Bug 222083

Summary: USB spinlock recursion bug in acm_read_bulk
Product: [Fedora] Fedora Reporter: Robert Hentosh <rhentosh>
Component: kernelAssignee: Pete Zaitcev <zaitcev>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: davej, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-07 23:49:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 237323    
Attachments:
Description Flags
Full serial capture of failed system
none
Candidate patch #1 (RHEL 5) none

Description Robert Hentosh 2007-01-10 03:45:07 UTC 
Description of problem:
Random system lockups, seems uneffected by usage or load.

Version-Release number of selected component (if applicable):
kernel-2.6.18-1.2869.fc6

How reproducible:
Issue occurs randomly about 0 to four times a day.  It has been occuring on
multiple kernel versions (possibly even on FC5). Issue has appeared on 2
seperate Dell Latitude D600 laptops.  Has been appearing more frequently with
the use of a USB modem (cellphone teather) to access network.

Steps to Reproduce:
1. Use FC6 with USB modem to access network.
2. Can use system for web browsing or leave idle
3.
  
Actual results:
System lockup

Expected results:
no lockup

Additional info:

Previously no information was attained, was finally able to reproduce issue with
serial console capture.

BUG: spinlock recursion on CPU#0, firefox-bin/5756 (Not tainted)
 lock: e51c66c8, .magic: dead4ead, .owner: firefox-bin/5756, .owner_cpu: 0
 [<c04051db>] dump_trace+0x69/0x1af
 [<c0405339>] show_trace_log_lvl+0x18/0x2c
 [<c04058ed>] show_trace+0xf/0x11
 [<c04059ea>] dump_stack+0x15/0x17
 [<c04e978d>] _raw_spin_lock+0x35/0xdc
 [<f0c132f9>] acm_read_bulk+0x51/0xbf [cdc_acm]
 [<c058189f>] usb_hcd_giveback_urb+0x2d/0x5d
 [<f082865c>] uhci_giveback_urb+0x104/0x12b [uhci_hcd]
 [<f0828c79>] uhci_scan_schedule+0x4fc/0x77b [uhci_hcd]
 [<f082a6ed>] uhci_irq+0x129/0x13f [uhci_hcd]
 [<c05823f3>] usb_hcd_irq+0x23/0x50
 [<c044dcee>] handle_IRQ_event+0x23/0x49
 [<c044ddaa>] __do_IRQ+0x96/0xf2
 [<c04068bf>] do_IRQ+0x9e/0xbc
 =======================
Comment 1 Robert Hentosh 2007-01-10 03:45:08 UTC 
Created attachment 145220 [details]
Full serial capture of failed system
Comment 2 Pete Zaitcev 2007-03-02 01:50:19 UTC 
Robert, I'm convinced that the failure is fixed in updated kernels for FC-6.
I have verified the 2.6.20-1.2923.fc6, and the change is plainly there.
Please re-test with an updated kernel and close the bug if the problem
is gone.

The 2.6.20 has this versus the 2.6.18:

 next_buffer:
-       spin_lock(&acm->read_lock);
+       spin_lock_irqsave(&acm->read_lock, flags);
        if (list_empty(&acm->filled_read_bufs)) {
-               spin_unlock(&acm->read_lock);
+               spin_unlock_irqrestore(&acm->read_lock, flags);
                goto urbs;
        }
Comment 3 Pete Zaitcev 2007-03-02 01:52:17 UTC 
Oooh, wait. I see what the problem is. The RHEL 5 has this problem, because
it ships with 2.6.18. It's just the Bugzilla has product version set to fc6.
Comment 4 Pete Zaitcev 2007-03-02 01:58:44 UTC 
Created attachment 149082 [details]
Candidate patch #1 (RHEL 5)

This is a small backport from Fedora, which should be sufficient.
Comment 5 Pete Zaitcev 2007-03-09 01:51:40 UTC 
I have verified that the fix is in 2.6.19-1.2911.6.4.fc6.
Robert, please verify that it works and close the bug.
Comment 6 Robert Hentosh 2007-04-20 13:33:32 UTC 
I have also verified that the patch works on FC5 2.6.18-1.2239 and RHEL5
2.6.18-15.el5. Both patch cleanly. Both were tested heavily for a day. Would
have expected around 8-10 failures in that time.

Patch works.
Comment 7 Pete Zaitcev 2007-04-20 19:58:37 UTC 
What about FC-6 though? Can we close the bug?

BTW, I cloned this into bug 237323 for RHEL 5.
Comment 8 Pete Zaitcev 2007-09-07 23:49:34 UTC 
Closing this as "in Rawhide", but actually I think F-7 has the fix too.