Pete Zaitcev <[EMAIL PROTECTED]> writes: > > Here is part of the stack trace from the oops/panic in my first > > message about this problem: > > > > >>EIP; c012ad65 <kfree+35/a0> <===== > > Trace; c4817ee4 <[usbcore]usb_destroy_configuration+104/210> > > Trace; c48171e2 <[usbcore]usb_free_dev+22/50> > > Trace; c48288b5 <[usb-uhci]process_urb+1e5/200> > > Trace; c4828991 <[usb-uhci]uhci_interrupt+c1/130> > > > > As can be seen from the above, usb_destroy_configuration is called > > from interrupt context [...] > > Always remember that on x86 there are no frame pointers, so > the stack trace is dirty with unrelated stuff. Cross-check > with a code path.
I did and that call chain is possible. The only tricky part was to figure out that the call to usb_dec_dev_use in process_urb was actually calling usb_free_dev, because of the following define in usb.h: #define usb_dec_dev_use usb_free_dev What's the purpose of that define? Just to confuse readers? ;-) I also disassembled the kfree code to figure out that the oops was caused by dividing by zero at line 1434 in mm/slab.c. That happened because cachep->objsize was zero, which I think must have been caused by trying to free a bogus memory area. Then I disassembled the usb_destroy_configuration code to find out that kfree crashed when freing as->extra. -- Peter Osterlund - [EMAIL PROTECTED] http://w1.894.telia.com/~u89404340 _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
