[linux-usb-devel] oops in pl2303 on disconnect

Pete Zaitcev Wed, 08 Feb 2006 11:03:03 -0800

I'm horribly busy at work, so I thought I'd just throw this here in case
anyone is interested. The pl2303 fails to submit an interrupt (probably
a schedule problem in a hub), user does "rmmod pl2303"... ta daaa.
Looks like a case of use-after-free.


pl2303 ttyUSB0: pl2303_open - failed submitting interrupt urb, error -28
usbcore: deregistering driver pl2303
------------[ cut here ]------------
kernel BUG at kernel/workqueue.c:109!
invalid opcode: 0000 [#1]
last sysfs file: /class/net/sit0/statistics/collisions
Modules linked in: xt_tcpudp iptable_nat ip_nat ip_conntrack nfnetlink 
ip_tables x_tables radeon drm ppdev autofs4 rfcomm l2cap sunrpc dm_mirror 
dm_mod video button battery ac ipv6 lp parport_pc parport pl2303 usbserial 
hci_usb bluetooth nvram ohci1394 ieee1394 snd_intel8x0m ehci_hcd uhci_hcd 
ipw2100 ieee80211 ieee80211_crypt b44 mii snd_intel8x0 snd_ac97_codec 
snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq 
snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore 
snd_page_alloc ext3 jbd
CPU:    0
EIP:    0060:[<c0126dcb>]    Not tainted VLI
EFLAGS: 00010203   (2.6.15-1.1881_FC5)
EIP is at queue_work+0x17/0x2f
eax: f6611640   ebx: c18dcd20   ecx: 00000000   edx: f661163c
esi: f7cbedac   edi: f743a25c   ebp: ec7d9000   esp: ec7d9ef4
ds: 007b   es: 007b   ss: 0068
Process rmmod (pid: 3991, threadinfo=ec7d9000 task=ec7c2000)
Stack: <0>00000000 f8a5077e f743a248 f8a48da0 f8a48dd4 c026122b f743a304 
f743a25c
       c0228430 f743a25c f760aa6c f8a48dd4 c02286f9 f8a48dd4 00000000 c0366da0
       c0227c90 f8a48dd4 f8a48dcc f8a48dbc c0228804 f8a48da0 c026111f f8a49200
Call Trace:
 [<f8a5077e>] usb_serial_disconnect+0x54/0x94 [usbserial]     [<c026122b>] 
usb_unbind_interface+0x34/0x6a
 [<c0228430>] __device_release_driver+0x5c/0x74     [<c02286f9>] 
driver_detach+0x8e/0xbc
 [<c0227c90>] bus_remove_driver+0x57/0x75     [<c0228804>] 
driver_unregister+0x8/0x13
 [<c026111f>] usb_deregister+0x98/0xa0     [<f8a46d2a>] pl2303_exit+0xa/0x14 
[pl2303]
 [<c0131108>] sys_delete_module+0x191/0x1ce     [<c01055e0>] 
do_syscall_trace+0x104/0x14a
 [<c0102ba9>] syscall_call+0x7/0xb    <0>Code: fa 89 d8 5b 5e 5f e9 d4 95 1b 00 
8b 48 14 89 c2 8b 01 eb ae 53 89 c3 0f ba 2a 00 19 c0 31 c9 85 c0 75 1c 8d 42 
04 39 42 04 74 08 <0f> 0b 6d 00 74 d7 2f c0 8b 03 e8 88 ff ff ff b9 01 00 00 00 
89
Continuing in 1 seconds.
 <------ This is followed by a whole bunch of slab corruption tracebacks.

Ref
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180463

-- Pete


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel

[linux-usb-devel] oops in pl2303 on disconnect

Reply via email to