* Slab corruption in floppy driver module
@ 2012-01-24 13:19 Suresh Jayaraman
2012-01-24 22:31 ` Vivek Goyal
0 siblings, 1 reply; 17+ messages in thread
From: Suresh Jayaraman @ 2012-01-24 13:19 UTC (permalink / raw)
To: LKML; +Cc: Tejun Heo, Jens Axboe
Hello,
Got a spew of slab corruption messages during boot on 3.2 vanilla
kernel with DEBUG_SLAB enabled.
--- cut-here ---
[ 9.643858] pciehp: PCI Express Hot Plug Controller Driver version: 0.4
[ 10.792691] Slab corruption: blkdev_queue start=ffff88042407e088, len=2104
[ 10.799280] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
[ 10.805825] Last user: [<ffffffff812c6580>](kobject_cleanup+0x80/0x1d0)
[ 10.812404] 4e0: 6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
jkkkkkkkkkkkkkkk
[ 10.818984] Single bit error detected. Probably bad RAM.
[ 10.825554] Run memtest86+ or a similar memory test tool.
[ 10.832125] Next obj: start=ffff88042407e8d8, len=2104
[ 10.838656] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
[ 10.845168] Last user: [< (null)>](0x0)
[ 10.851646] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
[ 10.858222] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
[ 10.865320] loop: module loaded
[ 10.896232] kjournald starting. Commit interval 5 seconds
[ 10.896368] EXT3-fs (sda5): using internal journal
[ 10.896373] EXT3-fs (sda5): mounted filesystem with ordered data mode
[ 10.915290] kjournald starting. Commit interval 5 seconds
[ 10.915385] EXT3-fs (sda3): using internal journal
[ 10.915388] EXT3-fs (sda3): mounted filesystem with ordered data mode
[ 12.361444] fuse init (API version 7.17)
[ 15.776067] Slab corruption: blkdev_queue start=ffff880424d72148, len=2104
[ 15.776074] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
[ 15.776076] Last user: [<ffffffff812c6580>](kobject_cleanup+0x80/0x1d0)
[ 15.776087] 4e0: 6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
jkkkkkkkkkkkkkkk
[ 15.776092] Single bit error detected. Probably bad RAM.
[ 15.776095] Run memtest86+ or a similar memory test tool.
[ 15.776100] Next obj: start=ffff880424d72998, len=2104
[ 15.776103] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
[ 15.776106] Last user: [<ffffffff812c6580>](kobject_cleanup+0x80/0x1d0)
[ 15.776111] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
[ 15.776116] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
[ 15.776122] Slab corruption: blkdev_queue start=ffff880424d72998, len=2104
[ 15.776126] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
[ 15.776128] Last user: [<ffffffff812c6580>](kobject_cleanup+0x80/0x1d0)
[ 15.776133] 4e0: 6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
jkkkkkkkkkkkkkkk
[ 15.776137] Single bit error detected. Probably bad RAM.
[ 15.776139] Run memtest86+ or a similar memory test tool.
[ 15.776144] Prev obj: start=ffff880424d72148, len=2104
[ 15.776146] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
[ 15.776150] Last user: [<ffffffff812c6580>](kobject_cleanup+0x80/0x1d0)
[ 15.776155] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
[ 15.776159] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
[ 15.776164] Next obj: start=ffff880424d731e8, len=2104
[ 15.776168] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
[ 15.776170] Last user: [<ffffffff812c6580>](kobject_cleanup+0x80/0x1d0)
[ 15.776175] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
[ 15.776178] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
kkkkkkkkkkkkkkkk
[ 15.776185] Slab corruption: blkdev_queue start=ffff880424d731e8, len=2104
[ 15.776188] Redzone: 0x9f911029d74e35b/0x9f911029d74e35b.
[ 15.776190] Last user: [<ffffffff812c6580>](kobject_cleanup+0x80/0x1d0)
[ 15.776195] 4e0: 6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
jkkkkkkkkkkkkkkk
[ 15.776199] Single bit error detected. Probably bad RAM.
[ 15.776202] Run memtest86+ or a similar memory test tool.
[ 15.776206] Prev obj: start=ffff880424d72998, len=2104
--- cut-here ---
After enabling DEBUG_PAGEALLOC the box oopsed and I was able to see the
problem.
--- cut-here ---
[ 33.228029] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 33.228029] CPU 5
[ 33.228029] Modules linked in: dcdbas i5k_amb bnx2 i5000_edac vhost_net
iTCO_wdt edac_core macvtap macvlan tun ses enclosure kvm_intel
iTCO_vendor_support shpchp kvm pci_hotplug sg serio_raw sr_mod cdrom button
rtc_cmos pcspkr floppy(+) usbhid hid radeon ttm drm_kms_helper drm i2c_algo_bit
i2c_core uhci_hcd ehci_hcd usbcore usb_common sd_mod crc_t10dif processor
thermal_sys hwmon ext3 mbcache jbd ata_generic ata_piix libata megaraid_sas
scsi_mod
[ 33.228029] Supported: Yes
[ 33.228029]
[ 33.228029] Pid: 1161, comm: modprobe Tainted: G N 3.2.0-1-debug
#2 Dell Inc. PowerEdge 2950/0H603H
[ 33.228029] RIP: 0010:[<ffffffff81275371>] [<ffffffff81275371>]
kobject_put+0x11/0x60
[ 33.228029] RSP: 0018:ffff88041dd9bda8 EFLAGS: 00010286
[ 33.228029] RAX: 0000000000000000 RBX: ffff88041d986c60 RCX:
ffff88043fd40000
[ 33.228029] RDX: 000000000000e1ac RSI: 0000000000000286 RDI:
ffff88041d986c60
[ 33.228029] RBP: ffff88041dd9bdb8 R08: 0000000000000000 R09:
0000000000000009
[ 33.228029] R10: 0000000000000028 R11: 0000000000000000 R12:
ffff88041da9bc58
[ 33.228029] R13: 0000000000000000 R14: 0000000000000008 R15:
00000000ffffffed
[ 33.228029] FS: 00007f86dd2ba700(0000) GS:ffff88043fd40000(0000)
knlGS:0000000000000000
[ 33.228029] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 33.228029] CR2: ffff88041d986c9c CR3: 0000000424796000 CR4:
00000000000006e0
[ 33.228029] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 33.228029] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[ 33.228029] Process modprobe (pid: 1161, threadinfo ffff88041dd9a000, task
ffff88041d998680)
[ 33.228029] Stack:
[ 33.228029] ffff88041da9bbf0 ffff88041da9bbf0 ffff88041dd9bdc8
ffffffff81243a15
[ 33.372026] ffff88041dd9bde8 ffffffff8124d4ff 0000000000000000
ffffffff81a794e0
[ 33.372026] ffff88041dd9be08 ffffffff8134f517 ffff88041dd9be28
ffff88041da9bc68
[ 33.372026] Call Trace:
[ 33.372026] [<ffffffff81243a15>] blk_put_queue+0x15/0x20
[ 33.372026] [<ffffffff8124d4ff>] disk_release+0x8f/0xd0
[ 33.372026] [<ffffffff8134f517>] device_release+0x27/0xa0
[ 33.372026] [<ffffffff812754fd>] kobject_cleanup+0x6d/0x1b0
[ 33.372026] [<ffffffff8127564d>] kobject_release+0xd/0x10
[ 33.372026] [<ffffffff81276b17>] kref_put+0x37/0x70
[ 33.372026] [<ffffffff81275387>] kobject_put+0x27/0x60
[ 33.372026] [<ffffffff8124dbf7>] put_disk+0x17/0x20
[ 33.372026] [<ffffffffa00fa92c>] floppy_init+0x1c1/0x675 [floppy]
[ 33.372026] [<ffffffffa00fae37>] floppy_module_init+0x57/0x220 [floppy]
[ 33.372026] [<ffffffff810001d3>] do_one_initcall+0x43/0x180
[ 33.372026] [<ffffffff810a526d>] sys_init_module+0xcd/0x240
[ 33.372026] [<ffffffff8148d4c2>] system_call_fastpath+0x16/0x1b
[ 33.372026] [<00007f86dce3406a>] 0x7f86dce34069
[ 33.372026] Code: eb cc 48 89 fe 31 c0 48 c7 c7 60 aa 7a 81 e8 26 c4 20 00
e8 92 c1 20 00 eb 8e 55 48 89 e5 53 48 89 fb 48 83 ec 08 48 85 ff 74 16 <f6> 47
3c 01 74 19 48 8d 7b 38 48 c7 c6 40 56 27 81 e8 59 17 00
[ 33.372026] RIP [<ffffffff81275371>] kobject_put+0x11/0x60
[ 33.372026] RSP <ffff88041dd9bda8>
[ 33.372026] CR2: ffff88041d986c9c
[ 33.372026] ---[ end trace f624c17dc6e4672a ]---
--- cut-here ---
What seems to be happening is after commit f992ae80, add_disk takes a
extra reference to the queue which is supposed to be put in disk_release().
In floppy_init() when there were "no floppy controllers found" the control
goes to out_flush_work. Note that add_disk() is not being called at all and
so extra reference not taken. We try to put_disk() and the call sequence is
put_disk()
kobject_put()
kref_put()
kobject_release()
kobject_cleanup()
device_release()
disk_release()
blk_put_queue() <-- put without a get
kobject_put()
Reverting f992ae80 makes the oops and the slab corruption messages disappear.
The "no floppy controllers found" message was found in the dmesg.
Thanks
Suresh
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-24 13:19 Slab corruption in floppy driver module Suresh Jayaraman
@ 2012-01-24 22:31 ` Vivek Goyal
2012-01-25 7:59 ` Dirk Gouders
2012-01-26 15:04 ` Vivek Goyal
0 siblings, 2 replies; 17+ messages in thread
From: Vivek Goyal @ 2012-01-24 22:31 UTC (permalink / raw)
To: Suresh Jayaraman; +Cc: LKML, Tejun Heo, Jens Axboe
On Tue, Jan 24, 2012 at 06:49:37PM +0530, Suresh Jayaraman wrote:
[..]
> [ 33.372026] ffff88041dd9be08 ffffffff8134f517 ffff88041dd9be28
> ffff88041da9bc68
> [ 33.372026] Call Trace:
> [ 33.372026] [<ffffffff81243a15>] blk_put_queue+0x15/0x20
> [ 33.372026] [<ffffffff8124d4ff>] disk_release+0x8f/0xd0
> [ 33.372026] [<ffffffff8134f517>] device_release+0x27/0xa0
> [ 33.372026] [<ffffffff812754fd>] kobject_cleanup+0x6d/0x1b0
> [ 33.372026] [<ffffffff8127564d>] kobject_release+0xd/0x10
> [ 33.372026] [<ffffffff81276b17>] kref_put+0x37/0x70
> [ 33.372026] [<ffffffff81275387>] kobject_put+0x27/0x60
> [ 33.372026] [<ffffffff8124dbf7>] put_disk+0x17/0x20
> [ 33.372026] [<ffffffffa00fa92c>] floppy_init+0x1c1/0x675 [floppy]
> [ 33.372026] [<ffffffffa00fae37>] floppy_module_init+0x57/0x220 [floppy]
> [ 33.372026] [<ffffffff810001d3>] do_one_initcall+0x43/0x180
> [ 33.372026] [<ffffffff810a526d>] sys_init_module+0xcd/0x240
> [ 33.372026] [<ffffffff8148d4c2>] system_call_fastpath+0x16/0x1b
> [ 33.372026] [<00007f86dce3406a>] 0x7f86dce34069
> [ 33.372026] Code: eb cc 48 89 fe 31 c0 48 c7 c7 60 aa 7a 81 e8 26 c4 20 00
> e8 92 c1 20 00 eb 8e 55 48 89 e5 53 48 89 fb 48 83 ec 08 48 85 ff 74 16 <f6> 47
> 3c 01 74 19 48 8d 7b 38 48 c7 c6 40 56 27 81 e8 59 17 00
> [ 33.372026] RIP [<ffffffff81275371>] kobject_put+0x11/0x60
> [ 33.372026] RSP <ffff88041dd9bda8>
> [ 33.372026] CR2: ffff88041d986c9c
> [ 33.372026] ---[ end trace f624c17dc6e4672a ]---
> --- cut-here ---
>
> What seems to be happening is after commit f992ae80, add_disk takes a
> extra reference to the queue which is supposed to be put in disk_release().
> In floppy_init() when there were "no floppy controllers found" the control
> goes to out_flush_work. Note that add_disk() is not being called at all and
> so extra reference not taken. We try to put_disk() and the call sequence is
> put_disk()
> kobject_put()
> kref_put()
> kobject_release()
> kobject_cleanup()
> device_release()
> disk_release()
> blk_put_queue() <-- put without a get
> kobject_put()
>
>
> Reverting f992ae80 makes the oops and the slab corruption messages disappear.
> The "no floppy controllers found" message was found in the dmesg.
I am wondering if extra queue reference for gendisk should be taken by driver
and not by add_disk(). Why? Because disk->queue association is setup by
driver and not by add_disk(). That way even if we don't call, add_disk(),
we should be fine.
Thanks
Vivek
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-24 22:31 ` Vivek Goyal
@ 2012-01-25 7:59 ` Dirk Gouders
2012-01-25 9:04 ` Dirk Gouders
2012-01-26 15:04 ` Vivek Goyal
1 sibling, 1 reply; 17+ messages in thread
From: Dirk Gouders @ 2012-01-25 7:59 UTC (permalink / raw)
To: Vivek Goyal; +Cc: Suresh Jayaraman, LKML, Tejun Heo, Jens Axboe
Vivek Goyal <vgoyal@redhat.com> writes:
> On Tue, Jan 24, 2012 at 06:49:37PM +0530, Suresh Jayaraman wrote:
>
> [..]
>
>> [ 33.372026] ffff88041dd9be08 ffffffff8134f517 ffff88041dd9be28
>> ffff88041da9bc68
>> [ 33.372026] Call Trace:
>> [ 33.372026] [<ffffffff81243a15>] blk_put_queue+0x15/0x20
>> [ 33.372026] [<ffffffff8124d4ff>] disk_release+0x8f/0xd0
>> [ 33.372026] [<ffffffff8134f517>] device_release+0x27/0xa0
>> [ 33.372026] [<ffffffff812754fd>] kobject_cleanup+0x6d/0x1b0
>> [ 33.372026] [<ffffffff8127564d>] kobject_release+0xd/0x10
>> [ 33.372026] [<ffffffff81276b17>] kref_put+0x37/0x70
>> [ 33.372026] [<ffffffff81275387>] kobject_put+0x27/0x60
>> [ 33.372026] [<ffffffff8124dbf7>] put_disk+0x17/0x20
>> [ 33.372026] [<ffffffffa00fa92c>] floppy_init+0x1c1/0x675 [floppy]
>> [ 33.372026] [<ffffffffa00fae37>] floppy_module_init+0x57/0x220 [floppy]
>> [ 33.372026] [<ffffffff810001d3>] do_one_initcall+0x43/0x180
>> [ 33.372026] [<ffffffff810a526d>] sys_init_module+0xcd/0x240
>> [ 33.372026] [<ffffffff8148d4c2>] system_call_fastpath+0x16/0x1b
>> [ 33.372026] [<00007f86dce3406a>] 0x7f86dce34069
>> [ 33.372026] Code: eb cc 48 89 fe 31 c0 48 c7 c7 60 aa 7a 81 e8 26 c4 20 00
>> e8 92 c1 20 00 eb 8e 55 48 89 e5 53 48 89 fb 48 83 ec 08 48 85 ff 74 16 <f6> 47
>> 3c 01 74 19 48 8d 7b 38 48 c7 c6 40 56 27 81 e8 59 17 00
>> [ 33.372026] RIP [<ffffffff81275371>] kobject_put+0x11/0x60
>> [ 33.372026] RSP <ffff88041dd9bda8>
>> [ 33.372026] CR2: ffff88041d986c9c
>> [ 33.372026] ---[ end trace f624c17dc6e4672a ]---
>> --- cut-here ---
>>
>> What seems to be happening is after commit f992ae80, add_disk takes a
>> extra reference to the queue which is supposed to be put in disk_release().
>> In floppy_init() when there were "no floppy controllers found" the control
>> goes to out_flush_work. Note that add_disk() is not being called at all and
>> so extra reference not taken. We try to put_disk() and the call sequence is
>> put_disk()
>> kobject_put()
>> kref_put()
>> kobject_release()
>> kobject_cleanup()
>> device_release()
>> disk_release()
>> blk_put_queue() <-- put without a get
>> kobject_put()
>>
>>
>> Reverting f992ae80 makes the oops and the slab corruption messages disappear.
>> The "no floppy controllers found" message was found in the dmesg.
>
> I am wondering if extra queue reference for gendisk should be taken by driver
> and not by add_disk(). Why? Because disk->queue association is setup by
> driver and not by add_disk(). That way even if we don't call, add_disk(),
> we should be fine.
I also noticed this problem about two weeks ago
(https://lkml.org/lkml/2012/1/10/177) -- the mentioned commit 523e1d399c
seems to be identical to f992ae80.
Perhaps, it is helpful to notice that I also played with this on a
machine that _has_ a floppy controler and if the floppy driver is loaded
as a module on boot, then unloaded and reloaded it also outputs error
messages, i.e. re-loading the module also causes problems.
Thanks,
Dirk
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-25 7:59 ` Dirk Gouders
@ 2012-01-25 9:04 ` Dirk Gouders
0 siblings, 0 replies; 17+ messages in thread
From: Dirk Gouders @ 2012-01-25 9:04 UTC (permalink / raw)
To: Vivek Goyal; +Cc: Suresh Jayaraman, LKML, Tejun Heo, Jens Axboe
Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de> writes:
> Vivek Goyal <vgoyal@redhat.com> writes:
>
>> On Tue, Jan 24, 2012 at 06:49:37PM +0530, Suresh Jayaraman wrote:
>>
>> [..]
>>
>>> [ 33.372026] ffff88041dd9be08 ffffffff8134f517 ffff88041dd9be28
>>> ffff88041da9bc68
>>> [ 33.372026] Call Trace:
>>> [ 33.372026] [<ffffffff81243a15>] blk_put_queue+0x15/0x20
>>> [ 33.372026] [<ffffffff8124d4ff>] disk_release+0x8f/0xd0
>>> [ 33.372026] [<ffffffff8134f517>] device_release+0x27/0xa0
>>> [ 33.372026] [<ffffffff812754fd>] kobject_cleanup+0x6d/0x1b0
>>> [ 33.372026] [<ffffffff8127564d>] kobject_release+0xd/0x10
>>> [ 33.372026] [<ffffffff81276b17>] kref_put+0x37/0x70
>>> [ 33.372026] [<ffffffff81275387>] kobject_put+0x27/0x60
>>> [ 33.372026] [<ffffffff8124dbf7>] put_disk+0x17/0x20
>>> [ 33.372026] [<ffffffffa00fa92c>] floppy_init+0x1c1/0x675 [floppy]
>>> [ 33.372026] [<ffffffffa00fae37>] floppy_module_init+0x57/0x220 [floppy]
>>> [ 33.372026] [<ffffffff810001d3>] do_one_initcall+0x43/0x180
>>> [ 33.372026] [<ffffffff810a526d>] sys_init_module+0xcd/0x240
>>> [ 33.372026] [<ffffffff8148d4c2>] system_call_fastpath+0x16/0x1b
>>> [ 33.372026] [<00007f86dce3406a>] 0x7f86dce34069
>>> [ 33.372026] Code: eb cc 48 89 fe 31 c0 48 c7 c7 60 aa 7a 81 e8 26 c4 20 00
>>> e8 92 c1 20 00 eb 8e 55 48 89 e5 53 48 89 fb 48 83 ec 08 48 85 ff 74 16 <f6> 47
>>> 3c 01 74 19 48 8d 7b 38 48 c7 c6 40 56 27 81 e8 59 17 00
>>> [ 33.372026] RIP [<ffffffff81275371>] kobject_put+0x11/0x60
>>> [ 33.372026] RSP <ffff88041dd9bda8>
>>> [ 33.372026] CR2: ffff88041d986c9c
>>> [ 33.372026] ---[ end trace f624c17dc6e4672a ]---
>>> --- cut-here ---
>>>
>>> What seems to be happening is after commit f992ae80, add_disk takes a
>>> extra reference to the queue which is supposed to be put in disk_release().
>>> In floppy_init() when there were "no floppy controllers found" the control
>>> goes to out_flush_work. Note that add_disk() is not being called at all and
>>> so extra reference not taken. We try to put_disk() and the call sequence is
>>> put_disk()
>>> kobject_put()
>>> kref_put()
>>> kobject_release()
>>> kobject_cleanup()
>>> device_release()
>>> disk_release()
>>> blk_put_queue() <-- put without a get
>>> kobject_put()
>>>
>>>
>>> Reverting f992ae80 makes the oops and the slab corruption messages disappear.
>>> The "no floppy controllers found" message was found in the dmesg.
>>
>> I am wondering if extra queue reference for gendisk should be taken by driver
>> and not by add_disk(). Why? Because disk->queue association is setup by
>> driver and not by add_disk(). That way even if we don't call, add_disk(),
>> we should be fine.
>
> I also noticed this problem about two weeks ago
> (https://lkml.org/lkml/2012/1/10/177) -- the mentioned commit 523e1d399c
> seems to be identical to f992ae80.
>
> Perhaps, it is helpful to notice that I also played with this on a
> machine that _has_ a floppy controler and if the floppy driver is loaded
> as a module on boot, then unloaded and reloaded it also outputs error
> messages, i.e. re-loading the module also causes problems.
For completeness, here are the messages produced by a module re-load.
Dirk
=============================================================================
BUG blkdev_queue (Tainted: P O): Poison overwritten
-----------------------------------------------------------------------------
INFO: 0xffff880075d99498-0xffff880075d99498. First byte 0x6a instead of 0x6b
INFO: Allocated in blk_alloc_queue_node+0x1e/0x1a2 age=39161720 cpu=1 pid=1671
set_track+0x5e/0xd9
alloc_debug_processing+0xbd/0x15e
__slab_alloc+0x324/0x376
blk_alloc_queue_node+0x1e/0x1a2
prio_tree_insert+0x187/0x239
blk_alloc_queue_node+0x1e/0x1a2
kmem_cache_alloc_node+0x6b/0x132
blk_alloc_queue_node+0x1e/0x1a2
0xffffffffa001b25f
blk_init_queue_node+0x1a/0x52
alloc_disk_node+0xba/0xdd
floppy_module_init+0x215/0xdc0 [floppy]
tracepoint_module_notify+0xcd/0x15d
notifier_call_chain+0x2e/0x5b
floppy_module_init+0x0/0xdc0 [floppy]
do_one_initcall+0x78/0x12b
INFO: Freed in kobject_release+0x48/0x5e age=3353 cpu=0 pid=24844
set_track+0x5e/0xd9
free_debug_processing+0x155/0x1ed
__slab_free+0x2b/0x291
prio_tree_remove+0xc0/0xd4
kobject_release+0x48/0x5e
kobject_release+0x48/0x5e
kmem_cache_free+0x9b/0xd9
kobject_release+0x48/0x5e
0xffffffffa001d1de
sys_delete_module+0x1cf/0x22c
do_munmap+0x2cc/0x2e5
system_call_fastpath+0x16/0x1b
INFO: Slab 0xffffea0001d76600 objects=15 used=15 fp=0x (null) flags=0x100000000004080
INFO: Object 0xffff880075d99070 @offset=4208 fp=0xffff880075d9ead8
Bytes b4 ffff880075d99060: b7 69 54 02 01 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a .iT.....ZZZZZZZZ
Object ffff880075d99070: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99080: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99090: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d990a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d990b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d990c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d990d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d990e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d990f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99100: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99110: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99120: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99130: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99140: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99150: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99160: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99170: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99180: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99190: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d991a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d991b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d991c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d991d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d991e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d991f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99200: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99210: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99220: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99230: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99240: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99250: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99260: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99270: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99280: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99290: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d992a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d992b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d992c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d992d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d992e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d992f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99300: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99310: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99320: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99330: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99340: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99350: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99360: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99370: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99380: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99390: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d993a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d993b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d993c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d993d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d993e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d993f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99400: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99410: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99420: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99430: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99440: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99450: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99460: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99470: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99480: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99490: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b kkkkkkkkjkkkkkkk
Object ffff880075d994a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d994b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d994c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d994d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d994e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d994f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99500: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99510: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99520: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99530: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99540: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99550: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99560: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99570: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99580: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99590: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d995a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d995b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d995c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d995d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d995e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d995f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99600: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99610: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99620: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99630: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99640: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99650: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99660: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99670: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99680: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99690: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d996a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d996b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d996c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d996d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d996e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d996f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99700: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99710: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99720: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99730: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99740: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880075d99750: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk.
Redzone ffff880075d99760: bb bb bb bb bb bb bb bb ........
Padding ffff880075d998a0: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
Pid: 24851, comm: modprobe Tainted: P O 3.2.0-07682-g211e53b #27
Call Trace:
[<ffffffff810fcd49>] ? check_bytes_and_report+0xad/0xe6
[<ffffffff810fce3d>] ? check_object+0xbb/0x1f7
[<ffffffff812ba29b>] ? blk_alloc_queue_node+0x1e/0x1a2
[<ffffffff810fe340>] ? alloc_debug_processing+0xa3/0x15e
[<ffffffff810ff4aa>] ? __slab_alloc+0x324/0x376
[<ffffffff812ba29b>] ? blk_alloc_queue_node+0x1e/0x1a2
[<ffffffff812cccea>] ? prio_tree_insert+0x187/0x239
[<ffffffff812ba29b>] ? blk_alloc_queue_node+0x1e/0x1a2
[<ffffffff810ff85b>] ? kmem_cache_alloc_node+0x6b/0x132
[<ffffffff812ba29b>] ? blk_alloc_queue_node+0x1e/0x1a2
[<ffffffffa0c4f25f>] ? lock_fdc.clone.8+0xfd/0xfd [floppy]
[<ffffffff812bb3ab>] ? blk_init_queue_node+0x1a/0x52
[<ffffffff812c1a07>] ? alloc_disk_node+0xba/0xdd
[<ffffffffa0026341>] ? floppy_module_init+0x215/0xdc0 [floppy]
[<ffffffff810ad669>] ? tracepoint_module_notify+0xcd/0x15d
[<ffffffff8154e9d7>] ? notifier_call_chain+0x2e/0x5b
[<ffffffffa002612c>] ? daring+0x67/0x67 [floppy]
[<ffffffff810002e5>] ? do_one_initcall+0x78/0x12b
[<ffffffff8109228e>] ? sys_init_module+0x15e0/0x17c3
[<ffffffff81551d62>] ? system_call_fastpath+0x16/0x1b
FIX blkdev_queue: Restoring 0xffff880075d99498-0xffff880075d99498=0x6b
FIX blkdev_queue: Marking all objects used
=============================================================================
BUG blkdev_queue (Tainted: P O): Poison overwritten
-----------------------------------------------------------------------------
INFO: 0xffff8800795b3db0-0xffff8800795b3db0. First byte 0x6a instead of 0x6b
INFO: Allocated in blk_alloc_queue_node+0x1e/0x1a2 age=39161721 cpu=1 pid=1671
set_track+0x5e/0xd9
alloc_debug_processing+0xbd/0x15e
__slab_alloc+0x324/0x376
blk_alloc_queue_node+0x1e/0x1a2
prio_tree_insert+0x143/0x239
blk_alloc_queue_node+0x1e/0x1a2
kmem_cache_alloc_node+0x6b/0x132
blk_alloc_queue_node+0x1e/0x1a2
0xffffffffa001b25f
blk_init_queue_node+0x1a/0x52
alloc_disk_node+0xba/0xdd
floppy_module_init+0x215/0xdc0 [floppy]
tracepoint_module_notify+0xcd/0x15d
notifier_call_chain+0x2e/0x5b
floppy_module_init+0x0/0xdc0 [floppy]
do_one_initcall+0x78/0x12b
INFO: Freed in kobject_release+0x48/0x5e age=3353 cpu=0 pid=24844
set_track+0x5e/0xd9
free_debug_processing+0x155/0x1ed
__slab_free+0x2b/0x291
prio_tree_remove+0xc0/0xd4
kobject_release+0x48/0x5e
kobject_release+0x48/0x5e
kmem_cache_free+0x9b/0xd9
kobject_release+0x48/0x5e
0xffffffffa001d1de
sys_delete_module+0x1cf/0x22c
do_munmap+0x2cc/0x2e5
system_call_fastpath+0x16/0x1b
INFO: Slab 0xffffea0001e56c00 objects=15 used=15 fp=0x (null) flags=0x100000000004080
INFO: Object 0xffff8800795b3988 @offset=14728 fp=0xffff8800795b41c0
Bytes b4 ffff8800795b3978: b7 69 54 02 01 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a .iT.....ZZZZZZZZ
Object ffff8800795b3988: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3998: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b39a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b39b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b39c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b39d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b39e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b39f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a08: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a18: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a38: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a48: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a58: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a68: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a78: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a88: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3a98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3aa8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ab8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ac8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ad8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ae8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3af8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b08: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b18: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b38: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b48: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b58: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b68: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b78: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b88: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3b98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ba8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3bb8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3bc8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3bd8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3be8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3bf8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c08: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c18: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c38: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c48: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c58: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c68: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c78: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c88: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3c98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ca8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3cb8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3cc8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3cd8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ce8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3cf8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d08: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d18: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d38: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d48: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d58: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d68: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d78: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d88: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3d98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3da8: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b kkkkkkkkjkkkkkkk
Object ffff8800795b3db8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3dc8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3dd8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3de8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3df8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e08: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e18: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e38: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e48: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e58: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e68: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e78: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e88: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3e98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ea8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3eb8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ec8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ed8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ee8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ef8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f08: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f18: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f38: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f48: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f58: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f68: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f78: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f88: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3f98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3fa8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3fb8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3fc8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3fd8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3fe8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b3ff8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b4008: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b4018: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b4028: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b4038: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b4048: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b4058: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff8800795b4068: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk.
Redzone ffff8800795b4078: bb bb bb bb bb bb bb bb ........
Padding ffff8800795b41b8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
Pid: 24851, comm: modprobe Tainted: P O 3.2.0-07682-g211e53b #27
Call Trace:
[<ffffffff810fcd49>] ? check_bytes_and_report+0xad/0xe6
[<ffffffff810fce3d>] ? check_object+0xbb/0x1f7
[<ffffffff812ba29b>] ? blk_alloc_queue_node+0x1e/0x1a2
[<ffffffff810fe340>] ? alloc_debug_processing+0xa3/0x15e
[<ffffffff810ff4aa>] ? __slab_alloc+0x324/0x376
[<ffffffff812ba29b>] ? blk_alloc_queue_node+0x1e/0x1a2
[<ffffffff812cccea>] ? prio_tree_insert+0x187/0x239
[<ffffffff812ba29b>] ? blk_alloc_queue_node+0x1e/0x1a2
[<ffffffff810ff85b>] ? kmem_cache_alloc_node+0x6b/0x132
[<ffffffff812ba29b>] ? blk_alloc_queue_node+0x1e/0x1a2
[<ffffffffa0c4f25f>] ? lock_fdc.clone.8+0xfd/0xfd [floppy]
[<ffffffff812bb3ab>] ? blk_init_queue_node+0x1a/0x52
[<ffffffff812c1a07>] ? alloc_disk_node+0xba/0xdd
[<ffffffffa0026341>] ? floppy_module_init+0x215/0xdc0 [floppy]
[<ffffffff810ad669>] ? tracepoint_module_notify+0xcd/0x15d
[<ffffffff8154e9d7>] ? notifier_call_chain+0x2e/0x5b
[<ffffffffa002612c>] ? daring+0x67/0x67 [floppy]
[<ffffffff810002e5>] ? do_one_initcall+0x78/0x12b
[<ffffffff8109228e>] ? sys_init_module+0x15e0/0x17c3
[<ffffffff81551d62>] ? system_call_fastpath+0x16/0x1b
FIX blkdev_queue: Restoring 0xffff8800795b3db0-0xffff8800795b3db0=0x6b
FIX blkdev_queue: Marking all objects used
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-24 22:31 ` Vivek Goyal
2012-01-25 7:59 ` Dirk Gouders
@ 2012-01-26 15:04 ` Vivek Goyal
2012-01-26 18:05 ` Tejun Heo
1 sibling, 1 reply; 17+ messages in thread
From: Vivek Goyal @ 2012-01-26 15:04 UTC (permalink / raw)
To: Suresh Jayaraman; +Cc: LKML, Tejun Heo, Jens Axboe, Dirk Gouders
On Tue, Jan 24, 2012 at 05:31:53PM -0500, Vivek Goyal wrote:
[..]
> > Reverting f992ae80 makes the oops and the slab corruption messages disappear.
> > The "no floppy controllers found" message was found in the dmesg.
>
> I am wondering if extra queue reference for gendisk should be taken by driver
> and not by add_disk(). Why? Because disk->queue association is setup by
> driver and not by add_disk(). That way even if we don't call, add_disk(),
> we should be fine.
Well, changing above assumption will require lots of drivers to be
changed. So probably an easier fix would be to clear disk->queue before
calling put_disk() if we never called add_disk().
Suresh, does following patch help?
Thanks
Vivek
floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never called
add_disk() takes gendisk reference on request queue. If driver failed during
initialization and never called add_disk() then that extra reference is not
taken. That reference is put in put_disk(). floppy driver allocates the
disk, allocates queue, sets disk->queue and then relizes that floppy
controller is not present. It tries to tear down everything and tries to
put a reference down in put_disk() which was never taken.
In such error cases cleanup disk->queue before calling put_disk() so that
we never try to put down a reference which was never taken in first place.
Reported-by: Suresh Jayaraman <sjayaraman@suse.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
drivers/block/floppy.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
Index: linux-2.6/drivers/block/floppy.c
===================================================================
--- linux-2.6.orig/drivers/block/floppy.c 2012-01-15 09:49:14.000000000 -0500
+++ linux-2.6/drivers/block/floppy.c 2012-01-26 09:51:24.389205883 -0500
@@ -4368,8 +4368,21 @@ out_unreg_blkdev:
out_put_disk:
while (dr--) {
del_timer_sync(&motor_off_timer[dr]);
- if (disks[dr]->queue)
+ if (disks[dr]->queue) {
blk_cleanup_queue(disks[dr]->queue);
+ /*
+ * The request queue reference we took at device
+ * creation time has been put by above
+ * blk_cleanup_queue(). We have not called add_disk()
+ * yet and due to failure calling put_disk(). Put disk
+ * will try to put a reference to disk->queue which is
+ * taken in add_disk(). As we have not taken that
+ * extra reference, putting extra reference down
+ * will try to access already freed queue. Clear
+ * disk->queue before calling put_disk().
+ */
+ disks[dr]->queue = NULL;
+ }
put_disk(disks[dr]);
}
return err;
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-26 15:04 ` Vivek Goyal
@ 2012-01-26 18:05 ` Tejun Heo
2012-01-26 18:53 ` Dirk Gouders
2012-01-26 19:37 ` Vivek Goyal
0 siblings, 2 replies; 17+ messages in thread
From: Tejun Heo @ 2012-01-26 18:05 UTC (permalink / raw)
To: Vivek Goyal; +Cc: Suresh Jayaraman, LKML, Jens Axboe, Dirk Gouders
Hello,
On Thu, Jan 26, 2012 at 10:04:20AM -0500, Vivek Goyal wrote:
> out_put_disk:
> while (dr--) {
> del_timer_sync(&motor_off_timer[dr]);
> - if (disks[dr]->queue)
> + if (disks[dr]->queue) {
> blk_cleanup_queue(disks[dr]->queue);
> + /*
> + * The request queue reference we took at device
> + * creation time has been put by above
> + * blk_cleanup_queue(). We have not called add_disk()
> + * yet and due to failure calling put_disk(). Put disk
> + * will try to put a reference to disk->queue which is
> + * taken in add_disk(). As we have not taken that
> + * extra reference, putting extra reference down
> + * will try to access already freed queue. Clear
> + * disk->queue before calling put_disk().
> + */
> + disks[dr]->queue = NULL;
Yeah, this looks correct to me. It might be better to tone down the
comment a bit tho. Wouldn't it be sufficient to say put_disk() isn't
paired with add_disk() and will put one extra time?
Thanks.
--
tejun
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-26 18:05 ` Tejun Heo
@ 2012-01-26 18:53 ` Dirk Gouders
2012-01-26 19:37 ` Vivek Goyal
1 sibling, 0 replies; 17+ messages in thread
From: Dirk Gouders @ 2012-01-26 18:53 UTC (permalink / raw)
To: Tejun Heo; +Cc: Vivek Goyal, Suresh Jayaraman, LKML, Jens Axboe
Tejun Heo <tj@kernel.org> writes:
> Hello,
>
> On Thu, Jan 26, 2012 at 10:04:20AM -0500, Vivek Goyal wrote:
>> out_put_disk:
>> while (dr--) {
>> del_timer_sync(&motor_off_timer[dr]);
>> - if (disks[dr]->queue)
>> + if (disks[dr]->queue) {
>> blk_cleanup_queue(disks[dr]->queue);
>> + /*
>> + * The request queue reference we took at device
>> + * creation time has been put by above
>> + * blk_cleanup_queue(). We have not called add_disk()
>> + * yet and due to failure calling put_disk(). Put disk
>> + * will try to put a reference to disk->queue which is
>> + * taken in add_disk(). As we have not taken that
>> + * extra reference, putting extra reference down
>> + * will try to access already freed queue. Clear
>> + * disk->queue before calling put_disk().
>> + */
>> + disks[dr]->queue = NULL;
>
> Yeah, this looks correct to me. It might be better to tone down the
> comment a bit tho. Wouldn't it be sufficient to say put_disk() isn't
> paired with add_disk() and will put one extra time?
I tested the patch on my machine without a floppy controller and
it no longer produces traces, just "floppy0: no floppy controllers
found"
Dirk
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-26 18:05 ` Tejun Heo
2012-01-26 18:53 ` Dirk Gouders
@ 2012-01-26 19:37 ` Vivek Goyal
2012-01-26 21:48 ` Dirk Gouders
2012-01-27 6:03 ` Suresh Jayaraman
1 sibling, 2 replies; 17+ messages in thread
From: Vivek Goyal @ 2012-01-26 19:37 UTC (permalink / raw)
To: Tejun Heo; +Cc: Suresh Jayaraman, LKML, Jens Axboe, Dirk Gouders
On Thu, Jan 26, 2012 at 10:05:32AM -0800, Tejun Heo wrote:
> Hello,
>
> On Thu, Jan 26, 2012 at 10:04:20AM -0500, Vivek Goyal wrote:
> > out_put_disk:
> > while (dr--) {
> > del_timer_sync(&motor_off_timer[dr]);
> > - if (disks[dr]->queue)
> > + if (disks[dr]->queue) {
> > blk_cleanup_queue(disks[dr]->queue);
> > + /*
> > + * The request queue reference we took at device
> > + * creation time has been put by above
> > + * blk_cleanup_queue(). We have not called add_disk()
> > + * yet and due to failure calling put_disk(). Put disk
> > + * will try to put a reference to disk->queue which is
> > + * taken in add_disk(). As we have not taken that
> > + * extra reference, putting extra reference down
> > + * will try to access already freed queue. Clear
> > + * disk->queue before calling put_disk().
> > + */
> > + disks[dr]->queue = NULL;
>
> Yeah, this looks correct to me. It might be better to tone down the
> comment a bit tho. Wouldn't it be sufficient to say put_disk() isn't
> paired with add_disk() and will put one extra time?
Sure. Toned down the comment as suggested. Here is the new patch.
floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never called
add_disk() takes gendisk reference on request queue. If driver failed during
initialization and never called add_disk() then that extra reference is not
taken. That reference is put in put_disk(). floppy driver allocates the
disk, allocates queue, sets disk->queue and then relizes that floppy
controller is not present. It tries to tear down everything and tries to
put a reference down in put_disk() which was never taken.
In such error cases cleanup disk->queue before calling put_disk() so that
we never try to put down a reference which was never taken in first place.
Reported-by: Suresh Jayaraman <sjayaraman@suse.com>
Tested-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
drivers/block/floppy.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
Index: linux-2.6/drivers/block/floppy.c
===================================================================
--- linux-2.6.orig/drivers/block/floppy.c 2012-01-15 09:49:14.000000000 -0500
+++ linux-2.6/drivers/block/floppy.c 2012-01-26 14:35:14.662374464 -0500
@@ -4368,8 +4368,14 @@ out_unreg_blkdev:
out_put_disk:
while (dr--) {
del_timer_sync(&motor_off_timer[dr]);
- if (disks[dr]->queue)
+ if (disks[dr]->queue) {
blk_cleanup_queue(disks[dr]->queue);
+ /*
+ * put_disk() is not paired with add_disk() and
+ * will put queue reference one extra time. fix it.
+ */
+ disks[dr]->queue = NULL;
+ }
put_disk(disks[dr]);
}
return err;
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-26 19:37 ` Vivek Goyal
@ 2012-01-26 21:48 ` Dirk Gouders
2012-01-26 21:56 ` Vivek Goyal
2012-01-27 6:07 ` Suresh Jayaraman
2012-01-27 6:03 ` Suresh Jayaraman
1 sibling, 2 replies; 17+ messages in thread
From: Dirk Gouders @ 2012-01-26 21:48 UTC (permalink / raw)
To: Vivek Goyal; +Cc: Tejun Heo, Suresh Jayaraman, LKML, Jens Axboe
Vivek Goyal <vgoyal@redhat.com> writes:
> On Thu, Jan 26, 2012 at 10:05:32AM -0800, Tejun Heo wrote:
>> Hello,
>>
>> On Thu, Jan 26, 2012 at 10:04:20AM -0500, Vivek Goyal wrote:
>> > out_put_disk:
>> > while (dr--) {
>> > del_timer_sync(&motor_off_timer[dr]);
>> > - if (disks[dr]->queue)
>> > + if (disks[dr]->queue) {
>> > blk_cleanup_queue(disks[dr]->queue);
>> > + /*
>> > + * The request queue reference we took at device
>> > + * creation time has been put by above
>> > + * blk_cleanup_queue(). We have not called add_disk()
>> > + * yet and due to failure calling put_disk(). Put disk
>> > + * will try to put a reference to disk->queue which is
>> > + * taken in add_disk(). As we have not taken that
>> > + * extra reference, putting extra reference down
>> > + * will try to access already freed queue. Clear
>> > + * disk->queue before calling put_disk().
>> > + */
>> > + disks[dr]->queue = NULL;
>>
>> Yeah, this looks correct to me. It might be better to tone down the
>> comment a bit tho. Wouldn't it be sufficient to say put_disk() isn't
>> paired with add_disk() and will put one extra time?
>
> Sure. Toned down the comment as suggested. Here is the new patch.
>
> floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never called
>
> add_disk() takes gendisk reference on request queue. If driver failed during
> initialization and never called add_disk() then that extra reference is not
> taken. That reference is put in put_disk(). floppy driver allocates the
> disk, allocates queue, sets disk->queue and then relizes that floppy
> controller is not present. It tries to tear down everything and tries to
> put a reference down in put_disk() which was never taken.
>
> In such error cases cleanup disk->queue before calling put_disk() so that
> we never try to put down a reference which was never taken in first place.
>
> Reported-by: Suresh Jayaraman <sjayaraman@suse.com>
> Tested-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> ---
> drivers/block/floppy.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> Index: linux-2.6/drivers/block/floppy.c
> ===================================================================
> --- linux-2.6.orig/drivers/block/floppy.c 2012-01-15 09:49:14.000000000 -0500
> +++ linux-2.6/drivers/block/floppy.c 2012-01-26 14:35:14.662374464 -0500
> @@ -4368,8 +4368,14 @@ out_unreg_blkdev:
> out_put_disk:
> while (dr--) {
> del_timer_sync(&motor_off_timer[dr]);
> - if (disks[dr]->queue)
> + if (disks[dr]->queue) {
> blk_cleanup_queue(disks[dr]->queue);
> + /*
> + * put_disk() is not paired with add_disk() and
> + * will put queue reference one extra time. fix it.
> + */
> + disks[dr]->queue = NULL;
> + }
> put_disk(disks[dr]);
> }
> return err;
Probably a rare and uncommon one but it seems that the reloading case on
a machine that has a floppy controller is a different problem. To be
sure I tested the patch on a machine that has a floppy controller and
when unloading and reloading the floppy module the log messages that I
attached to a mail earlier in this thread are still generated.
Dirk
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-26 21:48 ` Dirk Gouders
@ 2012-01-26 21:56 ` Vivek Goyal
2012-01-27 6:07 ` Suresh Jayaraman
1 sibling, 0 replies; 17+ messages in thread
From: Vivek Goyal @ 2012-01-26 21:56 UTC (permalink / raw)
To: Dirk Gouders; +Cc: Tejun Heo, Suresh Jayaraman, LKML, Jens Axboe
On Thu, Jan 26, 2012 at 10:48:57PM +0100, Dirk Gouders wrote:
> Vivek Goyal <vgoyal@redhat.com> writes:
>
> > On Thu, Jan 26, 2012 at 10:05:32AM -0800, Tejun Heo wrote:
> >> Hello,
> >>
> >> On Thu, Jan 26, 2012 at 10:04:20AM -0500, Vivek Goyal wrote:
> >> > out_put_disk:
> >> > while (dr--) {
> >> > del_timer_sync(&motor_off_timer[dr]);
> >> > - if (disks[dr]->queue)
> >> > + if (disks[dr]->queue) {
> >> > blk_cleanup_queue(disks[dr]->queue);
> >> > + /*
> >> > + * The request queue reference we took at device
> >> > + * creation time has been put by above
> >> > + * blk_cleanup_queue(). We have not called add_disk()
> >> > + * yet and due to failure calling put_disk(). Put disk
> >> > + * will try to put a reference to disk->queue which is
> >> > + * taken in add_disk(). As we have not taken that
> >> > + * extra reference, putting extra reference down
> >> > + * will try to access already freed queue. Clear
> >> > + * disk->queue before calling put_disk().
> >> > + */
> >> > + disks[dr]->queue = NULL;
> >>
> >> Yeah, this looks correct to me. It might be better to tone down the
> >> comment a bit tho. Wouldn't it be sufficient to say put_disk() isn't
> >> paired with add_disk() and will put one extra time?
> >
> > Sure. Toned down the comment as suggested. Here is the new patch.
> >
> > floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never called
> >
> > add_disk() takes gendisk reference on request queue. If driver failed during
> > initialization and never called add_disk() then that extra reference is not
> > taken. That reference is put in put_disk(). floppy driver allocates the
> > disk, allocates queue, sets disk->queue and then relizes that floppy
> > controller is not present. It tries to tear down everything and tries to
> > put a reference down in put_disk() which was never taken.
> >
> > In such error cases cleanup disk->queue before calling put_disk() so that
> > we never try to put down a reference which was never taken in first place.
> >
> > Reported-by: Suresh Jayaraman <sjayaraman@suse.com>
> > Tested-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > ---
> > drivers/block/floppy.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > Index: linux-2.6/drivers/block/floppy.c
> > ===================================================================
> > --- linux-2.6.orig/drivers/block/floppy.c 2012-01-15 09:49:14.000000000 -0500
> > +++ linux-2.6/drivers/block/floppy.c 2012-01-26 14:35:14.662374464 -0500
> > @@ -4368,8 +4368,14 @@ out_unreg_blkdev:
> > out_put_disk:
> > while (dr--) {
> > del_timer_sync(&motor_off_timer[dr]);
> > - if (disks[dr]->queue)
> > + if (disks[dr]->queue) {
> > blk_cleanup_queue(disks[dr]->queue);
> > + /*
> > + * put_disk() is not paired with add_disk() and
> > + * will put queue reference one extra time. fix it.
> > + */
> > + disks[dr]->queue = NULL;
> > + }
> > put_disk(disks[dr]);
> > }
> > return err;
>
>
> Probably a rare and uncommon one but it seems that the reloading case on
> a machine that has a floppy controller is a different problem. To be
> sure I tested the patch on a machine that has a floppy controller and
> when unloading and reloading the floppy module the log messages that I
> attached to a mail earlier in this thread are still generated.
Ok. Thanks for the update. I had assumed that it solved both the issues.
So, module load/unload seems to be a different problem. We should still
take this patch as it solves atleast the case of floppy controller not
being present.
Jens, do you want me to post the patch in a separate mail thread?
Thanks
Vivek
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-26 19:37 ` Vivek Goyal
2012-01-26 21:48 ` Dirk Gouders
@ 2012-01-27 6:03 ` Suresh Jayaraman
1 sibling, 0 replies; 17+ messages in thread
From: Suresh Jayaraman @ 2012-01-27 6:03 UTC (permalink / raw)
To: Vivek Goyal; +Cc: Tejun Heo, LKML, Jens Axboe, Dirk Gouders
On 01/27/2012 01:07 AM, Vivek Goyal wrote:
> On Thu, Jan 26, 2012 at 10:05:32AM -0800, Tejun Heo wrote:
>>
>> Yeah, this looks correct to me. It might be better to tone down the
>> comment a bit tho. Wouldn't it be sufficient to say put_disk() isn't
>> paired with add_disk() and will put one extra time?
>
> Sure. Toned down the comment as suggested. Here is the new patch.
>
> floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never called
>
> add_disk() takes gendisk reference on request queue. If driver failed during
> initialization and never called add_disk() then that extra reference is not
> taken. That reference is put in put_disk(). floppy driver allocates the
> disk, allocates queue, sets disk->queue and then relizes that floppy
> controller is not present. It tries to tear down everything and tries to
> put a reference down in put_disk() which was never taken.
>
> In such error cases cleanup disk->queue before calling put_disk() so that
> we never try to put down a reference which was never taken in first place.
>
> Reported-by: Suresh Jayaraman <sjayaraman@suse.com>
> Tested-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> ---
> drivers/block/floppy.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> Index: linux-2.6/drivers/block/floppy.c
> ===================================================================
> --- linux-2.6.orig/drivers/block/floppy.c 2012-01-15 09:49:14.000000000 -0500
> +++ linux-2.6/drivers/block/floppy.c 2012-01-26 14:35:14.662374464 -0500
> @@ -4368,8 +4368,14 @@ out_unreg_blkdev:
> out_put_disk:
> while (dr--) {
> del_timer_sync(&motor_off_timer[dr]);
> - if (disks[dr]->queue)
> + if (disks[dr]->queue) {
> blk_cleanup_queue(disks[dr]->queue);
> + /*
> + * put_disk() is not paired with add_disk() and
> + * will put queue reference one extra time. fix it.
> + */
> + disks[dr]->queue = NULL;
> + }
> put_disk(disks[dr]);
> }
> return err;
>
Thanks. With this patch I'm no longer seeing the slab corruption or Oops
which was seen earlier.
Reported-and-Tested-by: Suresh Jayaraman <sjayaraman@suse.com>
OTOH, is there a small chance that this problem pattern being present
(waiting to be discovered) in other block devices as well...
So far haven't found anything during a quick auditing.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-26 21:48 ` Dirk Gouders
2012-01-26 21:56 ` Vivek Goyal
@ 2012-01-27 6:07 ` Suresh Jayaraman
2012-01-27 11:30 ` Dirk Gouders
1 sibling, 1 reply; 17+ messages in thread
From: Suresh Jayaraman @ 2012-01-27 6:07 UTC (permalink / raw)
To: Dirk Gouders; +Cc: Vivek Goyal, Tejun Heo, LKML, Jens Axboe
On 01/27/2012 03:18 AM, Dirk Gouders wrote:
> Vivek Goyal <vgoyal@redhat.com> writes:
>
>> On Thu, Jan 26, 2012 at 10:05:32AM -0800, Tejun Heo wrote:
>>> Hello,
>>>
>>> On Thu, Jan 26, 2012 at 10:04:20AM -0500, Vivek Goyal wrote:
>>>> out_put_disk:
>>>> while (dr--) {
>>>> del_timer_sync(&motor_off_timer[dr]);
>>>> - if (disks[dr]->queue)
>>>> + if (disks[dr]->queue) {
>>>> blk_cleanup_queue(disks[dr]->queue);
>>>> + /*
>>>> + * The request queue reference we took at device
>>>> + * creation time has been put by above
>>>> + * blk_cleanup_queue(). We have not called add_disk()
>>>> + * yet and due to failure calling put_disk(). Put disk
>>>> + * will try to put a reference to disk->queue which is
>>>> + * taken in add_disk(). As we have not taken that
>>>> + * extra reference, putting extra reference down
>>>> + * will try to access already freed queue. Clear
>>>> + * disk->queue before calling put_disk().>
>>>> + */
>>>> + disks[dr]->queue = NULL;
>>>
>>> Yeah, this looks correct to me. It might be better to tone down the
>>> comment a bit tho. Wouldn't it be sufficient to say put_disk() isn't
>>> paired with add_disk() and will put one extra time?
>>
>> Sure. Toned down the comment as suggested. Here is the new patch.
>>
>> floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never called
>>
>> add_disk() takes gendisk reference on request queue. If driver failed during
>> initialization and never called add_disk() then that extra reference is not
>> taken. That reference is put in put_disk(). floppy driver allocates the
>> disk, allocates queue, sets disk->queue and then relizes that floppy
>> controller is not present. It tries to tear down everything and tries to
>> put a reference down in put_disk() which was never taken.
>>
>> In such error cases cleanup disk->queue before calling put_disk() so that
>> we never try to put down a reference which was never taken in first place.
>>
>> Reported-by: Suresh Jayaraman <sjayaraman@suse.com>
>> Tested-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
>> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
>> ---
>> drivers/block/floppy.c | 8 +++++++-
>> 1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> Index: linux-2.6/drivers/block/floppy.c
>> ===================================================================
>> --- linux-2.6.orig/drivers/block/floppy.c 2012-01-15 09:49:14.000000000 -0500
>> +++ linux-2.6/drivers/block/floppy.c 2012-01-26 14:35:14.662374464 -0500
>> @@ -4368,8 +4368,14 @@ out_unreg_blkdev:
>> out_put_disk:
>> while (dr--) {
>> del_timer_sync(&motor_off_timer[dr]);
>> - if (disks[dr]->queue)
>> + if (disks[dr]->queue) {
>> blk_cleanup_queue(disks[dr]->queue);
>> + /*
>> + * put_disk() is not paired with add_disk() and
>> + * will put queue reference one extra time. fix it.
>> + */
>> + disks[dr]->queue = NULL;
>> + }
>> put_disk(disks[dr]);
>> }
>> return err;
>
>
> Probably a rare and uncommon one but it seems that the reloading case on
> a machine that has a floppy controller is a different problem. To be
> sure I tested the patch on a machine that has a floppy controller and
> when unloading and reloading the floppy module the log messages that I
> attached to a mail earlier in this thread are still generated.
>
Yeah, this seems like a different problem. Could you please try enabling
CONFIG_DEBUG_PAGEALLOC and see whether is it pointing to the problem
code while loading/unloading the module?
Suresh
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-27 6:07 ` Suresh Jayaraman
@ 2012-01-27 11:30 ` Dirk Gouders
2012-01-27 19:54 ` Vivek Goyal
0 siblings, 1 reply; 17+ messages in thread
From: Dirk Gouders @ 2012-01-27 11:30 UTC (permalink / raw)
To: Suresh Jayaraman; +Cc: Vivek Goyal, Tejun Heo, LKML, Jens Axboe
Suresh Jayaraman <sjayaraman@suse.com> writes:
> On 01/27/2012 03:18 AM, Dirk Gouders wrote:
[snipped many lines]
>> Probably a rare and uncommon one but it seems that the reloading case on
>> a machine that has a floppy controller is a different problem. To be
>> sure I tested the patch on a machine that has a floppy controller and
>> when unloading and reloading the floppy module the log messages that I
>> attached to a mail earlier in this thread are still generated.
>>
>
> Yeah, this seems like a different problem. Could you please try enabling
> CONFIG_DEBUG_PAGEALLOC and see whether is it pointing to the problem
> code while loading/unloading the module?
I enabled the option and it produces just one message during boot but
nothing else while unloading/loading the floppy module.
Dirk
(This time tested with a VM)
------------------------------------------------------------------------
=============================================================================
BUG blkdev_queue (Not tainted): Poison overwritten
-----------------------------------------------------------------------------
INFO: 0xffff880036c414d0-0xffff880036c414d0. First byte 0x6a instead of 0x6b
INFO: Allocated in blk_alloc_queue_node+0x1e/0x1ed age=17519 cpu=0 pid=1560
set_track+0x5e/0xd9
alloc_debug_processing+0xbd/0x15e
__slab_alloc+0x248/0x297
blk_alloc_queue_node+0x1e/0x1ed
prio_tree_insert+0xd4/0x184
kmem_cache_alloc_node+0x77/0x153
blk_alloc_queue_node+0x1e/0x1ed
rand_initialize_disk+0x1f/0x34
blk_alloc_queue_node+0x1e/0x1ed
0xffffffffa006cfa8
blk_init_queue_node+0x1a/0x52
alloc_disk_node+0xba/0xdd
0xffffffffa00786c7
notifier_call_chain+0x2e/0x5b
0xffffffffa0078c16
do_one_initcall+0x78/0x12b
INFO: Freed in kobject_release+0x48/0x5e age=2743 cpu=1 pid=2415
set_track+0x5e/0xd9
free_debug_processing+0x155/0x1ed
__slab_free+0x2b/0x291
kobject_release+0x48/0x5e
kobject_release+0x48/0x5e
kmem_cache_free+0x9b/0xd9
kobject_release+0x48/0x5e
0xffffffffa006e5a2
sys_delete_module+0x1cf/0x22c
do_munmap+0x2cc/0x2e5
system_call_fastpath+0x16/0x1b
INFO: Slab 0xffffea0000db1000 objects=15 used=15 fp=0x (null) flags=0x100000000004080
INFO: Object 0xffff880036c410a0 @offset=4256 fp=0xffff880036c46c10
Bytes b4 ffff880036c41090: 07 20 ff ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a . ......ZZZZZZZZ
Object ffff880036c410a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c410b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c410c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c410d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c410e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c410f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41100: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41110: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41120: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41130: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41140: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41150: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41160: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41170: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41180: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41190: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c411a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c411b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c411c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c411d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c411e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c411f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41200: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41210: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41220: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41230: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41240: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41250: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41260: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41270: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41280: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41290: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c412a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c412b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c412c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c412d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c412e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c412f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41300: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41310: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41320: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41330: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41340: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41350: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41360: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41370: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41380: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41390: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c413a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c413b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c413c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c413d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c413e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c413f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41400: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41410: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41420: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41430: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41440: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41450: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41460: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41470: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41480: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41490: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c414a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c414b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c414c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c414d0: 6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b jkkkkkkkkkkkkkkk
Object ffff880036c414e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c414f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41500: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41510: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41520: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41530: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41540: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41550: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41560: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41570: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41580: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41590: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c415a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c415b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c415c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c415d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c415e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c415f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41600: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41610: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41620: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41630: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41640: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41650: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41660: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41670: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41680: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41690: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c416a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c416b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c416c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c416d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c416e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c416f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41700: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41710: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41720: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41730: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41740: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41750: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41760: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41770: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41780: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c41790: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff880036c417a0: 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkk.
Redzone ffff880036c417a8: bb bb bb bb bb bb bb bb ........
Padding ffff880036c418e8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
Pid: 2417, comm: modprobe Not tainted 3.3.0-rc1-00060-gc1aab02-dirty #26
Call Trace:
[<ffffffff810ffe05>] ? check_bytes_and_report+0xad/0xe6
[<ffffffff810ffef9>] ? check_object+0xbb/0x1f7
[<ffffffff812bfc5f>] ? blk_alloc_queue_node+0x1e/0x1ed
[<ffffffff81101753>] ? alloc_debug_processing+0xa3/0x15e
[<ffffffff811027a4>] ? __slab_alloc+0x248/0x297
[<ffffffff812bfc5f>] ? blk_alloc_queue_node+0x1e/0x1ed
[<ffffffff812d2db1>] ? prio_tree_insert+0xd4/0x184
[<ffffffff81102b95>] ? kmem_cache_alloc_node+0x77/0x153
[<ffffffff812bfc5f>] ? blk_alloc_queue_node+0x1e/0x1ed
[<ffffffff8134d9e6>] ? rand_initialize_disk+0x1f/0x34
[<ffffffff812bfc5f>] ? blk_alloc_queue_node+0x1e/0x1ed
[<ffffffffa0082fa8>] ? lock_fdc.clone.8+0xfd/0xfd [floppy]
[<ffffffff812c0f97>] ? blk_init_queue_node+0x1a/0x52
[<ffffffff812c7cd2>] ? alloc_disk_node+0xba/0xdd
[<ffffffffa008e6c7>] ? floppy_init+0x78/0x5c7 [floppy]
[<ffffffff8155ac85>] ? notifier_call_chain+0x2e/0x5b
[<ffffffffa008ec16>] ? floppy_init+0x5c7/0x5c7 [floppy]
[<ffffffff810002e5>] ? do_one_initcall+0x78/0x12b
[<ffffffff8109a8b7>] ? sys_init_module+0x80/0x1c5
[<ffffffff8155e222>] ? system_call_fastpath+0x16/0x1b
FIX blkdev_queue: Restoring 0xffff880036c414d0-0xffff880036c414d0=0x6b
FIX blkdev_queue: Marking all objects used
=============================================================================
BUG blkdev_queue (Not tainted): Poison overwritten
-----------------------------------------------------------------------------
INFO: 0xffff88003ae7be60-0xffff88003ae7be60. First byte 0x6a instead of 0x6b
INFO: Allocated in blk_alloc_queue_node+0x1e/0x1ed age=17519 cpu=0 pid=1560
set_track+0x5e/0xd9
alloc_debug_processing+0xbd/0x15e
__slab_alloc+0x248/0x297
blk_alloc_queue_node+0x1e/0x1ed
prio_tree_insert+0x90/0x184
kmem_cache_alloc_node+0x77/0x153
blk_alloc_queue_node+0x1e/0x1ed
rand_initialize_disk+0x1f/0x34
blk_alloc_queue_node+0x1e/0x1ed
0xffffffffa006cfa8
blk_init_queue_node+0x1a/0x52
alloc_disk_node+0xba/0xdd
0xffffffffa00786c7
notifier_call_chain+0x2e/0x5b
0xffffffffa0078c16
do_one_initcall+0x78/0x12b
INFO: Freed in kobject_release+0x48/0x5e age=2744 cpu=1 pid=2415
set_track+0x5e/0xd9
free_debug_processing+0x155/0x1ed
__slab_free+0x2b/0x291
prio_tree_remove+0xc0/0xd4
kobject_release+0x48/0x5e
kobject_release+0x48/0x5e
kmem_cache_free+0x9b/0xd9
kobject_release+0x48/0x5e
0xffffffffa006e5a2
sys_delete_module+0x1cf/0x22c
do_munmap+0x2cc/0x2e5
system_call_fastpath+0x16/0x1b
INFO: Slab 0xffffea0000eb9e00 objects=15 used=15 fp=0x (null) flags=0x100000000004080
INFO: Object 0xffff88003ae7ba30 @offset=14896 fp=0xffff88003ae7c280
Bytes b4 ffff88003ae7ba20: 07 20 ff ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a . ......ZZZZZZZZ
Object ffff88003ae7ba30: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7ba40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7ba50: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7ba60: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7ba70: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7ba80: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7ba90: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7baa0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bab0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bac0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bad0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bae0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7baf0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb00: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb10: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb20: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb30: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb50: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb60: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb70: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb80: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bb90: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bba0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bbb0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bbc0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bbd0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bbe0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bbf0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc00: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc10: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc20: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc30: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc50: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc60: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc70: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc80: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bc90: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bca0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bcb0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bcc0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bcd0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bce0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bcf0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd00: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd10: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd20: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd30: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd50: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd60: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd70: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd80: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bd90: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bda0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bdb0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bdc0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bdd0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bde0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bdf0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be00: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be10: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be20: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be30: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be50: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be60: 6a 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b jkkkkkkkkkkkkkkk
Object ffff88003ae7be70: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be80: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7be90: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bea0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7beb0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bec0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bed0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bee0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bef0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf00: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf10: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf20: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf30: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf50: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf60: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf70: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf80: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bf90: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bfa0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bfb0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bfc0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bfd0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bfe0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7bff0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c020: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c030: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c040: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c050: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c060: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c070: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c080: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c090: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c0a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c0b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c0c0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c0d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c0e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c0f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c100: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c110: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c120: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
Object ffff88003ae7c130: 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkk.
Redzone ffff88003ae7c138: bb bb bb bb bb bb bb bb ........
Padding ffff88003ae7c278: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
Pid: 2417, comm: modprobe Not tainted 3.3.0-rc1-00060-gc1aab02-dirty #26
Call Trace:
[<ffffffff810ffe05>] ? check_bytes_and_report+0xad/0xe6
[<ffffffff810ffef9>] ? check_object+0xbb/0x1f7
[<ffffffff812bfc5f>] ? blk_alloc_queue_node+0x1e/0x1ed
[<ffffffff81101753>] ? alloc_debug_processing+0xa3/0x15e
[<ffffffff811027a4>] ? __slab_alloc+0x248/0x297
[<ffffffff812bfc5f>] ? blk_alloc_queue_node+0x1e/0x1ed
[<ffffffff812d2db1>] ? prio_tree_insert+0xd4/0x184
[<ffffffff81102b95>] ? kmem_cache_alloc_node+0x77/0x153
[<ffffffff812bfc5f>] ? blk_alloc_queue_node+0x1e/0x1ed
[<ffffffff8134d9e6>] ? rand_initialize_disk+0x1f/0x34
[<ffffffff812bfc5f>] ? blk_alloc_queue_node+0x1e/0x1ed
[<ffffffffa0082fa8>] ? lock_fdc.clone.8+0xfd/0xfd [floppy]
[<ffffffff812c0f97>] ? blk_init_queue_node+0x1a/0x52
[<ffffffff812c7cd2>] ? alloc_disk_node+0xba/0xdd
[<ffffffffa008e6c7>] ? floppy_init+0x78/0x5c7 [floppy]
[<ffffffff8155ac85>] ? notifier_call_chain+0x2e/0x5b
[<ffffffffa008ec16>] ? floppy_init+0x5c7/0x5c7 [floppy]
[<ffffffff810002e5>] ? do_one_initcall+0x78/0x12b
[<ffffffff8109a8b7>] ? sys_init_module+0x80/0x1c5
[<ffffffff8155e222>] ? system_call_fastpath+0x16/0x1b
FIX blkdev_queue: Restoring 0xffff88003ae7be60-0xffff88003ae7be60=0x6b
FIX blkdev_queue: Marking all objects used
FDC 0 is a S82078B
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-27 11:30 ` Dirk Gouders
@ 2012-01-27 19:54 ` Vivek Goyal
2012-01-28 10:53 ` Dirk Gouders
2012-01-29 19:36 ` Tejun Heo
0 siblings, 2 replies; 17+ messages in thread
From: Vivek Goyal @ 2012-01-27 19:54 UTC (permalink / raw)
To: Dirk Gouders; +Cc: Suresh Jayaraman, Tejun Heo, LKML, Jens Axboe
On Fri, Jan 27, 2012 at 12:30:00PM +0100, Dirk Gouders wrote:
> Suresh Jayaraman <sjayaraman@suse.com> writes:
>
> > On 01/27/2012 03:18 AM, Dirk Gouders wrote:
>
> [snipped many lines]
>
> >> Probably a rare and uncommon one but it seems that the reloading case on
> >> a machine that has a floppy controller is a different problem. To be
> >> sure I tested the patch on a machine that has a floppy controller and
> >> when unloading and reloading the floppy module the log messages that I
> >> attached to a mail earlier in this thread are still generated.
> >>
> >
> > Yeah, this seems like a different problem. Could you please try enabling
> > CONFIG_DEBUG_PAGEALLOC and see whether is it pointing to the problem
> > code while loading/unloading the module?
>
> I enabled the option and it produces just one message during boot but
> nothing else while unloading/loading the floppy module.
>
Can you please try following patch and see if it fixes the issue. I could
reproduce the issue with my virtual machine. The issue seems to be that
we do not call add_disk() for all the drives/disks but we try to do
put_disk() on all the disks. Hence running into the issue of putting
extra reference during module removal.
floppy: Fix a crash during rmmmod
floppy driver does not call add_disk() on all the drives hence we don't take
gendisk reference on request queue for these drives. Don't call put_disk()
with disk->queue set, otherwise we try to put the reference we never took.
Reported-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
Signed-off-by: Vivek Goyal<vgoyal@redhat.com>
---
drivers/block/floppy.c | 9 +++++++++
1 file changed, 9 insertions(+)
Index: linux-2.6/drivers/block/floppy.c
===================================================================
--- linux-2.6.orig/drivers/block/floppy.c 2012-01-27 14:34:45.000000000 -0500
+++ linux-2.6/drivers/block/floppy.c 2012-01-27 14:39:13.729861052 -0500
@@ -4584,6 +4584,15 @@ static void __exit floppy_module_exit(vo
platform_device_unregister(&floppy_device[drive]);
}
blk_cleanup_queue(disks[drive]->queue);
+
+ /*
+ * These disks have not called add_disk(). Don't put down
+ * queue reference in put_disk().
+ */
+ if (!(allowed_drive_mask & (1 << drive)) ||
+ fdc_state[FDC(drive)].version == FDC_NONE)
+ disks[drive]->queue = NULL;
+
put_disk(disks[drive]);
}
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-27 19:54 ` Vivek Goyal
@ 2012-01-28 10:53 ` Dirk Gouders
2012-01-29 19:36 ` Tejun Heo
1 sibling, 0 replies; 17+ messages in thread
From: Dirk Gouders @ 2012-01-28 10:53 UTC (permalink / raw)
To: Vivek Goyal; +Cc: Suresh Jayaraman, Tejun Heo, LKML, Jens Axboe
Vivek Goyal <vgoyal@redhat.com> writes:
> On Fri, Jan 27, 2012 at 12:30:00PM +0100, Dirk Gouders wrote:
>> Suresh Jayaraman <sjayaraman@suse.com> writes:
>>
>> > On 01/27/2012 03:18 AM, Dirk Gouders wrote:
>>
>> [snipped many lines]
>>
>> >> Probably a rare and uncommon one but it seems that the reloading case on
>> >> a machine that has a floppy controller is a different problem. To be
>> >> sure I tested the patch on a machine that has a floppy controller and
>> >> when unloading and reloading the floppy module the log messages that I
>> >> attached to a mail earlier in this thread are still generated.
>> >>
>> >
>> > Yeah, this seems like a different problem. Could you please try enabling
>> > CONFIG_DEBUG_PAGEALLOC and see whether is it pointing to the problem
>> > code while loading/unloading the module?
>>
>> I enabled the option and it produces just one message during boot but
>> nothing else while unloading/loading the floppy module.
>>
>
> Can you please try following patch and see if it fixes the issue. I could
> reproduce the issue with my virtual machine. The issue seems to be that
> we do not call add_disk() for all the drives/disks but we try to do
> put_disk() on all the disks. Hence running into the issue of putting
> extra reference during module removal.
I tested your patch and it works fine.
There is just a little typo:
floppy: Fix a crash during rmmod
Thanks,
Dirk
> floppy: Fix a crash during rmmmod
>
> floppy driver does not call add_disk() on all the drives hence we don't take
> gendisk reference on request queue for these drives. Don't call put_disk()
> with disk->queue set, otherwise we try to put the reference we never took.
>
> Reported-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
> Signed-off-by: Vivek Goyal<vgoyal@redhat.com>
> ---
> drivers/block/floppy.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> Index: linux-2.6/drivers/block/floppy.c
> ===================================================================
> --- linux-2.6.orig/drivers/block/floppy.c 2012-01-27 14:34:45.000000000 -0500
> +++ linux-2.6/drivers/block/floppy.c 2012-01-27 14:39:13.729861052 -0500
> @@ -4584,6 +4584,15 @@ static void __exit floppy_module_exit(vo
> platform_device_unregister(&floppy_device[drive]);
> }
> blk_cleanup_queue(disks[drive]->queue);
> +
> + /*
> + * These disks have not called add_disk(). Don't put down
> + * queue reference in put_disk().
> + */
> + if (!(allowed_drive_mask & (1 << drive)) ||
> + fdc_state[FDC(drive)].version == FDC_NONE)
> + disks[drive]->queue = NULL;
> +
> put_disk(disks[drive]);
> }
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-27 19:54 ` Vivek Goyal
2012-01-28 10:53 ` Dirk Gouders
@ 2012-01-29 19:36 ` Tejun Heo
2012-01-30 6:03 ` Suresh Jayaraman
1 sibling, 1 reply; 17+ messages in thread
From: Tejun Heo @ 2012-01-29 19:36 UTC (permalink / raw)
To: Vivek Goyal; +Cc: Dirk Gouders, Suresh Jayaraman, LKML, Jens Axboe
On Fri, Jan 27, 2012 at 02:54:55PM -0500, Vivek Goyal wrote:
> floppy: Fix a crash during rmmmod
>
> floppy driver does not call add_disk() on all the drives hence we don't take
> gendisk reference on request queue for these drives. Don't call put_disk()
> with disk->queue set, otherwise we try to put the reference we never took.
>
> Reported-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
> Signed-off-by: Vivek Goyal<vgoyal@redhat.com>
Ugh... floppy init is ugly. Thanks for fixing this.
Acked-by: Tejun Heo <tj@kernel.org>
Jens, this one and the previous one are regression fixes and need to
be routed through v3.3-fixes.
--
tejun
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Slab corruption in floppy driver module
2012-01-29 19:36 ` Tejun Heo
@ 2012-01-30 6:03 ` Suresh Jayaraman
0 siblings, 0 replies; 17+ messages in thread
From: Suresh Jayaraman @ 2012-01-30 6:03 UTC (permalink / raw)
To: Tejun Heo; +Cc: Vivek Goyal, Dirk Gouders, LKML, Jens Axboe
On 01/30/2012 01:06 AM, Tejun Heo wrote:
> On Fri, Jan 27, 2012 at 02:54:55PM -0500, Vivek Goyal wrote:
>> floppy: Fix a crash during rmmmod
>>
>> floppy driver does not call add_disk() on all the drives hence we don't take
>> gendisk reference on request queue for these drives. Don't call put_disk()
>> with disk->queue set, otherwise we try to put the reference we never took.
>>
>> Reported-by: Dirk Gouders <gouders@et.bocholt.fh-gelsenkirchen.de>
>> Signed-off-by: Vivek Goyal<vgoyal@redhat.com>
>
> Ugh... floppy init is ugly. Thanks for fixing this.
>
> Acked-by: Tejun Heo <tj@kernel.org>
>
> Jens, this one and the previous one are regression fixes and need to
> be routed through v3.3-fixes.
>
Looks like it needs to be marked for -stable as well as the commit
f992ae8 which exposed these problems was originally marked for -stable?
Suresh
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2012-01-30 6:04 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-01-24 13:19 Slab corruption in floppy driver module Suresh Jayaraman
2012-01-24 22:31 ` Vivek Goyal
2012-01-25 7:59 ` Dirk Gouders
2012-01-25 9:04 ` Dirk Gouders
2012-01-26 15:04 ` Vivek Goyal
2012-01-26 18:05 ` Tejun Heo
2012-01-26 18:53 ` Dirk Gouders
2012-01-26 19:37 ` Vivek Goyal
2012-01-26 21:48 ` Dirk Gouders
2012-01-26 21:56 ` Vivek Goyal
2012-01-27 6:07 ` Suresh Jayaraman
2012-01-27 11:30 ` Dirk Gouders
2012-01-27 19:54 ` Vivek Goyal
2012-01-28 10:53 ` Dirk Gouders
2012-01-29 19:36 ` Tejun Heo
2012-01-30 6:03 ` Suresh Jayaraman
2012-01-27 6:03 ` Suresh Jayaraman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).