* PROBLEM: Kernel 2.6.x freeze
@ 2006-09-28 7:33 Arkadiusz Jałowiec
2006-09-28 9:41 ` Paolo Ornati
2006-09-29 12:38 ` Paolo Ornati
0 siblings, 2 replies; 13+ messages in thread
From: Arkadiusz Jałowiec @ 2006-09-28 7:33 UTC (permalink / raw)
To: linux-kernel, linux-usb-users
I have problem with kernels 2.6.x and I don't know what I do. My
computer always freeze with kernel 2.6.x (I test all kernel stable
versions with different distributions ). Computer work 2-6 hours and
crash. I can't do anything. My keyboard don't work. I've never had this
problem with kernel 2.4.x. I use linux about 2 years. I am not
programmer. Maybe I found bug ?
OOps:
ivalid opcode: 0000 [#1]
Modules linked in ppp_deflate zlib_deflate bsd_comp pppoatm ipv6
partport_pc partport snd_pcm_oss snd_mixer oss via_agp agpgart
ueagle_atm usbatm uhci_hcd ehci_hcd usbcore i2c_viapro 12c_core
snd_via82xx snd_ac97_code snd_mpu401_uart snd_rawmidi opt_LOG
snd_seq_device xt limit snd soundcore via_rhine mill xt_tcpudp xt_state
iptables_filter nls_iso8859-2 nls_cp852 ip_contract_irc ip_contract_ftp
xt_contract ip_contract ip_tables x_tables
CPU: 0
EIP: 0060: [<d0d184dc>] Not tainted VLI
EFLAGS: 00010003 (2.6.18#1)
EIP is at uhci_giveback_urb+0x59/0x126 [uhci_hcd]
eax: cefeeed1 ebx: cf3935a0 ecx: ce2a9bc0 edx: cf3935a0
esi: ce2a9bc0 edi: 00000000 epb: ce4933bc esp: c6b79f00
ds: 007b es: 007b ss:0068
Process removepkg (pid: 11084, ti=c6b78000 task=c126e560 task.ti=c6b78000)
Stack: 00000046 c9936060 cf3935a0 ce4933bc d0d17e17 00000000 cefeeed0
cf3935a0
ce2a9bc0 00000000 cefeeed0 d0d18627 c6b79fbc c6b79fbc cefeeed0 cf3935a0
00000009 c6b79fbc d0d18846 00000246 00000000 00000000 cefeed00 d0d192ad
Call Trace:
[<d0d17e17>] uhci_result_common+0xb7/0x146 [uhci_hcd]
[<d0d18627>] uhci_scan_qh+0x7e/0x174 [uhci_hcd]
[<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd]
[<d0d192ad>] uhci_irq+0xe8/0xf8 [uhci_hcd]
[<d0d365f8>] udb_hcd_irq+0x27/0x4e [usbcore]
[<c012c4c4>] handle_IRQ_event+0x21/0x47
[<c012c545>] do_IRQ+0x5b/0xa2
[<c0104106>] do_IRQ+0x40/0x4d
[<c0102c4a>] common_interrupt+0x1a/0x20
Code: 5c 89 57 2c 8b 40 44 c7 47 40 00 00 00 00 89
47 3c 8b 45 00 8b 55 04 89 02 89 50 04 89
6d 00 8d 47 18 89 6d 04 39 47 18 75
4b 0f <b6> 47 50 a8 02 88 44 24 08 74 3f 0f b6
46 20 8b 4e 20 ba fe ff
EIP: [<d0d184dc>] uhci_giveback_urb+0x59/0x126
[uhci_hcd] SS: ESP 0068: c6b79f00
<0> Kernel panic - not syncing: Fatal exception in interrupt
KSYMOOPS:
ksymoops 2.4.11 on i686 2.6.18. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.6.18/ (default)
-m /usr/src/linux/System.map (default)
Warning: You did not tell me where to find symbol information. I will
assume that the log matches the kernel and modules that are running
right now and I'll use the default options above for symbol resolution.
If the current kernel and/or modules do not match the log, you can get
more accurate output by telling me the kernel version and where to find
map, modules, ksyms etc. ksymoops -h explains the options.
Error (regular_file): read_ksyms stat /proc/ksyms failed
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
CPU: 0
EIP: 0060: [<d0d184dc>] Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010003 (2.6.18#1)
eax: cefeeed1 ebx: cf3935a0 ecx: ce2a9bc0 edx: cf3935a0
esi: ce2a9bc0 edi: 00000000 epb: ce4933bc esp: c6b79f00
Warning (Oops_set_regs): garbage 'epb: ce4933bc esp: c6b79f00' at end of
register line ignored
ds: 007b es: 007b ss:0068
Stack: 00000046 c9936060 cf3935a0 ce4933bc d0d17e17 00000000 cefeeed0
cf3935a0
ce2a9bc0 00000000 cefeeed0 d0d18627 c6b79fbc c6b79fbc cefeeed0
cf3935a0
00000009 c6b79fbc d0d18846 00000246 00000000 00000000 cefeed00
d0d192ad
Call Trace:
[<d0d17e17>] uhci_result_common+0xb7/0x146 [uhci_hcd]
[<d0d18627>] uhci_scan_qh+0x7e/0x174 [uhci_hcd]
[<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd]
[<d0d192ad>] uhci_irq+0xe8/0xf8 [uhci_hcd]
[<d0d365f8>] udb_hcd_irq+0x27/0x4e [usbcore]
[<c012c4c4>] handle_IRQ_event+0x21/0x47
[<c012c545>] do_IRQ+0x5b/0xa2
[<c0104106>] do_IRQ+0x40/0x4d
[<c0102c4a>] common_interrupt+0x1a/0x20
Code: 5c 89 57 2c 8b 40 44 c7 47 40 00 00 00 00 89 47 3c 8b
>>EIP; d0d184dc <pg0+109164dc/3fbfc400> <=====
>>eax; cefeeed1 <pg0+ebeced1/3fbfc400>
>>ebx; cf3935a0 <pg0+ef915a0/3fbfc400>
>>ecx; ce2a9bc0 <pg0+dea7bc0/3fbfc400>
>>edx; cf3935a0 <pg0+ef915a0/3fbfc400>
>>esi; ce2a9bc0 <pg0+dea7bc0/3fbfc400>
Trace; d0d17e17 <pg0+10915e17/3fbfc400>
Trace; d0d18627 <pg0+10916627/3fbfc400>
Trace; d0d18846 <pg0+10916846/3fbfc400>
Trace; d0d192ad <pg0+109172ad/3fbfc400>
Trace; d0d365f8 <pg0+109345f8/3fbfc400>
Trace; c012c4c4 <handle_IRQ_event+21/47>
Trace; c012c545 <__do_IRQ+5b/a2>
Trace; c0104106 <do_IRQ+40/4d>
Trace; c0102c4a <common_interrupt+1a/20>
Code; d0d184dc <pg0+109164dc/3fbfc400>
00000000 <_EIP>:
Code; d0d184dc <pg0+109164dc/3fbfc400> <=====
0: 5c pop %esp <=====
Code; d0d184dd <pg0+109164dd/3fbfc400>
1: 89 57 2c mov %edx,0x2c(%edi)
Code; d0d184e0 <pg0+109164e0/3fbfc400>
4: 8b 40 44 mov 0x44(%eax),%eax
Code; d0d184e3 <pg0+109164e3/3fbfc400>
7: c7 47 40 00 00 00 00 movl $0x0,0x40(%edi)
Code; d0d184ea <pg0+109164ea/3fbfc400>
e: 89 47 3c mov %eax,0x3c(%edi)
Code; d0d184ed <pg0+109164ed/3fbfc400>
11: 8b 00 mov (%eax),%eax
EIP: [<d0d184dc>] uhci_giveback_urb+0x59/0x126
<0> Kernel panic - not syncing: Fatal exception in interrupt
Warning (Oops_read): Code line not seen, dumping what data is available
>>EIP; d0d184dc <pg0+109164dc/3fbfc400> <=====
3 warnings and 1 error issued. Results may not be reliable.
CPUINFO:
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Celeron(R) CPU 2.20GHz
stepping : 7
cpu MHz : 2200.144
cache size : 128 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe
bogomips : 4403.03
IOMEM:
00000000-0009fbff : System RAM
0009fc00-0009ffff : reserved
000a0000-000bffff : Video RAM area
000c0000-000cebff : Video ROM
000f0000-000fffff : System ROM
00100000-0ffeffff : System RAM
00100000-002e0e24 : Kernel code
002e0e25-003aa737 : Kernel data
0fff0000-0fff2fff : ACPI Non-volatile Storage
0fff3000-0fffffff : ACPI Tables
d0000000-dfffffff : PCI Bus #01
d0000000-d7ffffff : 0000:01:00.0
d0000000-d3ffffff : vesafb
d8000000-d807ffff : 0000:01:00.0
d8080000-d809ffff : 0000:01:00.0
e0000000-e3ffffff : 0000:00:00.0
e4000000-e5ffffff : PCI Bus #01
e4000000-e4ffffff : 0000:01:00.0
e6000000-e600ffff : 0000:00:09.0
e6010000-e60100ff : 0000:00:10.3
e6010000-e60100ff : ehci_hcd
e6011000-e60110ff : 0000:00:12.0
e6011000-e60110ff : via-rhine
ffff0000-ffffffff : reserved
IOPORTS:
0000-001f : dma1
0020-0021 : pic1
0040-0043 : timer0
0050-0053 : timer1
0060-006f : keyboard
0080-008f : dma page reg
00a0-00a1 : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
01f0-01f7 : ide0
0376-0376 : ide1
0378-037a : parport0
03c0-03df : vesafb
03f2-03f5 : floppy
03f6-03f6 : ide0
03f7-03f7 : floppy DIR
0400-047f : 0000:00:11.0
0400-0403 : ACPI PM1a_EVT_BLK
0404-0405 : ACPI PM1a_CNT_BLK
0408-040b : ACPI PM_TMR
0410-0415 : ACPI CPU throttle
0420-0423 : ACPI GPE0_BLK
0500-050f : 0000:00:11.0
0500-0507 : vt596_smbus
0cf8-0cff : PCI conf1
d000-d007 : 0000:00:09.0
d400-d41f : 0000:00:10.0
d400-d41f : uhci_hcd
d800-d81f : 0000:00:10.1
d800-d81f : uhci_hcd
dc00-dc1f : 0000:00:10.2
dc00-dc1f : uhci_hcd
e000-e00f : 0000:00:11.1
e000-e007 : ide0
e008-e00f : ide1
e400-e4ff : 0000:00:11.5
e400-e4ff : VIA8233
ec00-ecff : 0000:00:12.0
ec00-ecff : via-rhine
LSPCI:
00:00.0 Host bridge: VIA Technologies, Inc. P4M266 Host Bridge
Subsystem: VIA Technologies, Inc. P4M266 Host Bridge
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort+ >SERR- <PERR-
Latency: 8
Region 0: Memory at e0000000 (32-bit, prefetchable) [size=64M]
Capabilities: [a0] AGP version 2.0
Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans-
64bit- FW- AGP3- Rate=x1,x2,x4
Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP- GART64- 64bit- FW- Rate=<none>
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:01.0 PCI bridge: VIA Technologies, Inc. VT8633 [Apollo Pro266 AGP]
(prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR+ FastB2B-
Status: Cap+ 66Mhz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort+ >SERR- <PERR-
Latency: 0
Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
I/O behind bridge: 0000f000-00000fff
Memory behind bridge: e4000000-e5ffffff
Prefetchable memory behind bridge: d0000000-dfffffff
BridgeCtl: Parity- SERR- NoISA+ VGA+ MAbort- >Reset- FastB2B-
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:09.0 Communication controller: Conexant HSF 56k HSFi Modem (rev 01)
Subsystem: Conexant Dynalink 56PMi
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin A routed to IRQ 3
Region 0: Memory at e6000000 (32-bit, non-prefetchable) [size=64K]
Region 1: I/O ports at d000 [size=8]
Capabilities: [40] Power Management version 2
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot+,D3cold+)
Status: D0 PME-Enable+ DSel=0 DScale=0 PME-
00:10.0 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1
Controller (rev 80) (prog-if 00 [UHCI])
Subsystem: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32, cache line size 08
Interrupt: pin A routed to IRQ 11
Region 4: I/O ports at d400 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.1 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1
Controller (rev 80) (prog-if 00 [UHCI])
Subsystem: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32, cache line size 08
Interrupt: pin B routed to IRQ 3
Region 4: I/O ports at d800 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.2 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1
Controller (rev 80) (prog-if 00 [UHCI])
Subsystem: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32, cache line size 08
Interrupt: pin C routed to IRQ 5
Region 4: I/O ports at dc00 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.3 USB Controller: VIA Technologies, Inc. USB 2.0 (rev 82) (prog-if
20 [EHCI])
Subsystem: VIA Technologies, Inc. USB 2.0
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32, cache line size 20
Interrupt: pin D routed to IRQ 11
Region 0: Memory at e6010000 (32-bit, non-prefetchable) [size=256]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:11.0 ISA bridge: VIA Technologies, Inc. VT8235 ISA Bridge
Subsystem: VIA Technologies, Inc. VT8235 ISA Bridge
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping+ SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 0
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:11.1 IDE interface: VIA Technologies, Inc.
VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 06)
(prog-if 8a [Master SecP PriP])
Subsystem: VIA Technologies, Inc.
VT82C586/B/VT82C686/A/B/VT8233/A/C/VT8235 PIPC Bus Master IDE
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin A routed to IRQ 11
Region 4: I/O ports at e000 [size=16]
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:11.5 Multimedia audio controller: VIA Technologies, Inc.
VT8233/A/8235/8237 AC97 Audio Controller (rev 50)
Subsystem: VIA Technologies, Inc. K7VT2 motherboard
Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Interrupt: pin C routed to IRQ 5
Region 0: I/O ports at e400 [size=256]
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:12.0 Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II]
(rev 74)
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32 (750ns min, 2000ns max), cache line size 08
Interrupt: pin A routed to IRQ 11
Region 0: I/O ports at ec00 [size=256]
Region 1: Memory at e6011000 (32-bit, non-prefetchable) [size=256]
Capabilities: [40] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
01:00.0 VGA compatible controller: nVidia Corporation NV17 [GeForce4 MX
440] (rev a3) (prog-if 00 [VGA])
Subsystem: Micro-Star International Co., Ltd.: Unknown device 8601
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32 (1250ns min, 250ns max)
Interrupt: pin A routed to IRQ 11
Region 0: Memory at e4000000 (32-bit, non-prefetchable) [size=16M]
Region 1: Memory at d0000000 (32-bit, prefetchable) [size=128M]
Region 2: Memory at d8000000 (32-bit, prefetchable) [size=512K]
Expansion ROM at d8080000 [disabled] [size=128K]
Capabilities: [60] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [44] AGP version 2.0
Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA- ITACoh- GART64- HTrans-
64bit- FW+ AGP3- Rate=x1,x2,x4
Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP- GART64- 64bit- FW- Rate=<none>
MOSULES:
parport_pc 24260 0 - Live 0xd0d68000
parport 23616 1 parport_pc, Live 0xd0d71000
snd_pcm_oss 40736 0 - Live 0xd0d53000
snd_mixer_oss 15872 1 snd_pcm_oss, Live 0xd0c91000
via_agp 9984 1 - Live 0xd0c63000
agpgart 32816 1 via_agp, Live 0xd0d5e000
ueagle_atm 25128 0 - Live 0xd0d12000
usbatm 17792 1 ueagle_atm, Live 0xd0d2a000
uhci_hcd 21516 0 - Live 0xd0d23000
ehci_hcd 26760 0 - Live 0xd0d1b000
usbcore 115844 5 ueagle_atm,usbatm,uhci_hcd,ehci_hcd, Live 0xd0d35000
i2c_viapro 8724 0 - Live 0xd0c52000
i2c_core 20368 1 i2c_viapro, Live 0xd0c8b000
snd_via82xx 25236 0 - Live 0xd0c5b000
snd_ac97_codec 84256 1 snd_via82xx, Live 0xd0c96000
snd_ac97_bus 2560 1 snd_ac97_codec, Live 0xd0c30000
snd_pcm 69896 3 snd_pcm_oss,snd_via82xx,snd_ac97_codec, Live 0xd0c67000
snd_timer 21636 1 snd_pcm, Live 0xd0c4b000
snd_page_alloc 10120 2 snd_via82xx,snd_pcm, Live 0xd0c18000
snd_mpu401_uart 7808 1 snd_via82xx, Live 0xd0c2b000
snd_rawmidi 22816 1 snd_mpu401_uart, Live 0xd0c44000
snd_seq_device 8204 1 snd_rawmidi, Live 0xd0c27000
snd 47844 9
snd_pcm_oss,snd_mixer_oss,snd_via82xx,snd_ac97_codec,snd_pcm,snd_timer,snd_mpu401_uart,snd_rawmidi,snd_seq_device,
Live 0xd0c37000
soundcore 9440 1 snd, Live 0xd0c1c000
via_rhine 22536 0 - Live 0xd0c20000
ipt_LOG 6400 2 - Live 0xd0c12000
mii 5632 1 via_rhine, Live 0xd0c15000
xt_limit 2944 2 - Live 0xd087e000
xt_tcpudp 3584 5 - Live 0xd0863000
xt_state 2432 3 - Live 0xd0865000
iptable_filter 3328 1 - Live 0xd0870000
nls_iso8859_2 4992 1 - Live 0xd086d000
nls_cp852 5248 1 - Live 0xd086a000
ip_conntrack_irc 7152 0 - Live 0xd0867000
ip_conntrack_ftp 7664 0 - Live 0xd0853000
xt_conntrack 2816 0 - Live 0xd0856000
ip_conntrack 44980 4
xt_state,ip_conntrack_irc,ip_conntrack_ftp,xt_conntrack, Live 0xd0872000
ip_tables 12760 1 iptable_filter, Live 0xd085e000
x_tables 13572 6
ipt_LOG,xt_limit,xt_tcpudp,xt_state,xt_conntrack,ip_tables, Live 0xd0859000
SCSI:
Attached devices:
VERSION:
Linux version 2.6.18 (root@darkstar) (gcc version 3.3.6) #1 Wed Sep 27
08:23:45 UTC 2006
----------------------------------------------------------------------
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: PROBLEM: Kernel 2.6.x freeze
2006-09-28 7:33 PROBLEM: Kernel 2.6.x freeze Arkadiusz Jałowiec
@ 2006-09-28 9:41 ` Paolo Ornati
2006-09-29 12:38 ` Paolo Ornati
1 sibling, 0 replies; 13+ messages in thread
From: Paolo Ornati @ 2006-09-28 9:41 UTC (permalink / raw)
To: Arkadiusz Jałowiec; +Cc: linux-kernel, linux-usb-users
On Thu, 28 Sep 2006 07:33:30 +0000
Arkadiusz Jalowiec <ajalowiec@interia.pl> wrote:
> I have problem with kernels 2.6.x and I don't know what I do. My
> computer always freeze with kernel 2.6.x (I test all kernel stable
> versions with different distributions ). Computer work 2-6 hours and
> crash. I can't do anything. My keyboard don't work. I've never had this
> problem with kernel 2.4.x. I use linux about 2 years. I am not
> programmer. Maybe I found bug ?
>
> OOps:
>
> ivalid opcode: 0000 [#1]
Maybe you have hardware problems?
Have you tried to run memtest86 and/or memtest86+ for many hours?
http://www.memtest86.com/
http://www.memtest.org/
--
Paolo Ornati
Linux 2.6.18 on x86_64
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: PROBLEM: Kernel 2.6.x freeze
2006-09-28 7:33 PROBLEM: Kernel 2.6.x freeze Arkadiusz Jałowiec
2006-09-28 9:41 ` Paolo Ornati
@ 2006-09-29 12:38 ` Paolo Ornati
2006-09-29 21:29 ` [Linux-usb-users] " Alan Stern
1 sibling, 1 reply; 13+ messages in thread
From: Paolo Ornati @ 2006-09-29 12:38 UTC (permalink / raw)
To: Arkadiusz Jałowiec; +Cc: linux-kernel, linux-usb-users
On Thu, 28 Sep 2006 07:33:30 +0000
Arkadiusz Jalowiec <ajalowiec@interia.pl> wrote:
> OOps:
>
> ivalid opcode: 0000 [#1]
> Modules linked in ppp_deflate zlib_deflate bsd_comp pppoatm ipv6
> partport_pc partport snd_pcm_oss snd_mixer oss via_agp agpgart
> ueagle_atm usbatm uhci_hcd ehci_hcd usbcore i2c_viapro 12c_core
> snd_via82xx snd_ac97_code snd_mpu401_uart snd_rawmidi opt_LOG
> snd_seq_device xt limit snd soundcore via_rhine mill xt_tcpudp xt_state
> iptables_filter nls_iso8859-2 nls_cp852 ip_contract_irc ip_contract_ftp
> xt_contract ip_contract ip_tables x_tables
>
> CPU: 0
> EIP: 0060: [<d0d184dc>] Not tainted VLI
> EFLAGS: 00010003 (2.6.18#1)
> EIP is at uhci_giveback_urb+0x59/0x126 [uhci_hcd]
> eax: cefeeed1 ebx: cf3935a0 ecx: ce2a9bc0 edx: cf3935a0
> esi: ce2a9bc0 edi: 00000000 epb: ce4933bc esp: c6b79f00
> ds: 007b es: 007b ss:0068
>
> Process removepkg (pid: 11084, ti=c6b78000 task=c126e560 task.ti=c6b78000)
>
> Stack: 00000046 c9936060 cf3935a0 ce4933bc d0d17e17 00000000 cefeeed0
> cf3935a0
> ce2a9bc0 00000000 cefeeed0 d0d18627 c6b79fbc c6b79fbc cefeeed0 cf3935a0
> 00000009 c6b79fbc d0d18846 00000246 00000000 00000000 cefeed00 d0d192ad
>
> Call Trace:
>
> [<d0d17e17>] uhci_result_common+0xb7/0x146 [uhci_hcd]
> [<d0d18627>] uhci_scan_qh+0x7e/0x174 [uhci_hcd]
> [<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd]
> [<d0d192ad>] uhci_irq+0xe8/0xf8 [uhci_hcd]
> [<d0d365f8>] udb_hcd_irq+0x27/0x4e [usbcore]
> [<c012c4c4>] handle_IRQ_event+0x21/0x47
> [<c012c545>] do_IRQ+0x5b/0xa2
> [<c0104106>] do_IRQ+0x40/0x4d
> [<c0102c4a>] common_interrupt+0x1a/0x20
>
> Code: 5c 89 57 2c 8b 40 44 c7 47 40 00 00 00 00 89
> 47 3c 8b 45 00 8b 55 04 89 02 89 50 04 89
> 6d 00 8d 47 18 89 6d 04 39 47 18 75
> 4b 0f <b6> 47 50 a8 02 88 44 24 08 74 3f 0f b6
> 46 20 8b 4e 20 ba fe ff
>
> EIP: [<d0d184dc>] uhci_giveback_urb+0x59/0x126
> [uhci_hcd] SS: ESP 0068: c6b79f00
> <0> Kernel panic - not syncing: Fatal exception in interrupt
Do you have copied the Oops by hand, right?
Can you send the ".config" for this 2.6.18?
I'm not an expert but...
This is how the code should look like (I've compiled 2.6.18 with gcc
3.3.6 + gentoo patches):
c02dd6a2: 74 5c je c02dd700 <uhci_giveback_urb+0xa0>
c02dd6a4: 0f b6 46 20 movzbl 0x20(%esi),%eax
c02dd6a8: 8b 4e 20 mov 0x20(%esi),%ecx
c02dd6ab: c7 04 24 fe ff ff ff movl $0xfffffffe,(%esp)
But we have:
500894: 74 3f je 5008d5 <_end+0x2d>
500896: 0f b6 46 20 movzbl 0x20(%rsi),%eax
50089a: 8b 4e 20 mov 0x20(%rsi),%ecx
50089d: ba .byte 0xba
50089e: fe (bad)
50089f: ff .byte 0xff
So "c7 04 24" turned into
"ba fe ff"
The funny thing is that "fe ff" comes just after "24" in the original
code...
Questions for LKML:
1) Isn't the kernel code write-protected at page level?
Or maybe is it only protected when "CONFIG_DEBUG_RODATA=y"?
2) In this case the "corrupted" memory is in a module, is/can also this
code be write-protected?
--
Paolo Ornati
Linux 2.6.18 on x86_64
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-09-29 12:38 ` Paolo Ornati
@ 2006-09-29 21:29 ` Alan Stern
2006-09-30 7:56 ` [Linux-usb-users[ " Arkadiusz Jałowiec
2006-09-30 12:14 ` [Linux-usb-users] " Paolo Ornati
0 siblings, 2 replies; 13+ messages in thread
From: Alan Stern @ 2006-09-29 21:29 UTC (permalink / raw)
To: Paolo Ornati; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users
On Fri, 29 Sep 2006, Paolo Ornati wrote:
> On Thu, 28 Sep 2006 07:33:30 +0000
> Arkadiusz Jalowiec <ajalowiec@interia.pl> wrote:
>
> > OOps:
> >
> > ivalid opcode: 0000 [#1]
> > CPU: 0
> > EIP: 0060: [<d0d184dc>] Not tainted VLI
> > EFLAGS: 00010003 (2.6.18#1)
> > EIP is at uhci_giveback_urb+0x59/0x126 [uhci_hcd]
> > eax: cefeeed1 ebx: cf3935a0 ecx: ce2a9bc0 edx: cf3935a0
> > esi: ce2a9bc0 edi: 00000000 epb: ce4933bc esp: c6b79f00
> > ds: 007b es: 007b ss:0068
> > Code: 5c 89 57 2c 8b 40 44 c7 47 40 00 00 00 00 89
> > 47 3c 8b 45 00 8b 55 04 89 02 89 50 04 89
> > 6d 00 8d 47 18 89 6d 04 39 47 18 75
> > 4b 0f <b6> 47 50 a8 02 88 44 24 08 74 3f 0f b6
> > 46 20 8b 4e 20 ba fe ff
> Can you send the ".config" for this 2.6.18?
Equally important, which version of gcc was used to compile the kernel?
Why are the angle brackets above around <b6>, when the preceding 0f byte
is the actual start of the instruction? Is that merely an artifact of the
way invalid opcode exceptions are reported, or is it an indication of what
went wrong?
> I'm not an expert but...
>
> This is how the code should look like (I've compiled 2.6.18 with gcc
> 3.3.6 + gentoo patches):
>
> c02dd6a2: 74 5c je c02dd700 <uhci_giveback_urb+0xa0>
> c02dd6a4: 0f b6 46 20 movzbl 0x20(%esi),%eax
> c02dd6a8: 8b 4e 20 mov 0x20(%esi),%ecx
> c02dd6ab: c7 04 24 fe ff ff ff movl $0xfffffffe,(%esp)
>
>
> But we have:
>
> 500894: 74 3f je 5008d5 <_end+0x2d>
> 500896: 0f b6 46 20 movzbl 0x20(%rsi),%eax
> 50089a: 8b 4e 20 mov 0x20(%rsi),%ecx
> 50089d: ba .byte 0xba
> 50089e: fe (bad)
> 50089f: ff .byte 0xff
>
>
> So "c7 04 24" turned into
> "ba fe ff"
What do you mean by "we have"? Where did your two disassembly listings
come from? The values in the oops message above don't match either of
your listings, at least not exactly.
> The funny thing is that "fe ff" comes just after "24" in the original
> code...
Arkadiusz, could you please run "objdump -d drivers/usb/host/uhci-hcd.o"
in your kernel source directory, and post the portion of the output for
the uhci_giveback_urb routine?
Alan Stern
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users[ PROBLEM: Kernel 2.6.x freeze
2006-09-29 21:29 ` [Linux-usb-users] " Alan Stern
@ 2006-09-30 7:56 ` Arkadiusz Jałowiec
2006-09-30 12:14 ` [Linux-usb-users] " Paolo Ornati
1 sibling, 0 replies; 13+ messages in thread
From: Arkadiusz Jałowiec @ 2006-09-30 7:56 UTC (permalink / raw)
To: Alan Stern, ornati, linux-kernel, linux-usb-users
Alan Stern wrote:
>
> Equally important, which version of gcc was used to compile the kernel?
>
My gcc version is:
gcc (GCC) 3.3.6
> Arkadiusz, could you please run "objdump -d drivers/usb/host/uhci-hcd.o"
> in your kernel source directory, and post the portion of the output for
> the uhci_giveback_urb routine?
00001483 <uhci_giveback_urb>:
1483: 55 push %ebp
1484: 57 push %edi
1485: 89 d7 mov %edx,%edi
1487: 56 push %esi
1488: 89 ce mov %ecx,%esi
148a: 53 push %ebx
148b: 83 ec 1c sub $0x1c,%esp
148e: 89 44 24 18 mov %eax,0x18(%esp)
1492: 83 7a 48 01 cmpl $0x1,0x48(%edx)
1496: 8b 69 04 mov 0x4(%ecx),%ebp
1499: 75 27 jne 14c2 <uhci_giveback_urb+0x3f>
149b: 8d 42 18 lea 0x18(%edx),%eax
149e: 8b 55 04 mov 0x4(%ebp),%edx
14a1: 39 c2 cmp %eax,%edx
14a3: 75 1d jne 14c2 <uhci_giveback_urb+0x3f>
14a5: 8b 45 00 mov 0x0(%ebp),%eax
14a8: 39 d0 cmp %edx,%eax
14aa: 74 16 je 14c2 <uhci_giveback_urb+0x3f>
14ac: 8b 40 08 mov 0x8(%eax),%eax
14af: 8d 50 5c lea 0x5c(%eax),%edx
14b2: 89 57 2c mov %edx,0x2c(%edi)
14b5: 8b 40 44 mov 0x44(%eax),%eax
14b8: c7 47 40 00 00 00 00 movl $0x0,0x40(%edi)
14bf: 89 47 3c mov %eax,0x3c(%edi)
14c2: 8b 45 00 mov 0x0(%ebp),%eax
14c5: 8b 55 04 mov 0x4(%ebp),%edx
14c8: 89 02 mov %eax,(%edx)
14ca: 89 50 04 mov %edx,0x4(%eax)
14cd: 89 6d 00 mov %ebp,0x0(%ebp)
14d0: 8d 47 18 lea 0x18(%edi),%eax
14d3: 89 6d 04 mov %ebp,0x4(%ebp)
14d6: 39 47 18 cmp %eax,0x18(%edi)
14d9: 75 4b jne 1526 <uhci_giveback_urb+0xa3>
14db: 0f b6 47 50 movzbl 0x50(%edi),%eax
14df: a8 02 test $0x2,%al
14e1: 88 44 24 08 mov %al,0x8(%esp)
14e5: 74 3f je 1526 <uhci_giveback_urb+0xa3>
14e7: 0f b6 46 20 movzbl 0x20(%esi),%eax
14eb: 8b 4e 20 mov 0x20(%esi),%ecx
14ee: ba fe ff ff ff mov $0xfffffffe,%edx
14f3: 24 80 and $0x80,%al
14f5: 0f 94 c3 sete %bl
14f8: c1 e9 0f shr $0xf,%ecx
14fb: 0f b6 db movzbl %bl,%ebx
14fe: 83 e1 0f and $0xf,%ecx
1501: 89 1c 24 mov %ebx,(%esp)
1504: 89 d8 mov %ebx,%eax
1506: d3 c2 rol %cl,%edx
1508: 8b 5e 1c mov 0x1c(%esi),%ebx
150b: 23 54 83 24 and 0x24(%ebx,%eax,4),%edx
150f: 0f b6 44 24 08 movzbl 0x8(%esp),%eax
1514: 83 e0 01 and $0x1,%eax
1517: d3 e0 shl %cl,%eax
1519: 09 c2 or %eax,%edx
151b: 8b 04 24 mov (%esp),%eax
151e: 89 54 83 24 mov %edx,0x24(%ebx,%eax,4)
1522: 80 67 50 fd andb $0xfd,0x50(%edi)
1526: 8b 44 24 18 mov 0x18(%esp),%eax
152a: 89 ea mov %ebp,%edx
152c: e8 fe f1 ff ff call 72f <uhci_free_urb_priv>
1531: 8b 47 48 mov 0x48(%edi),%eax
1534: 83 f8 01 cmp $0x1,%eax
1537: 74 07 je 1540 <uhci_giveback_urb+0xbd>
1539: 83 f8 03 cmp $0x3,%eax
153c: 74 12 je 1550 <uhci_giveback_urb+0xcd>
153e: eb 33 jmp 1573 <uhci_giveback_urb+0xf0>
1540: 83 7e 08 00 cmpl $0x0,0x8(%esi)
1544: 74 2d je 1573 <uhci_giveback_urb+0xf0>
1546: 8b 46 1c mov 0x1c(%esi),%eax
1549: b9 01 00 00 00 mov $0x1,%ecx
154e: eb 13 jmp 1563 <uhci_giveback_urb+0xe0>
1550: 8d 47 18 lea 0x18(%edi),%eax
1553: 39 47 18 cmp %eax,0x18(%edi)
1556: 75 14 jne 156c <uhci_giveback_urb+0xe9>
1558: 83 7e 08 00 cmpl $0x0,0x8(%esi)
155c: 74 0e je 156c <uhci_giveback_urb+0xe9>
155e: 8b 46 1c mov 0x1c(%esi),%eax
1561: 31 c9 xor %ecx,%ecx
1563: 89 f2 mov %esi,%edx
1565: e8 fc ff ff ff call 1566 <uhci_giveback_urb+0xe3>
156a: eb 07 jmp 1573 <uhci_giveback_urb+0xf0>
156c: c7 46 08 00 00 00 00 movl $0x0,0x8(%esi)
1573: 8b 44 24 18 mov 0x18(%esp),%eax
1577: 8b 4c 24 30 mov 0x30(%esp),%ecx
157b: 89 f2 mov %esi,%edx
157d: 2d d0 00 00 00 sub $0xd0,%eax
1582: e8 fc ff ff ff call 1583 <uhci_giveback_urb+0x100>
1587: 8d 47 18 lea 0x18(%edi),%eax
158a: 39 47 18 cmp %eax,0x18(%edi)
158d: 75 12 jne 15a1 <uhci_giveback_urb+0x11e>
158f: 89 fa mov %edi,%edx
1591: 8b 44 24 18 mov 0x18(%esp),%eax
1595: e8 4d f0 ff ff call 5e7 <uhci_unlink_qh>
159a: c7 47 38 00 00 00 00 movl $0x0,0x38(%edi)
15a1: 83 c4 1c add $0x1c,%esp
15a4: 5b pop %ebx
15a5: 5e pop %esi
15a6: 5f pop %edi
15a7: 5d pop %ebp
15a8: c3 ret
----------------------------------------------------------------------
Dziewczyny Paryza >>> http://link.interia.pl/f19a3
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-09-29 21:29 ` [Linux-usb-users] " Alan Stern
2006-09-30 7:56 ` [Linux-usb-users[ " Arkadiusz Jałowiec
@ 2006-09-30 12:14 ` Paolo Ornati
2006-09-30 15:49 ` Alan Stern
1 sibling, 1 reply; 13+ messages in thread
From: Paolo Ornati @ 2006-09-30 12:14 UTC (permalink / raw)
To: Alan Stern; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users
On Fri, 29 Sep 2006 17:29:04 -0400 (EDT)
Alan Stern <stern@rowland.harvard.edu> wrote:
> > But we have:
> >
> > 500894: 74 3f je 5008d5 <_end+0x2d>
> > 500896: 0f b6 46 20 movzbl 0x20(%rsi),%eax
> > 50089a: 8b 4e 20 mov 0x20(%rsi),%ecx
> > 50089d: ba .byte 0xba
> > 50089e: fe (bad)
> > 50089f: ff .byte 0xff
> >
> >
> > So "c7 04 24" turned into
> > "ba fe ff"
>
> What do you mean by "we have"? Where did your two disassembly listings
> come from? The values in the oops message above don't match either of
> your listings, at least not exactly.
Beacuse I'm an idiot :)
The first disassembed code comes from a 2.6.18 compiled with gcc 3.3.6
(but different config than Arkadiusz).
The second (and wrong one) comes from:
--- 1.c ---
char str[]={0x5c,0x89,0x57,0x2c,0x8b,0x40,0x44,0xc7,0x47,0x40,0x00,0x00,0x
00,0x00,0x89,0x47,0x3c,0x8b,0x45,0x00,0x8b,0x55,0x04,0x89,0x02,0x89,0x50,0
x04,0x89,0x6d,0x00,0x8d,0x47,0x18,0x89,0x6d,0x04,0x39,0x47,0x18,0x75,0x4b,
0x0f,0xb6,0x47,0x50,0xa8,0x02,0x88,0x44,0x24,0x08,0x74,0x3f,0x0f,0xb6,0x46
,0x20,0x8b,0x4e,0x20,0xba,0xfe,0xff};
void main(void){}
--------------
disassembled with "objdump -D".
The problem was that I'm on AMD64 and I've forgot to add "-m32" at gcc
options to produce a i386 executable ;)
This one should be correct:
00000000 <str>:
0: 5c pop %esp
1: 89 57 2c mov %edx,0x2c(%edi)
4: 8b 40 44 mov 0x44(%eax),%eax
7: c7 47 40 00 00 00 00 movl $0x0,0x40(%edi)
e: 89 47 3c mov %eax,0x3c(%edi)
11: 8b 45 00 mov 0x0(%ebp),%eax
14: 8b 55 04 mov 0x4(%ebp),%edx
17: 89 02 mov %eax,(%edx)
19: 89 50 04 mov %edx,0x4(%eax)
1c: 89 6d 00 mov %ebp,0x0(%ebp)
1f: 8d 47 18 lea 0x18(%edi),%eax
22: 89 6d 04 mov %ebp,0x4(%ebp)
25: 39 47 18 cmp %eax,0x18(%edi)
28: 75 4b jne 75 <main+0x75>
2a: 0f b6 47 50 movzbl 0x50(%edi),%eax
2e: a8 02 test $0x2,%al
30: 88 44 24 08 mov %al,0x8(%esp)
34: 74 3f je 75 <main+0x75>
36: 0f b6 46 20 movzbl 0x20(%esi),%eax <----- crash!
3a: 8b 4e 20 mov 0x20(%esi),%ecx
3d: ba .byte 0xba
3e: fe (bad)
3f: ff .byte 0xff
So now the problem is, as you pointed out, to discover why EIP is
pointing to "b6" intead of "0f".
--
Paolo Ornati
Linux 2.6.18 on x86_64
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-09-30 12:14 ` [Linux-usb-users] " Paolo Ornati
@ 2006-09-30 15:49 ` Alan Stern
2006-10-01 14:10 ` Paolo Ornati
0 siblings, 1 reply; 13+ messages in thread
From: Alan Stern @ 2006-09-30 15:49 UTC (permalink / raw)
To: Paolo Ornati; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users
On Sat, 30 Sep 2006, Paolo Ornati wrote:
> This one should be correct:
>
> 00000000 <str>:
> 0: 5c pop %esp
> 1: 89 57 2c mov %edx,0x2c(%edi)
> 4: 8b 40 44 mov 0x44(%eax),%eax
> 7: c7 47 40 00 00 00 00 movl $0x0,0x40(%edi)
> e: 89 47 3c mov %eax,0x3c(%edi)
> 11: 8b 45 00 mov 0x0(%ebp),%eax
> 14: 8b 55 04 mov 0x4(%ebp),%edx
> 17: 89 02 mov %eax,(%edx)
> 19: 89 50 04 mov %edx,0x4(%eax)
> 1c: 89 6d 00 mov %ebp,0x0(%ebp)
> 1f: 8d 47 18 lea 0x18(%edi),%eax
> 22: 89 6d 04 mov %ebp,0x4(%ebp)
> 25: 39 47 18 cmp %eax,0x18(%edi)
> 28: 75 4b jne 75 <main+0x75>
> 2a: 0f b6 47 50 movzbl 0x50(%edi),%eax
||
---> _This_ is where the crash occurred.
> 2e: a8 02 test $0x2,%al
> 30: 88 44 24 08 mov %al,0x8(%esp)
> 34: 74 3f je 75 <main+0x75>
> 36: 0f b6 46 20 movzbl 0x20(%esi),%eax <----- crash!
||
---> Not here.
> 3a: 8b 4e 20 mov 0x20(%esi),%ecx
> 3d: ba .byte 0xba
> 3e: fe (bad)
> 3f: ff .byte 0xff
The actual last instruction looks like this:
> 3d: ba fe ff ff ff mov $0xfffffffe,%edx
> So now the problem is, as you pointed out, to discover why EIP is
> pointing to "b6" intead of "0f".
Another problem: The oops message shows that edi = 0. So there should
have been an addressing exception in the line at offset 25, assuming the
CPU ran straight through this code.
Comparing the disassembly to the source code shows the instruction that
crashed was in this part of drivers/usb/host/uhci-q.c:uhci_giveback_urb()
/* Take the URB off the QH's queue. If the queue is now empty,
* this is a perfect time for a toggle fixup. */
list_del_init(&urbp->node);
if (list_empty(&qh->queue) && qh->needs_fixup) {
It was the fetch of qh->needs_fixup, which is a bitfield.
The alternative is that something caused a jump directly to the byte at
2b. Maybe a return address got corrupted on the stack; obviously there
aren't any direct jumps to that location. I don't have a clue how to
track this any further.
We can rule out the possibility that the kernel's object code was
corrupted. The dump in the oops message agrees exactly with the objdump
output.
The simplest answer is that Arkadiusz's CPU is a little flakey. But
that would be too easy.
Alan Stern
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-09-30 15:49 ` Alan Stern
@ 2006-10-01 14:10 ` Paolo Ornati
2006-10-02 21:47 ` Arkadiusz Jałowiec
0 siblings, 1 reply; 13+ messages in thread
From: Paolo Ornati @ 2006-10-01 14:10 UTC (permalink / raw)
To: Alan Stern; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users
On Sat, 30 Sep 2006 11:49:52 -0400 (EDT)
Alan Stern <stern@rowland.harvard.edu> wrote:
> The alternative is that something caused a jump directly to the byte at
> 2b. Maybe a return address got corrupted on the stack; obviously there
> aren't any direct jumps to that location. I don't have a clue how to
> track this any further.
>
> We can rule out the possibility that the kernel's object code was
> corrupted. The dump in the oops message agrees exactly with the objdump
> output.
>
> The simplest answer is that Arkadiusz's CPU is a little flakey. But
> that would be too easy.
Another crazy theory (based on my horrible experience with a
defective memory module):
There is an hard to trigger single bit error not detected by memtest
near (physical) memory address 6b79f00(ESP) (where the EIP has been
retrived causing the Oops).
In this case the physical address (at Kb 110055) can be skipped with
"memmap=1K$110055K" kernel boot option.
Arkadiusz, can you try to add that option to kernel command line (in
lilo or grub config)? You can check if you've done it right with
"dmesg | less"
At the begin there is the memory map provided by BIOS:
[ 0.000000] BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
[ 0.000000] BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
[ 0.000000] BIOS-e820: 00000000000e4000 - 0000000000100000 (reserved)
[ 0.000000] BIOS-e820: 0000000000100000 - 000000001ff30000 (usable)
[ 0.000000] BIOS-e820: 000000001ff30000 - 000000001ff40000 (ACPI data)
[ 0.000000] BIOS-e820: 000000001ff40000 - 000000001fff0000 (ACPI NVS)
[ 0.000000] BIOS-e820: 000000001fff0000 - 0000000020000000 (reserved)
[ 0.000000] BIOS-e820: 00000000fff80000 - 0000000100000000 (reserved)
Just after that there should be another memory map with an additional
line that marks the memory region [06B79C00 - 06B7A000] as reserved.
Then you can try again to make 2.6.18 crash.
And if the problem is still here I think that another kernel Oops text
can be useful: it can show if there is a common pattern (if you have a
digital camera you can take a screenshot of the screen avoiding the
hand-copy).
--
Paolo Ornati
Linux 2.6.18 on x86_64
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-10-01 14:10 ` Paolo Ornati
@ 2006-10-02 21:47 ` Arkadiusz Jałowiec
2006-10-03 19:52 ` Paolo Ornati
0 siblings, 1 reply; 13+ messages in thread
From: Arkadiusz Jałowiec @ 2006-10-02 21:47 UTC (permalink / raw)
To: Paolo Ornati, linux-kernel, linux-usb-users, stern
Paolo Ornati wrote:
> Another crazy theory (based on my horrible experience with a
> defective memory module):
>
I don't know, but I think this theory is possibly :(
> There is an hard to trigger single bit error not detected by memtest
> near (physical) memory address 6b79f00(ESP) (where the EIP has been
> retrived causing the Oops).
>
> In this case the physical address (at Kb 110055) can be skipped with
> "memmap=1K$110055K" kernel boot option.
>
I add to kernel command line this option and I boot my computer. dmesg
show me this:
Linux version 2.6.18 (root@darkstar) (gcc version 3.3.6) #1 Wed Sep 27
08:19:45 UTC 2006
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000000fff0000 (usable)
BIOS-e820: 000000000fff0000 - 000000000fff3000 (ACPI NVS)
BIOS-e820: 000000000fff3000 - 0000000010000000 (ACPI data)
BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved)
255MB LOWMEM available.
On node 0 totalpages: 65520
DMA zone: 4096 pages, LIFO batch:0
Normal zone: 61424 pages, LIFO batch:15
DMI 2.3 present.
ACPI: RSDP (v000 VIAP4X ) @ 0x000f62d0
ACPI: RSDT (v001 VIAP4X AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x0fff3000
ACPI: FADT (v001 VIAP4X AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x0fff3040
ACPI: DSDT (v001 VIAP4X AWRDACPI 0x00001000 MSFT 0x0100000d) @ 0x00000000
ACPI: PM-Timer IO Port: 0x408
Allocating PCI resources starting at 10000000 (gap: 06b7a000:f9486000)
Detected 2200.142 MHz processor.
Built 1 zonelists. Total pages: 65520
Kernel command line: root=/dev/hda5 vga=791 memmap=1K$110055K
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
PID hash table entries: 1024 (order: 10, 4096 bytes)
Console: colour dummy device 80x25
Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
Memory: 256220k/262080k available (1923k kernel code, 5364k reserved,
806k data, 156k init, 0k highmem)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
Calibrating delay using timer specific routine.. 4403.02 BogoMIPS
(lpj=2201512)
Mount-cache hash table entries: 512
CPU: After generic identify, caps: bfebf9ff 00000000 00000000 00000000
00000000 00000000 00000000
CPU: After vendor identify, caps: bfebf9ff 00000000 00000000 00000000
00000000 00000000 00000000
CPU: Trace cache: 12K uops, L1 D cache: 8K
CPU: L2 cache: 128K
CPU: After all inits, caps: bfebf9ff 00000000 00000000 00000080 00000000
00000000 00000000
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
CPU0: Intel P4/Xeon Extended MCE MSRs (12) available
Compat vDSO mapped to ffffe000.
CPU: Intel(R) Celeron(R) CPU 2.20GHz stepping 07
Checking 'hlt' instruction... OK.
ACPI: Core revision 20060707
ACPI: setting ELCR to 0200 (from 0a28)
NET: Registered protocol family 16
ACPI: bus type pci registered
PCI: PCI BIOS revision 2.10 entry at 0xfb290, last bus=1
PCI: Using configuration type 1
Setting up standard PCI resources
ACPI: Interpreter enabled
ACPI: Using PIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (0000:00)
PCI: Probing PCI hardware (bus 00)
PCI quirk: region 0400-047f claimed by vt8235 PM
PCI quirk: region 0500-050f claimed by vt8235 SMB
Boot video device is 0000:01:00.0
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Link [LNKA] (IRQs 1 3 4 5 6 7 10 *11 12 14 15)
ACPI: PCI Interrupt Link [LNKB] (IRQs 1 *3 4 5 6 7 10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKC] (IRQs 1 3 4 *5 6 7 10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKD] (IRQs 1 3 4 5 6 7 10 *11 12 14 15)
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI init
pnp: PnP ACPI: found 14 devices
SCSI subsystem initialized
PCI: Using ACPI for IRQ routing
PCI: If a device doesn't work, try "pci=routeirq". If it helps, post a
report
PCI: Bridge: 0000:00:01.0
IO window: disabled.
MEM window: e4000000-e5ffffff
PREFETCH window: d0000000-dfffffff
PCI: Setting latency timer of device 0000:00:01.0 to 64
NET: Registered protocol family 2
IP route cache hash table entries: 2048 (order: 1, 8192 bytes)
TCP established hash table entries: 8192 (order: 3, 32768 bytes)
TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
TCP: Hash tables configured (established 8192 bind 4096)
TCP reno registered
Machine check exception polling timer started.
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
fuse init (API version 7.7)
Initializing Cryptographic API
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
vesafb: framebuffer at 0xd0000000, mapped to 0xd0880000, using 3072k,
total 65536k
vesafb: mode is 1024x768x16, linelength=2048, pages=1
vesafb: protected mode interface info at c000:e700
vesafb: pmi: set display start = c00ce745, set palette = c00ce7ca
vesafb: pmi: ports = b4c3 b503 ba03 c003 c103 c403 c503 c603 c703 c803
c903 cc03 ce03 cf03 d003 d103 d203 d303 d403 d503 da03 ff03
vesafb: scrolling: redraw
vesafb: Truecolor: size=0:5:6:5, shift=0:11:5:0
Console: switching to colour frame buffer device 128x48
fb0: VESA VGA frame buffer device
ACPI: Power Button (FF) [PWRF]
ACPI: Power Button (CM) [PWRB]
ACPI: Sleep Button (CM) [SLPB]
ACPI: CPU0 (power states: C1[C1] C2[C2])
ACPI: Processor [CPU0] (supports 2 throttling states)
ACPI: Thermal Zone [THRM] (46 C)
ipmi message handler version 39.0
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
RAMDISK driver initialized: 16 RAM disks of 7777K size 1024 blocksize
loop: loaded (max 8 devices)
PPP generic driver version 2.4.2
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
VP_IDE: IDE controller at PCI slot 0000:00:11.1
ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 11
PCI: setting IRQ 11 as level-triggered
ACPI: PCI Interrupt 0000:00:11.1[A] -> Link [LNKA] -> GSI 11 (level,
low) -> IRQ 11
PCI: VIA IRQ fixup for 0000:00:11.1, from 255 to 11
VP_IDE: chipset revision 6
VP_IDE: not 100% native mode: will probe irqs later
VP_IDE: VIA vt8235 (rev 00) IDE UDMA133 controller on pci0000:00:11.1
ide0: BM-DMA at 0xe000-0xe007, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0xe008-0xe00f, BIOS settings: hdc:DMA, hdd:DMA
Probing IDE interface ide0...
hda: SAMSUNG SV4012H, ATA DISK drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Probing IDE interface ide1...
hdc: JLMS XJ-HD165H, ATAPI CD/DVD-ROM drive
hdd: LITE-ON LTR-48246S, ATAPI CD/DVD-ROM drive
ide1 at 0x170-0x177,0x376 on irq 15
hda: max request size: 128KiB
hda: 78242976 sectors (40060 MB) w/2048KiB Cache, CHS=65535/16/63, UDMA(33)
hda: cache flushes supported
hda: hda1 hda2 hda3 hda4 < hda5 hda6 >
hdc: ATAPI 48X DVD-ROM drive, 512kB Cache, UDMA(33)
Uniform CD-ROM driver Revision: 3.20
hdd: ATAPI 48X CD-ROM CD-R/RW drive, 2048kB Cache, UDMA(33)
ide-floppy driver 0.99.newide
PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
serio: i8042 AUX port at 0x60,0x64 irq 12
serio: i8042 KBD port at 0x60,0x64 irq 1
mice: PS/2 mouse device common for all mice
TCP bic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
NET: Registered protocol family 8
NET: Registered protocol family 20
Using IPI Shortcut mode
Time: tsc clocksource has been installed.
ACPI: (supports S0 S3 S4<6>Time: acpi_pm clocksource has been installed.
S5)
input: AT Translated Set 2 keyboard as /class/input/input0
ReiserFS: hda5: found reiserfs format "3.6" with standard journal
input: ImPS/2 Generic Wheel Mouse as /class/input/input1
ReiserFS: hda5: using ordered data mode
ReiserFS: hda5: journal params: device hda5, size 8192, journal first
block 18, max trans len 1024, max batch 900, max commit age 30, max
trans age 30
ReiserFS: hda5: checking transaction log (hda5)
ReiserFS: hda5: replayed 14 transactions in 0 seconds
ReiserFS: hda5: Using r5 hash to sort names
VFS: Mounted root (reiserfs filesystem) readonly.
Freeing unused kernel memory: 156k freed
Adding 265032k swap on /dev/hda6. Priority:-1 extents:1 across:265032k
ip_tables: (C) 2000-2006 Netfilter Core Team
ip_conntrack version 2.4 (2047 buckets, 16376 max) - 224 bytes per conntrack
via-rhine.c:v1.10-LK1.4.1 July-24-2006 Written by Donald Becker
ACPI: PCI Interrupt 0000:00:12.0[A] -> Link [LNKA] -> GSI 11 (level,
low) -> IRQ 11
eth0: VIA Rhine II at 0x1ec00, 00:e0:4c:8e:49:95, IRQ 11.
eth0: MII PHY found at address 1, status 0x7849 advertising 05e1 Link 0000.
ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 5
PCI: setting IRQ 5 as level-triggered
ACPI: PCI Interrupt 0000:00:11.5[C] -> Link [LNKC] -> GSI 5 (level, low)
-> IRQ 5
PCI: Setting latency timer of device 0000:00:11.5 to 64
usbcore: registered new driver usbfs
usbcore: registered new driver hub
ACPI: PCI Interrupt Link [LNKD] enabled at IRQ 11
ACPI: PCI Interrupt 0000:00:10.3[D] -> Link [LNKD] -> GSI 11 (level,
low) -> IRQ 11
ehci_hcd 0000:00:10.3: EHCI Host Controller
ehci_hcd 0000:00:10.3: new USB bus registered, assigned bus number 1
ehci_hcd 0000:00:10.3: irq 11, io mem 0xe6010000
ehci_hcd 0000:00:10.3: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 6 ports detected
USB Universal Host Controller Interface driver v3.0
ACPI: PCI Interrupt 0000:00:10.0[A] -> Link [LNKA] -> GSI 11 (level,
low) -> IRQ 11
uhci_hcd 0000:00:10.0: UHCI Host Controller
uhci_hcd 0000:00:10.0: new USB bus registered, assigned bus number 2
uhci_hcd 0000:00:10.0: irq 11, io base 0x0000d400
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 3
PCI: setting IRQ 3 as level-triggered
ACPI: PCI Interrupt 0000:00:10.1[B] -> Link [LNKB] -> GSI 3 (level, low)
-> IRQ 3
uhci_hcd 0000:00:10.1: UHCI Host Controller
uhci_hcd 0000:00:10.1: new USB bus registered, assigned bus number 3
uhci_hcd 0000:00:10.1: irq 3, io base 0x0000d800
usb usb3: configuration #1 chosen from 1 choice
hub 3-0:1.0: USB hub found
hub 3-0:1.0: 2 ports detected
usb 2-1: new full speed USB device using uhci_hcd and address 2
usb 2-1: configuration #1 chosen from 1 choice
ACPI: PCI Interrupt 0000:00:10.2[C] -> Link [LNKC] -> GSI 5 (level, low)
-> IRQ 5
uhci_hcd 0000:00:10.2: UHCI Host Controller
uhci_hcd 0000:00:10.2: new USB bus registered, assigned bus number 4
uhci_hcd 0000:00:10.2: irq 5, io base 0x0000dc00
usb usb4: configuration #1 chosen from 1 choice
hub 4-0:1.0: USB hub found
hub 4-0:1.0: 2 ports detected
[ueagle-atm] driver ueagle 1.3 loaded
usb 2-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9021) :
Eagle II
usb 2-1: reset full speed USB device using uhci_hcd and address 2
Linux agpgart interface v0.101 (c) Dave Jones
agpgart: Detected VIA P4M266x/P4N266 chipset
agpgart: AGP aperture is 64M @ 0xe0000000
usb 2-1: [ueagle-atm] using iso mode
usbcore: registered new driver ueagle-atm
usb 2-1: [ueagle-atm] (re)booting started
parport: PnPBIOS parport detected.
parport0: PC-style at 0x378, irq 7 [PCSPP(,...)]
usb 2-1: [ueagle-atm] modem operational
usb 2-1: [ueagle-atm] ATU-R firmware version : 44e2ea17
I was waiting about one hour and I have another oops. I copy oops
handy. [ I don't have a digital camera and I don't know person who wont
to me lend. Sorry !!!]
BUG: unable to handle kernel paging request at virtual address 000f9edf
printing epip
*pde=00000000
Ops: 0002 [#1]
Modules linked in: ppp_deflate zlib_deflate bsd_comp pppoatm ipv6
partport_pc partport snd_pcm_oss snd_mixer_oss via_agp agpgart uagle_atm
usbatm uhci_hcd ehci_hcd usbcore i2c_viapro i2c_core snd_via82xx
snd_ac97.codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc
snd_mpu_401_uart snd_rawmidi ipt_LOG snd_seq_device snd xt_limit
soundcore via_rhine mii xt_tcpudp xt_state iptables_filter nls_iso8859-2
nls_cp852 ip_contract_irc ip_contract_ftp xt_contract ip_contract
iptables x_tables
CPU: 0
EIP: 0060: [<d0d18140>] Not tainted VLI
EFLAGS: 00010083 (2.6.18 #1)
EIP is at uhci_result_isochronous+0x4f/0x131 [uhci_hcd]
eax: 000f9edf ebx: cf7b3600 edx:000f9edf edx:ceedfed0
esi:cf7b3600 edi:cba5c2a0 epb:ceedfed0 esp:c03adef8
ds:007b es:007b ss:0068
Process swapper (pid:0,ti=c03ac000 task=c03530a0 task.ti=c03ac000)
Stack: cf15e3a0 cba5c330 ce2caac0 ceedfed0 cf7b3600 ce2caac0 00000001
ceedfed0
d0d185d1 c03adfa4 ceedfed0 cf7b3600 00000001 c03adfa4 d0d1884b 00000246
00000000 00000000 ceedfe00 d0d192ad ceedfed0 c03adfa4 ceedfe00 00000000
Call Trace:
[<d0d185d1>] uhci_scan_qh+0x28/0x174 [uhci_hcd]
[<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd]
[<d0d192ad>] uhci_hcd_irq+0x27/0x4e [usbcore]
[<c012c4c4>] handle_IRQ_event+0x21/0x47
[<c012c545>]_do_IRQ+0x5b/0xa2
[<c0104106>] do_IRQ+0x40/04d
[<c0102c4a>] common_interrupt+0x1a/0x20
[<c021dfd1>] acpi_processor_idle+0x1c4/0x2c3
[<c01010c4>] cpu_idle+0x3f/0x5b
[<c03ae63b>] start_kernel+0x197/0x199
Code 83 ed 14 39 c2 89 6c 24 04 0f 84 f3 00 00 00 8b 46 3c 8b 54 24 0c
3b 42 70 78 0a b8 8d ff ff ff e9 e0 00 00 00 89 c1 8b 6c 24 0c <00> 20
7b 0f 00 00 00 00 69 7f e0 ff 00 00 00 00 00 20 7b 0f 14
EIP:[<cd0d18140>] uhci_result_isochronous+0x4f/0x131
[uhci_hcd] SS:ESP 0068:c03adef8
<0> Kernel panic - not syncing: Fatal excepition in interrupt
I run "objdump -d drivers/usb/host/uhci-hcd.o" and post the portion of
the output for: uhci_result_isochronous
000010f1 <uhci_result_isochronous>:
10f1: 55 push %ebp
10f2: 57 push %edi
10f3: 56 push %esi
10f4: 53 push %ebx
10f5: 83 ec 10 sub $0x10,%esp
10f8: 89 44 24 0c mov %eax,0xc(%esp)
10fc: 89 54 24 08 mov %edx,0x8(%esp)
1100: 8b 42 04 mov 0x4(%edx),%eax
1103: 89 04 24 mov %eax,(%esp)
1106: 8b 50 10 mov 0x10(%eax),%edx
1109: 8b 70 0c mov 0xc(%eax),%esi
110c: 83 c0 10 add $0x10,%eax
110f: 8d 7a ec lea 0xffffffec(%edx),%edi
1112: 8b 6f 14 mov 0x14(%edi),%ebp
1115: 83 ed 14 sub $0x14,%ebp
1118: 39 c2 cmp %eax,%edx
111a: 89 6c 24 04 mov %ebp,0x4(%esp)
111e: 0f 84 f3 00 00 00 je 1217
<uhci_result_isochronous+0x126>
1124: 8b 46 3c mov 0x3c(%esi),%eax
1127: 8b 54 24 0c mov 0xc(%esp),%edx
112b: 3b 42 70 cmp 0x70(%edx),%eax
112e: 78 0a js 113a
<uhci_result_isochronous+0x49>
1130: b8 8d ff ff ff mov $0xffffff8d,%eax
1135: e9 e0 00 00 00 jmp 121a
<uhci_result_isochronous+0x129>
113a: 89 c1 mov %eax,%ecx
113c: 8b 6c 24 0c mov 0xc(%esp),%ebp
1140: 81 e1 ff 03 00 00 and $0x3ff,%ecx
1146: 8b 45 58 mov 0x58(%ebp),%eax
1149: 8b 1c 88 mov (%eax,%ecx,4),%ebx
114c: 85 db test %ebx,%ebx
114e: 74 35 je 1185
<uhci_result_isochronous+0x94>
1150: 8b 43 24 mov 0x24(%ebx),%eax
1153: 8b 55 54 mov 0x54(%ebp),%edx
1156: 8b 40 e0 mov 0xffffffe0(%eax),%eax
1159: 89 04 8a mov %eax,(%edx,%ecx,4)
115c: 8b 45 58 mov 0x58(%ebp),%eax
115f: 8d 6b 20 lea 0x20(%ebx),%ebp
1162: c7 04 88 00 00 00 00 movl $0x0,(%eax,%ecx,4)
1169: 39 6b 20 cmp %ebp,0x20(%ebx)
116c: 74 17 je 1185
<uhci_result_isochronous+0x94>
116e: 8b 43 24 mov 0x24(%ebx),%eax
1171: 8b 48 04 mov 0x4(%eax),%ecx
1174: 8b 10 mov (%eax),%edx
1176: 89 11 mov %edx,(%ecx)
1178: 89 4a 04 mov %ecx,0x4(%edx)
117b: 89 00 mov %eax,(%eax)
117d: 39 6b 20 cmp %ebp,0x20(%ebx)
1180: 89 40 04 mov %eax,0x4(%eax)
1183: 75 e9 jne 116e
<uhci_result_isochronous+0x7d>
1185: 8b 5f 04 mov 0x4(%edi),%ebx
1188: f7 c3 00 00 80 00 test $0x800000,%ebx
118e: b9 ee ff ff ff mov $0xffffffee,%ecx
1193: 75 3d jne 11d2
<uhci_result_isochronous+0xe1>
1195: 8b 44 24 08 mov 0x8(%esp),%eax
1199: 8b 50 20 mov 0x20(%eax),%edx
119c: 89 d8 mov %ebx,%eax
119e: c1 ea 07 shr $0x7,%edx
11a1: 25 00 00 f6 00 and $0xf60000,%eax
11a6: 83 f2 01 xor $0x1,%edx
11a9: 83 e2 01 and $0x1,%edx
11ac: e8 fc f5 ff ff call 7ad <uhci_map_status>
11b1: 89 c1 mov %eax,%ecx
11b3: 8b 54 24 08 mov 0x8(%esp),%edx
11b7: 8d 43 01 lea 0x1(%ebx),%eax
11ba: 25 ff 07 00 00 and $0x7ff,%eax
11bf: 01 42 38 add %eax,0x38(%edx)
11c2: 85 c9 test %ecx,%ecx
11c4: 8b 56 2c mov 0x2c(%esi),%edx
11c7: 89 42 08 mov %eax,0x8(%edx)
11ca: 8b 46 2c mov 0x2c(%esi),%eax
11cd: 89 48 0c mov %ecx,0xc(%eax)
11d0: 74 0a je 11dc
<uhci_result_isochronous+0xeb>
11d2: 8b 6c 24 08 mov 0x8(%esp),%ebp
11d6: ff 45 50 incl 0x50(%ebp)
11d9: 89 4e 40 mov %ecx,0x40(%esi)
11dc: 89 f8 mov %edi,%eax
11de: e8 71 ef ff ff call 154 <uhci_remove_td_from_urbp>
11e3: 89 fa mov %edi,%edx
11e5: 8b 44 24 0c mov 0xc(%esp),%eax
11e9: e8 e6 ee ff ff call d4 <uhci_free_td>
11ee: 83 46 2c 10 addl $0x10,0x2c(%esi)
11f2: 8b 46 38 mov 0x38(%esi),%eax
11f5: 01 46 3c add %eax,0x3c(%esi)
11f8: 8b 7c 24 04 mov 0x4(%esp),%edi
11fc: 8b 47 14 mov 0x14(%edi),%eax
11ff: 8d 57 14 lea 0x14(%edi),%edx
1202: 83 e8 14 sub $0x14,%eax
1205: 89 44 24 04 mov %eax,0x4(%esp)
1209: 8b 04 24 mov (%esp),%eax
120c: 83 c0 10 add $0x10,%eax
120f: 39 c2 cmp %eax,%edx
1211: 0f 85 0d ff ff ff jne 1124
<uhci_result_isochronous+0x33>
1217: 8b 46 40 mov 0x40(%esi),%eax
121a: 83 c4 10 add $0x10,%esp
121d: 5b pop %ebx
121e: 5e pop %esi
121f: 5f pop %edi
1220: 5d pop %ebp
1221: c3 ret
----------------------------------------------------------------------
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-10-02 21:47 ` Arkadiusz Jałowiec
@ 2006-10-03 19:52 ` Paolo Ornati
2006-10-03 20:34 ` Alan Stern
0 siblings, 1 reply; 13+ messages in thread
From: Paolo Ornati @ 2006-10-03 19:52 UTC (permalink / raw)
To: Arkadiusz Jałowiec; +Cc: linux-kernel, linux-usb-users, stern
On Mon, 02 Oct 2006 23:47:06 +0200
Arkadiusz Jalowiec <ajalowiec@interia.pl> wrote:
> BUG: unable to handle kernel paging request at virtual address 000f9edf
> printing epip
> *pde=00000000
> Ops: 0002 [#1]
> Modules linked in: ppp_deflate zlib_deflate bsd_comp pppoatm ipv6
> partport_pc partport snd_pcm_oss snd_mixer_oss via_agp agpgart uagle_atm
> usbatm uhci_hcd ehci_hcd usbcore i2c_viapro i2c_core snd_via82xx
> snd_ac97.codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc
> snd_mpu_401_uart snd_rawmidi ipt_LOG snd_seq_device snd xt_limit
> soundcore via_rhine mii xt_tcpudp xt_state iptables_filter nls_iso8859-2
> nls_cp852 ip_contract_irc ip_contract_ftp xt_contract ip_contract
> iptables x_tables
> CPU: 0
> EIP: 0060: [<d0d18140>] Not tainted VLI
> EFLAGS: 00010083 (2.6.18 #1)
> EIP is at uhci_result_isochronous+0x4f/0x131 [uhci_hcd]
> eax: 000f9edf ebx: cf7b3600 edx:000f9edf edx:ceedfed0
> esi:cf7b3600 edi:cba5c2a0 epb:ceedfed0 esp:c03adef8
> ds:007b es:007b ss:0068
>
> Process swapper (pid:0,ti=c03ac000 task=c03530a0 task.ti=c03ac000)
> Stack: cf15e3a0 cba5c330 ce2caac0 ceedfed0 cf7b3600 ce2caac0 00000001
> ceedfed0
> d0d185d1 c03adfa4 ceedfed0 cf7b3600 00000001 c03adfa4 d0d1884b 00000246
> 00000000 00000000 ceedfe00 d0d192ad ceedfed0 c03adfa4 ceedfe00 00000000
>
> Call Trace:
> [<d0d185d1>] uhci_scan_qh+0x28/0x174 [uhci_hcd]
> [<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd]
> [<d0d192ad>] uhci_hcd_irq+0x27/0x4e [usbcore]
> [<c012c4c4>] handle_IRQ_event+0x21/0x47
> [<c012c545>]_do_IRQ+0x5b/0xa2
> [<c0104106>] do_IRQ+0x40/04d
> [<c0102c4a>] common_interrupt+0x1a/0x20
> [<c021dfd1>] acpi_processor_idle+0x1c4/0x2c3
> [<c01010c4>] cpu_idle+0x3f/0x5b
> [<c03ae63b>] start_kernel+0x197/0x199
>
> Code 83 ed 14 39 c2 89 6c 24 04 0f 84 f3 00 00 00 8b 46 3c 8b 54 24 0c
> 3b 42 70 78 0a b8 8d ff ff ff e9 e0 00 00 00 89 c1 8b 6c 24 0c <00> 20
> 7b 0f 00 00 00 00 69 7f e0 ff 00 00 00 00 00 20 7b 0f 14
>
> EIP:[<cd0d18140>] uhci_result_isochronous+0x4f/0x131
> [uhci_hcd] SS:ESP 0068:c03adef8
> <0> Kernel panic - not syncing: Fatal excepition in interrupt
>
> I run "objdump -d drivers/usb/host/uhci-hcd.o" and post the portion of
> the output for: uhci_result_isochronous
>
> 000010f1 <uhci_result_isochronous>:
[CUT]
> 1115: 83 ed 14 sub $0x14,%ebp
> 1118: 39 c2 cmp %eax,%edx
> 111a: 89 6c 24 04 mov %ebp,0x4(%esp)
> 111e: 0f 84 f3 00 00 00 je 1217
> <uhci_result_isochronous+0x126>
> 1124: 8b 46 3c mov 0x3c(%esi),%eax
> 1127: 8b 54 24 0c mov 0xc(%esp),%edx
> 112b: 3b 42 70 cmp 0x70(%edx),%eax
> 112e: 78 0a js 113a
> <uhci_result_isochronous+0x49>
> 1130: b8 8d ff ff ff mov $0xffffff8d,%eax
> 1135: e9 e0 00 00 00 jmp 121a
> <uhci_result_isochronous+0x129>
> 113a: 89 c1 mov %eax,%ecx
> 113c: 8b 6c 24 0c mov 0xc(%esp),%ebp
> 1140: 81 e1 ff 03 00 00 and $0x3ff,%ecx
||
----> EIP points here
> 1146: 8b 45 58 mov 0x58(%ebp),%eax
> 1149: 8b 1c 88 mov (%eax,%ecx,4),%ebx
> 114c: 85 db test %ebx,%ebx
> 114e: 74 35 je 1185
> <uhci_result_isochronous+0x94>
> 1150: 8b 43 24 mov 0x24(%ebx),%eax
> 1153: 8b 55 54 mov 0x54(%ebp),%edx
> 1156: 8b 40 e0 mov 0xffffffe0(%eax),%eax
> 1159: 89 04 8a mov %eax,(%edx,%ecx,4)
The assembly extracted by the dumped code is:
0: 83 ed 14 sub $0x14,%ebp
3: 39 c2 cmp %eax,%edx
5: 89 6c 24 04 mov %ebp,0x4(%esp)
9: 0f 84 f3 00 00 00 je 102 <str+0x102>
f: 8b 46 3c mov 0x3c(%esi),%eax
12: 8b 54 24 0c mov 0xc(%esp),%edx
16: 3b 42 70 cmp 0x70(%edx),%eax
19: 78 0a js 25 <str+0x25>
1b: b8 8d ff ff ff mov $0xffffff8d,%eax
20: e9 e0 00 00 00 jmp 105 <str+0x105>
25: 89 c1 mov %eax,%ecx
27: 8b 6c 24 0c mov 0xc(%esp),%ebp
2b: 00 20 add %ah,(%eax)
||
----> EIP points here
2d: 7b 0f jnp 3e <str+0x3e>
2f: 00 00 add %al,(%eax)
31: 00 00 add %al,(%eax)
33: 69 7f e0 ff 00 00 00 imul $0xff,0xffffffe0(%edi),%edi
3a: 00 00 add %al,(%eax)
3c: 20 7b 0f and %bh,0xf(%ebx)
3f: 14
The code dumped from memory matches the original one up to, and not
including, the failing istruction. From that point the code is
different.
The failure is only a natural consequence of:
add %ah,(%eax)
with "eax" pointing to 000f9edf, that belongs to the BIOS reserved
memory region...
The real problem is that the code starting from "0xcd0d18140" has been
overwritten by something :(
Another thing: both panics happened in interrupt context and both times
uhci driver is involved.
And this is the data that has overwritten the code:
00 20 7b 0f 00 00 00 00 69 7f e0 ff 00 00 00 00 00 20 7b 0f 14
^^^^^^^^^^^ ^^^^^^^^^^^
Maybe someone have an idea of where does this data come from?
To me it looks like a struct with ints / pointers:
{
0x0f7b2000,
NULL,
0xffe07f69,
NULL,
0x0f7b2000,
0x......14
}
Maybe this will ring some bells...
--
Paolo Ornati
Linux 2.6.18 on x86_64
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-10-03 19:52 ` Paolo Ornati
@ 2006-10-03 20:34 ` Alan Stern
2006-10-04 7:14 ` Paolo Ornati
0 siblings, 1 reply; 13+ messages in thread
From: Alan Stern @ 2006-10-03 20:34 UTC (permalink / raw)
To: Paolo Ornati; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users
On Tue, 3 Oct 2006, Paolo Ornati wrote:
> The code dumped from memory matches the original one up to, and not
> including, the failing istruction. From that point the code is
> different.
>
>
> The failure is only a natural consequence of:
>
> add %ah,(%eax)
>
> with "eax" pointing to 000f9edf, that belongs to the BIOS reserved
> memory region...
>
>
> The real problem is that the code starting from "0xcd0d18140" has been
> overwritten by something :(
>
>
> Another thing: both panics happened in interrupt context and both times
> uhci driver is involved.
I wonder whether the code in question was supposed to be running at all.
Arkadiusz, what sort of USB devices do you have attached to the computer?
What does /proc/bus/usb/devices say (you may need to do "mount -t usbfs
none /proc/bus/usb" before you can see the file)?
> And this is the data that has overwritten the code:
>
> 00 20 7b 0f 00 00 00 00 69 7f e0 ff 00 00 00 00 00 20 7b 0f 14
> ^^^^^^^^^^^ ^^^^^^^^^^^
>
>
> Maybe someone have an idea of where does this data come from?
In principle that data could be coming from anywhere. It doesn't have to
be related at all to uhci-hcd.
If you move the USB devices over to another Linux computer, does the new
computer then have the same problem?
Alan Stern
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-10-03 20:34 ` Alan Stern
@ 2006-10-04 7:14 ` Paolo Ornati
2006-10-04 7:16 ` Paolo Ornati
0 siblings, 1 reply; 13+ messages in thread
From: Paolo Ornati @ 2006-10-04 7:14 UTC (permalink / raw)
To: Alan Stern; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users
On Tue, 3 Oct 2006 16:34:51 -0400 (EDT)
Alan Stern <stern@rowland.harvard.edu> wrote:
> I wonder whether the code in question was supposed to be running at all.
> Arkadiusz, what sort of USB devices do you have attached to the computer?
He of course has an ADSL USB modem (sice he uses uEagle-ATM driver)...
So one obvious test that Arkadiusz can make is to try to crash 2.6.18
without using his modem: just detach the USB cable before boot so the
driver isn't loaded (and even if it's loaded by a "modprobe" in
init scripts, it can't do much).
--
Paolo Ornati
Linux 2.6.18 on x86_64
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze
2006-10-04 7:14 ` Paolo Ornati
@ 2006-10-04 7:16 ` Paolo Ornati
0 siblings, 0 replies; 13+ messages in thread
From: Paolo Ornati @ 2006-10-04 7:16 UTC (permalink / raw)
To: Paolo Ornati
Cc: Alan Stern, Arkadiusz Jałowiec, linux-kernel, linux-usb-users
On Wed, 4 Oct 2006 09:14:19 +0200
Paolo Ornati <ornati@fastwebnet.it> wrote:
> So one obvious test that Arkadiusz can make is to try to crash 2.6.18
> without using his modem: just detach the USB cable before boot so the
> driver isn't loaded (and even if it's loaded by a "modprobe" in
> init scripts, it can't do much).
Note for Arkadiusz: you don't have to stay on the textual console to
capture another Oops. Do whatever you want and just tell if it crash or
not.
--
Paolo Ornati
Linux 2.6.18 on x86_64
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2006-10-04 7:19 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-09-28 7:33 PROBLEM: Kernel 2.6.x freeze Arkadiusz Jałowiec
2006-09-28 9:41 ` Paolo Ornati
2006-09-29 12:38 ` Paolo Ornati
2006-09-29 21:29 ` [Linux-usb-users] " Alan Stern
2006-09-30 7:56 ` [Linux-usb-users[ " Arkadiusz Jałowiec
2006-09-30 12:14 ` [Linux-usb-users] " Paolo Ornati
2006-09-30 15:49 ` Alan Stern
2006-10-01 14:10 ` Paolo Ornati
2006-10-02 21:47 ` Arkadiusz Jałowiec
2006-10-03 19:52 ` Paolo Ornati
2006-10-03 20:34 ` Alan Stern
2006-10-04 7:14 ` Paolo Ornati
2006-10-04 7:16 ` Paolo Ornati
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).