Bug 139187

Summary: usb-storage / "revoltec" / Unable to handle kernel NULL pointer
Product: [Fedora] Fedora Reporter: Stig Hackvan <stig-redhat-bugzilla>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED CANTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: orion, pfrields, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-03 01:19:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stig Hackvan 2004-11-13 19:58:32 UTC 
Description of problem:

somewhere after kernel-2.6.6 my external USB dvd-writer stopped being
recognized properly...it came up as "revoltec" and so i lingered at
2.6.6 waiting for the glitch to pass.  with fc3, i got a new kernel
and tested the USB disk enclosure by plugging it in and watching the
log...satisfied that it was recognizing the drive instead of the
usb-ide-bridge "revoltec?", i unplugged it and that's when i got the
crash...

Version-Release number of selected component (if applicable):

Name        : kernel                       Relocations: (not relocatable)
Version     : 2.6.9                             Vendor: Red Hat, Inc.
Release     : 1.667                         Build Date: Tue 02 Nov
2004 12:24:55 PM PST
Install Date: Wed 10 Nov 2004 02:25:13 PM PST      Build Host:
tweety.build.redhat.com
Group       : System Environment/Kernel     Source RPM:
kernel-2.6.9-1.667.src.rpm
Size        : 43753461                         License: GPLv2
Signature   : DSA/SHA1, Tue 02 Nov 2004 01:06:30 PM PST, Key ID
b44269d04f2a6fd2
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.


How reproducible:

plug in semi-generic usb/ide box (some aspects of usb-storage called
it 'revoltec' in recent kernel versions)...then unplug it...BOOM


  
Actual results:

Nov 13 11:01:56 ix kernel: usb 1-1: new full speed USB device using
address 4
Nov 13 11:01:58 ix kernel: SCSI subsystem initialized
Nov 13 11:01:58 ix kernel: Initializing USB Mass Storage driver...
Nov 13 11:01:58 ix kernel: scsi0 : SCSI emulation for USB Mass Storage
devices
Nov 13 11:01:59 ix kernel:   Vendor: LITE-ON   Model: DVD+RW LDW-401S
  Rev: ES0J
Nov 13 11:01:59 ix kernel:   Type:   CD-ROM                          
  ANSI SCSI revision: 02
Nov 13 11:01:59 ix scsi.agent[30405]: cdrom at
/devices/pci0000:00/0000:00:07.2/usb1/1-1/1-1:1.0/host0/0:0:0:0
Nov 13 11:01:59 ix kernel: usbcore: registered new driver usb-storage
Nov 13 11:01:59 ix kernel: USB Mass Storage support registered.
Nov 13 11:01:59 ix kernel: sr0: scsi3-mmc drive: 94x/40x writer cd/rw
xa/form2 cdda tray
Nov 13 11:02:44 ix kernel: usb 1-1: USB disconnect, address 4
Nov 13 11:02:49 ix kernel: scsi: Device offlined - not ready after
error recovery: host 0 channel 0 id 0 lun 0
Nov 13 11:02:49 ix kernel: sr 0:0:0:0: Illegal state transition
cancel->offline
Nov 13 11:02:49 ix kernel: Badness in scsi_device_set_state at
drivers/scsi/scsi_lib.c:1688
Nov 13 11:02:49 ix kernel:  [<12ab0645>]
scsi_device_set_state+0xc8/0xd3 [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aadb8b>]
scsi_eh_offline_sdevs+0x49/0x5e [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aae146>] scsi_unjam_host+0x22d/0x23e
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aae291>]
scsi_error_handler+0x13a/0x191 [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<0211b3d9>] schedule_tail+0xc/0x37
Nov 13 11:02:49 ix kernel:  [<12aae157>] scsi_error_handler+0x0/0x191
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<021041d9>] kernel_thread_helper+0x5/0xb
Nov 13 11:02:49 ix kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000008
Nov 13 11:02:49 ix kernel:  printing eip:
Nov 13 11:02:49 ix kernel: 0224fb8f
Nov 13 11:02:49 ix kernel: *pde = 00000000
Nov 13 11:02:49 ix kernel: Oops: 0000 [#1]
Nov 13 11:02:49 ix kernel: Modules linked in: sr_mod usb_storage
scsi_mod ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables ds
parport_pc lp parport autofs4 i2c_dev i2c_core nfs lockd sunrpc
microcode vfat fat dm_mod md5 ipv6 joydev yenta_socket pcmcia_core
uhci_hcd snd_maestro3 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm
snd_timer snd_page_alloc snd soundcore tulip floppy ext3 jbd
Nov 13 11:02:49 ix kernel: CPU:    0
Nov 13 11:02:49 ix kernel: EIP:    0060:[<0224fb8f>]    Not tainted VLI
Nov 13 11:02:49 ix kernel: EFLAGS: 00010046   (2.6.9-1.667)
Nov 13 11:02:49 ix kernel: EIP is at cfq_insert_request+0x45/0xdf
Nov 13 11:02:49 ix kernel: eax: 11c1b290   ebx: 11cdbeb0   ecx:
00000001   edx: 11cdbeb0
Nov 13 11:02:49 ix kernel: esi: 00000001   edi: 00000000   ebp:
00000000   esp: 0fe6defc
Nov 13 11:02:49 ix kernel: ds: 007b   es: 007b   ss: 0068
Nov 13 11:02:49 ix kernel: Process scsi_eh_0 (pid: 30386,
threadinfo=0fe6d000 task=09bb4d10)
Nov 13 11:02:49 ix kernel: Stack: 11c1b290 11c1b290 00000001 11cdbeb0
00000202 02246367 11c1b290 00000001
Nov 13 11:02:49 ix kernel:        11cdbeb0 02246329 00000000 022484d8
0ce3fc40 0c8ff800 0ac87000 00001057
Nov 13 11:02:49 ix kernel:        12aae576 0ce3fc40 00000001 0ce3fc40
0fe6df74 0fe6df74 0fe6df7c 12aadec8
Nov 13 11:02:49 ix kernel: Call Trace:
Nov 13 11:02:49 ix kernel:  [<02246367>] __elv_add_request+0x3c/0x71
Nov 13 11:02:49 ix kernel:  [<02246329>] elv_requeue_request+0x29/0x2b
Nov 13 11:02:49 ix kernel:  [<022484d8>] blk_insert_request+0xba/0x18b
Nov 13 11:02:49 ix kernel:  [<12aae576>] scsi_queue_insert+0x84/0x8d
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aadec8>]
scsi_eh_flush_done_q+0x7d/0xce [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aae14f>] scsi_unjam_host+0x236/0x23e
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aae291>]
scsi_error_handler+0x13a/0x191 [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<0211b3d9>] schedule_tail+0xc/0x37
Nov 13 11:02:49 ix kernel:  [<12aae157>] scsi_error_handler+0x0/0x191
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<021041d9>] kernel_thread_helper+0x5/0xb
Nov 13 11:02:49 ix kernel: Code: 74 29 eb 51 83 f9 03 74 33 eb 4a 8b
04 24 89 fa e8 f8 fa ff ff 85 c0 75 f2 8b 47 08 8b 50 04 89 03 89 58
04 89 1a 89 53 04 eb 3f <8b> 47 08 8b 10 89 5a 04 89 13 89 43 04 89 18
eb 2e f6 42 08 10


Expected results:


Additional info:
Comment 1 Stig Hackvan 2004-11-28 02:09:19 UTC 
this device is now recognized properly again (as of FC3 kernels) but
it fails when detached and reattached...  see the other related report...

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138755
Comment 2 Orion Poplawski 2004-12-13 17:53:32 UTC 
This appears to be fixed in the current development kernel
kernel-2.6.9-1.1021_FC4.  Perusing the linux-kernel lists and change logs it
appears that the usb-storage driver removal problem has been fixed upstream as
well.  It would be good to see a FC3 (and FC2?) errata kernel soon as this is a
pretty big problem.
Comment 3 Dave Jones 2005-07-15 19:11:17 UTC 
An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.
Comment 4 Dave Jones 2005-10-03 01:19:03 UTC 
This bug has been automatically closed as part of a mass update.
It had been in NEEDINFO state since July 2005.
If this bug still exists in current errata kernels, please reopen this bug.

There are a large number of inactive bugs in the database, and this is the only
way to purge them.

Thank you.