Bug 217488
| Summary: | invalid opcode: 0000 [1] SMP when connection nokia S60 series phone to usb port | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Pasi Sainio <pasi.sainio> | ||||||||||||
| Component: | kernel | Assignee: | Pete Zaitcev <zaitcev> | ||||||||||||
| Status: | CLOSED DUPLICATE | QA Contact: | Brian Brock <bbrock> | ||||||||||||
| Severity: | medium | Docs Contact: | |||||||||||||
| Priority: | medium | ||||||||||||||
| Version: | 6 | CC: | davej, tuju, wtogami | ||||||||||||
| Target Milestone: | --- | ||||||||||||||
| Target Release: | --- | ||||||||||||||
| Hardware: | x86_64 | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | Environment: | ||||||||||||||
| Last Closed: | 2007-02-26 16:10:24 UTC | Type: | --- | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Embargoed: | |||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Pasi Sainio
2006-11-28 06:25:47 UTC
This is the same as bug 211223. This looks like an nvidia bug. You're the second person to report this bug today but the other reporter didn't have a reproducable test case. Could you try reproducing it without the nvidia driver loaded? I've looked at the code and it's hard to see how that kfree() is wrong... Not quite sure if I did this correctly, this is in single user mode after a couple rmmods: Nov 28 15:44:17 ameeba kernel: Kernel BUG at mm/slab.c:594 Nov 28 15:44:17 ameeba kernel: invalid opcode: 0000 [1] SMP Nov 28 15:44:17 ameeba kernel: last sysfs file: /devices/pci0000:00/0000:00:02.1/usb1/1-3/1-3.7/1-3.7:1.15/usbdev1.8_ep0f/dev Nov 28 15:44:17 ameeba kernel: CPU 0 Nov 28 15:44:17 ameeba kernel: Modules linked in: rndis_host cdc_ether usbnet cdc_acm vfat fat raid0 video button battery asus_acpi ac lp parport_pc parport hci_usb bluetooth usb_storage usblp snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event ohci1394 snd_seq ieee1394 sg snd_seq_device snd_pcm_oss snd_mixer_oss serio_raw skge k8_edac snd_pcm floppy ohci_hcd ide_cd snd_timer ehci_hcd edac_mc cdrom i2c_nforce2 snd i2c_core forcedeth soundcore shpchp snd_page_alloc pcspkr dm_snapshot dm_zero dm_mirror dm_mod raid1 ext3 jbd sata_nv sata_sil libata sd_mod scsi_mod Nov 28 15:44:17 ameeba kernel: Pid: 2582, comm: modprobe Tainted: P 2.6.18-1.2239.fc5 #1 Nov 28 15:44:17 ameeba kernel: RIP: 0010:[<ffffffff8020af7d>] [<ffffffff8020af7d>] kfree+0x8b/0x211 Nov 28 15:44:17 ameeba kernel: RSP: 0018:ffff81013b573c78 EFLAGS: 00010006 Nov 28 15:44:17 ameeba kernel: RAX: 0000000000000060 RBX: 00000000ffffffe0 RCX: 0000000000000027 Nov 28 15:44:17 ameeba kernel: RDX: ffff810005ed8940 RSI: ffff810001000138 RDI: ffff81013b5e599e Nov 28 15:44:17 ameeba kernel: RBP: ffff81013e46d6c8 R08: ffff81013ead3000 R09: ffff81013d046e60 Nov 28 15:44:17 ameeba kernel: R10: 00000000ffffffe0 R11: 0000000000000000 R12: ffff81013b5e599e Nov 28 15:44:17 ameeba kernel: R13: ffff81013b5ec000 R14: 0000000000000282 R15: 0000000000000000 Nov 28 15:44:17 ameeba kernel: FS: 00002aaaaaaca210(0000) GS:ffffffff80603000(0000) knlGS:0000000000000000 Nov 28 15:44:17 ameeba kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b Nov 28 15:44:17 ameeba kernel: CR2: 0000555555667190 CR3: 000000013e35d000 CR4: 00000000000006e0 Nov 28 15:44:17 ameeba kernel: Process modprobe (pid: 2582, threadinfo ffff81013b572000, task ffff81013e3b7040) Nov 28 15:44:17 ameeba kernel: Stack: 00000000fffffff4 ffff81013b5ec770 00000000ffffffe0 ffff81013e46d6c8 Nov 28 15:44:17 ameeba kernel: ffff81013b5ec580 ffff81013b5ec000 0000000000000000 ffffffff88369298 Nov 28 15:44:17 ameeba kernel: 0000000000003120 ffff81013e3b7230 ffff810100000000 ffff81013fed4810 Nov 28 15:44:17 ameeba kernel: Call Trace: Nov 28 15:44:17 ameeba kernel: [<ffffffff88369298>] :usbnet:usbnet_probe+0x608/0x62f Nov 28 15:44:17 ameeba kernel: [<ffffffff803d6316>] usb_probe_interface+0x6c/0x9e Nov 28 15:44:17 ameeba kernel: [<ffffffff803a4976>] driver_probe_device+0x52/0xa2 Nov 28 15:44:17 ameeba kernel: [<ffffffff803a4acf>] __driver_attach+0x86/0xd4 Nov 28 15:44:17 ameeba kernel: [<ffffffff803a438a>] bus_for_each_dev+0x43/0x6e Nov 28 15:44:17 ameeba kernel: [<ffffffff803a3fcd>] bus_add_driver+0x7e/0x130 Nov 28 15:44:17 ameeba kernel: [<ffffffff803d61c5>] usb_register_driver+0x74/0xd6 Nov 28 15:44:17 ameeba kernel: [<ffffffff802a31a7>] sys_init_module+0x1708/0x18cc Nov 28 15:44:17 ameeba kernel: [<ffffffff8025c00e>] system_call+0x7e/0x83 Nov 28 15:44:17 ameeba kernel: DWARF2 unwinder stuck at system_call+0x7e/0x83 Nov 28 15:44:17 ameeba kernel: Leftover inexact backtrace: Nov 28 15:44:17 ameeba kernel: Nov 28 15:44:17 ameeba kernel: Nov 28 15:44:17 ameeba kernel: Code: 0f 0b 68 56 1a 48 80 c2 52 02 4c 8b 6a 30 65 8b 04 25 2c 00 Nov 28 15:44:17 ameeba kernel: RIP [<ffffffff8020af7d>] kfree+0x8b/0x211 Nov 28 15:44:17 ameeba kernel: RSP <ffff81013b573c78> Nov 28 15:44:17 ameeba kernel: <3>BUG: sleeping function called from invalid context at kernel/rwsem.c:20 Nov 28 15:44:17 ameeba kernel: in_atomic():0, irqs_disabled():1 Nov 28 15:44:17 ameeba kernel: Nov 28 15:44:17 ameeba kernel: Call Trace: Nov 28 15:44:17 ameeba kernel: [<ffffffff802691d9>] show_trace+0x34/0x47 Nov 28 15:44:17 ameeba kernel: [<ffffffff802691fe>] dump_stack+0x12/0x17 Nov 28 15:44:17 ameeba kernel: [<ffffffff8029db75>] down_read+0x15/0x23 Nov 28 15:44:17 ameeba kernel: [<ffffffff80296114>] blocking_notifier_call_chain+0x13/0x36 Nov 28 15:44:17 ameeba kernel: [<ffffffff80214e8a>] do_exit+0x1f/0x8c3 Nov 28 15:44:17 ameeba kernel: [<ffffffff802694f1>] kernel_math_error+0x0/0x90 Nov 28 15:44:17 ameeba kernel: I just tried this on another box with 2.6.9-42.0.3.ELsmp kernel and nvidia module loaded and it works fine. Different motherboard though, but same nvidia chipset I believe. It still has the tainted flag... Nov 28 15:44:17 ameeba kernel: Pid: 2582, comm: modprobe Tainted: P You should be able to rename the nvidia.ko module to nvidia.ko.ORIG and reboot. Doh! I left the cable in the office, I'll get it Monday... Created attachment 142554 [details]
usb/slab.c errors
Created attachment 142555 [details]
usb/slab.c errors
this is on an Compaq Evo with i845G graphic, so this is not an NVidia issue.
The error occurs when attaching my SGH-X800 (Samsung) phone to the USB port.
Sometimes it even hard locks the machine.
On a freshly updated (today) FC6. Created attachment 142742 [details]
message log on non-tainted kernel
Hi
I re-installed the box fresh to FC6, so this is now kernel version
2.6.18-1.2849.fc6, finally a non-tainted trace. Let me know, if you need
anything else.
- Pasi -
Created attachment 142805 [details]
Fix the double frees in the error path
This patch should make it not crash any more... It's definitely a correct
thing to do, but it still won't make the device work as it's supposed to. :/
I don't have the hardware... In drivers/usb/net/rndis_host.c there are some
lines like this:
// #define DEBUG // error path messages, extra info
// #define VERBOSE // more; success messages
If someone who had the hardware could uncomment those lines, recompile and post
the dmesg I'd take a look at it.
The patch (#10) seems to solve the problem for me. The patch is definitely not the correct thing to do. It simply shortcuts the recovery, and adds a bogus comment. If probe fails, disconnect is not called. Okay, I sure can provide any debug you need or even let you folks access my box to try things. If you need a debug kernel, I can compile one but I would like to do that "Fedora way" creating a RPM so that I can remove it later, any pointers how I could do that? - Pasi - I've Nokia E61 and if I hook it with USB to SMP opteron fc6 box, it fc6 crashes. Had the same problem with fc5 with latest updates, upgrading didn't help. This box doesn't have any nvidia cards, ATI card with vesa drivers. Unfortunately this is very reproducible. I can test fixes if RPM is provided. Any progress on this? Created attachment 145193 [details]
Oops when connecting S60 phone (Linux 2.6.19-1.2905.fc7 #0 SMP)
This bug also hit me on "2.6.19-1.2905.fc7 #0 SMP" One thing that puzzles me is what cdc_ether is doing here in the first place. I would only expect to see (and care about) the cdc_acm interface. 2.6.20.rc3 seems to do the right thing (I get ttyACM0 and the kernel doesn't Oops). Adding following line into modprobe.conf: install rndis_host /usr/bin/logger -tmodprobe -p'kern.WARNING' "Avoiding buggy rndis_host" prevents rndis_host module from loading and thus system crashing. dgollub at #opensync tipped that crash is caused when that module is unloaded. *** This bug has been marked as a duplicate of 228231 *** |