'kernel crach when BLANK sector read'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-scsi
Subject:    kernel crach when BLANK sector read
From:       R.Oehler () GDImbH ! com
Date:       2001-11-27 10:09:25
[Download RAW message or body]

Hi, folks

I'm afraid I found an ugly bug. It can be triggered by 
trying to read a BLANK sector on a SCSI-disk via sd_mod.
This makes WORM media unusable, because a simple
"modprobe sd_mod" crashes the kernel if there is any SCSI-MO
drive with a virgin WORM medium connected to the system.
(partition-check, ...)

To verify, that the bug does not sit in the partition-code itself,
I filled the first few thousand sectors of a medium with
zeroes and erased (made BLANK) the rest. Then I did 
"strace dd if=/dev/sda of=/dev/null". It read the zeroed
sectors and crashed on the first BLANK sector (instead
of giving "I/O-error"

I patched the kernel with kdb from SGI and repeated the crash.
The call chain is included, too.

The bug should be easy to find, and it would really help me
if it would be in 2.4.16, so if I could contribute in any way,
please tell me.

Regards,
        Ralf



#####################################################

Welcome to SuSE Linux 7.3 (i386) - Kernel 2.4.15-greased-turkey (ttyS0).

tick login: invalid operand: 0000
CPU:    0
EIP:    0010:[<d086673a>]    Not tainted
EFLAGS: 00010086
eax: 0000003b   ebx: 00000014   ecx: c02727e4   edx: 00001da1
esi: c02c0014   edi: c02c0000   ebp: ce50c000   esp: c0287da8
ds: 0018   es: 0018   ss: 0018
Process swapper (pid: 0, stackpage=c0287000)
Stack: d086a080 00000093 ce9be000 ce50e080 ce5b5d48 ce50e0ac 03000001 00000002 
       00000003 01000293 d08669f9 ce50e080 ce5b5c00 ce9be000 00000293 c027e208 
       ce5b5c00 ce50e000 ce5b5d08 d0834a6f ce5b5c00 d083b498 ce5b5c00 ce5b5cb8 
Call Trace: [<d086a080>] [<d08669f9>] [<d0834a6f>] [<d083b498>] [<d083d13c>] 
   [<d084f880>] [<d083c604>] [<d083c7e3>] [<d083c848>] [<d083ccd0>] [<d084dd04>] 
   [<d083b4db>] [<d083bb05>] [<d085346f>] [<d085e26e>] [<c0108c21>] [<c0108f2d>] 
   [<c0105290>] [<c0105290>] [<c01052bc>] [<c0105322>] [<c0105000>] [<c010509a>] 

Code: 0f 0b 8d 74 26 00 83 c4 08 83 3e 00 74 0d 8b 0e 81 c1 00 00 
 <0>Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing




#############################################

Welcome to SuSE Linux 7.3 (i386) - Kernel 2.4.15-Dbg (ttyS0).


Entering kdb (current=0xc028e000, pid 0) Oops: invalid operand
due to oops @ 0xd0867607
eax = 0x0000003f ebx = 0x00000018 ecx = 0xc027bc00 edx = 0x00001a3b 
esi = 0xc02d7018 edi = 0xc02d7000 esp = 0xc028fd94 eip = 0xd0867607 
ebp = 0xc028fdbc xss = 0x00000018 xcs = 0x00000010 eflags = 0x00010002 
xds = 0x00000018 xes = 0x00000018 origeax = 0xffffffff &regs = 0xc028fd60
kdb> bt
    EBP       EIP         Function(args)
0xc028fdbc 0xd0867607 [aic7xxx_old]aic7xxx_buildscb+0x23b (0xc96ef07c, 0xc8a0ba00, 0xc889a000)
                               aic7xxx_old .text 0xd0852060 0xd08673cc 0xd086777c
0xc028fde4 0xd08678b9 [aic7xxx_old]aic7xxx_queue+0x13d (0xc8a0ba00, 0xd083a4dc)
                               aic7xxx_old .text 0xd0852060 0xd086777c 0xd086790c
0xc028fe08 0xd083474d [scsi_mod]scsi_dispatch_cmd+0x27d (0xc8a0ba00, 0xc8a0ba00)
                               scsi_mod .text 0xd0834060 0xd08344d0 0xd083481c
0xc028fe38 0xd083bc7d [scsi_mod]scsi_request_fn+0x2bd (0xc8c46acc)
                               scsi_mod .text 0xd0834060 0xd083b9c0 0xd083bcb4
0xc028fe54 0xd083b2d6 [scsi_mod]scsi_queue_next_request+0x46 (0xc8c46acc, 0xc8a0ba00)
                               scsi_mod .text 0xd0834060 0xd083b290 0xd083b39c
0xc028fe70 0xd083b489 [scsi_mod]__scsi_end_request+0xed (0xc8a0ba00, 0x0, 0x0, 0x1, 0x1)
                               scsi_mod .text 0xd0834060 0xd083b39c 0xd083b4d4
0xc028fe8c 0xd083b4ec [scsi_mod]scsi_end_request+0x18 (0xc8a0ba00, 0x0, 0x2)
                               scsi_mod .text 0xd0834060 0xd083b4d4 0xd083b4f0
0xc028fec8 0xd083b96b [scsi_mod]scsi_io_completion+0x3ab (0xc8a0ba00, 0x0, 0x1)
                               scsi_mod .text 0xd0834060 0xd083b5c0 0xd083b978
0xc028fef8 0xd084ed4c [sd_mod]rw_intr+0x1e8 (0xc8a0ba00)
                               sd_mod .text 0xd084e060 0xd084eb64 0xd084ed58
0xc028ff24 0xd083aa8c [scsi_mod]scsi_old_done+0x5b0 (0xc8a0ba00)
                               scsi_mod .text 0xd0834060 0xd083a4dc 0xd083aa9c
0xc028ff34 0xd0854474 [aic7xxx_old]aic7xxx_done_cmds_complete+0x2c (0xc96ef07c)
more> 
                               aic7xxx_old .text 0xd0852060 0xd0854448 0xd0854484
0xc028ff4c 0xd085f1cd [aic7xxx_old]do_aic7xxx_isr+0x65 (0xb, 0xc96ef07c, 0xc028ff98)
                               aic7xxx_old .text 0xd0852060 0xd085f168 0xd085f1ec
0xc028ff6c 0xc0108246 handle_IRQ_event+0x2e (0xb, 0xc028ff98, 0xc2a5da3c)
                               kernel .text 0xc0100000 0xc0108218 0xc0108274
0xc028ff90 0xc01083be do_IRQ+0x72 (0xc028e000, 0xcfe6c000, 0xcfe6c270, 0xc0105170, 0xffffe000)
                               kernel .text 0xc0100000 0xc010834c 0xc0108400
0xc028ffcc 0xc01f1fa8 call_do_IRQ+0x5
                               kernel .rodata 0xc01f0760 0xc01f1fa3 0xc01f1fb0
           0xc0105207 cpu_idle+0x3f
                               kernel .text 0xc0100000 0xc01051c8 0xc010521c
0xc028ffe8 0xc010502a stext+0x2a
                               kernel .text 0xc0100000 0xc0105000 0xc0105030

kdb> go
invalid operand: 0000
CPU:    0
EIP:    0010:[<d0867607>]    Not tainted
EFLAGS: 00010002
eax: 0000003f   ebx: 00000018   ecx: c027bc00   edx: 00001a3b
esi: c02d7018   edi: c02d7000   ebp: c028fdbc   esp: c028fd94
ds: 0018   es: 0018   ss: 0018
Process swapper (pid: 0, stackpage=c028f000)
Stack: d086ae60 00000093 c889a000 c96ef07c c8a0bb48 030019f9 00000002 00000003 
       01000292 c88a0000 c028fde4 d08678b9 c96ef07c c8a0ba00 c889a000 00000293 
       c8a0bab8 c8a0ba00 c96ef0a8 c8a0bb08 c028fe08 d083474d c8a0ba00 d083a4dc 
Call Trace: [<d086ae60>] [<d08678b9>] [<d083474d>] [<d083a4dc>] [<d083bc7d>] 
   [<d0850920>] [<d083b2d6>] [<d083b489>] [<d083b4ec>] [<d083b96b>] [<d0854ddd>] 
   [<d084ed4c>] [<d083aa8c>] [<d0854474>] [<d085f1cd>] [<c0108246>] [<c01083be>] 
   [<c0105170>] [<c0105170>] [<c0105196>] [<c0105207>] [<c0105000>] [<c010502a>] 

Code: 0f 0b 8d b4 26 00 00 00 00 83 c4 08 83 3e 00 74 18 8b 06 05 
 <0>Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing
 

 -----------------------------------------------------------------
|  Ralf Oehler
|  GDI - Gesellschaft fuer Digitale Informationstechnik mbH
|
|  E-Mail:      R.Oehler@GDImbH.com
|  Tel.:        +49 6182-9271-23 
|  Fax.:        +49 6182-25035           
|  Mail:        GDI, Bensbruchstraße 11, D-63533 Mainhausen
|  HTTP:        www.GDImbH.com
 -----------------------------------------------------------------

time is a funny concept

-
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic