This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 107929 - visor/usb modules crash in Athlon SMP kernels w/ TT3
visor/usb modules crash in Athlon SMP kernels w/ TT3
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Pete Zaitcev
Brian Brock
:
: 111339 112211 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-24 12:50 EDT by Dana Canfield
Modified: 2007-11-30 17:10 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-07 01:07:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Try 1 (1.37 KB, patch)
2003-12-08 19:41 EST, Pete Zaitcev
no flags Details | Diff

  None (edit)
Description Dana Canfield 2003-10-24 12:50:32 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031014

Description of problem:
Not sure if this is athlon/SMP specific, but around the third time I attempt to
hotsync a Tungsten T3, I get a kernel oops.

Version-Release number of selected component (if applicable):
kernel-smp-2.4.22-1.2105.nptl

How reproducible:
Always

Steps to Reproduce:
1. Plug a Palm Tungsten into USB port.
2. Hit hotsync key (doesn't matter what client software, if any, you are using)
3. Repeat 2-3 times.
4. Kernel oops.
    

Actual Results:  visor.c: Bytes In = 0  Bytes Out = 0
Unable to handle kernel NULL pointer dereference at virtual address 000009a4
 printing eip:
e1c6d4ea
*pde = 0df8d067
*pte = 00000000
Oops: 0002
visor usbserial es1370 gameport soundcore vmnet vmmon agpgart nvidia loop
parport_pc lp parport autofs nfs lockd sunrpc rfcomm l2cap e1000 e100 ide-scsi ide-c
CPU:    1
EIP:    0060:[<e1c6d4ea>]    Tainted: PF
EFLAGS: 00010246
 
EIP is at usb_serial_disconnect [usbserial] 0x6a (2.4.22-1.2105.nptlsmp)
eax: 00000000   ebx: ca3b2c00   ecx: 00000000   edx: de655f7c
esi: ca3b2c1c   edi: 00000000   ebp: ca3b2c00   esp: df9ebf18
ds: 0068   es: 0068   ss: 0068
Process khubd (pid: 71, stackpage=df9eb000)
Stack: ca3b2c1c 00000000 e083cf94 e1c6f520 e1c6f500 00000000 d5508b74 e08322e5
       d5086000 ca3b2c00 d5086004 00000006 00000000 d5086000 00000100 0000000a
       df959e00 00000003 e083521d df959f1c 00000004 00000010 df959e00 e0834c6c
Call Trace:   [<e083cf94>] .rodata.str1.32 [usbcore] 0x674 (0xdf9ebf20)
[<e1c6f520>] usb_serial_driver [usbserial] 0x20 (0xdf9ebf24)
[<e1c6f500>] usb_serial_driver [usbserial] 0x0 (0xdf9ebf28)
[<e08322e5>] usb_disconnect_Rsmp_2e9c2547 [usbcore] 0x95 (0xdf9ebf34)
[<e083521d>] usb_hub_port_connect_change [usbcore] 0x26d (0xdf9ebf60)
[<e0834c6c>] usb_hub_port_status [usbcore] 0x6c (0xdf9ebf74)
[<e0835529>] usb_hub_events [usbcore] 0x2f9 (0xdf9ebf94)
[<e08355cc>] usb_hub_thread [usbcore] 0x4c (0xdf9ebfc0)
[<e0835580>] usb_hub_thread [usbcore] 0x0 (0xdf9ebfc4)
[<e0835580>] usb_hub_thread [usbcore] 0x0 (0xdf9ebfe0)
[<c01073cd>] kernel_thread_helper [kernel] 0x5 (0xdf9ebff0)
 
 
Code: c7 80 a4 09 00 00 00 00 00 00 8d 4e 5c f0 ff 43 78 0f 8e 73
  


Expected Results:  Hotsync

Additional info:
Comment 2 Ivo 2003-12-04 06:39:43 EST
*** Bug 111339 has been marked as a duplicate of this bug. ***
Comment 3 Keith McDuffee 2003-12-04 12:31:53 EST
This also seems to occur in Core 1 and a non-SMP kernel.  The
following resulted from issuing a 'pilot-xfer' command (not using a GUI):

hub.c: new USB device 00:02.0-1, assigned address 7
usbserial.c: Handspring Visor / Treo / Palm 4.0 / Clie 4.x converter
detected
usbserial.c: Handspring Visor / Treo / Palm 4.0 / Clie 4.x converter
now attached to ttyUSB0 (or usb/tts/0 for devfs)
usbserial.c: Handspring Visor / Treo / Palm 4.0 / Clie 4.x converter
now attached to ttyUSB1 (or usb/tts/1 for devfs)
usb.c: USB disconnect on device 00:02.0-1 address 7
visor.c: Bytes In = 1603  Bytes Out = 433621
Unable to handle kernel NULL pointer dereference at virtual address
00000998
 printing eip:
d09944da
*pde = 0ecd4067
*pte = 00000000
Oops: 0002
sd_mod es1371 ac97_codec gameport soundcore imm nfs nfsd lockd sunrpc
parport_pc lp parport ide-cd cdrom autofs rfcomm l2cap iptable_filter
3c59x iptable_nat 
CPU:    0
EIP:    0060:[<d09944da>]    Not tainted
EFLAGS: 00010246

EIP is at usb_serial_disconnect [usbserial] 0x6a (2.4.22-1.2115.nptl)
eax: 00000000   ebx: c23ed86c   ecx: 00000001   edx: cfd1bf7c
esi: c23ed888   edi: 00000001   ebp: c23ed800   esp: cfe3df18
ds: 0068   es: 0068   ss: 0068
Process khubd (pid: 66, stackpage=cfe3d000)
Stack: c23ed888 00000000 00000010 d0996480 d0996460 00000000 cc9f5200
d0830274 
       cd361c00 c23ed800 cd361c04 00000007 00000000 cd361c00 00000100
0000000a 
       cf335a00 00000000 d08330cf cf335b0c 00000001 00000010 cc9f5e80
d0832b2c 
Call Trace:   [<d0996480>] usb_serial_driver [usbserial] 0x20 (0xcfe3df24)
[<d0996460>] usb_serial_driver [usbserial] 0x0 (0xcfe3df28)
[<d0830274>] usb_disconnect_R1a2445d3 [usbcore] 0x94 (0xcfe3df34)
[<d08330cf>] usb_hub_port_connect_change [usbcore] 0x26f (0xcfe3df60)
[<d0832b2c>] usb_hub_port_status [usbcore] 0x6c (0xcfe3df74)
[<d08333b8>] usb_hub_events [usbcore] 0x2d8 (0xcfe3df94)
[<d0833446>] usb_hub_thread [usbcore] 0x36 (0xcfe3dfc0)
[<d0833410>] usb_hub_thread [usbcore] 0x0 (0xcfe3dfc4)
[<d0833410>] usb_hub_thread [usbcore] 0x0 (0xcfe3dfe0)
[<c010727d>] kernel_thread_helper [kernel] 0x5 (0xcfe3dff0)


Code: c7 80 98 09 00 00 00 00 00 00 8d 4e 58 ff 43 74 0f 8e 74 05 
Comment 4 Keith McDuffee 2003-12-05 10:04:20 EST
I just confirmed that this bug is not isolated to AMD systems, as it
just failed in the same manner on my Dell Insprion 3500 running Fedora
Core 1.

It should also be mentioned that once this bug hits, you can no longer
attempt subsequent accesses to the Palm device using the visor module
until the system is rebooted.  Attempting to 'rmmod' the visor module
hangs.
Comment 5 Dana Canfield 2003-12-05 13:27:58 EST
My understanding from posts in the pilot-link list is that this has
been fixed in the .23 kernel and that a patch exists for earlier
kernels, but I have yet to find the patch itself via google or mailing
list searches.
Comment 6 Keith McDuffee 2003-12-05 16:33:59 EST
I've confirmed that this is indeed fixed with the 2.4.23 kernel from
kernel.org.  I've been able to do pilot-xfer's all day long without
any lockups or errors.
Comment 7 Pete Zaitcev 2003-12-05 16:43:10 EST
Arjan wants me to take this... ookey.
I suppose we want a backport of 2.4.23.
I'll poke DaveJ about it.
Comment 8 Dax Kelson 2003-12-08 00:45:05 EST
I was oopsing trying to sync my Treo600 on Fedora Core v1. I tried
2.4.23 and it works!

backport away.... :)
Comment 9 Pete Zaitcev 2003-12-08 19:41:53 EST
Created attachment 96414 [details]
Try 1
Comment 11 Pete Zaitcev 2003-12-09 02:43:59 EST
Oops, spoke too soon. Above test is withdrawn.
Comment 12 Pete Zaitcev 2003-12-09 16:41:53 EST
ftp://people.redhat.com/zaitcev/tmp/
 kernel*-2.4.22-1.2130.2.3.nptl*.rpm

Please test.
Comment 13 Pete Zaitcev 2003-12-17 12:04:50 EST
You guys got to be kidding me. NO TESTING - NO COMMITS.
You won't hold up your side of the bargain - wait until FC2.
Comment 14 Dax Kelson 2003-12-18 01:50:15 EST
Pete, you still interested? I've been on the road traveling with poor
internet access.

I'm back now and can test.

Dax
Comment 15 Ivo 2003-12-18 03:29:24 EST
Sorry for not writing earlier. 
Your test kernel seens to work at least with repect to the usb
problem, no more oopses. I still get an occasional
"usb_control/bulk_msg: timeout" but I've had that essentially with all
kernels when doing very large transfers.

Something else (probably unrelated) seems to broken in you build: 
I get an "modprobe: modprobe: Can't locate module" error when running
/etc/network start and even though the interface is up afterwards,
ypbind can't find a server (via broadcast).

Comment 16 Pete Zaitcev 2003-12-23 16:20:12 EST
Modified in 2.4.22-1.2136
Comment 17 Pete Zaitcev 2003-12-23 16:21:54 EST
*** Bug 112211 has been marked as a duplicate of this bug. ***
Comment 18 Brian Krisler 2004-01-23 14:00:24 EST
What is the current status of this bug?  I had luck with the 2130
kernel from above, but it has since stopped working.  It also does not
work in the following kernels:
  2.4.22-1.2149.nptl
  2.4.22-1.2140.nptl

This error is consistent with all three kernels. (using kpilot):

Jan 23 13:57:01 jalapeno kernel: usb.c: registered new driver serial
Jan 23 13:57:01 jalapeno kernel: usbserial.c: USB Serial support
registered for Generic
Jan 23 13:57:01 jalapeno kernel: usbserial.c: USB Serial Driver core v1.4
Jan 23 13:57:01 jalapeno kernel: usbserial.c: USB Serial support
registered for Handspring Visor / Treo / Palm 4.0 / Clie 4.x
Jan 23 13:57:01 jalapeno kernel: usbserial.c: Handspring Visor / Treo
/ Palm 4.0 / Clie 4.x converter detected
Jan 23 13:57:01 jalapeno kernel: usb-uhci.c: interrupt, status 2,
frame# 696
Jan 23 13:57:02 jalapeno kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000018
Jan 23 13:57:02 jalapeno kernel:  printing eip:
Jan 23 13:57:02 jalapeno kernel: e0a43789
Jan 23 13:57:02 jalapeno kernel: *pde = 12795067
Jan 23 13:57:02 jalapeno kernel: *pte = 00000000
Jan 23 13:57:02 jalapeno kernel: Oops: 0000
Jan 23 13:57:02 jalapeno kernel: visor usbserial nls_iso8859-1
nls_cp437 vfat fat usb-storage sd_mod snd-mixer-oss snd-intel8x0
snd-ac97-codec snd-pcm snd-timer snd-page-alloc gameport snd-mp
Jan 23 13:57:02 jalapeno kernel: CPU:    0
Jan 23 13:57:02 jalapeno kernel: EIP:    0060:[<e0a43789>]    Not tainted
Jan 23 13:57:02 jalapeno kernel: EFLAGS: 00010046
Jan 23 13:57:02 jalapeno kernel:
Jan 23 13:57:02 jalapeno kernel: EIP is at visor_chars_in_buffer
[visor] 0x29 (2.4.22-1.2149.nptl)
Jan 23 13:57:02 jalapeno kernel: eax: 00000000   ebx: 00000000   ecx:
00000000   edx: 00000300
Jan 23 13:57:02 jalapeno kernel: esi: e0a463c0   edi: 00000246   ebp:
ffffffea   esp: d2113eb4
Jan 23 13:57:02 jalapeno kernel: ds: 0068   es: 0068   ss: 0068
Jan 23 13:57:02 jalapeno kernel: Process kpilotDaemon (pid: 9338,
stackpage=d2113000)
Jan 23 13:57:02 jalapeno kernel: Stack: d2113f48 00000000 c013be2b
df82d088 df82d0e0 e0a43760 e0a3cd16 df82d088
Jan 23 13:57:02 jalapeno kernel:        00000000 d20c0b00 00000000
d7bf0000 00000000 d3162300 c01a1ac6 d7bf0000
Jan 23 13:57:02 jalapeno kernel:        d22f9b00 d20c0f00 d7bf0000
d3162300 0000000b 00000800 c019dd95 d7bf0000
Jan 23 13:57:02 jalapeno kernel: Call Trace:   [<c013be2b>]
__alloc_pages [kernel] 0x4b (0xd2113ebc)
Jan 23 13:57:02 jalapeno kernel: [<e0a43760>] visor_chars_in_buffer
[visor] 0x0 (0xd2113ec8)
Jan 23 13:57:02 jalapeno kernel: [<e0a3cd16>] serial_chars_in_buffer
[usbserial] 0xc6 (0xd2113ecc)
Jan 23 13:57:02 jalapeno kernel: [<c01a1ac6>] normal_poll [kernel]
0x106 (0xd2113eec)
Jan 23 13:57:02 jalapeno kernel: [<c019dd95>] tty_poll [kernel] 0x85
(0xd2113f0c)
Jan 23 13:57:02 jalapeno kernel: [<c015427e>] do_select [kernel] 0x21e
(0xd2113f24)
Jan 23 13:57:02 jalapeno kernel: [<c015460e>] sys_select [kernel]
0x34e (0xd2113f60)
Jan 23 13:57:02 jalapeno kernel: [<c0109747>] system_call [kernel]
0x33 (0xd2113fc0)
Jan 23 13:57:02 jalapeno kernel:
Jan 23 13:57:02 jalapeno kernel:
Jan 23 13:57:02 jalapeno kernel: Code: 83 78 18 8d 0f 44 da 41 83 f9
17 7e ea 57 9d a1 a0 63 a4 e0
Jan 23 13:57:04 jalapeno kernel:  usb_control/bulk_msg: timeout
Jan 23 13:57:04 jalapeno kernel: visor.c: visor_startup - error -110
getting connection info
Jan 23 13:57:04 jalapeno kernel: usbserial.c: Handspring Visor / Treo
/ Palm 4.0 / Clie 4.x converter now attached to ttyUSB0 (or usb/tts/0
for devfs)
Jan 23 13:57:04 jalapeno kernel: usbserial.c: Handspring Visor / Treo
/ Palm 4.0 / Clie 4.x converter now attached to ttyUSB1 (or usb/tts/1
for devfs)
Jan 23 13:57:04 jalapeno kernel: usbserial.c: USB Serial support
registered for Sony Clie 3.5
Jan 23 13:57:04 jalapeno kernel: visor.c: USB HandSpring Visor, Palm
m50x, Treo, Sony Clie driver v1.7
Jan 23 13:57:04 jalapeno kernel: usb-uhci.c: interrupt, status 3,
frame# 2031
Comment 19 Ivo 2004-01-28 06:09:28 EST
While recent kernels (2140, 2149) have been much better, all is not
yet well. After several successful syncs, I've just had the following
oops running 2.4.22-1.2149.nptl just after a hotsync finished:

hub.c: new USB device 00:07.2-2, assigned address 8
usbserial.c: Handspring Visor / Treo / Palm 4.0 / Clie 4.x converter
detected
usbserial.c: Handspring Visor / Treo / Palm 4.0 / Clie 4.x converter
now attached to ttyUSB0 (or usb/tts/0 for devfs)
usbserial.c: Handspring Visor / Treo / Palm 4.0 / Clie 4.x converter
now attached to ttyUSB1 (or usb/tts/1 for devfs)
usb-uhci.c: interrupt, status 3, frame# 1357
usb.c: USB disconnect on device 00:07.2-2 address 8
visor.c: Bytes In = 48347  Bytes Out = 10137
usbserial.c: Handspring Visor / Treo / Palm 4.0 / Clie 4.x converter
now disconnected from ttyUSB0
usbserial.c: Handspring Visor / Treo / Palm 4.0 / Clie 4.x converter
now disconnected from ttyUSB1
Unable to handle kernel NULL pointer dereference at virtual address
00000013
 printing eip:
c011b491
*pde = 187cc067
*pte = 00000000
Oops: 0002
nls_iso8859-1 ide-cd cdrom visor usbserial es1371 ac97_codec gameport
soundcore mga agpgart nfs nfsd lockd sunrpc autofs 3c59x floppy sg
scsi_mod microcode lo
CPU:    0
EIP:    0060:[<c011b491>]    Not tainted
EFLAGS: 00010286
                                                                     
                                                                     
                       
EIP is at copy_files [kernel] 0x151 (2.4.22-1.2149.nptl)
eax: ffffffff   ebx: d77a8474   ecx: e04a3878   edx: 000000e3
esi: e25a0dbc   edi: e25a07bc   ebp: e25a0d80   esp: ef41fed0
ds: 0068   es: 0068   ss: 0068
Process hotplug (pid: 3233, stackpage=ef41f000)
Stack: e25a0780 000000ff 00000008 f5805900 c033ee90 00000100 e04a3878
e25a0780
       ef41e000 00000ca2 bf5c00c8 00000081 00000000 00000000 00000000
e3032000
       c011b9ec 01200011 e3032000 00000000 ef41e000 00000000 0001ba26
000081ed
Call Trace:   [<c011b9ec>] copy_process [kernel] 0x32c (0xef41ff10)
[<c011c09e>] do_fork [kernel] 0x4e (0xef41ff58)
[<c014e8b5>] path_release [kernel] 0x15 (0xef41ff80)
[<c0107a29>] sys_clone [kernel] 0x49 (0xef41ffa0)
[<c0109747>] system_call [kernel] 0x33 (0xef41ffc0)
                                                                     
                                                                     
                       
Code: ff 40 14 89 03 83 c3 04 4a 75 e4 8b 54 24 1c 31 ed 8b 7c 24

Comment 20 Dave Jones 2004-12-07 01:07:05 EST
fc1 - eol.
Comment 21 Pete Zaitcev 2004-12-07 01:32:45 EST
Actually, original problem WAS fixed. What Brian and Ivo mentioned
in comments #18 and #19 had different oops signatures. So, the
usbserial is fine. Now, the visor itself was kinda shaky. Greg K-H
did a few fixes around 2.4.27 and later (uninitialized variable, etc.)
It's possible that Fedora Legacy will pick those fixes.

Note You need to log in before you can comment on or make changes to this bug.