This is when shutting down. I have the two patches from Jack Simmons
for the illegal context and the broken cursor applied and nothing
else.
uhci-hcd 00:07.2: remove, state 3
usb usb1: USB disconnect, address 1
Slab corruption: start=c5e0b21c, expend=c5e0b2db, problemat=c5e0b224
Last user: [<c0166732>](load_elf_binary+0x86e/0xb0c)
Data: ********00 **************************************************************************************************************************************************************************************A5
Next: 71 F0 2C .32 67 16 C0 A5 C2 0F 17 E0 5F 3B C0 48 E2 E0 C5 34 E9 D2 C3 00 00 00 00 00 00 00 00
slab error in check_poison_obj(): cache `size-192': object was modified after freeing
Call Trace:
[<c01308dd>] __slab_error+0x21/0x28
[<c0130ccc>] check_poison_obj+0x174/0x180
[<c0131f8a>] kmalloc+0xc6/0x174
[<c0165fd5>] load_elf_binary+0x111/0xb0c
[<c0165fd5>] load_elf_binary+0x111/0xb0c
[<c012ea2f>] buffered_rmqueue+0xff/0x110
[<c012eace>] __alloc_pages+0x8e/0x274
[<c014c9ad>] search_binary_handler+0xcd/0x260
[<c0165ec4>] load_elf_binary+0x0/0xb0c
[<c014cca8>] do_execve+0x168/0x1f0
[<c0107873>] sys_execve+0x2f/0x68
[<c0108d4b>] syscall_call+0x7/0xb
uhci-hcd 00:07.2: USB bus 1 deregistered
uhci-hcd 00:07.2: dangling refs (1) to bus 1!
Unable to handle kernel paging request at virtual address 6b6b6b6f
printing eip:
c011ef6f
*pde = 00000000
Oops: 0002 [#1]
CPU: 0
EIP: 0060:[<c011ef6f>] Not tainted
EFLAGS: 00010012
EIP is at run_timer_softirq+0xd7/0x138
eax: 6b6b6b6b ebx: c2f64000 ecx: c5e24254 edx: 6b6b6b6b
esi: c03775c0 edi: 6b6b6b6b ebp: c2f65f84 esp: c2f65f70
ds: 007b es: 007b ss: 0068
Process rmmod (pid: 1391, threadinfo=c2f64000 task=c36aa140)
Stack: 00000011 c0412868 ffffffdd 00000150 6b6b6b6b c2f65fa0 c011b981 c0412868
c2f64000 c2f64000 c03eba00 00000046 c2f65fbc c010a360 400114ac 080486e0
400116d8 c037650c 00000000 bffff838 c0108eb8 400114ac 0804aa70 00000007
Call Trace:
[<c011b981>] do_softirq+0x51/0xb0
[<c010a360>] <1>Unable to handle kernel paging request at virtual address c6c0e000
printing eip:
c0261229
*pde = 05ea4067
*pte = 00000000
Oops: 0000 [#2]
CPU: 0
EIP: 0060:[<c0261229>] Not tainted
EFLAGS: 00010012
EIP is at bitfill32+0x99/0x1e0
eax: c6c0e000 ebx: c6c0e000 ecx: 00000000 edx: 00002000
esi: 00000000 edi: 00002000 ebp: c2f65af0 esp: c2f65ac0
ds: 007b es: 007b ss: 0068
Process rmmod (pid: 1391, threadinfo=c2f64000 task=c36aa140)
Stack: c6c0e000 c034f5a0 00000092 c6c0e000 c034f5a0 00000092 00000000 c0261190
00000000 c6c0e000 00000000 ffffffff c2f65b44 c0261bd0 c6c0e000 00000000
00000000 00002000 00000000 00000400 00000800 00000010 00000010 00000008
Call Trace:
[<c0261190>] bitfill32+0x0/0x1e0
[<c0261bd0>] cfb_fillrect+0x180/0x290
[<c02608e9>] neofb_fillrect+0x29/0x30
[<c0259376>] accel_clear+0x7a/0x84
[<c025a130>] fbcon_clear+0x114/0x120
[<c025b224>] fbcon_scroll+0x754/0x994
[<c021efa5>] scrup+0x71/0x108
[<c02204cf>] lf+0x33/0x64
[<c0222da4>] vt_console_print+0x198/0x2c4
[<c0118b37>] __call_console_drivers+0x3b/0x50
[<c0118b9c>] _call_console_drivers+0x50/0x58
[<c0118c5c>] call_console_drivers+0xb8/0xe8
[<c0118ef7>] release_console_sem+0x5b/0xd0
[<c0118e1f>] printk+0x127/0x158
[<c012ae5a>] __print_symbol+0x106/0x11c
[<c010a360>] do_IRQ+0x114/0x130
[<c010a360>] do_IRQ+0x114/0x130
[<c010910c>] show_trace+0x6c/0x8c
[<c010a360>] do_IRQ+0x114/0x130
[<c01091b8>] show_stack+0x68/0x74
[<c01092d3>] show_registers+0xfb/0x164
[<c0109424>] die+0x60/0x84
[<c011400c>] do_page_fault+0x2dc/0x40e
[<c0113d30>] do_page_fault+0x0/0x40e
[<c013b7d7>] pte_chain_alloc+0x1b/0x84
[<c0137884>] do_no_page+0x2b0/0x2bc
[<c01379bb>] handle_mm_fault+0x6b/0x120
[<c0126564>] rcu_check_callbacks+0x54/0x58
[<c0114fcb>] scheduler_tick+0x63/0x2e4
[<c011ee70>] update_process_times+0x2c/0x38
[<c0108ef5>] error_code+0x2d/0x38
[<c011ef6f>] run_timer_softirq+0xd7/0x138
[<c011b981>] do_softirq+0x51/0xb0
[<c010a360>] do_IRQ+0x114/0x130
[<c0108eb8>] common_interrupt+0x18/0x20
Code: 8b 10 89 f0 31 d0 23 45 fc 31 d0 8b 55 f4 89 02 8b 4d 0c 83
<0>Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing
--
#include <~/.signature>: permission denied
Jochen Hein <[email protected]> wrote:
>
>
> This is when shutting down. I have the two patches from Jack Simmons
> for the illegal context and the broken cursor applied and nothing
> else.
>
> uhci-hcd 00:07.2: remove, state 3
> usb usb1: USB disconnect, address 1
There's some nastiness in the USB disconnect code. Does David Brownell's
patch help?
--- 1.15/drivers/usb/core/urb.c Thu Mar 13 10:45:40 2003
+++ edited/drivers/usb/core/urb.c Thu Mar 20 11:17:55 2003
@@ -384,11 +384,11 @@
/* FIXME
* We should not care about the state here, but the host controllers
* die a horrible death if we unlink a urb for a device that has been
- * physically removed.
+ * physically removed. (after driver->disconnect returns...)
*/
if (urb &&
urb->dev &&
- (urb->dev->state >= USB_STATE_DEFAULT) &&
+ // (urb->dev->state >= USB_STATE_DEFAULT) &&
urb->dev->bus &&
urb->dev->bus->op)
return urb->dev->bus->op->unlink_urb(urb);
On Wed, Mar 26, 2003 at 01:30:21PM -0800, Andrew Morton wrote:
> Jochen Hein <[email protected]> wrote:
> >
> >
> > This is when shutting down. I have the two patches from Jack Simmons
> > for the illegal context and the broken cursor applied and nothing
> > else.
> >
> > uhci-hcd 00:07.2: remove, state 3
> > usb usb1: USB disconnect, address 1
>
> There's some nastiness in the USB disconnect code. Does David Brownell's
> patch help?
Sad thing is, this patch breaks other things :(
I'm still trying to track this one down...
thanks,
greg k-h