Re: Linux 2.5.73 - panic (freed memory) on CD-Recorder errors

From: Pavel Roskin (proski@gnu.org)
Date: Tue Jun 24 2003 - 00:08:59 EST

Next message: Rusty Russell: "Re: [PATCH] proper allocation of hwif->io_ports resources"
Previous message: Marcelo Tosatti: "aic7xxx driver update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 23 Jun 2003, Jens Axboe wrote:

> > Note 6b6b6b6b in the eax and esi registers and on the stack. That must be
> > freed memory. __end_that_request_first() is a static function in
> > drivers/block/ll_rw_blk.c
>
> That doesn't look good. I'll try and reproduce + fix here, thanks for
> the report.

What happens is cdrom_newpc_intr() calls cdrom_decode_status() which frees
rq, and then is calls end_that_request_chunk() that tries to use rq->bio.

I tried the patch below, and it seems to delay the panic, but it happens
seconds later anyways in a different place but still on 6b6b6b6b address.
The new stack trace is attached.

Patch (possibly wrong or incomplete):
===================================
--- linux.orig/drivers/ide/ide-cd.c
+++ linux/drivers/ide/ide-cd.c
@@ -1664,7 +1664,7 @@ static ide_startstop_t cdrom_newpc_intr(
         }

         if (cdrom_decode_status(drive, 0, &stat)) {
- end_that_request_chunk(rq, 1, rq->data_len);
+ printk("ide-cd: newpc_intr decode_status bad\n");
                 return ide_stopped;
         }

===================================

-- Regards, Pavel Roskin

TEXT/PLAIN attachment: new_panic

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: [PATCH] proper allocation of hwif->io_ports resources"
Previous message: Marcelo Tosatti: "aic7xxx driver update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jun 30 2003 - 22:00:15 EST