freeing a free buffer (was Re: a badblocks command causes kerlnel

Tim Waugh (tim@cyberelk.demon.co.uk)
Wed, 19 May 1999 20:26:03 +0100 (GMT)

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.

------_=_NextPart_000_01BEA1D9.81984F90
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.05.9905192024322.1353@cyberelk.elk.co.uk>

I might not get much of a chance to look at this tonight, so here's an
oops to decode. I asked Petrosyan to force an oops at 'Trying to free
free buffer', and we have a stack trace.

Tim.
*/

---------- Forwarded message ----------
Date: Wed, 19 May 1999 10:25:11 +0100
From: Tim Waugh <twaugh@matra.co.uk>
To: 'Tim Waugh' <tim@cyberelk.demon.co.uk>
Subject: FW: a badblocks command causes kerlnel OOPS (fwd)

-----Original Message-----
From: Petrosyan Sahak [mailto:sahag@mail.ru]
Sent: Wednesday, May 19, 1999 10:31 AM
To: Tim Waugh
Subject: Re: a badblocks command causes kerlnel OOPS (fwd)

Tim Waugh wrote:

> > It happens EVERY time I run badblocks for my /dev/hda1 partition.
> > for other partitions (/dev/hda(2-4) ) this doesn not happen .
>
> That's actually good news, because it's easier to debug. Can I get you to
> recompile the kernel with a small modification? I'd like you to change
> fs/buffer.c -- at around line 814 it looks like this:
>
> if (buf->b_count) {
> buf->b_count--;
> return;
> }
> printk("VFS: brelse: Trying to free free buffer\n");
> }
>
> Please change it to look like this:
>
> if (buf->b_count) {
> buf->b_count--;
> return;
> }
> printk("VFS: brelse: Trying to free free buffer\n");
> * (int *) 0 = 0; /* add this line */
> }
>
> The idea is to force an oops report as soon as something goes wrong, so
that
> we can see where in the code is trying to free a free buffer.
>
> Please recompile with this change, put the System.map somewhere, boot the
> modified kernel, run badblocks and send me the resulting oops. Please
also
> run it through ksymoops, telling it where to find the System.map for the
> _modified_ kernel.
>
> Thanks,
> Tim.
> */

I have changed fs/buffer.c as you said and recompiled kernel and System.map
I attach two files :
oops1 - new oops report
out1 - new ouput of ksymoops

------_=_NextPart_000_01BEA1D9.81984F90
Content-Type: TEXT/PLAIN; NAME=oops1
Content-ID: <Pine.LNX.4.05.9905192024323.1353@cyberelk.elk.co.uk>
Content-Description:
Content-Disposition: ATTACHMENT; FILENAME=oops1

Oops: 0002
CPU: 0
EIP: 0010:[<c012393a>]
EFLAGS: 00010286
eax: 00000028 ebx: c47eada0 ecx: 000007ba edx: 00000001
esi: c47eada0 edi: 00000000 ebp: c49edea4 esp: c49edd30
ds: 0018 es: 0018 ss: 0018
Process badblocks (pid: 953, process nr: 14, stackpage=c49ed000)
Stack: c0126859 c47eada0 c5cc8540 ffffffea 00000000 00002400 00000008 0804a974
00001000 00000000 c47b6000 00000000 c4b9f360 c49ede9c 00000003 00001000
00000000 00030c65 00002400 030136ce c49edea4 00000000 00000000 00001000
Call Trace: [<c0126859>] [<c015e15f>] [<c0123467>] [<c015e736>] [<c015e460>] [<c0123c69>] [<c0164014>]
[<c0163c48>] [<c016584b>] [<c0109ea3>] [<c0160017>] [<c010fe2f>] [<c0161aa5>] [<c01186d9>] [<c011085f>]
[<c011093a>] [<c0121dc5>] [<c0121f7e>] [<c0108da0>] [<c010002b>]
Code: c7 05 00 00 00 00 00 00 00 00 83 c4 04 5b c3 8d 76 00 53 8b
Segmentation fault

------_=_NextPart_000_01BEA1D9.81984F90
Content-Type: TEXT/PLAIN; NAME=out1
Content-ID: <Pine.LNX.4.05.9905192024324.1353@cyberelk.elk.co.uk>
Content-Description:
Content-Disposition: ATTACHMENT; FILENAME=out1

Options used: -V (default)
-o /lib/modules/2.2.9/ (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-m /boot/System.map (specified)
-c 1 (default)

Oops: 0002
CPU: 0
EIP: 0010:[<c012393a>]
EFLAGS: 00010286
eax: 00000028 ebx: c47eada0 ecx: 000007ba edx: 00000001
esi: c47eada0 edi: 00000000 ebp: c49edea4 esp: c49edd30
ds: 0018 es: 0018 ss: 0018
Process badblocks (pid: 953, process nr: 14, stackpage=c49ed000)
Stack: c0126859 c47eada0 c5cc8540 ffffffea 00000000 00002400 00000008 0804a974
00001000 00000000 c47b6000 00000000 c4b9f360 c49ede9c 00000003 00001000
00000000 00030c65 00002400 030136ce c49edea4 00000000 00000000 00001000
Call Trace: [<c0126859>] [<c015e15f>] [<c0123467>] [<c015e736>] [<c015e460>] [<c0123c69>] [<c0164014>]
[<c0163c48>] [<c016584b>] [<c0109ea3>] [<c0160017>] [<c010fe2f>] [<c0161aa5>] [<c01186d9>] [<c011085f>]
[<c011093a>] [<c0121dc5>] [<c0121f7e>] [<c0108da0>] [<c010002b>]
Code: c7 05 00 00 00 00 00 00 00 00 83 c4 04 5b c3 8d 76 00 53 8b

>>EIP: c012393a <__brelse+4e/60>
Trace: c0126859 <block_read+3c1/4e0>
Trace: c015e15f <add_request+10f/264>
Trace: c0123467 <get_hash_table+17/24>
Trace: c015e736 <make_request+482/4a0>
Trace: c015e460 <make_request+1ac/4a0>
Trace: c0123c69 <get_unused_buffer_head+55/a0>
Trace: c0164014 <ide_dmaproc+cc/15c>
Trace: c0163c48 <ide_dma_intr+0/94>
Trace: c011093a <timer_bh+d2/388>
Code: c012393a <__brelse+4e/60> 00000000 <_EIP>: <===
Code: c012393a <__brelse+4e/60> 0: c7 05 00 00 00 00 00 movl $0x0,0x0 <===
Code: c0123941 <__brelse+55/60> 7: 00 00 00
Code: c0123944 <__brelse+58/60> a: 83 c4 04 addl $0x4,%esp
Code: c0123947 <__brelse+5b/60> d: 5b popl %ebx
Code: c0123948 <__brelse+5c/60> e: c3 ret
Code: c0123949 <__brelse+5d/60> f: 8d 76 00 leal 0x0(%esi),%esi
Code: c012394c <__bforget+0/94> 12: 53 pushl %ebx
Code: c012394d <__bforget+1/94> 13: 8b 00 movl (%eax),%eax

------_=_NextPart_000_01BEA1D9.81984F90--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/