On Mon, 23 Jun 2003, Jens Axboe wrote:
> > Note 6b6b6b6b in the eax and esi registers and on the stack. That must be
> > freed memory. __end_that_request_first() is a static function in
> > drivers/block/ll_rw_blk.c
>
> That doesn't look good. I'll try and reproduce + fix here, thanks for
> the report.
What happens is cdrom_newpc_intr() calls cdrom_decode_status() which frees
rq, and then is calls end_that_request_chunk() that tries to use rq->bio.
I tried the patch below, and it seems to delay the panic, but it happens
seconds later anyways in a different place but still on 6b6b6b6b address.
The new stack trace is attached.
Patch (possibly wrong or incomplete):
===================================
--- linux.orig/drivers/ide/ide-cd.c
+++ linux/drivers/ide/ide-cd.c
@@ -1664,7 +1664,7 @@ static ide_startstop_t cdrom_newpc_intr(
}
if (cdrom_decode_status(drive, 0, &stat)) {
- end_that_request_chunk(rq, 1, rq->data_len);
+ printk("ide-cd: newpc_intr decode_status bad\n");
return ide_stopped;
}
===================================
-- Regards, Pavel Roskin
This archive was generated by hypermail 2b29 : Mon Jun 30 2003 - 22:00:15 EST