Return-Path: <linux-kernel-owner+willy=40w.ods.org@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id <S262940AbSJFWhj>; Sun, 6 Oct 2002 18:37:39 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org
	id <S262941AbSJFWhi>; Sun, 6 Oct 2002 18:37:38 -0400
Received: from stroke.of.genius.brain.org ([206.80.113.1]:22262 "EHLO
	stroke.of.genius.brain.org") by vger.kernel.org with ESMTP
	id <S262940AbSJFWhg>; Sun, 6 Oct 2002 18:37:36 -0400
Date: Sun, 6 Oct 2002 18:43:26 -0400
From: "Murray J. Root" <murrayr@brain.org>
To: linux-kernel@vger.kernel.org
Subject: Re: 2.5.40-ac4  kernel BUG at slab.c:1477!
Message-ID: <20021006224326.GA1675@Master.Wizards>
Mail-Followup-To: linux-kernel@vger.kernel.org
References: <3DA03B17.8010501@colorfullife.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3DA03B17.8010501@colorfullife.com>
User-Agent: Mutt/1.4i
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 4108
Lines: 94

On Sun, Oct 06, 2002 at 03:31:03PM +0200, Manfred Spraul wrote:
> > This happens at random during boot when loading modules.
> > About half of the time ide-scsi works fine.
> > The system continues to boot after the BUG with /dev/hdc unaccessible.
> 
> from mm/slab.c:
> 
> 1475 if (xchg((unsigned long *)objp, RED_MAGIC1) != RED_MAGIC2)
> 1476     /* Either write before start, or a double free. */
> 1477     BUG();
> 
> You run an uniprocessor kernel, with slab debugging enabled, and the 
> red-zoning test notices a write before the beginning of the buffer 
> during scsi_probe_and_add_lun, with ide-scsi.
> 
> Andre: Do you know if ide-scsi makes any assumptions about memory 
> alignment of the input buffers? With slab debugging disabled, the 
> alignment is 32 or 64 bytes, with debugging enabled, it's just 4 byte 
> [actually sizeof(void*)] aligned.
> 
> Murray, could you apply the attached patch? It dumps the redzone value 
> during scsi_probe_and_add_lun. Hopefully this will help to find who 
> corrupts the buffers.
> 
After patching:
Soft reboot:
   kernel oops - rebooted (I'll try to get the oops data from a pic I 
took of the screen later).

Hard reboot:
 SCSI subsystem driver Revision: 1.00
 scsi0 : SCSI host adapter emulation for IDE ATAPI devices
 scsi_result: c0334084, start 170fc2a5h.
 scsi_eh_offline_sdevs: Device offlined - not ready or command retry failed after error recovery: host 0 channel 0 id 0 lun 0
 scsi_result: c0334084, start 170fc2a5h.
 scsi_result: c0334084, start 170fc2a5h.
   Vendor:           Model:                   Rev:     
   Type:   Direct-Access                      ANSI SCSI revision: 00
 hdc: lost interrupt
 hdc: status timeout: status=0xd0 { Busy }
 hdc: DMA disabled
 hdc: drive not ready for command
 hdc: ATAPI reset complete
 scsi_eh_offline_sdevs: Device offlined - not ready or command retry failed after error recovery: host 0 channel 0 id 0 lun 0
 scsi scan: host 0 channel 0 id 0 lun 0 identifier too long, length 116, max 80. Device might be improperly identified.
 scsi_result: c0334084, start 5a2cf071h.
 scsi_result: c0334084, start 5a2cf071h.
 ------------[ cut here ]------------
 kernel BUG at slab.c:1477!
 invalid operand: 0000
 ide-scsi scsi_mod rtc  
 CPU:    0
 EIP:    0060:[<c01365ee>]    Not tainted
 EFLAGS: 00010016
 EIP is at kmem_cache_free_one+0x7e/0x240
 eax: 5a2cf071   ebx: c1008cf0   ecx: c02db214   edx: c1b0d5fc
 esi: c0334080   edi: c0334000   ebp: f784fe28   esp: f784fe04
 ds: 0068   es: 0068   ss: 0068
 Process insmod (pid: 280, threadinfo=f784e000 task=f7956800)
 Stack: ffffdaf6 c034198b 00000246 0000002b c0334000 c1b0d5fc c1008cf0 c0334084 
        00008cf0 f784fe48 c0135bcf c1b0d5fc c0334084 00000286 c0334084 f7cd5a00 
        c1b645ac f784fe7c fa8eee71 c0334084 c0334084 5a2cf071 c0334084 f784fe6c 
 Call Trace:
  [<c0135bcf>]kfree+0x5f/0xb0
  [<fa8eee71>]scsi_probe_and_add_lun+0xd1/0x220 [scsi_mod]
  [<fa8ef11e>]scsi_scan_target+0x4e/0x90 [scsi_mod]
  [<fa8ef391>]scan_scsis+0x91/0x17c [scsi_mod]
  [<fa8f8d92>].rodata.str1.32+0x392/0x3e6 [ide-scsi]
  [<fa8e79d2>]scsi_register_host_Rb0dc194c+0x222/0x350 [scsi_mod]
  [<fa8f84fe>]init_module+0x1e/0x30 [ide-scsi]
  [<fa8f96c0>]idescsi_template+0x0/0x80 [ide-scsi]
  [<c011ab1c>]sys_init_module+0x53c/0x690
  [<fa8f7060>]idescsi_discard_data+0x0/0x40 [ide-scsi]
  [<fa8f89cf>]__ksymtab+0x0/0x31 [ide-scsi]
  [<fa8f8fac>].kmodtab+0x0/0xc [ide-scsi]
  [<fa8f7060>]idescsi_discard_data+0x0/0x40 [ide-scsi]
  [<c010781b>]syscall_call+0x7/0xb
 
 Code: 0f 0b c5 05 f2 2c 2a c0 8b 4d f0 89 f2 b8 71 f0 2c 5a 8b 59 

-- 
Murray J. Root
------------------------------------------------
DISCLAIMER: http://www.goldmark.org/jeff/stupid-disclaimers/
------------------------------------------------
Mandrake on irc.freenode.net:
  #mandrake & #mandrake-linux = help for newbies 
  #mdk-cooker = Mandrake Cooker 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/