Bug 10129

Summary: ieee1394: list corruption when unloading ohci1394
Product: Drivers Reporter: Stefan Richter (stefanr)
Component: IEEE1394Assignee: Stefan Richter (stefanr)
Status: CLOSED CODE_FIX    
Severity: low    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: all Subsystem:
Regression: --- Bisected commit-id:

Description Stefan Richter 2008-02-28 03:58:32 UTC
Latest working kernel version: unknown
Earliest failing kernel version: unknown

Hardware Environment: UP PC with two VT6306 cards
does *not* happen on the same PC with just on VT6306 card
does *not* happen on an SMP PC with one FW323 card
I.e. the problem most certainly depends on the presence of more than one card.

"modprobe -r ohci1394" on a kernel with list debugging enabled (and slab debugging, FWIW) results in

ieee1394: Node removed: ID:BUS[1-00:1023]  GUID[00301bac00002ba4]
list_del corruption. prev->next should be f7ca6ef0, but was fa92f5a0
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:67!
invalid opcode: 0000 [#1] DEBUG_PAGEALLOC
Modules linked in: snd_via82xx snd_ac97_codec ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd lp af_packet 8139too mii ohci1394(-) ieee1394 loop via_agp agpgart uhci_hcd [last unloaded: eth1394]

Pid: 4476, comm: modprobe Not tainted (2.6.25-rc3 #2)
EIP: 0060:[<c01e76e5>] EFLAGS: 00010096 CPU: 0
EIP is at list_del+0x45/0x70
EAX: 00000048 EBX: f7ca6ef0 ECX: 00000000 EDX: f48e3550
ESI: fa92e684 EDI: f3a32000 EBP: f4911e84 ESP: f4911e74
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process modprobe (pid: 4476, ti=f4911000 task=f48e3550 task.ti=f4911000)
Stack: c03431d0 f7ca6ef0 fa92f5a0 f7ca6ef0 f4911e90 fa91de2b f39b77c0 f4911ebc
       fa91deba fa92e5c0 f3a32000 f3a33b40 00000292 00000000 fa92e660 fa92e660
       f3a32000 f3a33b40 f4911ecc fa91e6ab f3a32000 f88f6310 f4911ed8 fa91d9d4
Call Trace:
 [<fa91de2b>] ? __delete_addr+0xb/0x20 [ieee1394]
 [<fa91deba>] ? __unregister_host+0x7a/0xb0 [ieee1394]
 [<fa91e6ab>] ? highlevel_remove_host+0x2b/0x50 [ieee1394]
 [<fa91d9d4>] ? hpsb_remove_host+0x34/0x50 [ieee1394]
 [<f88f2b87>] ? ohci1394_pci_remove+0x67/0x1f0 [ohci1394]
 [<c01ec45a>] ? pci_device_remove+0x3a/0x50
 [<c02260fa>] ? __device_release_driver+0x8a/0x90
 [<c0226255>] ? driver_detach+0x105/0x110
 [<c02256cf>] ? bus_remove_driver+0x3f/0x60
 [<c0226555>] ? driver_unregister+0x15/0x20
 [<c01ec6d3>] ? pci_unregister_driver+0x13/0x20
 [<f88f37ed>] ? ohci1394_cleanup+0xd/0xf [ohci1394]
 [<c013b6f3>] ? sys_delete_module+0x143/0x170
 [<c0135c0b>] ? __lock_release+0x3b/0x60
 [<c0102f35>] ? sysenter_past_esp+0x9a/0xa5
 [<c0134822>] ? trace_hardirqs_on+0xb2/0x120
 [<c0102efa>] ? sysenter_past_esp+0x5f/0xa5
 =======================
Code: 4a 04 89 11 c7 40 04 00 02 20 00 c7 00 00 01 10 00 83 c4 0c 5b c9 c3 89 54 24 08 89 44 24 04 c7 04 24 d0 31 34 c0 e8 0b 01 f3 ff <0f> 0b eb fe 8d b4 26 00 00 00 00 89 5c 24 08 89 44 24 04 c7 04
EIP: [<c01e76e5>] list_del+0x45/0x70 SS:ESP 0068:f4911e74
---[ end trace 2e1c0c602a29e28d ]---
Comment 1 Stefan Richter 2008-11-25 14:38:08 UTC
tested again on another PC with four FireWire cards:

ieee1394: Node removed: ID:BUS[3-00:1023]  GUID[00110600000041cc]
------------[ cut here ]------------
WARNING: at lib/list_debug.c:48 list_del+0x58/0x90()
list_del corruption. prev->next should be e7034398, but was f87b53a0
Modules linked in: ohci1394(-) ieee1394 i915 drm cpufreq_ondemand acpi_cpufreq freq_table snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device nfsd lockd sunrpc exportfs coretemp w83627ehf hwmon_vid hwmon sg sd_mod usbhid hid snd_hda_intel ehci_hcd snd_pcm ata_piix uhci_hcd libata usbcore yenta_socket snd_timer rtc rsrc_nonstatic processor snd pcmcia_core snd_page_alloc e1000e thermal_sys
Pid: 4879, comm: modprobe Not tainted 2.6.28-rc6 #6
Call Trace:
 [<c01249d6>] warn_slowpath+0x76/0x90
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c0145628>] validate_chain+0x378/0xec0
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<c01463ba>] __lock_acquire+0x24a/0x990
 [<c01463ba>] __lock_acquire+0x24a/0x990
 [<c0204778>] list_del+0x58/0x90
 [<f87a4ba8>] __delete_addr+0x8/0x20 [ieee1394]
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<f87a4f9e>] highlevel_remove_host+0xe/0x60 [ieee1394]
 [<f87a4fcb>] highlevel_remove_host+0x3b/0x60 [ieee1394]
 [<f87a48a1>] hpsb_remove_host+0x31/0x50 [ieee1394]
 [<f8aa5f89>] ohci1394_pci_remove+0x79/0x290 [ohci1394]
 [<c020a686>] pci_device_remove+0x16/0x40
 [<c02661c6>] __device_release_driver+0x56/0x90
 [<c0266292>] driver_detach+0x92/0xa0
 [<c0265565>] bus_remove_driver+0x75/0xa0
 [<c020a8cf>] pci_unregister_driver+0x1f/0x70
 [<c014d5ee>] sys_delete_module+0x11e/0x200
 [<c01690c7>] remove_vma+0x47/0x60
 [<c0169c41>] do_munmap+0x201/0x260
 [<c010337b>] sysenter_exit+0xf/0x18
 [<c0144b84>] trace_hardirqs_on_caller+0xb4/0x130
 [<c0103349>] sysenter_do_call+0x12/0x35
---[ end trace b73ac1cd55f6fa63 ]---
------------[ cut here ]------------
WARNING: at lib/list_debug.c:51 list_del+0x80/0x90()
list_del corruption. next->prev should be e7034238, but was f87b5360
Modules linked in: ohci1394(-) ieee1394 i915 drm cpufreq_ondemand acpi_cpufreq freq_table snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device nfsd lockd sunrpc exportfs coretemp w83627ehf hwmon_vid hwmon sg sd_mod usbhid hid snd_hda_intel ehci_hcd snd_pcm ata_piix uhci_hcd libata usbcore yenta_socket snd_timer rtc rsrc_nonstatic processor snd pcmcia_core snd_page_alloc e1000e thermal_sys
Pid: 4879, comm: modprobe Tainted: G        W  2.6.28-rc6 #6
Call Trace:
 [<c01249d6>] warn_slowpath+0x76/0x90
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c0145628>] validate_chain+0x378/0xec0
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c01463ba>] __lock_acquire+0x24a/0x990
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<c01463ba>] __lock_acquire+0x24a/0x990
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<c02047a0>] list_del+0x80/0x90
 [<f87a4ba8>] __delete_addr+0x8/0x20 [ieee1394]
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<f87a4f9e>] highlevel_remove_host+0xe/0x60 [ieee1394]
 [<f87a4fcb>] highlevel_remove_host+0x3b/0x60 [ieee1394]
 [<f87a48a1>] hpsb_remove_host+0x31/0x50 [ieee1394]
 [<f8aa5f89>] ohci1394_pci_remove+0x79/0x290 [ohci1394]
 [<c020a686>] pci_device_remove+0x16/0x40
 [<c02661c6>] __device_release_driver+0x56/0x90
 [<c0266292>] driver_detach+0x92/0xa0
 [<c0265565>] bus_remove_driver+0x75/0xa0
 [<c020a8cf>] pci_unregister_driver+0x1f/0x70
 [<c014d5ee>] sys_delete_module+0x11e/0x200
 [<c01690c7>] remove_vma+0x47/0x60
 [<c0169c41>] do_munmap+0x201/0x260
 [<c010337b>] sysenter_exit+0xf/0x18
 [<c0144b84>] trace_hardirqs_on_caller+0xb4/0x130
 [<c0103349>] sysenter_do_call+0x12/0x35
---[ end trace b73ac1cd55f6fa63 ]---
ieee1394: Node removed: ID:BUS[2-00:1023]  GUID[0010dc5600fed2d4]
------------[ cut here ]------------
WARNING: at lib/list_debug.c:48 list_del+0x58/0x90()
list_del corruption. prev->next should be e9900f48, but was f87b53a0
Modules linked in: ohci1394(-) ieee1394 i915 drm cpufreq_ondemand acpi_cpufreq freq_table snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device nfsd lockd sunrpc exportfs coretemp w83627ehf hwmon_vid hwmon sg sd_mod usbhid hid snd_hda_intel ehci_hcd snd_pcm ata_piix uhci_hcd libata usbcore yenta_socket snd_timer rtc rsrc_nonstatic processor snd pcmcia_core snd_page_alloc e1000e thermal_sys
Pid: 4879, comm: modprobe Tainted: G        W  2.6.28-rc6 #6
Call Trace:
 [<c01249d6>] warn_slowpath+0x76/0x90
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<c0176cf9>] poison_obj+0x29/0x60
 [<f87ab7e7>] csr1212_detach_keyval_from_directory+0x57/0x70 [ieee1394]
 [<f87a5f1f>] remove_host+0x6f/0x80 [ieee1394]
 [<c0204778>] list_del+0x58/0x90
 [<f87a4ba8>] __delete_addr+0x8/0x20 [ieee1394]
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<f87a4f9e>] highlevel_remove_host+0xe/0x60 [ieee1394]
 [<f87a4fcb>] highlevel_remove_host+0x3b/0x60 [ieee1394]
 [<f87a48a1>] hpsb_remove_host+0x31/0x50 [ieee1394]
 [<f8aa5f89>] ohci1394_pci_remove+0x79/0x290 [ohci1394]
 [<c020a686>] pci_device_remove+0x16/0x40
 [<c02661c6>] __device_release_driver+0x56/0x90
 [<c0266292>] driver_detach+0x92/0xa0
 [<c0265565>] bus_remove_driver+0x75/0xa0
 [<c020a8cf>] pci_unregister_driver+0x1f/0x70
 [<c014d5ee>] sys_delete_module+0x11e/0x200
 [<c01690c7>] remove_vma+0x47/0x60
 [<c0169c41>] do_munmap+0x201/0x260
 [<c010337b>] sysenter_exit+0xf/0x18
 [<c0144b84>] trace_hardirqs_on_caller+0xb4/0x130
 [<c0103349>] sysenter_do_call+0x12/0x35
---[ end trace b73ac1cd55f6fa63 ]---
------------[ cut here ]------------
WARNING: at lib/list_debug.c:51 list_del+0x80/0x90()
list_del corruption. next->prev should be e9900de8, but was f87b5360
Modules linked in: ohci1394(-) ieee1394 i915 drm cpufreq_ondemand acpi_cpufreq freq_table snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device nfsd lockd sunrpc exportfs coretemp w83627ehf hwmon_vid hwmon sg sd_mod usbhid hid snd_hda_intel ehci_hcd snd_pcm ata_piix uhci_hcd libata usbcore yenta_socket snd_timer rtc rsrc_nonstatic processor snd pcmcia_core snd_page_alloc e1000e thermal_sys
Pid: 4879, comm: modprobe Tainted: G        W  2.6.28-rc6 #6
Call Trace:
 [<c01249d6>] warn_slowpath+0x76/0x90
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<c0176cf9>] poison_obj+0x29/0x60
 [<f87ab7e7>] csr1212_detach_keyval_from_directory+0x57/0x70 [ieee1394]
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<f87a5f1f>] remove_host+0x6f/0x80 [ieee1394]
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<c02047a0>] list_del+0x80/0x90
 [<f87a4ba8>] __delete_addr+0x8/0x20 [ieee1394]
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<f87a4f9e>] highlevel_remove_host+0xe/0x60 [ieee1394]
 [<f87a4fcb>] highlevel_remove_host+0x3b/0x60 [ieee1394]
 [<f87a48a1>] hpsb_remove_host+0x31/0x50 [ieee1394]
 [<f8aa5f89>] ohci1394_pci_remove+0x79/0x290 [ohci1394]
 [<c020a686>] pci_device_remove+0x16/0x40
 [<c02661c6>] __device_release_driver+0x56/0x90
 [<c0266292>] driver_detach+0x92/0xa0
 [<c0265565>] bus_remove_driver+0x75/0xa0
 [<c020a8cf>] pci_unregister_driver+0x1f/0x70
 [<c014d5ee>] sys_delete_module+0x11e/0x200
 [<c01690c7>] remove_vma+0x47/0x60
 [<c0169c41>] do_munmap+0x201/0x260
 [<c010337b>] sysenter_exit+0xf/0x18
 [<c0144b84>] trace_hardirqs_on_caller+0xb4/0x130
 [<c0103349>] sysenter_do_call+0x12/0x35
---[ end trace b73ac1cd55f6fa63 ]---
ieee1394: Node removed: ID:BUS[1-00:1023]  GUID[0030bd051800064f]
------------[ cut here ]------------
WARNING: at lib/list_debug.c:48 list_del+0x58/0x90()
list_del corruption. prev->next should be e9900810, but was f87b53a0
Modules linked in: ohci1394(-) ieee1394 i915 drm cpufreq_ondemand acpi_cpufreq freq_table snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device nfsd lockd sunrpc exportfs coretemp w83627ehf hwmon_vid hwmon sg sd_mod usbhid hid snd_hda_intel ehci_hcd snd_pcm ata_piix uhci_hcd libata usbcore yenta_socket snd_timer rtc rsrc_nonstatic processor snd pcmcia_core snd_page_alloc e1000e thermal_sys
Pid: 4879, comm: modprobe Tainted: G        W  2.6.28-rc6 #6
Call Trace:
 [<c01249d6>] warn_slowpath+0x76/0x90
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<c0176cf9>] poison_obj+0x29/0x60
 [<f87ab7e7>] csr1212_detach_keyval_from_directory+0x57/0x70 [ieee1394]
 [<f87a5f1f>] remove_host+0x6f/0x80 [ieee1394]
 [<c0204778>] list_del+0x58/0x90
 [<f87a4ba8>] __delete_addr+0x8/0x20 [ieee1394]
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<f87a4f9e>] highlevel_remove_host+0xe/0x60 [ieee1394]
 [<f87a4fcb>] highlevel_remove_host+0x3b/0x60 [ieee1394]
 [<f87a48a1>] hpsb_remove_host+0x31/0x50 [ieee1394]
 [<f8aa5f89>] ohci1394_pci_remove+0x79/0x290 [ohci1394]
 [<c020a686>] pci_device_remove+0x16/0x40
 [<c02661c6>] __device_release_driver+0x56/0x90
 [<c0266292>] driver_detach+0x92/0xa0
 [<c0265565>] bus_remove_driver+0x75/0xa0
 [<c020a8cf>] pci_unregister_driver+0x1f/0x70
 [<c014d5ee>] sys_delete_module+0x11e/0x200
 [<c01690c7>] remove_vma+0x47/0x60
 [<c0169c41>] do_munmap+0x201/0x260
 [<c010337b>] sysenter_exit+0xf/0x18
 [<c0144b84>] trace_hardirqs_on_caller+0xb4/0x130
 [<c0103349>] sysenter_do_call+0x12/0x35
---[ end trace b73ac1cd55f6fa63 ]---
------------[ cut here ]------------
WARNING: at lib/list_debug.c:51 list_del+0x80/0x90()
list_del corruption. next->prev should be e9900a78, but was f87b5360
Modules linked in: ohci1394(-) ieee1394 i915 drm cpufreq_ondemand acpi_cpufreq freq_table snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device nfsd lockd sunrpc exportfs coretemp w83627ehf hwmon_vid hwmon sg sd_mod usbhid hid snd_hda_intel ehci_hcd snd_pcm ata_piix uhci_hcd libata usbcore yenta_socket snd_timer rtc rsrc_nonstatic processor snd pcmcia_core snd_page_alloc e1000e thermal_sys
Pid: 4879, comm: modprobe Tainted: G        W  2.6.28-rc6 #6
Call Trace:
 [<c01249d6>] warn_slowpath+0x76/0x90
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c0117c7a>] __change_page_attr_set_clr+0xba/0x510
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<c0176cf9>] poison_obj+0x29/0x60
 [<f87ab7e7>] csr1212_detach_keyval_from_directory+0x57/0x70 [ieee1394]
 [<c0176cf9>] poison_obj+0x29/0x60
 [<c0177045>] cache_free_debugcheck+0xd5/0x300
 [<f87a5f1f>] remove_host+0x6f/0x80 [ieee1394]
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<c02047a0>] list_del+0x80/0x90
 [<f87a4ba8>] __delete_addr+0x8/0x20 [ieee1394]
 [<f87a4d1c>] __unregister_host+0x7c/0xb0 [ieee1394]
 [<f87a4f9e>] highlevel_remove_host+0xe/0x60 [ieee1394]
 [<f87a4fcb>] highlevel_remove_host+0x3b/0x60 [ieee1394]
 [<f87a48a1>] hpsb_remove_host+0x31/0x50 [ieee1394]
 [<f8aa5f89>] ohci1394_pci_remove+0x79/0x290 [ohci1394]
 [<c020a686>] pci_device_remove+0x16/0x40
 [<c02661c6>] __device_release_driver+0x56/0x90
 [<c0266292>] driver_detach+0x92/0xa0
 [<c0265565>] bus_remove_driver+0x75/0xa0
 [<c020a8cf>] pci_unregister_driver+0x1f/0x70
 [<c014d5ee>] sys_delete_module+0x11e/0x200
 [<c01690c7>] remove_vma+0x47/0x60
 [<c0169c41>] do_munmap+0x201/0x260
 [<c010337b>] sysenter_exit+0xf/0x18
 [<c0144b84>] trace_hardirqs_on_caller+0xb4/0x130
 [<c0103349>] sysenter_do_call+0x12/0x35
---[ end trace b73ac1cd55f6fa63 ]---
ieee1394: Node removed: ID:BUS[0-00:1023]  GUID[080028560000319b]
Comment 2 Stefan Richter 2008-11-25 16:37:41 UTC
proposed fix:  http://lkml.org/lkml/2008/11/25/403