Bug 178873 - Visor module crashes on Treo sync
Visor module crashes on Treo sync
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
5
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Pete Zaitcev
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-24 22:22 EST by Dana Canfield
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-02 15:14:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Test patch 1 (1.71 KB, patch)
2006-06-16 04:13 EDT, Pete Zaitcev
no flags Details | Diff

  None (edit)
Description Dana Canfield 2006-01-24 22:22:42 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5

Description of problem:
Attempting to hotsync a Treo 650 results in a errors in the dmesg and no syncing to occur.

Version-Release number of selected component (if applicable):
kernel-2.6.15-1.1871_FC5

How reproducible:
Always

Steps to Reproduce:
Attempting to hotsync a Treo 650 results in this message in dmesg:
visor 2-1:1.0: Handspring Visor / Palm OS converter detected
usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
usb 2-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
usbcore: registered new driver visor
drivers/usb/serial/visor.c: USB HandSpring Visor / Palm OS driver
usb 2-1: USB disconnect, address 2
visor 2-1:1.0: device disconnected
visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
Slab corruption: (Not tainted) start=ea550da0, len=1024
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c0227086>](device_release+0x14/0x47)
 [<c0151247>] check_poison_obj+0x73/0x161     [<c0151379>] cache_alloc_debugcheck_after+0x1f/0xea
 [<c01524ed>] kmem_cache_alloc+0x70/0x79     [<c0139399>] audit_alloc+0x5e/0xba
 [<c0139399>] audit_alloc+0x5e/0xba     [<c011981f>] copy_process+0x463/0x116d
 [<c02e02bb>] _read_unlock_irq+0x5/0x7     [<c013aba2>] find_get_page+0x39/0x3f
 [<c01452f6>] __handle_mm_fault+0x418/0x78e     [<c011a76e>] do_fork+0x85/0x190
 [<c0139014>] audit_syscall_entry+0x118/0x13f     [<c01055e0>] do_syscall_trace+0x104/0x14a
 [<c01011b5>] sys_clone+0x28/0x2d     [<c0102ba9>] syscall_call+0x7/0xb
010: 6b 6b 6b 6b 6b 6b 6b 6b 6c 6b 6b 6b 6b 6b 6b 6b
Prev obj: start=ea550994, len=1024
Redzone: 0x170fc2a5/0x170fc2a5.
Last user: [<c016b21b>](expand_files+0x104/0x2e8)
000: 94 ec 2b ea 94 ec 2b ea 94 ec 2b ea 00 00 00 00
010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Next obj: start=ea5511ac, len=1024
Redzone: 0x170fc2a5/0x170fc2a5.
Last user: [<c0139399>](audit_alloc+0x5e/0xba)
000: 00 00 00 00 02 00 00 00 00 00 00 00 6c ee d6 43
010: 96 d7 6a 0a ff ff ff ff 61 00 00 00 00 00 00 00

The PDA thinks the sync completed successfully.

Additional info:
Comment 1 Dana Canfield 2006-01-24 22:36:48 EST
Sorry, this is a bit above my head.  I thought the errors above were kernel
errors, but I've found that using pilot-link instead of gpilot doesn't cause the
errors.  Does this mean it's a gnome-pilot issue?

Thanks/Sorry
Comment 2 Pete Zaitcev 2006-01-25 02:12:09 EST
It's kernel, specifically the visor module. Somehow, gpilot managed to make
the 650 to disconnect, and that exposed a bug.

I'm going to throw this at Greg Kroah for starters. I know he loves visor
bugs :-) OK, not really. But still, I don't have a unit to reproduce.
Comment 3 Aurelien Bompard 2006-05-12 08:00:09 EDT
I have the same problem (module crash) with an old Palm m130, but for me the
crash occurs right after the sync.

kernel : 2.6.16-1.2111_FC5

I'm syncing with kpilot (from kde 3.5.2), and pilot-link is 0.11.8-12.4.fc5

Here's the dmesg output :
usb 2-3: Handspring Visor / Palm OS converter now attached to ttyUSB0
usb 2-3: Handspring Visor / Palm OS converter now attached to ttyUSB1
usbcore: registered new driver visor
drivers/usb/serial/visor.c: USB HandSpring Visor / Palm OS driver
visor ttyUSB1: Device lied about number of ports, please use a lower one.
usb 2-3: USB disconnect, address 4
------------[ cut here ]------------
kernel BUG at kernel/workqueue.c:109!
invalid opcode: 0000 [#1]
last sysfs file:
/devices/pci0000:00/0000:00:02.0/usb2/2-3/2-3:1.0/bInterfaceProtocol
Modules linked in: visor usbserial ppp_deflate zlib_deflate nfsd exportfs lockd
nfs_acl it87 hwmon_vid hwmon eeprom i2c_isa hidp l2cap bluetooth xt_tc
pudp xt_state ip_conntrack nfnetlink sunrpc ipt_ULOG dm_mirror dm_mod raid1
video button battery ac lp parport_pc parport floppy nvram ipv6 iptable_fi
lter ip_tables x_tables ppp_async ppp_generic slhc crc_ccitt sg ohci_hcd
ohci1394 ieee1394 ehci_hcd snd_emu10k1 snd_rawmidi snd_ac97_codec snd_ac97_bu
s snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss
snd_pcm snd_seq_device snd_timer nvidia(U) snd_page_alloc 3c59x snd_u
til_mem emu10k1_gp gameport snd_hwdep snd soundcore mii forcedeth i2c_nforce2
i2c_core ext3 jbd sata_nv sata_sil libata sd_mod scsi_mod
CPU:    0
EIP:    0060:[<c01284b7>]    Tainted: P      VLI
EFLAGS: 00210207   (2.6.16-1.2111_FC5 #1)
EIP is at queue_work+0x17/0x2f
eax: e5bfa98c   ebx: f7ec9620   ecx: 00000000   edx: e5bfa988
esi: e4114200   edi: e5238a14   ebp: e5238a14   esp: c193fec0
ds: 007b   es: 007b   ss: 0068
Process khubd (pid: 125, threadinfo=c193f000 task=c1959aa0)
Stack: <0>00000001 f8bbf77e e5238a00 f8f22c00 f8f22c34 c025ed89 e5238abc e5238a14
       c02262c0 e5238a14 00000000 c0361e60 c02264ed e5238a14 c0225ca8 e5238a14
       dc7e1458 00000000 c0225162 e5238a00 dc7e1400 c025d5c1 dc7e1400 dc7e16d4
Call Trace:
 [<f8bbf77e>] usb_serial_disconnect+0x54/0x94 [usbserial]     [<c025ed89>]
usb_unbind_interface+0x34/0x6a
 [<c02262c0>] __device_release_driver+0x5c/0x74     [<c02264ed>]
device_release_driver+0x2a/0x38
 [<c0225ca8>] bus_remove_device+0x6d/0x7f     [<c0225162>] device_del+0x38/0x68
 [<c025d5c1>] usb_disable_device+0x68/0xc9     [<c025a19e>] usb_disconnect+0x8d/0xe6
 [<c025a8cb>] hub_thread+0x336/0x9e5     [<c012b0d3>]
autoremove_wake_function+0x0/0x2d
 [<c025a595>] hub_thread+0x0/0x9e5     [<c012aff3>] kthread+0x91/0xbd
 [<c012af62>] kthread+0x0/0xbd     [<c0101005>] kernel_thread_helper+0x5/0xb
Code: fa 89 d8 5b 5e 5f e9 c0 4f 1b 00 8b 48 14 89 c2 8b 01 eb ae 53 89 c3 0f ba
2a 00 19 c0 31 c9 85 c0 75 1c 8d 42 04 39 42 04 74 08 <0f> 0b 6d 00 7
3 a6 2f c0 8b 03 e8 88 ff ff ff b9 01 00 00 00 89
Continuing in 120 seconds. ^MContinuing in 119 seconds. [...]
visor ttyUSB0: visor_open - failed submitting read urb, error -19
visor ttyUSB0: visor_open - failed submitting read urb, error -19 
[...]

Comment 4 Pete Zaitcev 2006-05-17 22:08:06 EDT
Something must be done about this. The problem is, Greg says "oh just tell
them to use usbfs mode". The fix requires experimentation, and I do not have
an organizer...

I assume this did not fix itself, because there weren't recent fixes to visor
module.
Comment 5 Aurelien Bompard 2006-05-19 16:21:38 EDT
How can I try this usbfs mode ?
I can try any module you send me by email, built against the current fedora
kernel. Of course it's a pretty slow way to test this problem, but if you think
it's good enough, go ahead.
Comment 6 Pete Zaitcev 2006-06-16 04:13:18 EDT
Created attachment 131024 [details]
Test patch 1

This is something to try. Dana's symptom is too murky, unfortunately,
so I had to aim at the easier problem of the scheduled work being
freed together with the port.
Comment 7 Pete Zaitcev 2006-06-16 23:30:24 EDT
I have a test kernel to try at http://people.redhat.com/zaitcev/ftp/185409/
I do not guarantee that it fixes the problem, but it's something to try.
Comment 8 Pete Zaitcev 2006-06-21 17:23:00 EDT
Did it work?
Comment 9 Dana Canfield 2006-06-21 18:40:32 EDT
Nothing in particular happens with this kernel.  Using gpilot and jpilot, the
kernel module loads, but there is never any kind of progress from the
applications to suggest that anything is happening.  However, this behavior is
no different from what is happening with the current release kernel (I've
rebuily my machine since the time I filed this bug...).  Same thing with an
ubuntu live CD, FWIW.  

pilot-link hasn't been updated in over a year (and the web site acts like fedora
is the antichrist), support for new models is spotty, and overall palm syncing
has been broken more often than it's worked in FC.  Maybe it's just time to
throw in the towel and drop pilot support?  I hate to say it, but it seems that
the whole system is all but dead. 
Comment 10 Pete Zaitcev 2006-08-02 15:14:03 EDT
At least I fixed the oops. Pity for pilot-link though. This is something
to take up with Than Ngo, perhaps.

The fix is available from 2.6.18-rc2.

Note You need to log in before you can comment on or make changes to this bug.