* PROBLEM: Kernel 2.6.x freeze
@ 2006-09-28 7:33 Arkadiusz Jałowiec
2006-09-28 9:41 ` Paolo Ornati
2006-09-29 12:38 ` Paolo Ornati
0 siblings, 2 replies; 13+ messages in thread
From: Arkadiusz Jałowiec @ 2006-09-28 7:33 UTC (permalink / raw)
To: linux-kernel, linux-usb-users
I have problem with kernels 2.6.x and I don't know what I do. My
computer always freeze with kernel 2.6.x (I test all kernel stable
versions with different distributions ). Computer work 2-6 hours and
crash. I can't do anything. My keyboard don't work. I've never had this
problem with kernel 2.4.x. I use linux about 2 years. I am not
programmer. Maybe I found bug ?
OOps:
ivalid opcode: 0000 [#1]
Modules linked in ppp_deflate zlib_deflate bsd_comp pppoatm ipv6
partport_pc partport snd_pcm_oss snd_mixer oss via_agp agpgart
ueagle_atm usbatm uhci_hcd ehci_hcd usbcore i2c_viapro 12c_core
snd_via82xx snd_ac97_code snd_mpu401_uart snd_rawmidi opt_LOG
snd_seq_device xt limit snd soundcore via_rhine mill xt_tcpudp xt_state
iptables_filter nls_iso8859-2 nls_cp852 ip_contract_irc ip_contract_ftp
xt_contract ip_contract ip_tables x_tables
CPU: 0
EIP: 0060: [<d0d184dc>] Not tainted VLI
EFLAGS: 00010003 (2.6.18#1)
EIP is at uhci_giveback_urb+0x59/0x126 [uhci_hcd]
eax: cefeeed1 ebx: cf3935a0 ecx: ce2a9bc0 edx: cf3935a0
esi: ce2a9bc0 edi: 00000000 epb: ce4933bc esp: c6b79f00
ds: 007b es: 007b ss:0068
Process removepkg (pid: 11084, ti=c6b78000 task=c126e560 task.ti=c6b78000)
Stack: 00000046 c9936060 cf3935a0 ce4933bc d0d17e17 00000000 cefeeed0
cf3935a0
ce2a9bc0 00000000 cefeeed0 d0d18627 c6b79fbc c6b79fbc cefeeed0 cf3935a0
00000009 c6b79fbc d0d18846 00000246 00000000 00000000 cefeed00 d0d192ad
Call Trace:
[<d0d17e17>] uhci_result_common+0xb7/0x146 [uhci_hcd]
[<d0d18627>] uhci_scan_qh+0x7e/0x174 [uhci_hcd]
[<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd]
[<d0d192ad>] uhci_irq+0xe8/0xf8 [uhci_hcd]
[<d0d365f8>] udb_hcd_irq+0x27/0x4e [usbcore]
[<c012c4c4>] handle_IRQ_event+0x21/0x47
[<c012c545>] do_IRQ+0x5b/0xa2
[<c0104106>] do_IRQ+0x40/0x4d
[<c0102c4a>] common_interrupt+0x1a/0x20
Code: 5c 89 57 2c 8b 40 44 c7 47 40 00 00 00 00 89
47 3c 8b 45 00 8b 55 04 89 02 89 50 04 89
6d 00 8d 47 18 89 6d 04 39 47 18 75
4b 0f <b6> 47 50 a8 02 88 44 24 08 74 3f 0f b6
46 20 8b 4e 20 ba fe ff
EIP: [<d0d184dc>] uhci_giveback_urb+0x59/0x126
[uhci_hcd] SS: ESP 0068: c6b79f00
<0> Kernel panic - not syncing: Fatal exception in interrupt
KSYMOOPS:
ksymoops 2.4.11 on i686 2.6.18. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.6.18/ (default)
-m /usr/src/linux/System.map (default)
Warning: You did not tell me where to find symbol information. I will
assume that the log matches the kernel and modules that are running
right now and I'll use the default options above for symbol resolution.
If the current kernel and/or modules do not match the log, you can get
more accurate output by telling me the kernel version and where to find
map, modules, ksyms etc. ksymoops -h explains the options.
Error (regular_file): read_ksyms stat /proc/ksyms failed
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
CPU: 0
EIP: 0060: [<d0d184dc>] Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010003 (2.6.18#1)
eax: cefeeed1 ebx: cf3935a0 ecx: ce2a9bc0 edx: cf3935a0
esi: ce2a9bc0 edi: 00000000 epb: ce4933bc esp: c6b79f00
Warning (Oops_set_regs): garbage 'epb: ce4933bc esp: c6b79f00' at end of
register line ignored
ds: 007b es: 007b ss:0068
Stack: 00000046 c9936060 cf3935a0 ce4933bc d0d17e17 00000000 cefeeed0
cf3935a0
ce2a9bc0 00000000 cefeeed0 d0d18627 c6b79fbc c6b79fbc cefeeed0
cf3935a0
00000009 c6b79fbc d0d18846 00000246 00000000 00000000 cefeed00
d0d192ad
Call Trace:
[<d0d17e17>] uhci_result_common+0xb7/0x146 [uhci_hcd]
[<d0d18627>] uhci_scan_qh+0x7e/0x174 [uhci_hcd]
[<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd]
[<d0d192ad>] uhci_irq+0xe8/0xf8 [uhci_hcd]
[<d0d365f8>] udb_hcd_irq+0x27/0x4e [usbcore]
[<c012c4c4>] handle_IRQ_event+0x21/0x47
[<c012c545>] do_IRQ+0x5b/0xa2
[<c0104106>] do_IRQ+0x40/0x4d
[<c0102c4a>] common_interrupt+0x1a/0x20
Code: 5c 89 57 2c 8b 40 44 c7 47 40 00 00 00 00 89 47 3c 8b
>>EIP; d0d184dc <pg0+109164dc/3fbfc400> <=====
>>eax; cefeeed1 <pg0+ebeced1/3fbfc400>
>>ebx; cf3935a0 <pg0+ef915a0/3fbfc400>
>>ecx; ce2a9bc0 <pg0+dea7bc0/3fbfc400>
>>edx; cf3935a0 <pg0+ef915a0/3fbfc400>
>>esi; ce2a9bc0 <pg0+dea7bc0/3fbfc400>
Trace; d0d17e17 <pg0+10915e17/3fbfc400>
Trace; d0d18627 <pg0+10916627/3fbfc400>
Trace; d0d18846 <pg0+10916846/3fbfc400>
Trace; d0d192ad <pg0+109172ad/3fbfc400>
Trace; d0d365f8 <pg0+109345f8/3fbfc400>
Trace; c012c4c4 <handle_IRQ_event+21/47>
Trace; c012c545 <__do_IRQ+5b/a2>
Trace; c0104106 <do_IRQ+40/4d>
Trace; c0102c4a <common_interrupt+1a/20>
Code; d0d184dc <pg0+109164dc/3fbfc400>
00000000 <_EIP>:
Code; d0d184dc <pg0+109164dc/3fbfc400> <=====
0: 5c pop %esp <=====
Code; d0d184dd <pg0+109164dd/3fbfc400>
1: 89 57 2c mov %edx,0x2c(%edi)
Code; d0d184e0 <pg0+109164e0/3fbfc400>
4: 8b 40 44 mov 0x44(%eax),%eax
Code; d0d184e3 <pg0+109164e3/3fbfc400>
7: c7 47 40 00 00 00 00 movl $0x0,0x40(%edi)
Code; d0d184ea <pg0+109164ea/3fbfc400>
e: 89 47 3c mov %eax,0x3c(%edi)
Code; d0d184ed <pg0+109164ed/3fbfc400>
11: 8b 00 mov (%eax),%eax
EIP: [<d0d184dc>] uhci_giveback_urb+0x59/0x126
<0> Kernel panic - not syncing: Fatal exception in interrupt
Warning (Oops_read): Code line not seen, dumping what data is available
>>EIP; d0d184dc <pg0+109164dc/3fbfc400> <=====
3 warnings and 1 error issued. Results may not be reliable.
CPUINFO:
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Celeron(R) CPU 2.20GHz
stepping : 7
cpu MHz : 2200.144
cache size : 128 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe
bogomips : 4403.03
IOMEM:
00000000-0009fbff : System RAM
0009fc00-0009ffff : reserved
000a0000-000bffff : Video RAM area
000c0000-000cebff : Video ROM
000f0000-000fffff : System ROM
00100000-0ffeffff : System RAM
00100000-002e0e24 : Kernel code
002e0e25-003aa737 : Kernel data
0fff0000-0fff2fff : ACPI Non-volatile Storage
0fff3000-0fffffff : ACPI Tables
d0000000-dfffffff : PCI Bus #01
d0000000-d7ffffff : 0000:01:00.0
d0000000-d3ffffff : vesafb
d8000000-d807ffff : 0000:01:00.0
d8080000-d809ffff : 0000:01:00.0
e0000000-e3ffffff : 0000:00:00.0
e4000000-e5ffffff : PCI Bus #01
e4000000-e4ffffff : 0000:01:00.0
e6000000-e600ffff : 0000:00:09.0
e6010000-e60100ff : 0000:00:10.3
e6010000-e60100ff : ehci_hcd
e6011000-e60110ff : 0000:00:12.0
e6011000-e60110ff : via-rhine
ffff0000-ffffffff : reserved
IOPORTS:
0000-001f : dma1
0020-0021 : pic1
0040-0043 : timer0
0050-0053 : timer1
0060-006f : keyboard
0080-008f : dma page reg
00a0-00a1 : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
01f0-01f7 : ide0
0376-0376 : ide1
0378-037a : parport0
03c0-03df : vesafb
03f2-03f5 : floppy
03f6-03f6 : ide0
03f7-03f7 : floppy DIR
0400-047f : 0000:00:11.0
0400-0403 : ACPI PM1a_EVT_BLK
0404-0405 : ACPI PM1a_CNT_BLK
0408-040b : ACPI PM_TMR
0410-0415 : ACPI CPU throttle
0420-0423 : ACPI GPE0_BLK
0500-050f : 0000:00:11.0
0500-0507 : vt596_smbus
0cf8-0cff : PCI conf1
d000-d007 : 0000:00:09.0
d400-d41f : 0000:00:10.0
d400-d41f : uhci_hcd
d800-d81f : 0000:00:10.1
d800-d81f : uhci_hcd
dc00-dc1f : 0000:00:10.2
dc00-dc1f : uhci_hcd
e000-e00f : 0000:00:11.1
e000-e007 : ide0
e008-e00f : ide1
e400-e4ff : 0000:00:11.5
e400-e4ff : VIA8233
ec00-ecff : 0000:00:12.0
ec00-ecff : via-rhine
LSPCI:
00:00.0 Host bridge: VIA Technologies, Inc. P4M266 Host Bridge
Subsystem: VIA Technologies, Inc. P4M266 Host Bridge
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort+ >SERR- <PERR-
Latency: 8
Region 0: Memory at e0000000 (32-bit, prefetchable) [size=64M]
Capabilities: [a0] AGP version 2.0
Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans-
64bit- FW- AGP3- Rate=x1,x2,x4
Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP- GART64- 64bit- FW- Rate=<none>
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:01.0 PCI bridge: VIA Technologies, Inc. VT8633 [Apollo Pro266 AGP]
(prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR+ FastB2B-
Status: Cap+ 66Mhz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort+ >SERR- <PERR-
Latency: 0
Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
I/O behind bridge: 0000f000-00000fff
Memory behind bridge: e4000000-e5ffffff
Prefetchable memory behind bridge: d0000000-dfffffff
BridgeCtl: Parity- SERR- NoISA+ VGA+ MAbort- >Reset- FastB2B-
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:09.0 Communication controller: Conexant HSF 56k HSFi Modem (rev 01)
Subsystem: Conexant Dynalink 56PMi
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin A routed to IRQ 3
Region 0: Memory at e6000000 (32-bit, non-prefetchable) [size=64K]
Region 1: I/O ports at d000 [size=8]
Capabilities: [40] Power Management version 2
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot+,D3cold+)
Status: D0 PME-Enable+ DSel=0 DScale=0 PME-
00:10.0 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1
Controller (rev 80) (prog-if 00 [UHCI])
Subsystem: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32, cache line size 08
Interrupt: pin A routed to IRQ 11
Region 4: I/O ports at d400 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.1 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1
Controller (rev 80) (prog-if 00 [UHCI])
Subsystem: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32, cache line size 08
Interrupt: pin B routed to IRQ 3
Region 4: I/O ports at d800 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.2 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1
Controller (rev 80) (prog-if 00 [UHCI])
Subsystem: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32, cache line size 08
Interrupt: pin C routed to IRQ 5
Region 4: I/O ports at dc00 [size=32]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:10.3 USB Controller: VIA Technologies, Inc. USB 2.0 (rev 82) (prog-if
20 [EHCI])
Subsystem: VIA Technologies, Inc. USB 2.0
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32, cache line size 20
Interrupt: pin D routed to IRQ 11
Region 0: Memory at e6010000 (32-bit, non-prefetchable) [size=256]
Capabilities: [80] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:11.0 ISA bridge: VIA Technologies, Inc. VT8235 ISA Bridge
Subsystem: VIA Technologies, Inc. VT8235 ISA Bridge
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping+ SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 0
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:11.1 IDE interface: VIA Technologies, Inc.
VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 06)
(prog-if 8a [Master SecP PriP])
Subsystem: VIA Technologies, Inc.
VT82C586/B/VT82C686/A/B/VT8233/A/C/VT8235 PIPC Bus Master IDE
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32
Interrupt: pin A routed to IRQ 11
Region 4: I/O ports at e000 [size=16]
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:11.5 Multimedia audio controller: VIA Technologies, Inc.
VT8233/A/8235/8237 AC97 Audio Controller (rev 50)
Subsystem: VIA Technologies, Inc. K7VT2 motherboard
Control: I/O+ Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Interrupt: pin C routed to IRQ 5
Region 0: I/O ports at e400 [size=256]
Capabilities: [c0] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
00:12.0 Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II]
(rev 74)
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32 (750ns min, 2000ns max), cache line size 08
Interrupt: pin A routed to IRQ 11
Region 0: I/O ports at ec00 [size=256]
Region 1: Memory at e6011000 (32-bit, non-prefetchable) [size=256]
Capabilities: [40] Power Management version 2
Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=0mA
PME(D0+,D1+,D2+,D3hot+,D3cold+)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
01:00.0 VGA compatible controller: nVidia Corporation NV17 [GeForce4 MX
440] (rev a3) (prog-if 00 [VGA])
Subsystem: Micro-Star International Co., Ltd.: Unknown device 8601
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort-
<TAbort- <MAbort- >SERR- <PERR-
Latency: 32 (1250ns min, 250ns max)
Interrupt: pin A routed to IRQ 11
Region 0: Memory at e4000000 (32-bit, non-prefetchable) [size=16M]
Region 1: Memory at d0000000 (32-bit, prefetchable) [size=128M]
Region 2: Memory at d8000000 (32-bit, prefetchable) [size=512K]
Expansion ROM at d8080000 [disabled] [size=128K]
Capabilities: [60] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [44] AGP version 2.0
Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA- ITACoh- GART64- HTrans-
64bit- FW+ AGP3- Rate=x1,x2,x4
Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP- GART64- 64bit- FW- Rate=<none>
MOSULES:
parport_pc 24260 0 - Live 0xd0d68000
parport 23616 1 parport_pc, Live 0xd0d71000
snd_pcm_oss 40736 0 - Live 0xd0d53000
snd_mixer_oss 15872 1 snd_pcm_oss, Live 0xd0c91000
via_agp 9984 1 - Live 0xd0c63000
agpgart 32816 1 via_agp, Live 0xd0d5e000
ueagle_atm 25128 0 - Live 0xd0d12000
usbatm 17792 1 ueagle_atm, Live 0xd0d2a000
uhci_hcd 21516 0 - Live 0xd0d23000
ehci_hcd 26760 0 - Live 0xd0d1b000
usbcore 115844 5 ueagle_atm,usbatm,uhci_hcd,ehci_hcd, Live 0xd0d35000
i2c_viapro 8724 0 - Live 0xd0c52000
i2c_core 20368 1 i2c_viapro, Live 0xd0c8b000
snd_via82xx 25236 0 - Live 0xd0c5b000
snd_ac97_codec 84256 1 snd_via82xx, Live 0xd0c96000
snd_ac97_bus 2560 1 snd_ac97_codec, Live 0xd0c30000
snd_pcm 69896 3 snd_pcm_oss,snd_via82xx,snd_ac97_codec, Live 0xd0c67000
snd_timer 21636 1 snd_pcm, Live 0xd0c4b000
snd_page_alloc 10120 2 snd_via82xx,snd_pcm, Live 0xd0c18000
snd_mpu401_uart 7808 1 snd_via82xx, Live 0xd0c2b000
snd_rawmidi 22816 1 snd_mpu401_uart, Live 0xd0c44000
snd_seq_device 8204 1 snd_rawmidi, Live 0xd0c27000
snd 47844 9
snd_pcm_oss,snd_mixer_oss,snd_via82xx,snd_ac97_codec,snd_pcm,snd_timer,snd_mpu401_uart,snd_rawmidi,snd_seq_device,
Live 0xd0c37000
soundcore 9440 1 snd, Live 0xd0c1c000
via_rhine 22536 0 - Live 0xd0c20000
ipt_LOG 6400 2 - Live 0xd0c12000
mii 5632 1 via_rhine, Live 0xd0c15000
xt_limit 2944 2 - Live 0xd087e000
xt_tcpudp 3584 5 - Live 0xd0863000
xt_state 2432 3 - Live 0xd0865000
iptable_filter 3328 1 - Live 0xd0870000
nls_iso8859_2 4992 1 - Live 0xd086d000
nls_cp852 5248 1 - Live 0xd086a000
ip_conntrack_irc 7152 0 - Live 0xd0867000
ip_conntrack_ftp 7664 0 - Live 0xd0853000
xt_conntrack 2816 0 - Live 0xd0856000
ip_conntrack 44980 4
xt_state,ip_conntrack_irc,ip_conntrack_ftp,xt_conntrack, Live 0xd0872000
ip_tables 12760 1 iptable_filter, Live 0xd085e000
x_tables 13572 6
ipt_LOG,xt_limit,xt_tcpudp,xt_state,xt_conntrack,ip_tables, Live 0xd0859000
SCSI:
Attached devices:
VERSION:
Linux version 2.6.18 (root@darkstar) (gcc version 3.3.6) #1 Wed Sep 27
08:23:45 UTC 2006
----------------------------------------------------------------------
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
^ permalink raw reply [flat|nested] 13+ messages in thread* Re: PROBLEM: Kernel 2.6.x freeze 2006-09-28 7:33 PROBLEM: Kernel 2.6.x freeze Arkadiusz Jałowiec @ 2006-09-28 9:41 ` Paolo Ornati 2006-09-29 12:38 ` Paolo Ornati 1 sibling, 0 replies; 13+ messages in thread From: Paolo Ornati @ 2006-09-28 9:41 UTC (permalink / raw) To: Arkadiusz Jałowiec; +Cc: linux-kernel, linux-usb-users On Thu, 28 Sep 2006 07:33:30 +0000 Arkadiusz Jalowiec <ajalowiec@interia.pl> wrote: > I have problem with kernels 2.6.x and I don't know what I do. My > computer always freeze with kernel 2.6.x (I test all kernel stable > versions with different distributions ). Computer work 2-6 hours and > crash. I can't do anything. My keyboard don't work. I've never had this > problem with kernel 2.4.x. I use linux about 2 years. I am not > programmer. Maybe I found bug ? > > OOps: > > ivalid opcode: 0000 [#1] Maybe you have hardware problems? Have you tried to run memtest86 and/or memtest86+ for many hours? http://www.memtest86.com/ http://www.memtest.org/ -- Paolo Ornati Linux 2.6.18 on x86_64 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: PROBLEM: Kernel 2.6.x freeze 2006-09-28 7:33 PROBLEM: Kernel 2.6.x freeze Arkadiusz Jałowiec 2006-09-28 9:41 ` Paolo Ornati @ 2006-09-29 12:38 ` Paolo Ornati 2006-09-29 21:29 ` [Linux-usb-users] " Alan Stern 1 sibling, 1 reply; 13+ messages in thread From: Paolo Ornati @ 2006-09-29 12:38 UTC (permalink / raw) To: Arkadiusz Jałowiec; +Cc: linux-kernel, linux-usb-users On Thu, 28 Sep 2006 07:33:30 +0000 Arkadiusz Jalowiec <ajalowiec@interia.pl> wrote: > OOps: > > ivalid opcode: 0000 [#1] > Modules linked in ppp_deflate zlib_deflate bsd_comp pppoatm ipv6 > partport_pc partport snd_pcm_oss snd_mixer oss via_agp agpgart > ueagle_atm usbatm uhci_hcd ehci_hcd usbcore i2c_viapro 12c_core > snd_via82xx snd_ac97_code snd_mpu401_uart snd_rawmidi opt_LOG > snd_seq_device xt limit snd soundcore via_rhine mill xt_tcpudp xt_state > iptables_filter nls_iso8859-2 nls_cp852 ip_contract_irc ip_contract_ftp > xt_contract ip_contract ip_tables x_tables > > CPU: 0 > EIP: 0060: [<d0d184dc>] Not tainted VLI > EFLAGS: 00010003 (2.6.18#1) > EIP is at uhci_giveback_urb+0x59/0x126 [uhci_hcd] > eax: cefeeed1 ebx: cf3935a0 ecx: ce2a9bc0 edx: cf3935a0 > esi: ce2a9bc0 edi: 00000000 epb: ce4933bc esp: c6b79f00 > ds: 007b es: 007b ss:0068 > > Process removepkg (pid: 11084, ti=c6b78000 task=c126e560 task.ti=c6b78000) > > Stack: 00000046 c9936060 cf3935a0 ce4933bc d0d17e17 00000000 cefeeed0 > cf3935a0 > ce2a9bc0 00000000 cefeeed0 d0d18627 c6b79fbc c6b79fbc cefeeed0 cf3935a0 > 00000009 c6b79fbc d0d18846 00000246 00000000 00000000 cefeed00 d0d192ad > > Call Trace: > > [<d0d17e17>] uhci_result_common+0xb7/0x146 [uhci_hcd] > [<d0d18627>] uhci_scan_qh+0x7e/0x174 [uhci_hcd] > [<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd] > [<d0d192ad>] uhci_irq+0xe8/0xf8 [uhci_hcd] > [<d0d365f8>] udb_hcd_irq+0x27/0x4e [usbcore] > [<c012c4c4>] handle_IRQ_event+0x21/0x47 > [<c012c545>] do_IRQ+0x5b/0xa2 > [<c0104106>] do_IRQ+0x40/0x4d > [<c0102c4a>] common_interrupt+0x1a/0x20 > > Code: 5c 89 57 2c 8b 40 44 c7 47 40 00 00 00 00 89 > 47 3c 8b 45 00 8b 55 04 89 02 89 50 04 89 > 6d 00 8d 47 18 89 6d 04 39 47 18 75 > 4b 0f <b6> 47 50 a8 02 88 44 24 08 74 3f 0f b6 > 46 20 8b 4e 20 ba fe ff > > EIP: [<d0d184dc>] uhci_giveback_urb+0x59/0x126 > [uhci_hcd] SS: ESP 0068: c6b79f00 > <0> Kernel panic - not syncing: Fatal exception in interrupt Do you have copied the Oops by hand, right? Can you send the ".config" for this 2.6.18? I'm not an expert but... This is how the code should look like (I've compiled 2.6.18 with gcc 3.3.6 + gentoo patches): c02dd6a2: 74 5c je c02dd700 <uhci_giveback_urb+0xa0> c02dd6a4: 0f b6 46 20 movzbl 0x20(%esi),%eax c02dd6a8: 8b 4e 20 mov 0x20(%esi),%ecx c02dd6ab: c7 04 24 fe ff ff ff movl $0xfffffffe,(%esp) But we have: 500894: 74 3f je 5008d5 <_end+0x2d> 500896: 0f b6 46 20 movzbl 0x20(%rsi),%eax 50089a: 8b 4e 20 mov 0x20(%rsi),%ecx 50089d: ba .byte 0xba 50089e: fe (bad) 50089f: ff .byte 0xff So "c7 04 24" turned into "ba fe ff" The funny thing is that "fe ff" comes just after "24" in the original code... Questions for LKML: 1) Isn't the kernel code write-protected at page level? Or maybe is it only protected when "CONFIG_DEBUG_RODATA=y"? 2) In this case the "corrupted" memory is in a module, is/can also this code be write-protected? -- Paolo Ornati Linux 2.6.18 on x86_64 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-09-29 12:38 ` Paolo Ornati @ 2006-09-29 21:29 ` Alan Stern 2006-09-30 7:56 ` [Linux-usb-users[ " Arkadiusz Jałowiec 2006-09-30 12:14 ` [Linux-usb-users] " Paolo Ornati 0 siblings, 2 replies; 13+ messages in thread From: Alan Stern @ 2006-09-29 21:29 UTC (permalink / raw) To: Paolo Ornati; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users On Fri, 29 Sep 2006, Paolo Ornati wrote: > On Thu, 28 Sep 2006 07:33:30 +0000 > Arkadiusz Jalowiec <ajalowiec@interia.pl> wrote: > > > OOps: > > > > ivalid opcode: 0000 [#1] > > CPU: 0 > > EIP: 0060: [<d0d184dc>] Not tainted VLI > > EFLAGS: 00010003 (2.6.18#1) > > EIP is at uhci_giveback_urb+0x59/0x126 [uhci_hcd] > > eax: cefeeed1 ebx: cf3935a0 ecx: ce2a9bc0 edx: cf3935a0 > > esi: ce2a9bc0 edi: 00000000 epb: ce4933bc esp: c6b79f00 > > ds: 007b es: 007b ss:0068 > > Code: 5c 89 57 2c 8b 40 44 c7 47 40 00 00 00 00 89 > > 47 3c 8b 45 00 8b 55 04 89 02 89 50 04 89 > > 6d 00 8d 47 18 89 6d 04 39 47 18 75 > > 4b 0f <b6> 47 50 a8 02 88 44 24 08 74 3f 0f b6 > > 46 20 8b 4e 20 ba fe ff > Can you send the ".config" for this 2.6.18? Equally important, which version of gcc was used to compile the kernel? Why are the angle brackets above around <b6>, when the preceding 0f byte is the actual start of the instruction? Is that merely an artifact of the way invalid opcode exceptions are reported, or is it an indication of what went wrong? > I'm not an expert but... > > This is how the code should look like (I've compiled 2.6.18 with gcc > 3.3.6 + gentoo patches): > > c02dd6a2: 74 5c je c02dd700 <uhci_giveback_urb+0xa0> > c02dd6a4: 0f b6 46 20 movzbl 0x20(%esi),%eax > c02dd6a8: 8b 4e 20 mov 0x20(%esi),%ecx > c02dd6ab: c7 04 24 fe ff ff ff movl $0xfffffffe,(%esp) > > > But we have: > > 500894: 74 3f je 5008d5 <_end+0x2d> > 500896: 0f b6 46 20 movzbl 0x20(%rsi),%eax > 50089a: 8b 4e 20 mov 0x20(%rsi),%ecx > 50089d: ba .byte 0xba > 50089e: fe (bad) > 50089f: ff .byte 0xff > > > So "c7 04 24" turned into > "ba fe ff" What do you mean by "we have"? Where did your two disassembly listings come from? The values in the oops message above don't match either of your listings, at least not exactly. > The funny thing is that "fe ff" comes just after "24" in the original > code... Arkadiusz, could you please run "objdump -d drivers/usb/host/uhci-hcd.o" in your kernel source directory, and post the portion of the output for the uhci_giveback_urb routine? Alan Stern ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users[ PROBLEM: Kernel 2.6.x freeze 2006-09-29 21:29 ` [Linux-usb-users] " Alan Stern @ 2006-09-30 7:56 ` Arkadiusz Jałowiec 2006-09-30 12:14 ` [Linux-usb-users] " Paolo Ornati 1 sibling, 0 replies; 13+ messages in thread From: Arkadiusz Jałowiec @ 2006-09-30 7:56 UTC (permalink / raw) To: Alan Stern, ornati, linux-kernel, linux-usb-users Alan Stern wrote: > > Equally important, which version of gcc was used to compile the kernel? > My gcc version is: gcc (GCC) 3.3.6 > Arkadiusz, could you please run "objdump -d drivers/usb/host/uhci-hcd.o" > in your kernel source directory, and post the portion of the output for > the uhci_giveback_urb routine? 00001483 <uhci_giveback_urb>: 1483: 55 push %ebp 1484: 57 push %edi 1485: 89 d7 mov %edx,%edi 1487: 56 push %esi 1488: 89 ce mov %ecx,%esi 148a: 53 push %ebx 148b: 83 ec 1c sub $0x1c,%esp 148e: 89 44 24 18 mov %eax,0x18(%esp) 1492: 83 7a 48 01 cmpl $0x1,0x48(%edx) 1496: 8b 69 04 mov 0x4(%ecx),%ebp 1499: 75 27 jne 14c2 <uhci_giveback_urb+0x3f> 149b: 8d 42 18 lea 0x18(%edx),%eax 149e: 8b 55 04 mov 0x4(%ebp),%edx 14a1: 39 c2 cmp %eax,%edx 14a3: 75 1d jne 14c2 <uhci_giveback_urb+0x3f> 14a5: 8b 45 00 mov 0x0(%ebp),%eax 14a8: 39 d0 cmp %edx,%eax 14aa: 74 16 je 14c2 <uhci_giveback_urb+0x3f> 14ac: 8b 40 08 mov 0x8(%eax),%eax 14af: 8d 50 5c lea 0x5c(%eax),%edx 14b2: 89 57 2c mov %edx,0x2c(%edi) 14b5: 8b 40 44 mov 0x44(%eax),%eax 14b8: c7 47 40 00 00 00 00 movl $0x0,0x40(%edi) 14bf: 89 47 3c mov %eax,0x3c(%edi) 14c2: 8b 45 00 mov 0x0(%ebp),%eax 14c5: 8b 55 04 mov 0x4(%ebp),%edx 14c8: 89 02 mov %eax,(%edx) 14ca: 89 50 04 mov %edx,0x4(%eax) 14cd: 89 6d 00 mov %ebp,0x0(%ebp) 14d0: 8d 47 18 lea 0x18(%edi),%eax 14d3: 89 6d 04 mov %ebp,0x4(%ebp) 14d6: 39 47 18 cmp %eax,0x18(%edi) 14d9: 75 4b jne 1526 <uhci_giveback_urb+0xa3> 14db: 0f b6 47 50 movzbl 0x50(%edi),%eax 14df: a8 02 test $0x2,%al 14e1: 88 44 24 08 mov %al,0x8(%esp) 14e5: 74 3f je 1526 <uhci_giveback_urb+0xa3> 14e7: 0f b6 46 20 movzbl 0x20(%esi),%eax 14eb: 8b 4e 20 mov 0x20(%esi),%ecx 14ee: ba fe ff ff ff mov $0xfffffffe,%edx 14f3: 24 80 and $0x80,%al 14f5: 0f 94 c3 sete %bl 14f8: c1 e9 0f shr $0xf,%ecx 14fb: 0f b6 db movzbl %bl,%ebx 14fe: 83 e1 0f and $0xf,%ecx 1501: 89 1c 24 mov %ebx,(%esp) 1504: 89 d8 mov %ebx,%eax 1506: d3 c2 rol %cl,%edx 1508: 8b 5e 1c mov 0x1c(%esi),%ebx 150b: 23 54 83 24 and 0x24(%ebx,%eax,4),%edx 150f: 0f b6 44 24 08 movzbl 0x8(%esp),%eax 1514: 83 e0 01 and $0x1,%eax 1517: d3 e0 shl %cl,%eax 1519: 09 c2 or %eax,%edx 151b: 8b 04 24 mov (%esp),%eax 151e: 89 54 83 24 mov %edx,0x24(%ebx,%eax,4) 1522: 80 67 50 fd andb $0xfd,0x50(%edi) 1526: 8b 44 24 18 mov 0x18(%esp),%eax 152a: 89 ea mov %ebp,%edx 152c: e8 fe f1 ff ff call 72f <uhci_free_urb_priv> 1531: 8b 47 48 mov 0x48(%edi),%eax 1534: 83 f8 01 cmp $0x1,%eax 1537: 74 07 je 1540 <uhci_giveback_urb+0xbd> 1539: 83 f8 03 cmp $0x3,%eax 153c: 74 12 je 1550 <uhci_giveback_urb+0xcd> 153e: eb 33 jmp 1573 <uhci_giveback_urb+0xf0> 1540: 83 7e 08 00 cmpl $0x0,0x8(%esi) 1544: 74 2d je 1573 <uhci_giveback_urb+0xf0> 1546: 8b 46 1c mov 0x1c(%esi),%eax 1549: b9 01 00 00 00 mov $0x1,%ecx 154e: eb 13 jmp 1563 <uhci_giveback_urb+0xe0> 1550: 8d 47 18 lea 0x18(%edi),%eax 1553: 39 47 18 cmp %eax,0x18(%edi) 1556: 75 14 jne 156c <uhci_giveback_urb+0xe9> 1558: 83 7e 08 00 cmpl $0x0,0x8(%esi) 155c: 74 0e je 156c <uhci_giveback_urb+0xe9> 155e: 8b 46 1c mov 0x1c(%esi),%eax 1561: 31 c9 xor %ecx,%ecx 1563: 89 f2 mov %esi,%edx 1565: e8 fc ff ff ff call 1566 <uhci_giveback_urb+0xe3> 156a: eb 07 jmp 1573 <uhci_giveback_urb+0xf0> 156c: c7 46 08 00 00 00 00 movl $0x0,0x8(%esi) 1573: 8b 44 24 18 mov 0x18(%esp),%eax 1577: 8b 4c 24 30 mov 0x30(%esp),%ecx 157b: 89 f2 mov %esi,%edx 157d: 2d d0 00 00 00 sub $0xd0,%eax 1582: e8 fc ff ff ff call 1583 <uhci_giveback_urb+0x100> 1587: 8d 47 18 lea 0x18(%edi),%eax 158a: 39 47 18 cmp %eax,0x18(%edi) 158d: 75 12 jne 15a1 <uhci_giveback_urb+0x11e> 158f: 89 fa mov %edi,%edx 1591: 8b 44 24 18 mov 0x18(%esp),%eax 1595: e8 4d f0 ff ff call 5e7 <uhci_unlink_qh> 159a: c7 47 38 00 00 00 00 movl $0x0,0x38(%edi) 15a1: 83 c4 1c add $0x1c,%esp 15a4: 5b pop %ebx 15a5: 5e pop %esi 15a6: 5f pop %edi 15a7: 5d pop %ebp 15a8: c3 ret ---------------------------------------------------------------------- Dziewczyny Paryza >>> http://link.interia.pl/f19a3 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-09-29 21:29 ` [Linux-usb-users] " Alan Stern 2006-09-30 7:56 ` [Linux-usb-users[ " Arkadiusz Jałowiec @ 2006-09-30 12:14 ` Paolo Ornati 2006-09-30 15:49 ` Alan Stern 1 sibling, 1 reply; 13+ messages in thread From: Paolo Ornati @ 2006-09-30 12:14 UTC (permalink / raw) To: Alan Stern; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users On Fri, 29 Sep 2006 17:29:04 -0400 (EDT) Alan Stern <stern@rowland.harvard.edu> wrote: > > But we have: > > > > 500894: 74 3f je 5008d5 <_end+0x2d> > > 500896: 0f b6 46 20 movzbl 0x20(%rsi),%eax > > 50089a: 8b 4e 20 mov 0x20(%rsi),%ecx > > 50089d: ba .byte 0xba > > 50089e: fe (bad) > > 50089f: ff .byte 0xff > > > > > > So "c7 04 24" turned into > > "ba fe ff" > > What do you mean by "we have"? Where did your two disassembly listings > come from? The values in the oops message above don't match either of > your listings, at least not exactly. Beacuse I'm an idiot :) The first disassembed code comes from a 2.6.18 compiled with gcc 3.3.6 (but different config than Arkadiusz). The second (and wrong one) comes from: --- 1.c --- char str[]={0x5c,0x89,0x57,0x2c,0x8b,0x40,0x44,0xc7,0x47,0x40,0x00,0x00,0x 00,0x00,0x89,0x47,0x3c,0x8b,0x45,0x00,0x8b,0x55,0x04,0x89,0x02,0x89,0x50,0 x04,0x89,0x6d,0x00,0x8d,0x47,0x18,0x89,0x6d,0x04,0x39,0x47,0x18,0x75,0x4b, 0x0f,0xb6,0x47,0x50,0xa8,0x02,0x88,0x44,0x24,0x08,0x74,0x3f,0x0f,0xb6,0x46 ,0x20,0x8b,0x4e,0x20,0xba,0xfe,0xff}; void main(void){} -------------- disassembled with "objdump -D". The problem was that I'm on AMD64 and I've forgot to add "-m32" at gcc options to produce a i386 executable ;) This one should be correct: 00000000 <str>: 0: 5c pop %esp 1: 89 57 2c mov %edx,0x2c(%edi) 4: 8b 40 44 mov 0x44(%eax),%eax 7: c7 47 40 00 00 00 00 movl $0x0,0x40(%edi) e: 89 47 3c mov %eax,0x3c(%edi) 11: 8b 45 00 mov 0x0(%ebp),%eax 14: 8b 55 04 mov 0x4(%ebp),%edx 17: 89 02 mov %eax,(%edx) 19: 89 50 04 mov %edx,0x4(%eax) 1c: 89 6d 00 mov %ebp,0x0(%ebp) 1f: 8d 47 18 lea 0x18(%edi),%eax 22: 89 6d 04 mov %ebp,0x4(%ebp) 25: 39 47 18 cmp %eax,0x18(%edi) 28: 75 4b jne 75 <main+0x75> 2a: 0f b6 47 50 movzbl 0x50(%edi),%eax 2e: a8 02 test $0x2,%al 30: 88 44 24 08 mov %al,0x8(%esp) 34: 74 3f je 75 <main+0x75> 36: 0f b6 46 20 movzbl 0x20(%esi),%eax <----- crash! 3a: 8b 4e 20 mov 0x20(%esi),%ecx 3d: ba .byte 0xba 3e: fe (bad) 3f: ff .byte 0xff So now the problem is, as you pointed out, to discover why EIP is pointing to "b6" intead of "0f". -- Paolo Ornati Linux 2.6.18 on x86_64 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-09-30 12:14 ` [Linux-usb-users] " Paolo Ornati @ 2006-09-30 15:49 ` Alan Stern 2006-10-01 14:10 ` Paolo Ornati 0 siblings, 1 reply; 13+ messages in thread From: Alan Stern @ 2006-09-30 15:49 UTC (permalink / raw) To: Paolo Ornati; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users On Sat, 30 Sep 2006, Paolo Ornati wrote: > This one should be correct: > > 00000000 <str>: > 0: 5c pop %esp > 1: 89 57 2c mov %edx,0x2c(%edi) > 4: 8b 40 44 mov 0x44(%eax),%eax > 7: c7 47 40 00 00 00 00 movl $0x0,0x40(%edi) > e: 89 47 3c mov %eax,0x3c(%edi) > 11: 8b 45 00 mov 0x0(%ebp),%eax > 14: 8b 55 04 mov 0x4(%ebp),%edx > 17: 89 02 mov %eax,(%edx) > 19: 89 50 04 mov %edx,0x4(%eax) > 1c: 89 6d 00 mov %ebp,0x0(%ebp) > 1f: 8d 47 18 lea 0x18(%edi),%eax > 22: 89 6d 04 mov %ebp,0x4(%ebp) > 25: 39 47 18 cmp %eax,0x18(%edi) > 28: 75 4b jne 75 <main+0x75> > 2a: 0f b6 47 50 movzbl 0x50(%edi),%eax || ---> _This_ is where the crash occurred. > 2e: a8 02 test $0x2,%al > 30: 88 44 24 08 mov %al,0x8(%esp) > 34: 74 3f je 75 <main+0x75> > 36: 0f b6 46 20 movzbl 0x20(%esi),%eax <----- crash! || ---> Not here. > 3a: 8b 4e 20 mov 0x20(%esi),%ecx > 3d: ba .byte 0xba > 3e: fe (bad) > 3f: ff .byte 0xff The actual last instruction looks like this: > 3d: ba fe ff ff ff mov $0xfffffffe,%edx > So now the problem is, as you pointed out, to discover why EIP is > pointing to "b6" intead of "0f". Another problem: The oops message shows that edi = 0. So there should have been an addressing exception in the line at offset 25, assuming the CPU ran straight through this code. Comparing the disassembly to the source code shows the instruction that crashed was in this part of drivers/usb/host/uhci-q.c:uhci_giveback_urb() /* Take the URB off the QH's queue. If the queue is now empty, * this is a perfect time for a toggle fixup. */ list_del_init(&urbp->node); if (list_empty(&qh->queue) && qh->needs_fixup) { It was the fetch of qh->needs_fixup, which is a bitfield. The alternative is that something caused a jump directly to the byte at 2b. Maybe a return address got corrupted on the stack; obviously there aren't any direct jumps to that location. I don't have a clue how to track this any further. We can rule out the possibility that the kernel's object code was corrupted. The dump in the oops message agrees exactly with the objdump output. The simplest answer is that Arkadiusz's CPU is a little flakey. But that would be too easy. Alan Stern ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-09-30 15:49 ` Alan Stern @ 2006-10-01 14:10 ` Paolo Ornati 2006-10-02 21:47 ` Arkadiusz Jałowiec 0 siblings, 1 reply; 13+ messages in thread From: Paolo Ornati @ 2006-10-01 14:10 UTC (permalink / raw) To: Alan Stern; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users On Sat, 30 Sep 2006 11:49:52 -0400 (EDT) Alan Stern <stern@rowland.harvard.edu> wrote: > The alternative is that something caused a jump directly to the byte at > 2b. Maybe a return address got corrupted on the stack; obviously there > aren't any direct jumps to that location. I don't have a clue how to > track this any further. > > We can rule out the possibility that the kernel's object code was > corrupted. The dump in the oops message agrees exactly with the objdump > output. > > The simplest answer is that Arkadiusz's CPU is a little flakey. But > that would be too easy. Another crazy theory (based on my horrible experience with a defective memory module): There is an hard to trigger single bit error not detected by memtest near (physical) memory address 6b79f00(ESP) (where the EIP has been retrived causing the Oops). In this case the physical address (at Kb 110055) can be skipped with "memmap=1K$110055K" kernel boot option. Arkadiusz, can you try to add that option to kernel command line (in lilo or grub config)? You can check if you've done it right with "dmesg | less" At the begin there is the memory map provided by BIOS: [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: 0000000000000000 - 000000000009fc00 (usable) [ 0.000000] BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved) [ 0.000000] BIOS-e820: 00000000000e4000 - 0000000000100000 (reserved) [ 0.000000] BIOS-e820: 0000000000100000 - 000000001ff30000 (usable) [ 0.000000] BIOS-e820: 000000001ff30000 - 000000001ff40000 (ACPI data) [ 0.000000] BIOS-e820: 000000001ff40000 - 000000001fff0000 (ACPI NVS) [ 0.000000] BIOS-e820: 000000001fff0000 - 0000000020000000 (reserved) [ 0.000000] BIOS-e820: 00000000fff80000 - 0000000100000000 (reserved) Just after that there should be another memory map with an additional line that marks the memory region [06B79C00 - 06B7A000] as reserved. Then you can try again to make 2.6.18 crash. And if the problem is still here I think that another kernel Oops text can be useful: it can show if there is a common pattern (if you have a digital camera you can take a screenshot of the screen avoiding the hand-copy). -- Paolo Ornati Linux 2.6.18 on x86_64 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-10-01 14:10 ` Paolo Ornati @ 2006-10-02 21:47 ` Arkadiusz Jałowiec 2006-10-03 19:52 ` Paolo Ornati 0 siblings, 1 reply; 13+ messages in thread From: Arkadiusz Jałowiec @ 2006-10-02 21:47 UTC (permalink / raw) To: Paolo Ornati, linux-kernel, linux-usb-users, stern Paolo Ornati wrote: > Another crazy theory (based on my horrible experience with a > defective memory module): > I don't know, but I think this theory is possibly :( > There is an hard to trigger single bit error not detected by memtest > near (physical) memory address 6b79f00(ESP) (where the EIP has been > retrived causing the Oops). > > In this case the physical address (at Kb 110055) can be skipped with > "memmap=1K$110055K" kernel boot option. > I add to kernel command line this option and I boot my computer. dmesg show me this: Linux version 2.6.18 (root@darkstar) (gcc version 3.3.6) #1 Wed Sep 27 08:19:45 UTC 2006 BIOS-provided physical RAM map: BIOS-e820: 0000000000000000 - 000000000009fc00 (usable) BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved) BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved) BIOS-e820: 0000000000100000 - 000000000fff0000 (usable) BIOS-e820: 000000000fff0000 - 000000000fff3000 (ACPI NVS) BIOS-e820: 000000000fff3000 - 0000000010000000 (ACPI data) BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved) 255MB LOWMEM available. On node 0 totalpages: 65520 DMA zone: 4096 pages, LIFO batch:0 Normal zone: 61424 pages, LIFO batch:15 DMI 2.3 present. ACPI: RSDP (v000 VIAP4X ) @ 0x000f62d0 ACPI: RSDT (v001 VIAP4X AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x0fff3000 ACPI: FADT (v001 VIAP4X AWRDACPI 0x42302e31 AWRD 0x00000000) @ 0x0fff3040 ACPI: DSDT (v001 VIAP4X AWRDACPI 0x00001000 MSFT 0x0100000d) @ 0x00000000 ACPI: PM-Timer IO Port: 0x408 Allocating PCI resources starting at 10000000 (gap: 06b7a000:f9486000) Detected 2200.142 MHz processor. Built 1 zonelists. Total pages: 65520 Kernel command line: root=/dev/hda5 vga=791 memmap=1K$110055K Enabling fast FPU save and restore... done. Enabling unmasked SIMD FPU exception support... done. Initializing CPU#0 PID hash table entries: 1024 (order: 10, 4096 bytes) Console: colour dummy device 80x25 Dentry cache hash table entries: 32768 (order: 5, 131072 bytes) Inode-cache hash table entries: 16384 (order: 4, 65536 bytes) Memory: 256220k/262080k available (1923k kernel code, 5364k reserved, 806k data, 156k init, 0k highmem) Checking if this processor honours the WP bit even in supervisor mode... Ok. Calibrating delay using timer specific routine.. 4403.02 BogoMIPS (lpj=2201512) Mount-cache hash table entries: 512 CPU: After generic identify, caps: bfebf9ff 00000000 00000000 00000000 00000000 00000000 00000000 CPU: After vendor identify, caps: bfebf9ff 00000000 00000000 00000000 00000000 00000000 00000000 CPU: Trace cache: 12K uops, L1 D cache: 8K CPU: L2 cache: 128K CPU: After all inits, caps: bfebf9ff 00000000 00000000 00000080 00000000 00000000 00000000 Intel machine check architecture supported. Intel machine check reporting enabled on CPU#0. CPU0: Intel P4/Xeon Extended MCE MSRs (12) available Compat vDSO mapped to ffffe000. CPU: Intel(R) Celeron(R) CPU 2.20GHz stepping 07 Checking 'hlt' instruction... OK. ACPI: Core revision 20060707 ACPI: setting ELCR to 0200 (from 0a28) NET: Registered protocol family 16 ACPI: bus type pci registered PCI: PCI BIOS revision 2.10 entry at 0xfb290, last bus=1 PCI: Using configuration type 1 Setting up standard PCI resources ACPI: Interpreter enabled ACPI: Using PIC for interrupt routing ACPI: PCI Root Bridge [PCI0] (0000:00) PCI: Probing PCI hardware (bus 00) PCI quirk: region 0400-047f claimed by vt8235 PM PCI quirk: region 0500-050f claimed by vt8235 SMB Boot video device is 0000:01:00.0 ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT] ACPI: PCI Interrupt Link [LNKA] (IRQs 1 3 4 5 6 7 10 *11 12 14 15) ACPI: PCI Interrupt Link [LNKB] (IRQs 1 *3 4 5 6 7 10 11 12 14 15) ACPI: PCI Interrupt Link [LNKC] (IRQs 1 3 4 *5 6 7 10 11 12 14 15) ACPI: PCI Interrupt Link [LNKD] (IRQs 1 3 4 5 6 7 10 *11 12 14 15) Linux Plug and Play Support v0.97 (c) Adam Belay pnp: PnP ACPI init pnp: PnP ACPI: found 14 devices SCSI subsystem initialized PCI: Using ACPI for IRQ routing PCI: If a device doesn't work, try "pci=routeirq". If it helps, post a report PCI: Bridge: 0000:00:01.0 IO window: disabled. MEM window: e4000000-e5ffffff PREFETCH window: d0000000-dfffffff PCI: Setting latency timer of device 0000:00:01.0 to 64 NET: Registered protocol family 2 IP route cache hash table entries: 2048 (order: 1, 8192 bytes) TCP established hash table entries: 8192 (order: 3, 32768 bytes) TCP bind hash table entries: 4096 (order: 2, 16384 bytes) TCP: Hash tables configured (established 8192 bind 4096) TCP reno registered Machine check exception polling timer started. VFS: Disk quotas dquot_6.5.1 Dquot-cache hash table entries: 1024 (order 0, 4096 bytes) fuse init (API version 7.7) Initializing Cryptographic API io scheduler noop registered io scheduler anticipatory registered io scheduler deadline registered io scheduler cfq registered (default) vesafb: framebuffer at 0xd0000000, mapped to 0xd0880000, using 3072k, total 65536k vesafb: mode is 1024x768x16, linelength=2048, pages=1 vesafb: protected mode interface info at c000:e700 vesafb: pmi: set display start = c00ce745, set palette = c00ce7ca vesafb: pmi: ports = b4c3 b503 ba03 c003 c103 c403 c503 c603 c703 c803 c903 cc03 ce03 cf03 d003 d103 d203 d303 d403 d503 da03 ff03 vesafb: scrolling: redraw vesafb: Truecolor: size=0:5:6:5, shift=0:11:5:0 Console: switching to colour frame buffer device 128x48 fb0: VESA VGA frame buffer device ACPI: Power Button (FF) [PWRF] ACPI: Power Button (CM) [PWRB] ACPI: Sleep Button (CM) [SLPB] ACPI: CPU0 (power states: C1[C1] C2[C2]) ACPI: Processor [CPU0] (supports 2 throttling states) ACPI: Thermal Zone [THRM] (46 C) ipmi message handler version 39.0 Floppy drive(s): fd0 is 1.44M FDC 0 is a post-1991 82077 RAMDISK driver initialized: 16 RAM disks of 7777K size 1024 blocksize loop: loaded (max 8 devices) PPP generic driver version 2.4.2 Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2 ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx VP_IDE: IDE controller at PCI slot 0000:00:11.1 ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 11 PCI: setting IRQ 11 as level-triggered ACPI: PCI Interrupt 0000:00:11.1[A] -> Link [LNKA] -> GSI 11 (level, low) -> IRQ 11 PCI: VIA IRQ fixup for 0000:00:11.1, from 255 to 11 VP_IDE: chipset revision 6 VP_IDE: not 100% native mode: will probe irqs later VP_IDE: VIA vt8235 (rev 00) IDE UDMA133 controller on pci0000:00:11.1 ide0: BM-DMA at 0xe000-0xe007, BIOS settings: hda:DMA, hdb:pio ide1: BM-DMA at 0xe008-0xe00f, BIOS settings: hdc:DMA, hdd:DMA Probing IDE interface ide0... hda: SAMSUNG SV4012H, ATA DISK drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Probing IDE interface ide1... hdc: JLMS XJ-HD165H, ATAPI CD/DVD-ROM drive hdd: LITE-ON LTR-48246S, ATAPI CD/DVD-ROM drive ide1 at 0x170-0x177,0x376 on irq 15 hda: max request size: 128KiB hda: 78242976 sectors (40060 MB) w/2048KiB Cache, CHS=65535/16/63, UDMA(33) hda: cache flushes supported hda: hda1 hda2 hda3 hda4 < hda5 hda6 > hdc: ATAPI 48X DVD-ROM drive, 512kB Cache, UDMA(33) Uniform CD-ROM driver Revision: 3.20 hdd: ATAPI 48X CD-ROM CD-R/RW drive, 2048kB Cache, UDMA(33) ide-floppy driver 0.99.newide PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12 serio: i8042 AUX port at 0x60,0x64 irq 12 serio: i8042 KBD port at 0x60,0x64 irq 1 mice: PS/2 mouse device common for all mice TCP bic registered NET: Registered protocol family 1 NET: Registered protocol family 17 NET: Registered protocol family 8 NET: Registered protocol family 20 Using IPI Shortcut mode Time: tsc clocksource has been installed. ACPI: (supports S0 S3 S4<6>Time: acpi_pm clocksource has been installed. S5) input: AT Translated Set 2 keyboard as /class/input/input0 ReiserFS: hda5: found reiserfs format "3.6" with standard journal input: ImPS/2 Generic Wheel Mouse as /class/input/input1 ReiserFS: hda5: using ordered data mode ReiserFS: hda5: journal params: device hda5, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 ReiserFS: hda5: checking transaction log (hda5) ReiserFS: hda5: replayed 14 transactions in 0 seconds ReiserFS: hda5: Using r5 hash to sort names VFS: Mounted root (reiserfs filesystem) readonly. Freeing unused kernel memory: 156k freed Adding 265032k swap on /dev/hda6. Priority:-1 extents:1 across:265032k ip_tables: (C) 2000-2006 Netfilter Core Team ip_conntrack version 2.4 (2047 buckets, 16376 max) - 224 bytes per conntrack via-rhine.c:v1.10-LK1.4.1 July-24-2006 Written by Donald Becker ACPI: PCI Interrupt 0000:00:12.0[A] -> Link [LNKA] -> GSI 11 (level, low) -> IRQ 11 eth0: VIA Rhine II at 0x1ec00, 00:e0:4c:8e:49:95, IRQ 11. eth0: MII PHY found at address 1, status 0x7849 advertising 05e1 Link 0000. ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 5 PCI: setting IRQ 5 as level-triggered ACPI: PCI Interrupt 0000:00:11.5[C] -> Link [LNKC] -> GSI 5 (level, low) -> IRQ 5 PCI: Setting latency timer of device 0000:00:11.5 to 64 usbcore: registered new driver usbfs usbcore: registered new driver hub ACPI: PCI Interrupt Link [LNKD] enabled at IRQ 11 ACPI: PCI Interrupt 0000:00:10.3[D] -> Link [LNKD] -> GSI 11 (level, low) -> IRQ 11 ehci_hcd 0000:00:10.3: EHCI Host Controller ehci_hcd 0000:00:10.3: new USB bus registered, assigned bus number 1 ehci_hcd 0000:00:10.3: irq 11, io mem 0xe6010000 ehci_hcd 0000:00:10.3: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004 usb usb1: configuration #1 chosen from 1 choice hub 1-0:1.0: USB hub found hub 1-0:1.0: 6 ports detected USB Universal Host Controller Interface driver v3.0 ACPI: PCI Interrupt 0000:00:10.0[A] -> Link [LNKA] -> GSI 11 (level, low) -> IRQ 11 uhci_hcd 0000:00:10.0: UHCI Host Controller uhci_hcd 0000:00:10.0: new USB bus registered, assigned bus number 2 uhci_hcd 0000:00:10.0: irq 11, io base 0x0000d400 usb usb2: configuration #1 chosen from 1 choice hub 2-0:1.0: USB hub found hub 2-0:1.0: 2 ports detected ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 3 PCI: setting IRQ 3 as level-triggered ACPI: PCI Interrupt 0000:00:10.1[B] -> Link [LNKB] -> GSI 3 (level, low) -> IRQ 3 uhci_hcd 0000:00:10.1: UHCI Host Controller uhci_hcd 0000:00:10.1: new USB bus registered, assigned bus number 3 uhci_hcd 0000:00:10.1: irq 3, io base 0x0000d800 usb usb3: configuration #1 chosen from 1 choice hub 3-0:1.0: USB hub found hub 3-0:1.0: 2 ports detected usb 2-1: new full speed USB device using uhci_hcd and address 2 usb 2-1: configuration #1 chosen from 1 choice ACPI: PCI Interrupt 0000:00:10.2[C] -> Link [LNKC] -> GSI 5 (level, low) -> IRQ 5 uhci_hcd 0000:00:10.2: UHCI Host Controller uhci_hcd 0000:00:10.2: new USB bus registered, assigned bus number 4 uhci_hcd 0000:00:10.2: irq 5, io base 0x0000dc00 usb usb4: configuration #1 chosen from 1 choice hub 4-0:1.0: USB hub found hub 4-0:1.0: 2 ports detected [ueagle-atm] driver ueagle 1.3 loaded usb 2-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9021) : Eagle II usb 2-1: reset full speed USB device using uhci_hcd and address 2 Linux agpgart interface v0.101 (c) Dave Jones agpgart: Detected VIA P4M266x/P4N266 chipset agpgart: AGP aperture is 64M @ 0xe0000000 usb 2-1: [ueagle-atm] using iso mode usbcore: registered new driver ueagle-atm usb 2-1: [ueagle-atm] (re)booting started parport: PnPBIOS parport detected. parport0: PC-style at 0x378, irq 7 [PCSPP(,...)] usb 2-1: [ueagle-atm] modem operational usb 2-1: [ueagle-atm] ATU-R firmware version : 44e2ea17 I was waiting about one hour and I have another oops. I copy oops handy. [ I don't have a digital camera and I don't know person who wont to me lend. Sorry !!!] BUG: unable to handle kernel paging request at virtual address 000f9edf printing epip *pde=00000000 Ops: 0002 [#1] Modules linked in: ppp_deflate zlib_deflate bsd_comp pppoatm ipv6 partport_pc partport snd_pcm_oss snd_mixer_oss via_agp agpgart uagle_atm usbatm uhci_hcd ehci_hcd usbcore i2c_viapro i2c_core snd_via82xx snd_ac97.codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu_401_uart snd_rawmidi ipt_LOG snd_seq_device snd xt_limit soundcore via_rhine mii xt_tcpudp xt_state iptables_filter nls_iso8859-2 nls_cp852 ip_contract_irc ip_contract_ftp xt_contract ip_contract iptables x_tables CPU: 0 EIP: 0060: [<d0d18140>] Not tainted VLI EFLAGS: 00010083 (2.6.18 #1) EIP is at uhci_result_isochronous+0x4f/0x131 [uhci_hcd] eax: 000f9edf ebx: cf7b3600 edx:000f9edf edx:ceedfed0 esi:cf7b3600 edi:cba5c2a0 epb:ceedfed0 esp:c03adef8 ds:007b es:007b ss:0068 Process swapper (pid:0,ti=c03ac000 task=c03530a0 task.ti=c03ac000) Stack: cf15e3a0 cba5c330 ce2caac0 ceedfed0 cf7b3600 ce2caac0 00000001 ceedfed0 d0d185d1 c03adfa4 ceedfed0 cf7b3600 00000001 c03adfa4 d0d1884b 00000246 00000000 00000000 ceedfe00 d0d192ad ceedfed0 c03adfa4 ceedfe00 00000000 Call Trace: [<d0d185d1>] uhci_scan_qh+0x28/0x174 [uhci_hcd] [<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd] [<d0d192ad>] uhci_hcd_irq+0x27/0x4e [usbcore] [<c012c4c4>] handle_IRQ_event+0x21/0x47 [<c012c545>]_do_IRQ+0x5b/0xa2 [<c0104106>] do_IRQ+0x40/04d [<c0102c4a>] common_interrupt+0x1a/0x20 [<c021dfd1>] acpi_processor_idle+0x1c4/0x2c3 [<c01010c4>] cpu_idle+0x3f/0x5b [<c03ae63b>] start_kernel+0x197/0x199 Code 83 ed 14 39 c2 89 6c 24 04 0f 84 f3 00 00 00 8b 46 3c 8b 54 24 0c 3b 42 70 78 0a b8 8d ff ff ff e9 e0 00 00 00 89 c1 8b 6c 24 0c <00> 20 7b 0f 00 00 00 00 69 7f e0 ff 00 00 00 00 00 20 7b 0f 14 EIP:[<cd0d18140>] uhci_result_isochronous+0x4f/0x131 [uhci_hcd] SS:ESP 0068:c03adef8 <0> Kernel panic - not syncing: Fatal excepition in interrupt I run "objdump -d drivers/usb/host/uhci-hcd.o" and post the portion of the output for: uhci_result_isochronous 000010f1 <uhci_result_isochronous>: 10f1: 55 push %ebp 10f2: 57 push %edi 10f3: 56 push %esi 10f4: 53 push %ebx 10f5: 83 ec 10 sub $0x10,%esp 10f8: 89 44 24 0c mov %eax,0xc(%esp) 10fc: 89 54 24 08 mov %edx,0x8(%esp) 1100: 8b 42 04 mov 0x4(%edx),%eax 1103: 89 04 24 mov %eax,(%esp) 1106: 8b 50 10 mov 0x10(%eax),%edx 1109: 8b 70 0c mov 0xc(%eax),%esi 110c: 83 c0 10 add $0x10,%eax 110f: 8d 7a ec lea 0xffffffec(%edx),%edi 1112: 8b 6f 14 mov 0x14(%edi),%ebp 1115: 83 ed 14 sub $0x14,%ebp 1118: 39 c2 cmp %eax,%edx 111a: 89 6c 24 04 mov %ebp,0x4(%esp) 111e: 0f 84 f3 00 00 00 je 1217 <uhci_result_isochronous+0x126> 1124: 8b 46 3c mov 0x3c(%esi),%eax 1127: 8b 54 24 0c mov 0xc(%esp),%edx 112b: 3b 42 70 cmp 0x70(%edx),%eax 112e: 78 0a js 113a <uhci_result_isochronous+0x49> 1130: b8 8d ff ff ff mov $0xffffff8d,%eax 1135: e9 e0 00 00 00 jmp 121a <uhci_result_isochronous+0x129> 113a: 89 c1 mov %eax,%ecx 113c: 8b 6c 24 0c mov 0xc(%esp),%ebp 1140: 81 e1 ff 03 00 00 and $0x3ff,%ecx 1146: 8b 45 58 mov 0x58(%ebp),%eax 1149: 8b 1c 88 mov (%eax,%ecx,4),%ebx 114c: 85 db test %ebx,%ebx 114e: 74 35 je 1185 <uhci_result_isochronous+0x94> 1150: 8b 43 24 mov 0x24(%ebx),%eax 1153: 8b 55 54 mov 0x54(%ebp),%edx 1156: 8b 40 e0 mov 0xffffffe0(%eax),%eax 1159: 89 04 8a mov %eax,(%edx,%ecx,4) 115c: 8b 45 58 mov 0x58(%ebp),%eax 115f: 8d 6b 20 lea 0x20(%ebx),%ebp 1162: c7 04 88 00 00 00 00 movl $0x0,(%eax,%ecx,4) 1169: 39 6b 20 cmp %ebp,0x20(%ebx) 116c: 74 17 je 1185 <uhci_result_isochronous+0x94> 116e: 8b 43 24 mov 0x24(%ebx),%eax 1171: 8b 48 04 mov 0x4(%eax),%ecx 1174: 8b 10 mov (%eax),%edx 1176: 89 11 mov %edx,(%ecx) 1178: 89 4a 04 mov %ecx,0x4(%edx) 117b: 89 00 mov %eax,(%eax) 117d: 39 6b 20 cmp %ebp,0x20(%ebx) 1180: 89 40 04 mov %eax,0x4(%eax) 1183: 75 e9 jne 116e <uhci_result_isochronous+0x7d> 1185: 8b 5f 04 mov 0x4(%edi),%ebx 1188: f7 c3 00 00 80 00 test $0x800000,%ebx 118e: b9 ee ff ff ff mov $0xffffffee,%ecx 1193: 75 3d jne 11d2 <uhci_result_isochronous+0xe1> 1195: 8b 44 24 08 mov 0x8(%esp),%eax 1199: 8b 50 20 mov 0x20(%eax),%edx 119c: 89 d8 mov %ebx,%eax 119e: c1 ea 07 shr $0x7,%edx 11a1: 25 00 00 f6 00 and $0xf60000,%eax 11a6: 83 f2 01 xor $0x1,%edx 11a9: 83 e2 01 and $0x1,%edx 11ac: e8 fc f5 ff ff call 7ad <uhci_map_status> 11b1: 89 c1 mov %eax,%ecx 11b3: 8b 54 24 08 mov 0x8(%esp),%edx 11b7: 8d 43 01 lea 0x1(%ebx),%eax 11ba: 25 ff 07 00 00 and $0x7ff,%eax 11bf: 01 42 38 add %eax,0x38(%edx) 11c2: 85 c9 test %ecx,%ecx 11c4: 8b 56 2c mov 0x2c(%esi),%edx 11c7: 89 42 08 mov %eax,0x8(%edx) 11ca: 8b 46 2c mov 0x2c(%esi),%eax 11cd: 89 48 0c mov %ecx,0xc(%eax) 11d0: 74 0a je 11dc <uhci_result_isochronous+0xeb> 11d2: 8b 6c 24 08 mov 0x8(%esp),%ebp 11d6: ff 45 50 incl 0x50(%ebp) 11d9: 89 4e 40 mov %ecx,0x40(%esi) 11dc: 89 f8 mov %edi,%eax 11de: e8 71 ef ff ff call 154 <uhci_remove_td_from_urbp> 11e3: 89 fa mov %edi,%edx 11e5: 8b 44 24 0c mov 0xc(%esp),%eax 11e9: e8 e6 ee ff ff call d4 <uhci_free_td> 11ee: 83 46 2c 10 addl $0x10,0x2c(%esi) 11f2: 8b 46 38 mov 0x38(%esi),%eax 11f5: 01 46 3c add %eax,0x3c(%esi) 11f8: 8b 7c 24 04 mov 0x4(%esp),%edi 11fc: 8b 47 14 mov 0x14(%edi),%eax 11ff: 8d 57 14 lea 0x14(%edi),%edx 1202: 83 e8 14 sub $0x14,%eax 1205: 89 44 24 04 mov %eax,0x4(%esp) 1209: 8b 04 24 mov (%esp),%eax 120c: 83 c0 10 add $0x10,%eax 120f: 39 c2 cmp %eax,%edx 1211: 0f 85 0d ff ff ff jne 1124 <uhci_result_isochronous+0x33> 1217: 8b 46 40 mov 0x40(%esi),%eax 121a: 83 c4 10 add $0x10,%esp 121d: 5b pop %ebx 121e: 5e pop %esi 121f: 5f pop %edi 1220: 5d pop %ebp 1221: c3 ret ---------------------------------------------------------------------- Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-10-02 21:47 ` Arkadiusz Jałowiec @ 2006-10-03 19:52 ` Paolo Ornati 2006-10-03 20:34 ` Alan Stern 0 siblings, 1 reply; 13+ messages in thread From: Paolo Ornati @ 2006-10-03 19:52 UTC (permalink / raw) To: Arkadiusz Jałowiec; +Cc: linux-kernel, linux-usb-users, stern On Mon, 02 Oct 2006 23:47:06 +0200 Arkadiusz Jalowiec <ajalowiec@interia.pl> wrote: > BUG: unable to handle kernel paging request at virtual address 000f9edf > printing epip > *pde=00000000 > Ops: 0002 [#1] > Modules linked in: ppp_deflate zlib_deflate bsd_comp pppoatm ipv6 > partport_pc partport snd_pcm_oss snd_mixer_oss via_agp agpgart uagle_atm > usbatm uhci_hcd ehci_hcd usbcore i2c_viapro i2c_core snd_via82xx > snd_ac97.codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc > snd_mpu_401_uart snd_rawmidi ipt_LOG snd_seq_device snd xt_limit > soundcore via_rhine mii xt_tcpudp xt_state iptables_filter nls_iso8859-2 > nls_cp852 ip_contract_irc ip_contract_ftp xt_contract ip_contract > iptables x_tables > CPU: 0 > EIP: 0060: [<d0d18140>] Not tainted VLI > EFLAGS: 00010083 (2.6.18 #1) > EIP is at uhci_result_isochronous+0x4f/0x131 [uhci_hcd] > eax: 000f9edf ebx: cf7b3600 edx:000f9edf edx:ceedfed0 > esi:cf7b3600 edi:cba5c2a0 epb:ceedfed0 esp:c03adef8 > ds:007b es:007b ss:0068 > > Process swapper (pid:0,ti=c03ac000 task=c03530a0 task.ti=c03ac000) > Stack: cf15e3a0 cba5c330 ce2caac0 ceedfed0 cf7b3600 ce2caac0 00000001 > ceedfed0 > d0d185d1 c03adfa4 ceedfed0 cf7b3600 00000001 c03adfa4 d0d1884b 00000246 > 00000000 00000000 ceedfe00 d0d192ad ceedfed0 c03adfa4 ceedfe00 00000000 > > Call Trace: > [<d0d185d1>] uhci_scan_qh+0x28/0x174 [uhci_hcd] > [<d0d18846>] uhci_scan_schedule+0x72/0xec [uhci_hcd] > [<d0d192ad>] uhci_hcd_irq+0x27/0x4e [usbcore] > [<c012c4c4>] handle_IRQ_event+0x21/0x47 > [<c012c545>]_do_IRQ+0x5b/0xa2 > [<c0104106>] do_IRQ+0x40/04d > [<c0102c4a>] common_interrupt+0x1a/0x20 > [<c021dfd1>] acpi_processor_idle+0x1c4/0x2c3 > [<c01010c4>] cpu_idle+0x3f/0x5b > [<c03ae63b>] start_kernel+0x197/0x199 > > Code 83 ed 14 39 c2 89 6c 24 04 0f 84 f3 00 00 00 8b 46 3c 8b 54 24 0c > 3b 42 70 78 0a b8 8d ff ff ff e9 e0 00 00 00 89 c1 8b 6c 24 0c <00> 20 > 7b 0f 00 00 00 00 69 7f e0 ff 00 00 00 00 00 20 7b 0f 14 > > EIP:[<cd0d18140>] uhci_result_isochronous+0x4f/0x131 > [uhci_hcd] SS:ESP 0068:c03adef8 > <0> Kernel panic - not syncing: Fatal excepition in interrupt > > I run "objdump -d drivers/usb/host/uhci-hcd.o" and post the portion of > the output for: uhci_result_isochronous > > 000010f1 <uhci_result_isochronous>: [CUT] > 1115: 83 ed 14 sub $0x14,%ebp > 1118: 39 c2 cmp %eax,%edx > 111a: 89 6c 24 04 mov %ebp,0x4(%esp) > 111e: 0f 84 f3 00 00 00 je 1217 > <uhci_result_isochronous+0x126> > 1124: 8b 46 3c mov 0x3c(%esi),%eax > 1127: 8b 54 24 0c mov 0xc(%esp),%edx > 112b: 3b 42 70 cmp 0x70(%edx),%eax > 112e: 78 0a js 113a > <uhci_result_isochronous+0x49> > 1130: b8 8d ff ff ff mov $0xffffff8d,%eax > 1135: e9 e0 00 00 00 jmp 121a > <uhci_result_isochronous+0x129> > 113a: 89 c1 mov %eax,%ecx > 113c: 8b 6c 24 0c mov 0xc(%esp),%ebp > 1140: 81 e1 ff 03 00 00 and $0x3ff,%ecx || ----> EIP points here > 1146: 8b 45 58 mov 0x58(%ebp),%eax > 1149: 8b 1c 88 mov (%eax,%ecx,4),%ebx > 114c: 85 db test %ebx,%ebx > 114e: 74 35 je 1185 > <uhci_result_isochronous+0x94> > 1150: 8b 43 24 mov 0x24(%ebx),%eax > 1153: 8b 55 54 mov 0x54(%ebp),%edx > 1156: 8b 40 e0 mov 0xffffffe0(%eax),%eax > 1159: 89 04 8a mov %eax,(%edx,%ecx,4) The assembly extracted by the dumped code is: 0: 83 ed 14 sub $0x14,%ebp 3: 39 c2 cmp %eax,%edx 5: 89 6c 24 04 mov %ebp,0x4(%esp) 9: 0f 84 f3 00 00 00 je 102 <str+0x102> f: 8b 46 3c mov 0x3c(%esi),%eax 12: 8b 54 24 0c mov 0xc(%esp),%edx 16: 3b 42 70 cmp 0x70(%edx),%eax 19: 78 0a js 25 <str+0x25> 1b: b8 8d ff ff ff mov $0xffffff8d,%eax 20: e9 e0 00 00 00 jmp 105 <str+0x105> 25: 89 c1 mov %eax,%ecx 27: 8b 6c 24 0c mov 0xc(%esp),%ebp 2b: 00 20 add %ah,(%eax) || ----> EIP points here 2d: 7b 0f jnp 3e <str+0x3e> 2f: 00 00 add %al,(%eax) 31: 00 00 add %al,(%eax) 33: 69 7f e0 ff 00 00 00 imul $0xff,0xffffffe0(%edi),%edi 3a: 00 00 add %al,(%eax) 3c: 20 7b 0f and %bh,0xf(%ebx) 3f: 14 The code dumped from memory matches the original one up to, and not including, the failing istruction. From that point the code is different. The failure is only a natural consequence of: add %ah,(%eax) with "eax" pointing to 000f9edf, that belongs to the BIOS reserved memory region... The real problem is that the code starting from "0xcd0d18140" has been overwritten by something :( Another thing: both panics happened in interrupt context and both times uhci driver is involved. And this is the data that has overwritten the code: 00 20 7b 0f 00 00 00 00 69 7f e0 ff 00 00 00 00 00 20 7b 0f 14 ^^^^^^^^^^^ ^^^^^^^^^^^ Maybe someone have an idea of where does this data come from? To me it looks like a struct with ints / pointers: { 0x0f7b2000, NULL, 0xffe07f69, NULL, 0x0f7b2000, 0x......14 } Maybe this will ring some bells... -- Paolo Ornati Linux 2.6.18 on x86_64 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-10-03 19:52 ` Paolo Ornati @ 2006-10-03 20:34 ` Alan Stern 2006-10-04 7:14 ` Paolo Ornati 0 siblings, 1 reply; 13+ messages in thread From: Alan Stern @ 2006-10-03 20:34 UTC (permalink / raw) To: Paolo Ornati; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users On Tue, 3 Oct 2006, Paolo Ornati wrote: > The code dumped from memory matches the original one up to, and not > including, the failing istruction. From that point the code is > different. > > > The failure is only a natural consequence of: > > add %ah,(%eax) > > with "eax" pointing to 000f9edf, that belongs to the BIOS reserved > memory region... > > > The real problem is that the code starting from "0xcd0d18140" has been > overwritten by something :( > > > Another thing: both panics happened in interrupt context and both times > uhci driver is involved. I wonder whether the code in question was supposed to be running at all. Arkadiusz, what sort of USB devices do you have attached to the computer? What does /proc/bus/usb/devices say (you may need to do "mount -t usbfs none /proc/bus/usb" before you can see the file)? > And this is the data that has overwritten the code: > > 00 20 7b 0f 00 00 00 00 69 7f e0 ff 00 00 00 00 00 20 7b 0f 14 > ^^^^^^^^^^^ ^^^^^^^^^^^ > > > Maybe someone have an idea of where does this data come from? In principle that data could be coming from anywhere. It doesn't have to be related at all to uhci-hcd. If you move the USB devices over to another Linux computer, does the new computer then have the same problem? Alan Stern ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-10-03 20:34 ` Alan Stern @ 2006-10-04 7:14 ` Paolo Ornati 2006-10-04 7:16 ` Paolo Ornati 0 siblings, 1 reply; 13+ messages in thread From: Paolo Ornati @ 2006-10-04 7:14 UTC (permalink / raw) To: Alan Stern; +Cc: Arkadiusz Jałowiec, linux-kernel, linux-usb-users On Tue, 3 Oct 2006 16:34:51 -0400 (EDT) Alan Stern <stern@rowland.harvard.edu> wrote: > I wonder whether the code in question was supposed to be running at all. > Arkadiusz, what sort of USB devices do you have attached to the computer? He of course has an ADSL USB modem (sice he uses uEagle-ATM driver)... So one obvious test that Arkadiusz can make is to try to crash 2.6.18 without using his modem: just detach the USB cable before boot so the driver isn't loaded (and even if it's loaded by a "modprobe" in init scripts, it can't do much). -- Paolo Ornati Linux 2.6.18 on x86_64 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [Linux-usb-users] PROBLEM: Kernel 2.6.x freeze 2006-10-04 7:14 ` Paolo Ornati @ 2006-10-04 7:16 ` Paolo Ornati 0 siblings, 0 replies; 13+ messages in thread From: Paolo Ornati @ 2006-10-04 7:16 UTC (permalink / raw) To: Paolo Ornati Cc: Alan Stern, Arkadiusz Jałowiec, linux-kernel, linux-usb-users On Wed, 4 Oct 2006 09:14:19 +0200 Paolo Ornati <ornati@fastwebnet.it> wrote: > So one obvious test that Arkadiusz can make is to try to crash 2.6.18 > without using his modem: just detach the USB cable before boot so the > driver isn't loaded (and even if it's loaded by a "modprobe" in > init scripts, it can't do much). Note for Arkadiusz: you don't have to stay on the textual console to capture another Oops. Do whatever you want and just tell if it crash or not. -- Paolo Ornati Linux 2.6.18 on x86_64 ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2006-10-04 7:19 UTC | newest] Thread overview: 13+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-09-28 7:33 PROBLEM: Kernel 2.6.x freeze Arkadiusz Jałowiec 2006-09-28 9:41 ` Paolo Ornati 2006-09-29 12:38 ` Paolo Ornati 2006-09-29 21:29 ` [Linux-usb-users] " Alan Stern 2006-09-30 7:56 ` [Linux-usb-users[ " Arkadiusz Jałowiec 2006-09-30 12:14 ` [Linux-usb-users] " Paolo Ornati 2006-09-30 15:49 ` Alan Stern 2006-10-01 14:10 ` Paolo Ornati 2006-10-02 21:47 ` Arkadiusz Jałowiec 2006-10-03 19:52 ` Paolo Ornati 2006-10-03 20:34 ` Alan Stern 2006-10-04 7:14 ` Paolo Ornati 2006-10-04 7:16 ` Paolo Ornati
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox