On Friday 21 February 2003 17:21, Greg KH wrote:
> On Fri, Feb 21, 2003 at 12:34:13PM +0100, Duncan Sands wrote:
> > I get an oops on shutdown with 2.4.20 (speedtouch driver). Here is what
> > happens:
> >
> > probe method called: I take a reference to the usb device with
> > usb_inc_dev_use
> >
> > (machine shutting down - shutdown of usb subsystem)
> >
> > disconnect called
> >
> > (still have the reference)
> >
> > ...time passes...
> >
> > final driver shutdown: I drop the reference using usb_dec_dev_use, which
> > oopses.
>
> What's the backtrace from the oops?
>
> Personally I wouldn't trust the reference counting logic in 2.4, it just
> doesn't seem right, but I haven't spent the time in looking too deeply
> at it, unlike 2.5.
Hi Greg, I went and got a new one for your debugging pleasure! It is
the dev->bus->op->deallocate(dev) that kills things. What happens
seems to be this: disconnect is called on the speedtch driver, then
uhci is unloaded, then speedtch drops its reference to the usb device,
which causes havoc.
Duncan.
00000fcc <usb_free_dev>:
void usb_free_dev(struct usb_device *dev)
{
fcc: 53 push %ebx
fcd: 8b 5c 24 08 mov 0x8(%esp,1),%ebx
static __inline__ int atomic_dec_and_test(atomic_t *v)
{
unsigned char c;
__asm__ __volatile__(
fd1: ff 4b 20 decl 0x20(%ebx)
fd4: 0f 94 c0 sete %al
if (atomic_dec_and_test(&dev->refcnt)) {
fd7: 84 c0 test %al,%al
fd9: 74 29 je 1004 <usb_free_dev+0x38>
dev->bus->op->deallocate(dev);
fdb: 8b 83 cc 00 00 00 mov 0xcc(%ebx),%eax
fe1: 8b 40 1c mov 0x1c(%eax),%eax
fe4: 53 push %ebx
fe5: 8b 40 04 mov 0x4(%eax),%eax <=== Here
fe8: ff d0 call *%eax
usb_destroy_configuration(dev);
fea: 53 push %ebx
feb: e8 fc ff ff ff call fec <usb_free_dev+0x20>
usb_bus_put(dev->bus);
ff0: ff b3 cc 00 00 00 pushl 0xcc(%ebx)
ff6: e8 01 f7 ff ff call 6fc <usb_bus_put>
kfree(dev);
ffb: 53 push %ebx
ffc: e8 fc ff ff ff call ffd <usb_free_dev+0x31>
}
1001: 83 c4 10 add $0x10,%esp
1004: 5b pop %ebx
1005: c3 ret
}
Unable to handle kernel paging request at virtual address cc87aa30
c01a3705
*pde = 013e5067
Oops: 0000
CPU: 0
EIP: 0010:[usb_free_dev+25/60] Not tainted
EIP: 0010:[<c01a3705>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010202
eax: cc87aa2c ebx: cb1e2a00 ecx: caeaa000 edx: 00000001
esi: c97bd400 edi: c97bd4c0 ebp: c9594040 esp: c49f5eb4
ds: 0018 es: 0018 ss: 0018
Process pppd (pid: 689, stackpage=c49f5000)
Stack: cb1e2a00 cae56000 cc88ce38 cb1e2a00 cc88ec00 cae56104 cc88ebc0 cc88eb80
00000000 c12f8a60 c01e9d7c c12f8a60 00000000 c01e9ed0 c12f8a60 c01e9f05
c97bd400 00000000 c97bd400 c97bd4c0 c01e7d48 c97bd400 00000000 c4fdb3a0
Call Trace: [speedtch:__insmod_speedtch_S.text_L8308+3544/6656]
[speedtch:__insmod_speedtch_S.rodata_L5224+2848/5600]
[speedtch:__insmod_speedtch_S.rodata_L5224+2784/5600]
[speedtch:__insmod_speedtch_S.rodata_L5224+2720/5600] [shutdown_atm_dev+32/48]
Call Trace: [<cc88ce38>] [<cc88ec00>] [<cc88ebc0>] [<cc88eb80>] [<c01e9d7c>]
[<c01e9ed0>] [<c01e9f05>] [<c01e7d48>] [<c01e7d73>] [<c01ad7ee>] [<c01adcbd>]
[<c012e574>] [<c012d625>] [<c0115ef8>] [<c0116487>] [<c0116632>] [<c0106bd3>]
Code: 8b 40 04 ff d0 53 e8 b4 0a 00 00 ff b3 cc 00 00 00 e8 01 f7
>>EIP; c01a3705 <usb_free_dev+19/3c> <=====
>>eax; cc87aa2c <[nls_cp437].data.end+7931/8f65>
>>ebx; cb1e2a00 <_end+af49ac8/c5bb128>
>>ecx; caeaa000 <_end+ac110c8/c5bb128>
>>esi; c97bd400 <_end+95244c8/c5bb128>
>>edi; c97bd4c0 <_end+9524588/c5bb128>
>>ebp; c9594040 <_end+92fb108/c5bb128>
>>esp; c49f5eb4 <_end+475cf7c/c5bb128>
Trace; cc88ce38 <[speedtch]udsl_atm_dev_close+58/64>
Trace; cc88ec00 <[speedtch]__module_license+a83/13ca>
Trace; cc88ebc0 <[speedtch]__module_license+a43/13ca>
Trace; cc88eb80 <[speedtch]__module_license+a03/13ca>
Trace; c01e9d7c <shutdown_atm_dev+20/30>
Trace; c01e9ed0 <unlink_vcc+88/8c>
Trace; c01e9f05 <bind_vcc+11/79>
Trace; c01e7d48 <atm_release_vcc_sk+100/118>
Trace; c01e7d73 <atm_release+13/1c>
Trace; c01ad7ee <sock_release+12/50>
Trace; c01adcbd <sock_close+31/38>
Trace; c012e574 <fput+4c/e0>
Trace; c012d625 <filp_close+59/64>
Trace; c0115ef8 <put_files_struct+54/b8>
Trace; c0116487 <do_exit+af/234>
Trace; c0116632 <sys_exit+e/10>
Trace; c0106bd3 <system_call+33/40>
Code; c01a3705 <usb_free_dev+19/3c>
00000000 <_EIP>:
Code; c01a3705 <usb_free_dev+19/3c> <=====
0: 8b 40 04 mov 0x4(%eax),%eax <=====
Code; c01a3708 <usb_free_dev+1c/3c>
3: ff d0 call *%eax
Code; c01a370a <usb_free_dev+1e/3c>
5: 53 push %ebx
Code; c01a370b <usb_free_dev+1f/3c>
6: e8 b4 0a 00 00 call abf <_EIP+0xabf>
Code; c01a3710 <usb_free_dev+24/3c>
b: ff b3 cc 00 00 00 pushl 0xcc(%ebx)
Code; c01a3716 <usb_free_dev+2a/3c>
11: e8 01 f7 00 00 call f717 <_EIP+0xf717>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
