Hi David,
Sorry for the confusion of deadlock and Oops. I'm not that familiar with the terms...
No prob.
here is the disassemble output of gdb:
if you're sure this was from the same kernel that caused the oops ... then this bit looks to be the operative part of spin_unlock(), followed by preempt checks (pointless here):
0x0000100c <qh_completions+329>: movb $0x1,(%edi) 0x0000100f <qh_completions+332>: mov 0xffffffd0(%ebp),%ecx 0x00001012 <qh_completions+335>: mov 0x8(%ecx),%eax 0x00001015 <qh_completions+338>: subl $0x1,0x14(%ecx) 0x00001019 <qh_completions+342>: test $0x8,%al 0x0000101b <qh_completions+344>: jne 0x1123 <qh_completions+608>
And then here it's accessing something on the stack, presumably the local variable "stopped", and getting an oops.
if (stopped && qtd->qtd_list.prev != &qh->qtd_list) {
0x00001021 <qh_completions+350>: mov 0xffffffe4(%ebp),%eax ------------- that's the spot (0x162/0x35d) 0x00001024 <qh_completions+353>: test %eax,%eax ------------- 0x00001026 <qh_completions+355>: je 0x1035 <qh_completions+370> 0x00001028 <qh_completions+357>: mov 0x3c(%esi),%edx 0x0000102b <qh_completions+360>: cmp 0xffffffd4(%ebp),%edx 0x0000102e <qh_completions+363>: je 0x1035 <qh_completions+370>
That shouldn't happen. Are you enabling CONFIG_4KSTACKS?
- Dave
Here's where we'd patch "prev" during unlink-from-middle-of-queue:
0x00001030 <qh_completions+365>: mov (%esi),%eax 0x00001032 <qh_completions+367>: mov %eax,0xffffffc8(%edx)
target of those 'je', the list_del
0x00001035 <qh_completions+370>: lea 0x38(%esi),%ecx 0x00001038 <qh_completions+373>: mov 0x38(%esi),%eax 0x0000103b <qh_completions+376>: mov 0x4(%ecx),%edx 0x0000103e <qh_completions+379>: mov %edx,0x4(%eax) 0x00001041 <qh_completions+382>: mov %eax,(%edx)
... tail end of list_del() code, poisoning the pointers.
0x00001043 <qh_completions+384>: movl $0x200200,0x4(%ecx) 0x0000104a <qh_completions+391>: movl $0x100100,0x38(%esi) 0x00001051 <qh_completions+398>: mov %esi,0xfffffff0(%ebp) 0x00001054 <qh_completions+401>: mov 0xffffffe8(%ebp),%eax 0x00001057 <qh_completions+404>: mov (%eax),%edx 0x00001059 <qh_completions+406>: cmp 0xffffffd4(%ebp),%eax 0x0000105c <qh_completions+409>: mov %edx,0xffffffe8(%ebp) 0x0000105f <qh_completions+412>: jne 0xf34 <qh_completions+113> 0x00001065 <qh_completions+418>: mov 0xfffffff0(%ebp),%eax 0x00001068 <qh_completions+421>: test %eax,%eax .....
This seems to be somewhere in this part of the code:
..... /* remove it from the queue */ spin_lock (&urb->lock); qtd_copy_status (ehci, urb, qtd->length, token); do_status = (urb->status == -EREMOTEIO) && usb_pipecontrol (urb->pipe); spin_unlock (&urb->lock);
last = list_entry (qtd->qtd_list.prev,
struct ehci_qtd, qtd_list);
last->hw_next = qtd->hw_next;
}
list_del (&qtd->qtd_list);
last = qtd;
....
Andreas
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
