Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 159413 - oops in 3ware driver in RHEL 4 U1 with slab debugging enabled
Summary: oops in 3ware driver in RHEL 4 U1 with slab debugging enabled
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.0
Hardware: i686
OS: Linux
Target Milestone: ---
: ---
Assignee: Tom Coughlan
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2005-06-02 14:52 UTC by Jeff Moyer
Modified: 2012-06-20 15:56 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-06-20 15:56:30 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Jeff Moyer 2005-06-02 14:52:00 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20040924

Description of problem:
When slab debugging is enabled, the 3ware driver will oops soon after boot.  I have seen a couple different stack traces, but this is the one that is reproducable every time:

Unable to handle kernel paging request at virtual address f6871000
 printing eip:
*pde = 00000000
Oops: 0002 [#1]
Modules linked in: iptable_filter ip_tables md5 ipv6 parport_pc lp parport netconsole netdump autofs4 i2c_dev i2c_core sunrpc dm_mod button battery ac uhci_hcd ehci_hcd hw_random e1000 floppy ext3 jbd 3w_xxxx ata_piix libata mptscsih mptbase sd_mod scsi_mod
CPU:    0
EIP:    0060:[<f8883755>]    Not tainted VLI
EFLAGS: 00010007   (2.6.9-6.46.EL.root.aio.1smp) 
EIP is at tw_scsiop_inquiry_complete+0x5a/0x11e [3w_xxxx]
eax: 00000000   ebx: 00000000   ecx: 00000015   edx: 000000ff
esi: 0000005d   edi: f6871000   ebp: f6864258   esp: c0384f2c
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c0384000 task=c0315a60)
Stack: f6870f60 f6870f58 f6870f78 f6870f68 c180e700 f6864258 00000000 f6faba00 
       0000dcb4 f8881ac5 00000001 00000246 0000dcbc 0000005d f7e12c7c 00000001 
       00000000 c0384fb0 c0107426 c037fc98 c037fc80 000000d9 00006c80 c010791a 
Call Trace:
 [<f8881ac5>] tw_interrupt+0x308/0x421 [3w_xxxx]
 [<c0107426>] handle_IRQ_event+0x25/0x4f
 [<c010791a>] do_IRQ+0xb0/0x130
 [<c02c8dd0>] common_interrupt+0x18/0x20
 [<c01040e5>] mwait_idle+0x33/0x42
 [<c010409d>] cpu_idle+0x26/0x3b
 [<c0385784>] start_kernel+0x194/0x198
Code: db 8b 50 64 8b 7c 24 04 8b 44 24 04 83 c1 08 89 0c 24 83 c7 10 89 d1 89 7c 24 0c 83 c0 20 c1 e9 02 89 44 24 08 8b 7c 24 04 89 d8 <f3> ab f6 c2 02 74 02 66 ab f6 c2 01 74 01 aa 08 
3w-xxxx: scsi3: AEN: INFO: Initialization started: Unit #0.
3w-xxxx: scsi3: AEN: INFO: Initialization complete: Unit #0.

The other stack traces may have been a result of panic_on_oops being set to 0, and, as such, could be residual damage.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Boot a system with a 3ware controller and slab debugging enabled.

Actual Results:  Oops output as above.

Additional info:

System is a Dell PowerEdge 1800  0T7296.

3ware Inc 3ware Inc 3ware 7xxx/8xxx-series

Comment 1 Jeff Moyer 2005-06-02 15:21:21 UTC
Here is the other stack trace, from dmesg:

slab error in cache_free_debugcheck(): cache `sgpool-8': double free, or memory
outside object was overwritten
 [<c014395d>] cache_free_debugcheck+0xc7/0x1f1
 [<c014440b>] kmem_cache_free+0x30/0x64
 [<c013e9c4>] mempool_free+0x60/0x64
 [<f883d877>] scsi_io_completion+0x5f/0x417 [scsi_mod]
 [<f8839b15>] scsi_finish_command+0xad/0xb1 [scsi_mod]
 [<f8839a3a>] scsi_softirq+0xb6/0xbe [scsi_mod]
 [<c0125ab4>] __do_softirq+0x4c/0xb1
 [<c0108079>] do_softirq+0x4f/0x56
 [<c010798f>] do_IRQ+0x125/0x130
 [<c02c8de4>] common_interrupt+0x18/0x20
 [<c01040e5>] mwait_idle+0x33/0x42
 [<c010409d>] cpu_idle+0x26/0x3b
 [<c0385784>] start_kernel+0x194/0x198
f661c000: redzone 1: 0x170fc2a5, redzone 2: 0x0.

Comment 2 Jiri Pallich 2012-06-20 15:56:30 UTC
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.