> Olaf Flebbe wrote:
>
> > Kernel Oops in Linux Intel 2.2.7
> >
> > Somehow scsi_init_malloc has returned a NULL pointer and memset tried
> > to write on it. It would be safer to test the result of
> > scsi_init_malloc.
> >
> > ------- scsi.c: scan_scsis -------
> > ...
> > SCpnt = (Scsi_Cmnd *) scsi_init_malloc (sizeof (Scsi_Cmnd),
> > GFP_ATOMIC | GFP_DMA);
> > memset (SCpnt, 0, sizeof (Scsi_Cmnd)); <---Boom!
> > ...
>
> Olaf,
> Very accurate debugging. The SCSI mid level has several
> scsi_init_malloc()s that use the GFP_DMA flag and don't bother to
> check if NULL is returned. The GFP_DMA flag tells the allocator
> that only memory below the 16MB limit is suitable (on i386).
This hasn't been fixed in 2.2.9.
Options used: -v /usr/src/linux/vmlinux (specified)
-o /lib/modules/2.2.9/ (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-m /usr/src/linux/System.map (default)
-c 1 (default)
Warning in compare_ksyms_lsmod, module aic7xxx is in lsmod but not in ksyms, probably no symbols exported
May 14 14:20:50 condor kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000
May 14 14:20:50 condor kernel: current->tss.cr3 = 033c9000, %cr3 = 033c9000
May 14 14:20:50 condor kernel: *pde = 00000000
May 14 14:20:50 condor kernel: Oops: 0002
May 14 14:20:50 condor kernel: CPU: 0
May 14 14:20:50 condor kernel: EIP: 0010:[<c80375e0>]
May 14 14:20:50 condor kernel: EFLAGS: 00010246
May 14 14:20:50 condor kernel: eax: 00000000 ebx: c33d5f00 ecx: 00000046 edx: 00000000
May 14 14:20:50 condor kernel: esi: 00000000 edi: 00000000 ebp: c805bab0 esp: c33d5dd8
May 14 14:20:50 condor kernel: ds: 0018 es: 0018 ss: 0018
May 14 14:20:50 condor kernel: Process insmod (pid: 452, process nr: 27, stackpage=c33d5000)
May 14 14:20:50 condor kernel: Stack: c355e000 c805bab0 0000000e 00060020 81789004 00000000 00000001 00000001
May 14 14:20:50 condor kernel: 0000000f 00060020 82789004 00000005 00c00001 00000001 00000010 00080020
May 14 14:20:50 condor kernel: 83789004 00000005 00c00001 ffffffff c01d8cfe c80401dd 00000002 00000005
May 14 14:20:50 condor kernel: Call Trace: [<c805bab0>] [<c80401dd>] [scrup+118/276] [vgacon_cursor+441/452] [set_cursor+110/132] [vt_console_print+732/752] [printk+360/372]
May 14 14:20:50 condor kernel: [<c805bab0>] [<c803a4e3>] [<c805bab0>] [<c8037000>] [<c805bd04>] [<c8046000>] [<c803abfa>] [<c805bab0>]
May 14 14:20:50 condor kernel: [<c8046000>] [<c805672e>] [<c805bab0>] [sys_init_module+1075/1180] [<c8046000>] [<c805bd74>] [<c805bb17>] [<c8037000>]
May 14 14:20:50 condor kernel: [<c8046048>] [system_call+52/56] [<c805bbcf>] [<c8046000>]
May 14 14:20:50 condor kernel: Code: f3 ab 6a 08 6a 58 e8 7d 1e 00 00 89 c7 89 7c 24 2c 83 c4 08
Warning: trailing garbage ignored on Code: line
Text: 'Code: f3 ab 6a 08 6a 58 e8 7d 1e 00 00 89 c7 89 7c 24 2c 83 c4 08 '
Garbage: ' '
>>EIP: c80375e0 <scan_scsis+54/45c>
Trace: c805bab0 <scsi_mlqueue_remove_lock+1790c/1cea8>
Trace: c80401dd <scsi_device_types+d59/1085>
Trace: c805bab0 <scsi_mlqueue_remove_lock+1790c/1cea8>
Trace: c8046000 <scsi_mlqueue_remove_lock+1e5c/1cea8>
Trace: c8046048 <scsi_mlqueue_remove_lock+1ea4/1cea8>
Code: c80375e0 <scan_scsis+54/45c> 00000000 <_EIP>: <===
Code: c80375e0 <scan_scsis+54/45c> 0: f3 ab repz stosl %eax,%es:(%edi) <===
Code: c80375e2 <scan_scsis+56/45c> 2: 6a 08 pushl $0x8
Code: c80375e4 <scan_scsis+58/45c> 4: 6a 58 pushl $0x58
Code: c80375e6 <scan_scsis+5a/45c> 6: e8 7d 1e 00 00 call c8039468 <scsi_init_malloc+0/68>
Code: c80375eb <scan_scsis+5f/45c> b: 89 c7 movl %eax,%edi
Code: c80375ed <scan_scsis+61/45c> d: 89 7c 24 2c movl %edi,0x2c(%esp,1)
Code: c80375f1 <scan_scsis+65/45c> 11: 83 c4 08 addl $0x8,%esp
2 warnings issued. Results may not be reliable.
-- Tim Quidquid latine dictum sit, altum viditur.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/