Re: 2.5.40-ac4 kernel BUG at slab.c:1477!

From: Manfred Spraul (manfred@colorfullife.com)
Date: Sun Oct 06 2002 - 08:31:03 EST

Next message: Ingo Molnar: "Re: New BK License Problem?"
Previous message: Russell King: "Re: Good Idea (tm): Code Consolidation for Functions and Macros that Access the Process Address Space"
Maybe in reply to: Murray J. Root: "2.5.40-ac4 kernel BUG at slab.c:1477!"
Next in thread: Murray J. Root: "Re: 2.5.40-ac4 kernel BUG at slab.c:1477!"
Reply: Murray J. Root: "Re: 2.5.40-ac4 kernel BUG at slab.c:1477!"
Reply: Murray J. Root: "Re: 2.5.40-ac4 kernel BUG at slab.c:1477!"
Reply: Andre Hedrick: "Re: 2.5.40-ac4 kernel BUG at slab.c:1477!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This happens at random during boot when loading modules.
> About half of the time ide-scsi works fine.
> The system continues to boot after the BUG with /dev/hdc unaccessible.

from mm/slab.c:

1475 if (xchg((unsigned long *)objp, RED_MAGIC1) != RED_MAGIC2)
1476 /* Either write before start, or a double free. */
1477 BUG();

You run an uniprocessor kernel, with slab debugging enabled, and the
red-zoning test notices a write before the beginning of the buffer
during scsi_probe_and_add_lun, with ide-scsi.

Andre: Do you know if ide-scsi makes any assumptions about memory
alignment of the input buffers? With slab debugging disabled, the
alignment is 32 or 64 bytes, with debugging enabled, it's just 4 byte
[actually sizeof(void*)] aligned.

Murray, could you apply the attached patch? It dumps the redzone value
during scsi_probe_and_add_lun. Hopefully this will help to find who
corrupts the buffers.

-- Manfred

--- 2.5/drivers/scsi/scsi_scan.c Sun Sep 22 06:25:17 2002 +++ build-2.5/drivers/scsi/scsi_scan.c Sun Oct 6 14:21:58 2002 @@ -1526,8 +1526,9 @@ GFP_DMA : 0); if (scsi_result == NULL) goto alloc_failed; - +printk(KERN_INFO"scsi_result: %p, start %lxh.\n",scsi_result, ((unsigned long*)scsi_result)[-1]); scsi_probe_lun(sreq, scsi_result, &bflags); +printk(KERN_INFO"scsi_result: %p, start %lxh.\n",scsi_result, ((unsigned long*)scsi_result)[-1]); if (sreq->sr_result) res = SCSI_SCAN_NO_RESPONSE; else { @@ -1550,8 +1551,10 @@ " no device added\n")); res = SCSI_SCAN_TARGET_PRESENT; } else { +printk(KERN_INFO"scsi_result: %p, start %lxh.\n",scsi_result, ((unsigned long*)scsi_result)[-1]); res = scsi_add_lun(sdevscan, &sdev, sreq, scsi_result, &bflags); +printk(KERN_INFO"scsi_result: %p, start %lxh.\n",scsi_result, ((unsigned long*)scsi_result)[-1]); if (res == SCSI_SCAN_LUN_PRESENT) { BUG_ON(sdev == NULL); if ((bflags & BLIST_KEY) != 0) { @@ -1574,9 +1577,13 @@ } } } +printk(KERN_INFO"scsi_result: %p, start %lxh.\n",scsi_result, ((unsigned long*)scsi_result)[-1]); kfree(scsi_result); +printk(KERN_INFO"after kfree\n"); scsi_release_request(sreq); +printk(KERN_INFO"after release_request\n"); scsi_release_commandblocks(sdevscan); +printk(KERN_INFO"after release_commandblocks\n"); return res; alloc_failed:

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: New BK License Problem?"
Previous message: Russell King: "Re: Good Idea (tm): Code Consolidation for Functions and Macros that Access the Process Address Space"
Maybe in reply to: Murray J. Root: "2.5.40-ac4 kernel BUG at slab.c:1477!"
Next in thread: Murray J. Root: "Re: 2.5.40-ac4 kernel BUG at slab.c:1477!"
Reply: Murray J. Root: "Re: 2.5.40-ac4 kernel BUG at slab.c:1477!"
Reply: Murray J. Root: "Re: 2.5.40-ac4 kernel BUG at slab.c:1477!"
Reply: Andre Hedrick: "Re: 2.5.40-ac4 kernel BUG at slab.c:1477!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Oct 07 2002 - 22:00:53 EST