Bug 159413 - oops in 3ware driver in RHEL 4 U1 with slab debugging enabled
oops in 3ware driver in RHEL 4 U1 with slab debugging enabled
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Tom Coughlan
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-02 10:52 EDT by Jeffrey Moyer
Modified: 2012-06-20 11:56 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 11:56:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeffrey Moyer 2005-06-02 10:52:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20040924

Description of problem:
When slab debugging is enabled, the 3ware driver will oops soon after boot.  I have seen a couple different stack traces, but this is the one that is reproducable every time:

Unable to handle kernel paging request at virtual address f6871000
 printing eip:
f8883755
*pde = 00000000
Oops: 0002 [#1]
SMP DEBUG_PAGEALLOC
Modules linked in: iptable_filter ip_tables md5 ipv6 parport_pc lp parport netconsole netdump autofs4 i2c_dev i2c_core sunrpc dm_mod button battery ac uhci_hcd ehci_hcd hw_random e1000 floppy ext3 jbd 3w_xxxx ata_piix libata mptscsih mptbase sd_mod scsi_mod
CPU:    0
EIP:    0060:[<f8883755>]    Not tainted VLI
EFLAGS: 00010007   (2.6.9-6.46.EL.root.aio.1smp) 
EIP is at tw_scsiop_inquiry_complete+0x5a/0x11e [3w_xxxx]
eax: 00000000   ebx: 00000000   ecx: 00000015   edx: 000000ff
esi: 0000005d   edi: f6871000   ebp: f6864258   esp: c0384f2c
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c0384000 task=c0315a60)
Stack: f6870f60 f6870f58 f6870f78 f6870f68 c180e700 f6864258 00000000 f6faba00 
       0000dcb4 f8881ac5 00000001 00000246 0000dcbc 0000005d f7e12c7c 00000001 
       00000000 c0384fb0 c0107426 c037fc98 c037fc80 000000d9 00006c80 c010791a 
Call Trace:
 [<f8881ac5>] tw_interrupt+0x308/0x421 [3w_xxxx]
 [<c0107426>] handle_IRQ_event+0x25/0x4f
 [<c010791a>] do_IRQ+0xb0/0x130
 [<c02c8dd0>] common_interrupt+0x18/0x20
 [<c01040e5>] mwait_idle+0x33/0x42
 [<c010409d>] cpu_idle+0x26/0x3b
 [<c0385784>] start_kernel+0x194/0x198
Code: db 8b 50 64 8b 7c 24 04 8b 44 24 04 83 c1 08 89 0c 24 83 c7 10 89 d1 89 7c 24 0c 83 c0 20 c1 e9 02 89 44 24 08 8b 7c 24 04 89 d8 <f3> ab f6 c2 02 74 02 66 ab f6 c2 01 74 01 aa 08 
3w-xxxx: scsi3: AEN: INFO: Initialization started: Unit #0.
3w-xxxx: scsi3: AEN: INFO: Initialization complete: Unit #0.

The other stack traces may have been a result of panic_on_oops being set to 0, and, as such, could be residual damage.

Version-Release number of selected component (if applicable):
kernel-2.6.9-6.46

How reproducible:
Always

Steps to Reproduce:
1. Boot a system with a 3ware controller and slab debugging enabled.
2.
3.
  

Actual Results:  Oops output as above.

Additional info:

System is a Dell PowerEdge 1800  0T7296.

3ware Inc 3ware Inc 3ware 7xxx/8xxx-series
PATA/SATA-RAID
Comment 1 Jeffrey Moyer 2005-06-02 11:21:21 EDT
Here is the other stack trace, from dmesg:

slab error in cache_free_debugcheck(): cache `sgpool-8': double free, or memory
outside object was overwritten
 [<c014395d>] cache_free_debugcheck+0xc7/0x1f1
 [<c014440b>] kmem_cache_free+0x30/0x64
 [<c013e9c4>] mempool_free+0x60/0x64
 [<f883d877>] scsi_io_completion+0x5f/0x417 [scsi_mod]
 [<f8839b15>] scsi_finish_command+0xad/0xb1 [scsi_mod]
 [<f8839a3a>] scsi_softirq+0xb6/0xbe [scsi_mod]
 [<c0125ab4>] __do_softirq+0x4c/0xb1
 [<c0108079>] do_softirq+0x4f/0x56
 =======================
 [<c010798f>] do_IRQ+0x125/0x130
 [<c02c8de4>] common_interrupt+0x18/0x20
 [<c01040e5>] mwait_idle+0x33/0x42
 [<c010409d>] cpu_idle+0x26/0x3b
 [<c0385784>] start_kernel+0x194/0x198
f661c000: redzone 1: 0x170fc2a5, redzone 2: 0x0.
Comment 2 Jiri Pallich 2012-06-20 11:56:30 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.