: 1.00
>  scsi0 : SCSI host adapter emulation for IDE ATAPI devices
>  scsi_result: c0334084, start 170fc2a5h.
>  scsi_eh_offline_sdevs: Device offlined - not ready or command retry failed after error recovery: host 0 channel 0 id 0 lun 0
>  scsi_result: c0334084, start 170fc2a5h.
>  scsi_result: c0334084, start 170fc2a5h.
>    Vendor:           Model:                   Rev:     
>    Type:   Direct-Access                      ANSI SCSI revision: 00
>  hdc: lost interrupt
>  hdc: status timeout: status=0xd0 { Busy }
>  hdc: DMA disabled
>  hdc: drive not ready for command
>  hdc: ATAPI reset complete
>  scsi_eh_offline_sdevs: Device offlined - not ready or command retry failed after error recovery: host 0 channel 0 id 0 lun 0
>  scsi scan: host 0 channel 0 id 0 lun 0 identifier too long, length 116, max 80. Device might be improperly identified.
>  scsi_result: c0334084, start 5a2cf071h.
>  scsi_result: c0334084, start 5a2cf071h.
>  ------------[ cut here ]------------
>  kernel BUG at slab.c:1477!
>  invalid operand: 0000
>  ide-scsi scsi_mod rtc  
>  CPU:    0
>  EIP:    0060:[<c01365ee>]    Not tainted
>  EFLAGS: 00010016
>  EIP is at kmem_cache_free_one+0x7e/0x240
>  eax: 5a2cf071   ebx: c1008cf0   ecx: c02db214   edx: c1b0d5fc
>  esi: c0334080   edi: c0334000   ebp: f784fe28   esp: f784fe04
>  ds: 0068   es: 0068   ss: 0068
>  Process insmod (pid: 280, threadinfo=f784e000 task=f7956800)
>  Stack: ffffdaf6 c034198b 00000246 0000002b c0334000 c1b0d5fc c1008cf0 c0334084 
>         00008cf0 f784fe48 c0135bcf c1b0d5fc c0334084 00000286 c0334084 f7cd5a00 
>         c1b645ac f784fe7c fa8eee71 c0334084 c0334084 5a2cf071 c0334084 f784fe6c 
>  Call Trace:
>   [<c0135bcf>]kfree+0x5f/0xb0
>   [<fa8eee71>]scsi_probe_and_add_lun+0xd1/0x220 [scsi_mod]
>   [<fa8ef11e>]scsi_scan_target+0x4e/0x90 [scsi_mod]
>   [<fa8ef391>]scan_scsis+0x91/0x17c [scsi_mod]
>   [<fa8f8d92>].rodata.str1.32+0x392/0x3e6 [ide-scsi]
>   [<fa8e79d2>]scsi_register_host_Rb0dc194c+0x222/0x350 [scsi_mod]
>   [<fa8f84fe>]init_module+0x1e/0x30 [ide-scsi]
>   [<fa8f96c0>]idescsi_template+0x0/0x80 [ide-scsi]
>   [<c011ab1c>]sys_init_module+0x53c/0x690
>   [<fa8f7060>]idescsi_discard_data+0x0/0x40 [ide-scsi]
>   [<fa8f89cf>]__ksymtab+0x0/0x31 [ide-scsi]
>   [<fa8f8fac>].kmodtab+0x0/0xc [ide-scsi]
>   [<fa8f7060>]idescsi_discard_data+0x0/0x40 [ide-scsi]
>   [<c010781b>]syscall_call+0x7/0xb
>  
>  Code: 0f 0b c5 05 f2 2c 2a c0 8b 4d f0 89 f2 b8 71 f0 2c 5a 8b 59 
> 

Same thing in 2.5.41-ac1

-- 
Murray J. Root
------------------------------------------------
DISCLAIMER: http://www.goldmark.org/jeff/stupid-disclaimers/
------------------------------------------------
Mandrake on irc.freenode.net:
  #mandrake & #mandrake-linux = help for newbies 
  #mdk-cooker = Mandrake Cooker

next prev parent reply	other threads:[~2002-10-08  2:53 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-06 13:31 2.5.40-ac4 kernel BUG at slab.c:1477! Manfred Spraul
2002-10-06 22:43 ` Murray J. Root
2002-10-08  2:58   ` Murray J. Root [this message]
2002-10-06 23:15 ` Murray J. Root
2002-10-07  1:48 ` Andre Hedrick
2002-10-07 15:43   ` Manfred Spraul
  -- strict thread matches above, loose matches on Subject: below --
2002-10-06  6:58 Murray J. Root

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021008025857.GB1848@Master.Wizards \
    --to=murrayr@brain.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox