Re: [linux-usb-devel] 2.6.19-rc1-mm1 - locks when using "dd bs=1M"from card reader
From: Helge Hafting
Date: Thu Oct 19 2006 - 08:29:28 EST
Alan Stern wrote:
On Wed, 18 Oct 2006, Helge Hafting wrote:
[...]
That's why I asked for the USB debugging logs (which you forgot to include
here).
Attached dmesg.gz with lots of usb messages.
To bring it down:
dd if=/dev/sdc of=sdc.dump bs=1M
This time, it seems to have crashed on the first megabyte.
I mounted the filesystem synchronously, and still I had 0 bytes
in the dumpfile. The crash also came with no delay after
pressing enter.
It's possible that both of these are caused by something unrelated
overwriting kernel memory.
something like a function pointer mistaken for a data pointer?
By the way, what happens if you add a "skip=" argument to dd so that the
copy begins near the end of the device? Does the oops then occur that
much sooner?
No, it is random. May happen immediately, may happen after a while.
I even had "cfdisk /dev/sdc" crash on me fresh after a reboot.
Oh, and the next time this happens, could you copy down all of the code
bytes from the oops message? And also provide the section from "objdump
-d drivers/usb/host/ehci-hcd.o" for the start_unlink_async routine?
objdump for start_unlink_async attached.
From the BUG:
Stack (All I got before it rebooted after 300s)
00000010 c0664dc8 dff84000 dffdbc00 dffdb600 00000296
df9244c0 c03248de c0664dc8
EIP: [<c031f823>] start_unlink_async+0x16/0xf2
SS:ESP:0068:c0664d58
Code (Complete) 5d e9 8e 31 ff ff f6 43 28 01 75 b8 c7 43 24 00 00 00 00
eb af
57 56 53 83 ec 10 89 c6 89 d3 8b 48 04 8b 39 8b 40 14 85 c0 74
6f <0f> 0b 39 5e 10 74 78 c6 43 68 02 8d 43 60 e8 9f 3c f1 ff 89 5e
I found this in the start_unlink_async dump - here it is with the
same line breaking as well as the differences:
{Before start_unlink_async}
5d
e9 8e 31 ff ff ; objdump has "e9 fc ff ff ff" here, it is a jump
f6 43 28 01
75 b8
c7 43 24 00 00 00 00
eb af
start_unlink_async
57
56
53
83 ec 10
89 c6
89 d3
8b 48 04
8b 39
8b 40 14
85 c0
74 6f
0f 0b
39 5e 10
74 78
c6 43 68 02
8d 43 60
e8 9f 3c f1 ff ; objdump has "e8 fc ff ff ff" here, a call
89 5e
Calls and jumps are different, but I guess that is just linking effects?
Hope this is useful,
Helge Hafting
Attachment:
dmesg.gz
Description: application/gzip
00000fed <start_unlink_async>:
fed: 57 push %edi
fee: 56 push %esi
fef: 53 push %ebx
ff0: 83 ec 10 sub $0x10,%esp
ff3: 89 c6 mov %eax,%esi
ff5: 89 d3 mov %edx,%ebx
ff7: 8b 48 04 mov 0x4(%eax),%ecx
ffa: 8b 39 mov (%ecx),%edi
ffc: 8b 40 14 mov 0x14(%eax),%eax
fff: 85 c0 test %eax,%eax
1001: 74 6f je 1072 <start_unlink_async+0x85>
1003: 0f 0b ud2a
1005: 39 5e 10 cmp %ebx,0x10(%esi)
1008: 74 78 je 1082 <start_unlink_async+0x95>
100a: c6 43 68 02 movb $0x2,0x68(%ebx)
100e: 8d 43 60 lea 0x60(%ebx),%eax
1011: e8 fc ff ff ff call 1012 <start_unlink_async+0x25>
1016: 89 5e 14 mov %ebx,0x14(%esi)
1019: 8b 4e 10 mov 0x10(%esi),%ecx
101c: 8b 41 48 mov 0x48(%ecx),%eax
101f: 39 c3 cmp %eax,%ebx
1021: 74 09 je 102c <start_unlink_async+0x3f>
1023: 89 c1 mov %eax,%ecx
1025: 8b 40 48 mov 0x48(%eax),%eax
1028: 39 c3 cmp %eax,%ebx
102a: 75 f7 jne 1023 <start_unlink_async+0x36>
102c: 8b 03 mov (%ebx),%eax
102e: 89 01 mov %eax,(%ecx)
1030: 8b 43 48 mov 0x48(%ebx),%eax
1033: 89 41 48 mov %eax,0x48(%ecx)
1036: 8b 46 fc mov 0xfffffffc(%esi),%eax
1039: 85 c0 test %eax,%eax
103b: 0f 84 83 00 00 00 je 10c4 <start_unlink_async+0xd7>
1041: 8b 46 04 mov 0x4(%esi),%eax
1044: 83 cf 40 or $0x40,%edi
1047: 89 38 mov %edi,(%eax)
1049: 8b 46 04 mov 0x4(%esi),%eax
104c: 8b 00 mov (%eax),%eax
104e: 8b 86 84 00 00 00 mov 0x84(%esi),%eax
1054: 85 c0 test %eax,%eax
1056: 75 41 jne 1099 <start_unlink_async+0xac>
1058: 8b 15 00 00 00 00 mov 0x0,%edx
105e: 8d 86 84 00 00 00 lea 0x84(%esi),%eax
1064: 83 c2 0a add $0xa,%edx
1067: 83 c4 10 add $0x10,%esp
106a: 5b pop %ebx
106b: 5e pop %esi
106c: 5f pop %edi
106d: e9 fc ff ff ff jmp 106e <start_unlink_async+0x81>
1072: 0f b6 52 68 movzbl 0x68(%edx),%edx
1076: 80 fa 01 cmp $0x1,%dl
1079: 74 8a je 1005 <start_unlink_async+0x18>
107b: 80 fa 04 cmp $0x4,%dl
107e: 75 83 jne 1003 <start_unlink_async+0x16>
1080: eb 83 jmp 1005 <start_unlink_async+0x18>
1082: 8b 56 fc mov 0xfffffffc(%esi),%edx
1085: 85 d2 test %edx,%edx
1087: 74 09 je 1092 <start_unlink_async+0xa5>
1089: 85 c0 test %eax,%eax
108b: 90 nop
108c: 8d 74 26 00 lea 0x0(%esi),%esi
1090: 74 3e je 10d0 <start_unlink_async+0xe3>
1092: 83 c4 10 add $0x10,%esp
1095: 5b pop %ebx
1096: 5e pop %esi
1097: 5f pop %edi
1098: c3 ret
1099: c7 44 24 0c 65 00 00 movl $0x65,0xc(%esp)
10a0: 00
10a1: c7 44 24 08 78 00 00 movl $0x78,0x8(%esp)
10a8: 00
10a9: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp)
10b0: 00
10b1: c7 04 24 18 00 00 00 movl $0x18,(%esp)
10b8: e8 fc ff ff ff call 10b9 <start_unlink_async+0xcc>
10bd: e8 fc ff ff ff call 10be <start_unlink_async+0xd1>
10c2: eb 94 jmp 1058 <start_unlink_async+0x6b>
10c4: 31 d2 xor %edx,%edx
10c6: 89 f0 mov %esi,%eax
10c8: 83 c4 10 add $0x10,%esp
10cb: 5b pop %ebx
10cc: 5e pop %esi
10cd: 5f pop %edi
10ce: eb 0f jmp 10df <end_unlink_async>
10d0: 83 e7 df and $0xffffffdf,%edi
10d3: 89 39 mov %edi,(%ecx)
10d5: 0f ba b6 b4 00 00 00 btrl $0x2,0xb4(%esi)
10dc: 02
10dd: eb b3 jmp 1092 <start_unlink_async+0xa5>