Hi!
I got this oops when inserting mouse/keyboard (both usb).
usb 1-1: new low speed USB device using address 4
input: USB HID v1.00 Mouse [Cypress Sem USB Mouse] on usb-0001:01:18.0-1
Oops: kernel access of bad area, sig: 11 [#1]
NIP: 5A5A5A58 LR: C026D8B0 SP: ED6B1E10 REGS: ed6b1d60 TRAP: 0401 Not
tainted
MSR: 40009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11
TASK = edb87320[1332] 'pbbuttonsd' Last syscall: 5
GPR00: 5A5A5A5A ED6B1E10 EDB87320 C1991894 E2DB789C 00000000 E7909300
ED6B1DC0
GPR08: 00000000 00000000 C03DA5A0 00000005 84000428
Call trace:
[c02704ac] evdev_open+0x64/0x104
[c026e814] input_open_file+0x98/0x1cc
[c00675a8] chrdev_open+0xe0/0x16c
[c005c0b4] dentry_open+0x15c/0x230
[c005bf54] filp_open+0x64/0x68
[c005c43c] sys_open+0x68/0xa0
[c0005d3c] ret_from_syscall+0x0/0x44
usb 2-1: new low speed USB device using address 4
input: USB HID v1.00 Keyboard [PTC HID PS/2 Keyboard - PS/2 Mouse] on
usb-0001:01:19.0-1
input: USB HID v1.00 Mouse [PTC HID PS/2 Keyboard - PS/2 Mouse] on
usb-0001:01:19.0-1
Thanks for any suggestions...
I can probably give more infos as xmon is compiled in the kernel here.
Thanks in advance,
Soeren.
On Sat, 2004-03-13 at 00:25, Soeren Sonnenburg wrote:
> Hi!
>
> I got this oops when inserting mouse/keyboard (both usb).
>
> usb 1-1: new low speed USB device using address 4
> input: USB HID v1.00 Mouse [Cypress Sem USB Mouse] on usb-0001:01:18.0-1
> Oops: kernel access of bad area, sig: 11 [#1]
> NIP: 5A5A5A58 LR: C026D8B0 SP: ED6B1E10 REGS: ed6b1d60 TRAP: 0401 Not
NIP is the program counter, something tried to jump into nowhereland,
find out who by looking at who "owns" C026D8B0 in System.map
> tainted
> MSR: 40009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11
> TASK = edb87320[1332] 'pbbuttonsd' Last syscall: 5
> GPR00: 5A5A5A5A ED6B1E10 EDB87320 C1991894 E2DB789C 00000000 E7909300
> ED6B1DC0
> GPR08: 00000000 00000000 C03DA5A0 00000005 84000428
> Call trace:
> [c02704ac] evdev_open+0x64/0x104
> [c026e814] input_open_file+0x98/0x1cc
> [c00675a8] chrdev_open+0xe0/0x16c
> [c005c0b4] dentry_open+0x15c/0x230
> [c005bf54] filp_open+0x64/0x68
> [c005c43c] sys_open+0x68/0xa0
> [c0005d3c] ret_from_syscall+0x0/0x44
> usb 2-1: new low speed USB device using address 4
> input: USB HID v1.00 Keyboard [PTC HID PS/2 Keyboard - PS/2 Mouse] on
> usb-0001:01:19.0-1
> input: USB HID v1.00 Mouse [PTC HID PS/2 Keyboard - PS/2 Mouse] on
> usb-0001:01:19.0-1
>
> Thanks for any suggestions...
>
> I can probably give more infos as xmon is compiled in the kernel here.
>
> Thanks in advance,
> Soeren.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Benjamin Herrenschmidt <[email protected]>
On Sat, 2004-03-13 at 01:23, Benjamin Herrenschmidt wrote:
> On Sat, 2004-03-13 at 00:25, Soeren Sonnenburg wrote:
> > Hi!
> >
> > I got this oops when inserting mouse/keyboard (both usb).
> >
> > usb 1-1: new low speed USB device using address 4
> > input: USB HID v1.00 Mouse [Cypress Sem USB Mouse] on usb-0001:01:18.0-1
> > Oops: kernel access of bad area, sig: 11 [#1]
> > NIP: 5A5A5A58 LR: C026D8B0 SP: ED6B1E10 REGS: ed6b1d60 TRAP: 0401 Not
>
> NIP is the program counter, something tried to jump into nowhereland,
> find out who by looking at who "owns" C026D8B0 in System.map
this is the area around c026d8b0, so input_accept_process or noone ?!
c026d350 T input_event
c026d7c0 t input_repeat_key
c026d874 T input_accept_process
c026d8b8 T input_grab_device
c026d8dc T input_release_device
c026d8f8 T input_open_device
c026d94c T input_flush_device
c026d990 T input_close_device
Soeren
On Sat, 2004-03-13 at 18:49, Soeren Sonnenburg wrote:
> On Sat, 2004-03-13 at 01:23, Benjamin Herrenschmidt wrote:
> > On Sat, 2004-03-13 at 00:25, Soeren Sonnenburg wrote:
> > > Hi!
> > >
> > > I got this oops when inserting mouse/keyboard (both usb).
> > >
> > > usb 1-1: new low speed USB device using address 4
> > > input: USB HID v1.00 Mouse [Cypress Sem USB Mouse] on usb-0001:01:18.0-1
> > > Oops: kernel access of bad area, sig: 11 [#1]
> > > NIP: 5A5A5A58 LR: C026D8B0 SP: ED6B1E10 REGS: ed6b1d60 TRAP: 0401 Not
> >
> > NIP is the program counter, something tried to jump into nowhereland,
> > find out who by looking at who "owns" C026D8B0 in System.map
>
> this is the area around c026d8b0, so input_accept_process or noone ?!
Yup, input_accept_process called into oblivion, apparently a poisoned
region even (use after free ?)
Vojtech, any clue ?
Ben.
On Fri, Mar 12, 2004 at 02:25:36PM +0100, Soeren Sonnenburg wrote:
> Hi!
>
> I got this oops when inserting mouse/keyboard (both usb).
>
> usb 1-1: new low speed USB device using address 4
> input: USB HID v1.00 Mouse [Cypress Sem USB Mouse] on usb-0001:01:18.0-1
> Oops: kernel access of bad area, sig: 11 [#1]
> NIP: 5A5A5A58 LR: C026D8B0 SP: ED6B1E10 REGS: ed6b1d60 TRAP: 0401 Not
> tainted
> MSR: 40009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11
> TASK = edb87320[1332] 'pbbuttonsd' Last syscall: 5
> GPR00: 5A5A5A5A ED6B1E10 EDB87320 C1991894 E2DB789C 00000000 E7909300
> ED6B1DC0
> GPR08: 00000000 00000000 C03DA5A0 00000005 84000428
> Call trace:
> [c02704ac] evdev_open+0x64/0x104
> [c026e814] input_open_file+0x98/0x1cc
> [c00675a8] chrdev_open+0xe0/0x16c
> [c005c0b4] dentry_open+0x15c/0x230
> [c005bf54] filp_open+0x64/0x68
> [c005c43c] sys_open+0x68/0xa0
> [c0005d3c] ret_from_syscall+0x0/0x44
> usb 2-1: new low speed USB device using address 4
> input: USB HID v1.00 Keyboard [PTC HID PS/2 Keyboard - PS/2 Mouse] on
> usb-0001:01:19.0-1
> input: USB HID v1.00 Mouse [PTC HID PS/2 Keyboard - PS/2 Mouse] on
> usb-0001:01:19.0-1
>
> Thanks for any suggestions...
>
> I can probably give more infos as xmon is compiled in the kernel here.
Is this reproducible, or does it happen only rarely? I suspect it could
be a race somewhere ...
--
Vojtech Pavlik
SuSE Labs, SuSE CR
On Sat, 2004-03-13 at 13:10, Vojtech Pavlik wrote:
> On Fri, Mar 12, 2004 at 02:25:36PM +0100, Soeren Sonnenburg wrote:
> > Hi!
> >
> > I got this oops when inserting mouse/keyboard (both usb).
> >
> > usb 1-1: new low speed USB device using address 4
> > input: USB HID v1.00 Mouse [Cypress Sem USB Mouse] on usb-0001:01:18.0-1
> > Oops: kernel access of bad area, sig: 11 [#1]
> > NIP: 5A5A5A58 LR: C026D8B0 SP: ED6B1E10 REGS: ed6b1d60 TRAP: 0401 Not
> > tainted
> > MSR: 40009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11
> > TASK = edb87320[1332] 'pbbuttonsd' Last syscall: 5
> > GPR00: 5A5A5A5A ED6B1E10 EDB87320 C1991894 E2DB789C 00000000 E7909300
> > ED6B1DC0
> > GPR08: 00000000 00000000 C03DA5A0 00000005 84000428
> > Call trace:
> > [c02704ac] evdev_open+0x64/0x104
> > [c026e814] input_open_file+0x98/0x1cc
> > [c00675a8] chrdev_open+0xe0/0x16c
> > [c005c0b4] dentry_open+0x15c/0x230
> > [c005bf54] filp_open+0x64/0x68
> > [c005c43c] sys_open+0x68/0xa0
> > [c0005d3c] ret_from_syscall+0x0/0x44
> > usb 2-1: new low speed USB device using address 4
> > input: USB HID v1.00 Keyboard [PTC HID PS/2 Keyboard - PS/2 Mouse] on
> > usb-0001:01:19.0-1
> > input: USB HID v1.00 Mouse [PTC HID PS/2 Keyboard - PS/2 Mouse] on
> > usb-0001:01:19.0-1
> >
> > Thanks for any suggestions...
> >
> > I can probably give more infos as xmon is compiled in the kernel here.
>
> Is this reproducible, or does it happen only rarely? I suspect it could
> be a race somewhere ...
It happens reproducably even when booting without X (and it always the
very same oops I get). However it seems to only happen in connection
with pbbuttonsd which has to be reloaded (causing it to rescan for
changed usb hid devices) via hotplug... The oops happens when I remove a
device, which in turn causes hotplug to make pbbuttonsd rescan for
added/removed devices which then somehow triggers this oops.
So could this be pbbuttonsd's fault :? or is it indeed some kernel bug ?
Soeren
On Mon, Mar 15, 2004 at 12:13:16PM +0100, Soeren Sonnenburg wrote:
> > > I can probably give more infos as xmon is compiled in the kernel here.
> >
> > Is this reproducible, or does it happen only rarely? I suspect it could
> > be a race somewhere ...
>
> It happens reproducably even when booting without X (and it always the
> very same oops I get). However it seems to only happen in connection
> with pbbuttonsd which has to be reloaded (causing it to rescan for
> changed usb hid devices) via hotplug... The oops happens when I remove a
> device, which in turn causes hotplug to make pbbuttonsd rescan for
> added/removed devices which then somehow triggers this oops.
>
> So could this be pbbuttonsd's fault :? or is it indeed some kernel bug ?
It's a kernel bug, definitely. And it's interesting to know that it
happens on device _removal_, that means HID could be freeing the device
structs earlier than evdev is stopping to use them.
--
Vojtech Pavlik
SuSE Labs, SuSE CR
On Mon, 2004-03-15 at 13:21, Vojtech Pavlik wrote:
> On Mon, Mar 15, 2004 at 12:13:16PM +0100, Soeren Sonnenburg wrote:
[...]
> > So could this be pbbuttonsd's fault :? or is it indeed some kernel bug ?
>
> It's a kernel bug, definitely. And it's interesting to know that it
> happens on device _removal_, that means HID could be freeing the device
> structs earlier than evdev is stopping to use them.
It does not happen with 2.6.3-ben2 if that helps...
Soeren