Alan Stern wrote:
On Wed, 18 Oct 2006, Helge Hafting wrote:
[...]
That's why I asked for the USB debugging logs (which you forgot to include here).
Attached dmesg.gz with lots of usb messages.
To bring it down: dd if=/dev/sdc of=sdc.dump bs=1M
This time, it seems to have crashed on the first megabyte. I mounted the filesystem synchronously, and still I had 0 bytes in the dumpfile. The crash also came with no delay after pressing enter.
It's possible that both of these are caused by something unrelated overwriting kernel memory.
something like a function pointer mistaken for a data pointer?
By the way, what happens if you add a "skip=" argument to dd so that the copy begins near the end of the device? Does the oops then occur that much sooner?
No, it is random. May happen immediately, may happen after a while. I even had "cfdisk /dev/sdc" crash on me fresh after a reboot.
Oh, and the next time this happens, could you copy down all of the code bytes from the oops message? And also provide the section from "objdump -d drivers/usb/host/ehci-hcd.o" for the start_unlink_async routine?
objdump for start_unlink_async attached. From the BUG: Stack (All I got before it rebooted after 300s) 00000010 c0664dc8 dff84000 dffdbc00 dffdb600 00000296 df9244c0 c03248de c0664dc8 EIP: [<c031f823>] start_unlink_async+0x16/0xf2 SS:ESP:0068:c0664d58Code (Complete) 5d e9 8e 31 ff ff f6 43 28 01 75 b8 c7 43 24 00 00 00 00 eb af
57 56 53 83 ec 10 89 c6 89 d3 8b 48 04 8b 39 8b 40 14 85 c0 74
6f <0f> 0b 39 5e 10 74 78 c6 43 68 02 8d 43 60 e8 9f 3c f1 ff 89 5e
I found this in the start_unlink_async dump - here it is with the
same line breaking as well as the differences:
{Before start_unlink_async}
5d
e9 8e 31 ff ff ; objdump has "e9 fc ff ff ff" here, it is a jump
f6 43 28 01
75 b8
c7 43 24 00 00 00 00
eb af
start_unlink_async
57
56
53
83 ec 10
89 c6
89 d3
8b 48 04
8b 39
8b 40 14
85 c0
74 6f
0f 0b
39 5e 10
74 78
c6 43 68 02
8d 43 60
e8 9f 3c f1 ff ; objdump has "e8 fc ff ff ff" here, a call
89 5e
Calls and jumps are different, but I guess that is just linking effects?
Hope this is useful,
Helge Hafting
Attachment:
dmesg.gz
Description: application/gzip
00000fed <start_unlink_async>:
fed: 57 push %edi
fee: 56 push %esi
fef: 53 push %ebx
ff0: 83 ec 10 sub $0x10,%esp
ff3: 89 c6 mov %eax,%esi
ff5: 89 d3 mov %edx,%ebx
ff7: 8b 48 04 mov 0x4(%eax),%ecx
ffa: 8b 39 mov (%ecx),%edi
ffc: 8b 40 14 mov 0x14(%eax),%eax
fff: 85 c0 test %eax,%eax
1001: 74 6f je 1072 <start_unlink_async+0x85>
1003: 0f 0b ud2a
1005: 39 5e 10 cmp %ebx,0x10(%esi)
1008: 74 78 je 1082 <start_unlink_async+0x95>
100a: c6 43 68 02 movb $0x2,0x68(%ebx)
100e: 8d 43 60 lea 0x60(%ebx),%eax
1011: e8 fc ff ff ff call 1012 <start_unlink_async+0x25>
1016: 89 5e 14 mov %ebx,0x14(%esi)
1019: 8b 4e 10 mov 0x10(%esi),%ecx
101c: 8b 41 48 mov 0x48(%ecx),%eax
101f: 39 c3 cmp %eax,%ebx
1021: 74 09 je 102c <start_unlink_async+0x3f>
1023: 89 c1 mov %eax,%ecx
1025: 8b 40 48 mov 0x48(%eax),%eax
1028: 39 c3 cmp %eax,%ebx
102a: 75 f7 jne 1023 <start_unlink_async+0x36>
102c: 8b 03 mov (%ebx),%eax
102e: 89 01 mov %eax,(%ecx)
1030: 8b 43 48 mov 0x48(%ebx),%eax
1033: 89 41 48 mov %eax,0x48(%ecx)
1036: 8b 46 fc mov 0xfffffffc(%esi),%eax
1039: 85 c0 test %eax,%eax
103b: 0f 84 83 00 00 00 je 10c4 <start_unlink_async+0xd7>
1041: 8b 46 04 mov 0x4(%esi),%eax
1044: 83 cf 40 or $0x40,%edi
1047: 89 38 mov %edi,(%eax)
1049: 8b 46 04 mov 0x4(%esi),%eax
104c: 8b 00 mov (%eax),%eax
104e: 8b 86 84 00 00 00 mov 0x84(%esi),%eax
1054: 85 c0 test %eax,%eax
1056: 75 41 jne 1099 <start_unlink_async+0xac>
1058: 8b 15 00 00 00 00 mov 0x0,%edx
105e: 8d 86 84 00 00 00 lea 0x84(%esi),%eax
1064: 83 c2 0a add $0xa,%edx
1067: 83 c4 10 add $0x10,%esp
106a: 5b pop %ebx
106b: 5e pop %esi
106c: 5f pop %edi
106d: e9 fc ff ff ff jmp 106e <start_unlink_async+0x81>
1072: 0f b6 52 68 movzbl 0x68(%edx),%edx
1076: 80 fa 01 cmp $0x1,%dl
1079: 74 8a je 1005 <start_unlink_async+0x18>
107b: 80 fa 04 cmp $0x4,%dl
107e: 75 83 jne 1003 <start_unlink_async+0x16>
1080: eb 83 jmp 1005 <start_unlink_async+0x18>
1082: 8b 56 fc mov 0xfffffffc(%esi),%edx
1085: 85 d2 test %edx,%edx
1087: 74 09 je 1092 <start_unlink_async+0xa5>
1089: 85 c0 test %eax,%eax
108b: 90 nop
108c: 8d 74 26 00 lea 0x0(%esi),%esi
1090: 74 3e je 10d0 <start_unlink_async+0xe3>
1092: 83 c4 10 add $0x10,%esp
1095: 5b pop %ebx
1096: 5e pop %esi
1097: 5f pop %edi
1098: c3 ret
1099: c7 44 24 0c 65 00 00 movl $0x65,0xc(%esp)
10a0: 00
10a1: c7 44 24 08 78 00 00 movl $0x78,0x8(%esp)
10a8: 00
10a9: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp)
10b0: 00
10b1: c7 04 24 18 00 00 00 movl $0x18,(%esp)
10b8: e8 fc ff ff ff call 10b9 <start_unlink_async+0xcc>
10bd: e8 fc ff ff ff call 10be <start_unlink_async+0xd1>
10c2: eb 94 jmp 1058 <start_unlink_async+0x6b>
10c4: 31 d2 xor %edx,%edx
10c6: 89 f0 mov %esi,%eax
10c8: 83 c4 10 add $0x10,%esp
10cb: 5b pop %ebx
10cc: 5e pop %esi
10cd: 5f pop %edi
10ce: eb 0f jmp 10df <end_unlink_async>
10d0: 83 e7 df and $0xffffffdf,%edi
10d3: 89 39 mov %edi,(%ecx)
10d5: 0f ba b6 b4 00 00 00 btrl $0x2,0xb4(%esi)
10dc: 02
10dd: eb b3 jmp 1092 <start_unlink_async+0xa5>
- Follow-Ups:
- References:
- Prev by Date: Badness in irq_create_mapping at arch/powerpc/kernel/irq.c:527
- Next by Date: [PATCH] diskquota: 32bit quota tools on 64bit architectures
- Previous by thread: Re: [linux-usb-devel] 2.6.19-rc1-mm1 - locks when using "dd bs=1M" from card reader
- Next by thread: Re: [linux-usb-devel] 2.6.19-rc1-mm1 - locks when using "dd bs=1M" from card reader
- Index(es):
 |