Re: oops with USB Storage on 2.6.14

From: Masanari Iida
Date: Sun Oct 30 2005 - 19:41:07 EST

Next message: linux-os (Dick Johnson): "Re: Is sharpzdc_cs.o not a derivitive work of Linux?"
Previous message: Rafael J. Wysocki: "Re: [PATCH 2/3] swsusp: move snapshot-handling functions to snapshot.c"
In reply to: Andrew Morton: "Re: oops with USB Storage on 2.6.14"
Next in thread: Andrew Morton: "Re: oops with USB Storage on 2.6.14"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> Could you please try disabling CONFIG_DEBUG_PAGEALLOC and retest? If that
> works OK, it's probably a use-after-free.
>
Hello Andrew,

I did disabled CONFIG_DEBUG_PAGEALLOC and re-tested on 2.6.14-rc1.
Now the oops didn't happen when I connect digital camera to the USB.
I could mount the camera as USB storage.
But oops still happen when I turned the camera power off.
(This oops didn't halt my system, BTW)

# Unable to handle kernel paging request at virtual address 6b6b6bb3
printing eip:
c02b88ca
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: autofs e100 ipt_LOG ipt_state ip_conntrack
ipt_recent iptable_filter ip_tables video rtc
CPU: 0
EIP: 0060:[<c02b88ca>] Not tainted VLI
EFLAGS: 00010296 (2.6.14-rc1)
EIP is at scsi_remove_device+0x3a/0x50
eax: 00000001 ebx: dee9f478 ecx: 00000000 edx: 6b6b6b6b
esi: de6655c4 edi: de6655bc ebp: dfd4fdb4 esp: dfd4fda4
ds: 007b es: 007b ss: 0068
Process khubd (pid: 15, threadinfo=dfd4e000 task=dff1f030)
Stack: dee9f478 00000066 dee9f478 de6655c4 dfd4fdcc c02b89a1 dee9f478 de6655c8
de213c98 de6655c4 dfd4fde8 c02b8a16 de213c84 dfd4fde8 00000282 de6655c8
de6655c8 dfd4fe04 c02b7655 de213c98 de6655cc de6655c4 de6656e0 de213a8c
Call Trace:
[<c0103aaf>] show_stack+0x7f/0xa0
[<c0103c62>] show_registers+0x162/0x1d0
[<c0103e74>] die+0xf4/0x1a0
[<c039cfce>] do_page_fault+0x31e/0x640
[<c0103753>] error_code+0x4f/0x54
[<c02b89a1>] __scsi_remove_target+0xc1/0xe0
[<c02b8a16>] scsi_remove_target+0x26/0x60
[<c02b7655>] scsi_forget_host+0x45/0x70
[<c02afd97>] scsi_remove_host+0x57/0xa0
[<c02e5145>] quiesce_and_remove_host+0x75/0xb0
[<c02e55fd>] storage_disconnect+0x1d/0x2c
[<c02c8286>] usb_unbind_interface+0x86/0x90
[<c025617b>] __device_release_driver+0x8b/0x90
[<c02561b6>] device_release_driver+0x36/0x50
[<c02557c9>] bus_remove_device+0x79/0x90
[<c0254525>] device_del+0x35/0x70
[<c02d00fb>] usb_disable_device+0xfb/0x130
[<c02caa46>] usb_disconnect+0xc6/0x180
[<c02cbe2f>] hub_port_connect_change+0x3cf/0x400
[<c02cc12e>] hub_events+0x2ce/0x410
[<c02cc285>] hub_thread+0x15/0xf0
[<c0131aaa>] kthread+0xba/0xc0
[<c0100ecd>] kernel_thread_helper+0x5/0x18
Code: 5d 08 89 75 fc 8b 33 89 44 24 04 c7 04 24 e8 a8 3b c0 e8 9a 14
e6 ff f0 ff 4e 48 0f 88 a8 04 00 00 89 1c
24 e8 38 ff ff ff 8b 13 <f0> ff 42 48 0f 8e a1 04 00 00 8b 5d f8 8b
75 fc 89 ec 5d c3 89

If you need some more test, let me know.
In that case, please specify which version of kernel you want me to test.

Regards,

Masanari iida
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: linux-os (Dick Johnson): "Re: Is sharpzdc_cs.o not a derivitive work of Linux?"
Previous message: Rafael J. Wysocki: "Re: [PATCH 2/3] swsusp: move snapshot-handling functions to snapshot.c"
In reply to: Andrew Morton: "Re: oops with USB Storage on 2.6.14"
Next in thread: Andrew Morton: "Re: oops with USB Storage on 2.6.14"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]