Re: [2.6.1] Kernel panic with ppa driver updates

[viro]

On Sat, Feb 07, 2004 at 03:10:57PM -0800, walt wrote:
>  [<c027bd3b>] ppa_pb_claim+0x7b/0x80
>  [<c027d577>] __ppa_attach+0x127/0x350
>  [<c027bc50>] ppa_wakeup+0x0/0x70
>  [<c011aa40>] autoremove_wake_function+0x0/0x50
>  [<c011aa40>] autoremove_wake_function+0x0/0x50
>  [<c023a746>] parport_register_driver+0x36/0x70
>  [<c0485b83>] ppa_driver_init+0x23/0x30
>  [<c046e74c>] do_initcalls+0x2c/0xa0
>  [<c012c9ff>] init_workqueues+0xf/0x30
>  [<c01050d2>] init+0x32/0x140
>  [<c01050a0>] init+0x0/0x140
>  [<c0106fe9>] kernel_thread_helper+0x5/0xc
> 
> Code: c7 80 24 01 00 00 01 00 00 00 c3 8b 42 50 b9 01 00 00 00 ba
>  <0>Kernel panic: Attempted to kill init!

Ouch.  So we somehow got the call of ppa_pb_claim() with dev->cur_cmd being
0x7232b2df, which wasn't a valid address.  Better yet, we've got it from
ppa_attach() and that bugger had just explicitly zeroed *dev out.  And that
bites us only in the built-in case.

Very interesting...  Could you add
	printk("dev = %p, dev->cur_cmd = %p\n", dev, dev->cur_cmd);
right before the call of ppa_pb_claim() call in __ppa_attach(), the
same - right before if (dev->wanted) in the same function and
	printk("dev = %p, dev->cur_cmd set to %p\n", dev, dev->cur_cmd);
right after dev->cur_cmd = cmd; in ppa_queuecommand()?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/