2.2.9 reproducible oops in ide_unregister

Klaus Kudielka (klaus.kudielka@ieee.org)
Tue, 25 May 1999 10:25:07 +0900

Hello,

When detaching a PCMCIA ATA drive (pcmcia-cs 3.0.9) with "cardctl eject 1",
I get a kernel NULL pointer dereference (see ksymoops output at the end of
the message). Works Ok with kernels up to and including 2.2.8.

-Klaus

*** kernel version etc. ***

Linux pinguin.crl.go.jp 2.2.9 #13 Mon May 24 23:47:56 JST 1999 i586 unknown
Kernel modules 2.1.121
Gnu C egcs-2.91.66
Binutils 2.9.1.0.23
Linux C Library 2.1.1
Dynamic linker ldd (GNU libc) 2.1.1
Procps 2.0.2
Mount 2.9o
Net-tools 1.51
Kbd [option...]
Sh-utils 1.16
Modules Loaded nls_cp437 msdos fat ide_cs 3c589_cs ds i82365 pcmcia_core opl3 sb uart401 sound soundcore

*** hardware ***

digital HiNote Ultra 2000 (166MHz Pentium MMX)
Kodak 4MB CompactFlash Card or Hagiwara Sys-Com 48MB CompactFlash Card

*** ksymoops output ***

Unable to handle kernel NULL pointer dereference at virtual address 00000004
current->tss.cr3 = 00fe9000, %cr3 = 00fe9000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c01693a7>]
EFLAGS: 00010246
eax: 00000000 ebx: 00000000 ecx: 00000040 edx: 00000302
esi: c01e0e90 edi: 00001601 ebp: 00000001 esp: c5ccdc6c
ds: 0018 es: 0018 ss: 0018
Process cardmgr (pid: 327, process nr: 11, stackpage=c5ccd000)
Stack: 00000282 c5ccdc94 00000040 00000297 00000000 c01e0e04 c685d86b 00000001
c5dfc7e0 c685dc20 c5ccdcac c685d223 c5dfc7e0 c2638960 c1397687 c02ddce4
c5ccdccc c6858808 c5dfc7e0 4050643f 00000000 c02ddcb4 00000000 c02ddce4
Call Trace: [<c685d86b>] [<c685dc20>] [<c685d223>] [<c6858808>] [<c6859177>] [<c0124707>] [<c01245cc>]
[<c01247d2>] [<c0124847>] [<c0135b0a>] [<c0144d95>] [<c01445bf>] [<c010f64e>] [<c010fcdf>] [<c0144b0f>]
[<c0162919>] [<c01626dc>] [<c0142cac>] [<c01626dc>] [<c014378b>] [<c014379b>] [<c010db2a>] [<c01209cd>]
[<c011a166>] [<c011a4c1>] [<c012b5e1>] [<c0108860>]
Code: 83 7c d8 04 00 7e 3c 8b 4c 24 1c 31 c0 8a 81 2c 01 00 00 8b

>>EIP: c01693a7 <ide_unregister+cb/368>
Trace: c685d86b <ds_fops+3e4b/762c>
Trace: c685dc20 <ds_fops+4200/762c>
Trace: c685d223 <ds_fops+3803/762c>
Trace: c6858808 <unbind_request+98/f0>
Trace: c6859177 <ds_ioctl+553/690>
Trace: c0124707 <getblk+10f/144>
Trace: c01245cc <end_buffer_io_sync+0/2c>
Trace: c01247d2 <refile_buffer+56/b8>
Trace: c0162919 <unix_stream_sendmsg+23d/260>
Trace: c011a166 <unmap_fixup+66/120>
Code: c01693a7 <ide_unregister+cb/368> 00000000 <_EIP>: <===
Code: c01693a7 <ide_unregister+cb/368> 0: 83 7c d8 04 00 cmpl $0x0,0x4(%eax,%ebx,8) <===
Code: c01693ac <ide_unregister+d0/368> 5: 7e 3c jle c01693ea <ide_unregister+10e/368>
Code: c01693ae <ide_unregister+d2/368> 7: 8b 4c 24 1c movl 0x1c(%esp,1),%ecx
Code: c01693b2 <ide_unregister+d6/368> b: 31 c0 xorl %eax,%eax
Code: c01693b4 <ide_unregister+d8/368> d: 8a 81 2c 01 00 00 movb 0x12c(%ecx),%al
Code: c01693ba <ide_unregister+de/368> 13: 8b 00 movl (%eax),%eax

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/