hi,
i'm not sure if this is the right place to send bugreport... anyway: i'm
getting kernel panic when mounting SANYO (kernel 2.3.4 with hedrick IDE
patches). i traced down the bug, so i hope everything is clean from
following:
P3-529b:~# modprobe aha1542
SCSI subsystem driver Revision: 1.00
Configuring Adaptec (SCSI-ID 0) at IO:334, IRQ 10, DMA priority 5
scsi0 : Adaptec 1542
Vendor: SANYO Model: CRD-250S Rev: 1.19
Type: CD-ROM ANSI SCSI revision: 02
P3-529b:~# mount /cdrom/
Detected scsi CD-ROM sr0 at scsi0, channel 0, id 1, lun 0
sr0: scsi-1 drive
Uniform CD-ROM driver Revision: 3.12
sr: ran out of mem for scatter pad
scsi_release_buffers (index=0, buf=cc840d6e, buflen=-355236722)
PANIKAAAAA!
<<<
I/O error: dev 0b:00, sector 376
isofs_read_super: bread failed, dev=0b:00, iso_blknum=94, block=188
mount: wrong fs type, bad option, bad superblock on /dev/scd0,
or too many mounted file systems
i modified sources (see bellow), without modification it gives
panic("scsi_free: Bad offset");
also i'm able to reproduce this bug everytime.
****** scsi_lib.c *******
static void scsi_release_buffers(Scsi_Cmnd * SCpnt)
{
ASSERT_LOCK(&io_request_lock, 0);
/*
* Free up any indirection buffers we allocated for DMA purposes.
*/
if (SCpnt->use_sg) {
struct scatterlist *sgpnt;
int i;
sgpnt = (struct scatterlist *) SCpnt->request_buffer;
for (i = 0; i < SCpnt->use_sg; i++) {
if (sgpnt[i].address) {
printk("scsi_release_buffers (index=%d, buf=%p,
buflen=%d)\n",
i, sgpnt[i].address, sgpnt[i].length);
scsi_free(sgpnt[i].address, sgpnt[i].length);
printk("<<<\n");
}
}
scsi_free(SCpnt->request_buffer, SCpnt->sglist_len);
} else {
if (SCpnt->request_buffer != SCpnt->request.buffer) {
printk("scsi_release_buffer (buf=%p, buflen=%d)\n",
SCpnt->request_buffer, SCpnt->request_bufflen);
scsi_free(SCpnt->request_buffer, SCpnt->request_bufflen);
printk("<<<\n");
}
}
/*
* Zero these out. They now point to freed memory, and it is
* dangerous to hang onto the pointers.
*/
SCpnt->buffer = NULL;
SCpnt->bufflen = 0;
SCpnt->request_buffer = NULL;
SCpnt->request_bufflen = 0;
}
****** scsi_dma.c *****
void scsi_free(void *obj, unsigned int len)
{
unsigned int page, sector, nbits, mask;
unsigned long flags;
#ifdef DEBUG
unsigned long ret = 0;
ret = (unsigned long) __builtin_return_address(0);
printk("scsi_free %p %u\n", obj, len);
SCSI_LOG_MLQUEUE(3, printk("SFree: %p %u\n", obj, len));
#endif
spin_lock_irqsave(&allocator_request_lock, flags);
for (page = 0; page < dma_sectors / SECTORS_PER_PAGE; page++) {
unsigned long page_addr = (unsigned long) dma_malloc_pages[page];
if ((unsigned long) obj >= page_addr &&
(unsigned long) obj < page_addr + PAGE_SIZE) {
sector = (((unsigned long) obj) - page_addr) >> 9;
nbits = len >> 9;
mask = (1 << nbits) - 1;
if (sector + nbits > SECTORS_PER_PAGE)
panic("scsi_free: Bad memory alignment");
if ((dma_malloc_freelist[page] &
(mask << sector)) != (mask << sector)) {
#ifdef DEBUG
printk("scsi_free(obj=%p, len=%u) called from %08lx\n",
obj, len, ret);
#endif
panic("scsi_free: Trying to free unused memory");
}
scsi_dma_free_sectors += nbits;
dma_malloc_freelist[page] &= ~(mask << sector);
spin_unlock_irqrestore(&allocator_request_lock, flags);
return;
}
}
#ifdef DEBUG
printk("scsi_free(obj=%p, len=%u) called from %08lx\n", obj, len, ret);
#endif
printk("PANIKAAAAA!\n");
/*
panic("scsi_free: Bad offset");
*/
}
P3-529b:~# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 5
model : 4
model name : Pentium MMX
stepping : 3
cpu MHz : 166.402
fdiv_bug : no
hlt_bug : no
f00f_bug : yes
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr mce cx8 mmx
bogomips : 331.77
Best regards,
_ _ _
| |____ __| |_| ___ Ladislav Michl
| | .'| _ | |(___' <[EMAIL PROTECTED]>
|_|__,_|__._|_|____) ISO-8859-2 compatible
-
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to [EMAIL PROTECTED]
