lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080129.151353.48534987.k-ueda@ct.jp.nec.com>
Date:	Tue, 29 Jan 2008 15:13:53 -0500 (EST)
From:	Kiyoshi Ueda <k-ueda@...jp.nec.com>
To:	nai.xia@...il.com, flo@...822.org
Cc:	linux-kernel@...r.kernel.org, jens.axboe@...cle.com,
	bzolnier@...il.com, j-nomura@...jp.nec.com, k-ueda@...jp.nec.com
Subject: Re: kernel BUG at ide-cd.c:1726 in 2.6.24-03863-g0ba6c33 &&
 -g8561b089

Hi,

Sorry for the inconvenience.
I can't reproduce this bug on my test environment.
So please give me more information below to find what's wrong.

On Tue, 29 Jan 2008 22:01:45 +0800, Nai Xia wrote:
> Hi,
> 
> Build environment: debian sid, gcc-4.2.3, i386.
> 
> The bug is in lately git-pull from 
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
> 
> And it can be reproduced very easily on a machine with normal cdroms.
> It halts booting and I grabbed the bug output with an serial console.
> 
> Code around the bug is:
> 
>     /*
>      * If DRQ is clear, the command has completed.
>      */
>     if ((stat & DRQ_STAT) == 0) {
>         spin_lock_irqsave(&ide_lock, flags);
>         if (__blk_end_request(rq, 0, 0))
>             BUG();    // Here comes the bug !
>         HWGROUP(drive)->rq = NULL;
>         spin_unlock_irqrestore(&ide_lock, flags);
> 
>         return ide_stopped;
>     }
> 
> [    6.964356] kernel BUG at drivers/ide/ide-cd.c:1726!
> [    6.964435] invalid opcode: 0000 [#1] PREEMPT SMP
> [    6.964435] Modules linked in:
> [    6.964435]
> [    6.964435] Pid: 1138, comm: scsi_id Not tainted (2.6.24-g8561b089 #19)
> [    6.964435] EIP: 0060:[<c03edf9c>] EFLAGS: 00010002 CPU: 0
> [    6.964435] EIP is at cdrom_newpc_intr+0x2bc/0x2c0
> [    6.964435] EAX: 00000001 EBX: 00000002 ECX: 00000001 EDX: 00000001
> [    6.964435] ESI: 00000003 EDI: cf0144d8 EBP: c07a3c58 ESP: cf2b59a8
> [    6.964435]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
> [    6.964435] Process scsi_id (pid: 1138, ti=cf2b4000 task=cf8856b0 task.ti=cf2b4000)
> [    6.964435] Stack: 00000202 00000002 c0778e80 c0133b57 0000009e 00000000 cf009c00 00000050
> [    6.964435]        0000000f c07a3c00 cf009c00 c07a3c58 c03df2c9 00000000 00000000 00000000
> [    6.964435]        00000000 00000000 00000202 c03edce0 cfbcbb60 00000000 00000000 0000000f
> [    6.964435] Call Trace:
> [    6.964435]  [<c0133b57>] lock_timer_base+0x27/0x60
> [    6.964435]  [<c03df2c9>] ide_intr+0xa9/0x200
> [    6.964435]  [<c03edce0>] cdrom_newpc_intr+0x0/0x2c0
> [    6.964435]  [<c01503d5>] handle_IRQ_event+0x25/0x50
> [    6.964435]  [<c01517d9>] handle_edge_irq+0xb9/0x120
> [    6.964435]  [<c010687b>] do_IRQ+0x3b/0x70
> [    6.964435]  [<c0104df3>] common_interrupt+0x23/0x28
> [    6.964435]  [<c03dfa88>] ide_outsw+0x8/0x10
> [    6.964435]  [<c03e0ae4>] ata_output_data+0x84/0x90
> [    6.964435]  [<c03dfe07>] atapi_output_bytes+0x27/0x60
> [    6.964435]  [<c03ee2f8>] cdrom_transfer_packet_command+0x98/0x110
> [    6.964435]  [<c03eafb0>] cdrom_timer_expiry+0x0/0x60
> [    6.964435]  [<c03ecd8b>] cdrom_start_packet_command+0x10b/0x130
> [    6.964435]  [<c03ee370>] cdrom_do_newpc_cont+0x0/0x30
> [    6.964435]  [<c03deb96>] ide_do_request+0x426/0x990
> [    6.964435]  [<c0133ee7>] del_timer+0x57/0x70
> [    6.964435]  [<c0321ae6>] blk_remove_plug+0x26/0x60
> [    6.964435]  [<c031db95>] elv_drain_elevator+0x15/0x60
> [    6.964435]  [<c031e6d8>] elv_insert+0xd8/0x170
> [    6.964435]  [<c0321ba4>] blk_execute_rq_nowait+0x54/0xa0
> [    6.964435]  [<c0321c70>] blk_execute_rq+0x80/0xf0
> [    6.964435]  [<c0320a10>] blk_end_sync_rq+0x0/0x30
> [    6.964435]  [<c019b563>] bio_add_pc_page+0x23/0x30
> [    6.964435]  [<c0320c06>] blk_rq_bio_prep+0x96/0xb0
> [    6.964435]  [<c0320f0c>] blk_rq_append_bio+0x1c/0x70
> [    6.964435]  [<c03210f2>] blk_rq_map_user+0x122/0x1a0
> [    6.964435]  [<c032577e>] sg_io+0x1be/0x320
> [    6.964435]  [<c0325bdc>] scsi_cmd_ioctl+0x2fc/0x430
> [    6.964435]  [<c03ec9a0>] idecd_revalidate_disk+0x10/0x20
> [    6.964435]  [<c01794d9>] get_super+0x99/0xa0
> [    6.964435]  [<c019c329>] __invalidate_device+0x39/0x50
> [    6.964435]  [<c047d0b7>] cdrom_ioctl+0x37/0xe20
> [    6.964435]  [<c01886c6>] __d_lookup+0x146/0x160
> [    6.964435]  [<c03eb6ed>] idecd_ioctl+0x17d/0x190
> [    6.964435]  [<c01804bf>] __link_path_walk+0xa1f/0xd50
> [    6.964435]  [<c032366d>] blkdev_driver_ioctl+0x6d/0x80
> [    6.964435]  [<c032390e>] blkdev_ioctl+0x28e/0x810
> [    6.964435]  [<c032bd9f>] kobject_get+0xf/0x20
> [    6.964435]  [<c0324169>] get_disk+0x29/0xa0
> [    6.964435]  [<c03241e7>] exact_lock+0x7/0x10
> [    6.964435]  [<c03b33b8>] kobj_lookup+0x148/0x160
> [    6.964435]  [<c019cb47>] do_open+0xb7/0x290
> [    6.964435]  [<c019cf50>] blkdev_open+0x0/0x70
> [    6.964435]  [<c019cf80>] blkdev_open+0x30/0x70
> [    6.964435]  [<c01757ed>] __dentry_open+0x16d/0x1f0
> [    6.964435]  [<c0175925>] nameidata_to_filp+0x35/0x40
> [    6.964435]  [<c017597b>] do_filp_open+0x4b/0x60
> [    6.964435]  [<c017a5c2>] sys_readlinkat+0x32/0x90
> [    6.964435]  [<c019c218>] block_ioctl+0x18/0x20
> [    6.964435]  [<c019c200>] block_ioctl+0x0/0x20
> [    6.964435]  [<c0182cfb>] do_ioctl+0x2b/0x90
> [    6.964435]  [<c0182f7e>] vfs_ioctl+0x21e/0x2a0
> [    6.964435]  [<c018303d>] sys_ioctl+0x3d/0x70
> [    6.964435]  [<c010444a>] syscall_call+0x7/0xb
> [    6.964435]  =======================
> [    6.964435] Code: 04 00 00 89 44 24 0c e9 b4 fe ff ff b8 00 71 70 c0 e8 49 a5 18 00 31 c9 31 d2 89 c3 89 f8 e8 ac 27 f3 ff 85 c0 0f 84 5c fe ff ff <0f> 0b eb fe 83 ec 38 31 d2 89 7c 24 30 89 c7 89 5c 24 28 8d 4c
> [    6.964435] EIP: [<c03edf9c>] cdrom_newpc_intr+0x2bc/0x2c0 SS:ESP 0068:cf2b59a8
> [    6.964435] Kernel panic - not syncing: Fatal exception in interrupt

Could you give me all boot messages and your config?


Are you able to get some outputs on 2.6.24 + the patch below?
If yes, original ide-cd might have a problem.

--- 2.6.24.orig/drivers/ide/ide-cd.c	2008-01-24 17:58:37.000000000 -0500
+++ 2.6.24/drivers/ide/ide-cd.c	2008-01-29 20:55:59.000000000 -0500
@@ -1711,8 +1711,12 @@
 	/*
 	 * If DRQ is clear, the command has completed.
 	 */
-	if ((stat & DRQ_STAT) == 0)
+	if ((stat & DRQ_STAT) == 0) {
+		if (end_that_request_chunk(rq, 1, 0))
+			blk_dump_rq_flags(rq, "ide-cd: rq still having bio");
+
 		goto end_request;
+	}
 
 	/*
 	 * check which way to transfer data



If that's not comfortable for you, could you try with the patch
on top of current 2.6.24-git and send outputs?

--- linus-git.orig/drivers/ide/ide-cd.c	2008-01-29 10:04:51.000000000 -0500
+++ linus-git/drivers/ide/ide-cd.c	2008-01-29 21:00:19.000000000 -0500
@@ -1723,7 +1723,7 @@
 	if ((stat & DRQ_STAT) == 0) {
 		spin_lock_irqsave(&ide_lock, flags);
 		if (__blk_end_request(rq, 0, 0))
-			BUG();
+			blk_dump_rq_flags(rq, "ide-cd: rq still having bio");
 		HWGROUP(drive)->rq = NULL;
 		spin_unlock_irqrestore(&ide_lock, flags);
 

Thanks,
Kiyoshi Ueda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ