From: Duncan Sands <baldrick@free.fr>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: David Brownell <david-b@pacbell.net>, Vince <fuzzy77@free.fr>,
"Randy.Dunlap" <rddunlap@osdl.org>, <mfedyk@matchmail.com>,
<zwane@holomorphy.com>, <linux-kernel@vger.kernel.org>,
USB development list <linux-usb-devel@lists.sourceforge.net>,
Greg KH <greg@kroah.com>
Subject: Re: [linux-usb-devel] Re: [OOPS, usbcore, releaseintf] 2.6.0-test10-mm1
Date: Tue, 9 Dec 2003 22:12:51 +0100 [thread overview]
Message-ID: <200312092212.51627.baldrick@free.fr> (raw)
In-Reply-To: <Pine.LNX.4.44L0.0312091037070.1033-100000@ida.rowland.org>
> > EIP is at hcd_pci_release+0x19/0x20 [usbcore]
> I don't understand this stack dump. The EIP address is _after the end_ of
> hcd_pci_release, as you can see from the fact that the following code is
> nothing but a long string of NOPs.
Hi Alan, I'm not sure what you mean. 0x19/0x20 seems to be inside the code
to me :) On my machine, this is what it corresponds to:
static void hcd_pci_release(struct usb_bus *bus)
{
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: 83 ec 04 sub $0x4,%esp
struct usb_hcd *hcd = bus->hcpriv;
6: 8b 45 08 mov 0x8(%ebp),%eax
9: 8b 50 30 mov 0x30(%eax),%edx
if (hcd)
c: 85 d2 test %edx,%edx
e: 74 0c je 1c <hcd_pci_release+0x1c>
hcd->driver->hcd_free(hcd);
10: 8b 82 38 01 00 00 mov 0x138(%edx),%eax
16: 89 14 24 mov %edx,(%esp,1)
19: ff 50 28 call *0x28(%eax) <= HERE
}
1c: c9 leave
1d: c3 ret
1e: 89 f6 mov %esi,%esi
So if Vince's disassembly is the same, the problem is that
hcd->driver or hcd->driver->hcd_free is stuffed.
> Also, I don't understand the cause of
> the oops. What does the PREEMPT mean? There's no indication that a null
> pointer was dereferenced. None of the registers contains 0.
I guess PREEMPT means it's a kernel with preempt support. There is
indeed no indication that a NULL pointer was dereferenced. Maybe it
is use-after-free.
> But if you think that's the problem, try adding a printk to
> hcd_pci_release to display the values of bus, hcd->driver, and
> hcd->driver->hcd_free. Knowing which one is NULL ought to help your
> analysis.
I will send Vince a patch.
Ciao,
Duncan.
next prev parent reply other threads:[~2003-12-09 21:12 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-26 16:51 [kernel panic @ reboot] 2.6.0-test10-mm1 Vince
2003-11-26 17:16 ` Zwane Mwaikambo
2003-11-26 17:34 ` Vince
2003-11-26 17:35 ` Randy.Dunlap
2003-11-26 17:40 ` Zwane Mwaikambo
2003-11-26 17:54 ` Vince
2003-11-26 18:18 ` Zwane Mwaikambo
2003-11-26 23:37 ` Mike Fedyk
2003-11-26 23:41 ` Vince
2003-12-03 0:03 ` Randy.Dunlap
2003-12-03 0:31 ` Mike Fedyk
2003-12-03 0:27 ` Randy.Dunlap
2003-12-03 13:28 ` Vince
2003-12-03 19:12 ` Zwane Mwaikambo
2003-12-04 1:01 ` Vince
2003-12-04 1:34 ` Mike Fedyk
2003-12-04 4:11 ` Randy.Dunlap
2003-12-04 10:59 ` [OOPS, usbcore, releaseintf] 2.6.0-test10-mm1 Vince
2003-12-04 11:14 ` Duncan Sands
2003-12-04 16:57 ` Randy.Dunlap
2003-12-05 7:38 ` Duncan Sands
2003-12-05 10:11 ` Vince
2003-12-05 10:18 ` Duncan Sands
2003-12-05 10:34 ` Vince
2003-12-07 0:25 ` Duncan Sands
2003-12-07 21:09 ` Vince
2003-12-07 21:24 ` Duncan Sands
2003-12-07 22:24 ` Vince
2003-12-07 22:54 ` Vince
2003-12-08 10:10 ` Duncan Sands
2003-12-08 16:03 ` [linux-usb-devel] " David Brownell
2003-12-08 16:15 ` Duncan Sands
2003-12-08 16:31 ` Alan Stern
2003-12-08 17:20 ` David Brownell
2003-12-08 17:59 ` Duncan Sands
2003-12-08 18:35 ` Alan Stern
2003-12-08 19:53 ` Duncan Sands
2003-12-08 21:32 ` Alan Stern
2003-12-08 21:55 ` Duncan Sands
2003-12-08 23:09 ` Alan Stern
2003-12-09 10:23 ` Duncan Sands
2003-12-09 15:55 ` Alan Stern
2003-12-09 20:36 ` Duncan Sands
2003-12-09 10:36 ` Duncan Sands
2003-12-09 16:08 ` Alan Stern
2003-12-09 20:24 ` Duncan Sands
2003-12-09 10:49 ` Duncan Sands
2003-12-09 15:47 ` Alan Stern
2003-12-09 21:12 ` Duncan Sands [this message]
2003-12-09 21:58 ` Alan Stern
2003-12-09 22:07 ` Duncan Sands
2003-12-09 22:25 ` David Brownell
2003-12-09 22:33 ` Duncan Sands
2003-12-10 3:12 ` David Brownell
2003-12-10 3:43 ` Alan Stern
2003-12-10 13:12 ` Duncan Sands
2003-12-10 15:13 ` Alan Stern
2003-12-10 15:30 ` Greg KH
2003-12-10 16:02 ` Duncan Sands
2003-12-10 20:53 ` Greg KH
2003-12-11 8:49 ` Duncan Sands
2003-12-11 9:23 ` Greg KH
2003-12-11 9:29 ` Duncan Sands
2003-12-10 17:25 ` Alan Stern
2003-12-10 20:46 ` Greg KH
2003-12-10 21:08 ` Greg KH
2003-12-11 2:10 ` Vince
2003-12-11 6:46 ` Greg KH
2003-12-10 22:08 ` Alan Stern
2003-12-11 6:47 ` Greg KH
2003-12-10 4:31 ` Vince
2003-12-10 1:49 ` Greg KH
2003-12-10 13:22 ` Duncan Sands
2003-12-10 16:20 ` Oliver Neukum
2003-12-10 16:49 ` Duncan Sands
2003-12-10 16:58 ` Oliver Neukum
2003-12-11 9:45 ` Duncan Sands
2003-12-11 10:19 ` Oliver Neukum
2003-12-11 21:43 ` Duncan Sands
2003-12-11 22:57 ` Oliver Neukum
2003-12-11 23:30 ` Duncan Sands
2003-12-12 0:02 ` David Brownell
2003-12-10 17:34 ` David Brownell
2003-12-10 17:54 ` Duncan Sands
2003-12-10 18:19 ` Alan Stern
2003-12-11 9:36 ` Duncan Sands
2003-12-11 15:19 ` Alan Stern
2003-12-11 21:23 ` Duncan Sands
2003-12-12 15:46 ` Alan Stern
2003-12-11 21:29 ` Duncan Sands
2003-12-12 16:18 ` Alan Stern
2003-12-12 18:37 ` David Brownell
2003-12-12 19:17 ` Alan Stern
2003-12-12 19:45 ` David Brownell
2003-12-12 20:48 ` Alan Stern
2003-12-12 21:01 ` Oliver Neukum
2003-12-12 21:27 ` Alan Stern
2003-12-12 23:36 ` Oliver Neukum
2003-12-13 1:10 ` Alan Stern
2003-12-13 11:52 ` Oliver Neukum
2003-12-12 18:50 ` Oliver Neukum
2003-12-10 19:43 ` David Brownell
2003-12-11 9:21 ` Duncan Sands
2003-12-10 17:21 ` David Brownell
2003-12-11 9:42 ` Duncan Sands
2003-12-12 2:21 ` David Brownell
2003-12-12 8:47 ` Duncan Sands
2003-12-12 15:35 ` bill davidsen
2003-12-05 0:08 ` [kernel panic @ reboot] 2.6.0-test10-mm1 Zwane Mwaikambo
2003-11-27 0:59 ` [kernel panic @ reboot in usbcore] 2.6.0-test10-mm1 (culprit: modem_run) Vince
2003-11-27 3:13 ` Zwane Mwaikambo
2003-11-27 8:14 ` Vince
2003-11-27 8:11 ` Duncan Sands
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200312092212.51627.baldrick@free.fr \
--to=baldrick@free.fr \
--cc=david-b@pacbell.net \
--cc=fuzzy77@free.fr \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb-devel@lists.sourceforge.net \
--cc=mfedyk@matchmail.com \
--cc=rddunlap@osdl.org \
--cc=stern@rowland.harvard.edu \
--cc=zwane@holomorphy.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.