On Tue, 24 Feb 2009 20:36:52 +0900
"Norman Diamond" <n0diamond@xxxxxxxxxxx> wrote:
> Kernel 2.6.27.7 in Slax gets a panic or oops (I can't tell which).
> Of course I had to recompile the Slax kernel with CONFIG_IDE_TASK_IOCTL enabled.
> Kernel 2.6.19 in Knoppix handles the same HDIO_DRIVE_TASKFILE perfectly.
> In all cases /dev/hda has no mounted partitions and it is free for me to write to.
>
> 100% reproduced in four configurations:
> (1) drive supports LBA48 and WRITE_DMA_EXT was used
> (2) drive supports LBA48 but WRITE_DMA (LBA28) was used
> (3) drive doesn't support LBA48 and WRITE_DMA was used
> (4) VMware drive probably supports LBA48 but WRITE_DMA was used
> I am trying to write 126 sectors starting at sector number 0.
> (Of course the real purpose of the program will not be to write 126 sectors starting at 0.)
>
> kernel BUG at block/cfg-iosched.c:2001!
> invalid opcode: 0000 [#1] SMP
> Modules linked in: pcmcia pcmcia_core lp pcspkr ppdev parport_pc isp1760 pcnet32
> psmouse serio_raw mii i2c_piix4 parport shpchp intel_agp agpgart evdev fuse auf
> s squashfs sqlzma unlzma [last unloaded: pcmcia_core]
>
> Pid: 3634, comm: pee3en Tainted: G W (2.6.27.7 #1)
> EIP: 0060:[<c03be1a5>] EFLAGS: 00010046 CPU: 0
> EIP is at cfq_put_request+0x45/0x50
> EAX: 00000000 EBX: dec59960 ECX: c03be160 EDX: 00000001
> ESI: defa0a50 EDI: dec3f230 EBP: 00000400 ESP: def09d5c
> DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
> Process pee3en (pid: 3634, ti=def08000 task=dec1ee00 task.ti=def08000)
> Stack: dec59960 000104c9 c03b20c0 c03b4441 dec3f230 dec59960 00000282 def09dd8
> c03b4829 fffffffb 0000007e dec59960 c045e308 00000000 df32d850 d9000640
> 00000000 00000004 0000fc00 c045f273 0000007e 00000000 def09ea0 def09dd8
> Call Trace:
> [<c03b20c0>] elv_put_request+0x10/0x20
> [<c03b4441>] __blk_put_request+0x71/0x80
> [<c03b4829>] blk_put_request+0x29/0x50
> [<c045e308>] ide_raw_taskfile+0x78/0x90
> [<c045f273>] ide_taskfile_ioctl+0x283/0x4c0
> [<c0469a8d>] idedisk_ioctl+0x3d/0x150
> [<c03b88fd>] blkdev_driver_ioctl+0x6d/0x80
> [<c03b8b9e>] blkdev_ioctl+0x283/0x820
> [<c0175705>] do_sync_write+0xd5/0x120
> [<c0156517>] get_page_from_freelist+0x2c7/0x440
> [<c01568b8>] __alloc_pages_internal+0xa8/0x430
> [<c015f9d4>] unmap_vmas+0x364/0x560
> [<c01593f6>] __pagevec_lru_add_active+0x96/0xb0
> [<c016066c>] handle_mm_fault+0x46c/0x640
> [<c01638e4>] vma_merge+0x144/0x1d0
> [<c019c2a8>] block_ioctl+0x18/0x20
> [<c019c290>] block_ioctl+0x0/0x20
> [<c018178b>] vfs_ioctl+0x2b/0x90
> [<c0181a4b>] do_vfs_ioctl+0x25b/0x2a0
> [<c0181ae6>] sys_ioctl+0x56/0x70
> [<c0103262>] syscall_call+0x7/0xb
> =======================
> Code: e8 01 89 44 96 2c 8b 43 58 8b 40 10 e8 a5 90 ff ff 89 f0 c7 43 58 00 00 00
> 00 c7 43 5c 00 00 00 00 5b 5e e9 3e ff ff ff 5b 5e c3 <0f> 0b eb fe 8d b4 26 00
> 00 00 00 83 ec 08 89 1c 24 89 d3 89 74
> EIP: [<c03be1a5>] cfq_put_request+0x45/0x50 SS:ESP 0068:def09d5c
> ---[ end trace 4eaa2a86a8e2da22 ]---
>
block/cfq-iosched.c:
/*
* queue lock held here
*/
static void cfq_put_request(struct request *rq)
{
struct cfq_queue *cfqq = RQ_CFQQ(rq);
if (cfqq) {
const int rw = rq_data_dir(rq);
BUG_ON(!cfqq->allocated[rw]); <================
cfqq->allocated[rw]--;
put_io_context(RQ_CIC(rq)->ioc);
rq->elevator_private = NULL;
rq->elevator_private2 = NULL;
cfq_put_queue(cfqq);
}
}
You should try 2.6.27.6 and 2.6.27.19 to see if they have the bug too.
--
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
