On Wed, Sep 01, Olaf Hering wrote:
> I tried this patch, it leads to a hard crash after 1 minute.
> Very strange...
>
> --- ./drivers/usb/host/ehci-q.c.kaputt 2004-08-31 14:21:51.794068000 +0200
> +++ ./drivers/usb/host/ehci-q.c 2004-09-01 14:17:10.732679974 +0200
> @@ -857,7 +857,7 @@ static struct ehci_qh *qh_append_tds (
> */
> token = qtd->hw_token;
> qtd->hw_token = HALT_BIT;
> - wmb ();
> + mb ();
> dummy = qh->dummy;
>
> dma = dummy->qtd_dma;
> @@ -878,7 +878,7 @@ static struct ehci_qh *qh_append_tds (
> qtd->hw_next = QTD_NEXT (dma);
>
> /* let the hc process these next qtds */
> - wmb ();
> + mb ();
> dummy->hw_token = token;
>
> urb->hcpriv = qh_get (qh);
It dereferences an already freed struct list_head after a few minutes.
I will try to reproduce it on a dual G5.
Unable to handle kernel paging request at 0000000000100108 RIP:
<ffffffffa018068c>{:ehci_hcd:qh_completions+812}
PML4 17c82e067 PGD 17c82d067 PMD 0
Oops: 0002 [1] SMP
CPU 0
Pid: 0, comm: swapper Not tainted 2.6.5-20040901-smp
RIP: 0010:[<ffffffffa018068c>] <ffffffffa018068c>{:ehci_hcd:qh_completions+812}
RSP: 0018:ffffffff804ec848 EFLAGS: 00010246
RAX: 0000000000100100 RBX: 000001007f526280 RCX: 00000100ba5ec2e0
RDX: 0000000000200200 RSI: 0000000000000006 RDI: 00000100bcc57dd8
RBP: 00000100ba5ec2a0 R08: 0000000000000000 R09: 0000000000000006
R10: 0000000000000000 R11: 0000000000000001 R12: 00000100bcaab140
R13: 00000100ba5ec2a0 R14: 00000100bba86c00 R15: 00000100ba5ec720
FS: 0000002a96710d80(0000) GS:ffffffff804e8600(0000) knlGS:0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000100108 CR3: 0000000000101000 CR4: 00000000000006e0
Process swapper (pid: 0, threadinfo ffffffff804f0000, task ffffffff803a7180)
Stack: 00000100bcaab198 00000000010cb737 0000000000000004 00000100ba5ec340
ffffffff804f1f18 00000100bba86c00 00000100bcaab140 00000100bcaab198
0000000000000000 00000100bba86c00
Call Trace:<IRQ> <ffffffffa0182ca7>{:ehci_hcd:ehci_work+151}
<ffffffffa01833a2>{:ehci_hcd:ehci_irq+242}
<ffffffffa00e3754>{:usbcore:usb_hcd_irq+52}
<ffffffff80113bbf>{handle_IRQ_event+47}
<ffffffff80113cb1>{do_IRQ+193} <ffffffff8010f1e0>{default_idle+0}
<ffffffff80110c6d>{ret_from_intr+0} <EOI> <ffffffff8010f200>{default_idle+32}
<ffffffff8010f69a>{cpu_idle+26} <ffffffff804f3726>{start_kernel+502}
<ffffffff804f319a>{__init_begin+410}
Code: 48 89 50 08 48 89 02 48 c7 41 08 00 02 20 00 48 c7 45 40 00
RIP <ffffffffa018068c>{:ehci_hcd:qh_completions+812} RSP <ffffffff804ec848>
CR2: 0000000000100108
<0>Kernel panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing
NMI Watchdog detected LOCKUP on CPU1, registers:
CPU 1
Pid: 0, comm: swapper Not tainted 2.6.5-20040901-smp
RIP: 0010:[<ffffffffa0183f22>] <ffffffffa0183f22>{:ehci_hcd:.text.lock.ehci_hcd+60}
RSP: 0018:00000100bff0be28 EFLAGS: 00000086
RAX: 0000000000000000 RBX: 000001007f526280 RCX: 000001017b035010
RDX: 0000010101ca4000 RSI: 0000000000000000 RDI: 000001007f526280
RBP: 00000100bba86c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 00000100bba86cc0
R13: 0000000000000000 R14: 00000100bba86c00 R15: 00000100ba5ec720
FS: 0000002a9588e6e0(0000) GS:ffffffff804e8680(0000) knlGS:0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000002a9556c000 CR3: 000000017ffb2000 CR4: 00000000000006e0
Process swapper (pid: 0, threadinfo 0000010037e78000, task 00000100bff0c920)
Stack: 00000100ba5ec720 000001007f526b80 00000100ba5ec300 00000100bcaab140
00000100ba5ec2a0 ffffffffa01803fe 00000100bcaab198 000000000557d400
0000000000000000 00000100ba5ec3a0
Call Trace:<IRQ> <ffffffffa01803fe>{:ehci_hcd:qh_completions+158}
<ffffffffa0182ca7>{:ehci_hcd:ehci_work+151}
<ffffffffa018329a>{:ehci_hcd:ehci_watchdog+90}
<ffffffff80142f30>{run_timer_softirq+336}
<ffffffff8013f723>{__do_softirq+83} <ffffffff8010f1e0>{default_idle+0}
<ffffffff8013f7b5>{do_softirq+53} <ffffffff80110f0f>{apic_timer_interrupt+99}
<EOI> <ffffffff8010f200>{default_idle+32} <ffffffff8010f69a>{cpu_idle+26}
Code: 80 7d 00 00 7e f8 e9 01 c4 ff ff f3 90 80 3b 00 7e f9 e9 be
console shuts up ...
--
USB is for mice, FireWire is for men!
sUse lINUX ag, nÃRNBERG
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id�808&op=click
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
