Johannes Erdfelt <[EMAIL PROTECTED]> writes:
> On Sat, Jan 05, 2002, Peter Osterlund <[EMAIL PROTECTED]> wrote:
> > On Sat, 5 Jan 2002, Johannes Erdfelt wrote:
> > >
> > > Did you say this is reproducible?
> >
> > No, I have only seen this once, so maybe we should stop worrying about it
> > for now. At least, quite a few things were found while searching for the
> > problem, so I don't think the effort has been wasted.
>
> Yeah. Without a way to reproduce it and some of the logs gone, it's
> gonna be tough.
>
> Hopefully, one of those patches will fix the problem. If not, we'll hear
> from you again I guess :)
OK, the good news is that it did happen again, this time with kernel
2.4.18-pre1. The bad news is that it happened because my CDRW writer
broke. Anyway, this time I had serial console logging active, and
immediately before the oops/panic, this was logged:
usb_control/bulk_msg: timeout
usb-uhci.c: interrupt, status 2, frame# 499
Maybe the usb layer timeout is exactly equal to the drive's internal
timeout. Immediately after printing the timeout msg, the code in usb.c
calls usb_unlink_urb(). If an interrupt occurs while inside that
function, and the interrupt routine also decides to call
usb_unlink_urb(), doesn't that have the potential to seriously mess
things up?
Here is the new oops, it looks very similar to the first one.
usb_control/bulk_msg: timeout
usb-uhci.c: interrupt, status 2, frame# 499
Unable to handle kernel NULL pointer dereference at virtual address 0000000c
c01281ee
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c01281ee>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010046
eax: 02bdcc80 ebx: 6f732e78 ecx: 00000000 edx: 00000000
esi: 00000000 edi: 00000206 ebp: 00000000 esp: c135be7c
ds: 0018 es: 0018 ss: 0018
Process hotplug (pid: 1085, stackpage=c135b000)
Stack: c3cd03c0 6f732e78 c3cd03e0 c11e12e0 c4817f6f 6f732e78 00000000 00000001
ffffff92 c3cd03c0 c3bde200 00000000 c3bde200 c3bde200 c1145e20 00000000
c3bde200 c48171c2 c3bde200 c3bde200 00000000 c48288a5 c3bde200 00000000
Call Trace: [<c4817f6f>] [<c48171c2>] [<c48288a5>] [<c4828981>] [<c01103fa>]
[<c01080ba>] [<c010823d>] [<c011bf5d>] [<c0106d03>]
Code: 8b 41 0c 29 c3 89 d8 f7 76 18 89 c3 8b 41 14 89 44 99 18 89
>>EIP; c01281ee <kfree+2e/a0> <=====
Trace; c4817f6f <[usbcore]usb_destroy_configuration+19f/210>
Trace; c48171c2 <[usbcore]usb_free_dev+22/50>
Trace; c48288a5 <[usb-uhci]process_urb+1e5/200>
Trace; c4828981 <[usb-uhci]uhci_interrupt+c1/130>
Trace; c01103fa <do_page_fault+19a/4f0>
Trace; c01080ba <handle_IRQ_event+3a/70>
Trace; c010823d <do_IRQ+6d/b0>
Trace; c011bf5d <sys_rt_sigprocmask+15d/1d0>
Trace; c0106d03 <system_call+33/40>
Code; c01281ee <kfree+2e/a0>
00000000 <_EIP>:
Code; c01281ee <kfree+2e/a0> <=====
0: 8b 41 0c mov 0xc(%ecx),%eax <=====
Code; c01281f1 <kfree+31/a0>
3: 29 c3 sub %eax,%ebx
Code; c01281f3 <kfree+33/a0>
5: 89 d8 mov %ebx,%eax
Code; c01281f5 <kfree+35/a0>
7: f7 76 18 div 0x18(%esi),%eax
Code; c01281f8 <kfree+38/a0>
a: 89 c3 mov %eax,%ebx
Code; c01281fa <kfree+3a/a0>
c: 8b 41 14 mov 0x14(%ecx),%eax
Code; c01281fd <kfree+3d/a0>
f: 89 44 99 18 mov %eax,0x18(%ecx,%ebx,4)
Code; c0128201 <kfree+41/a0>
13: 89 00 mov %eax,(%eax)
<0>Kernel panic: Aiee, killing interrupt handler!
--
Peter Osterlund - [EMAIL PROTECTED]
http://w1.894.telia.com/~u89404340
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
