217488 – invalid opcode: 0000 [1] SMP when connection nokia S60 series phone to usb port

Bug 217488 - invalid opcode: 0000 [1] SMP when connection nokia S60 series phone to usb port

Summary: invalid opcode: 0000 [1] SMP when connection nokia S60 series phone to usb port

Keywords:
Status:	CLOSED DUPLICATE of bug 228231
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	6
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Pete Zaitcev
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-28 06:25 UTC by Pasi Sainio
Modified:	2007-11-30 22:11 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2007-02-26 16:10:24 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
usb/slab.c errors (3.57 KB, text/plain) 2006-12-01 10:54 UTC, eamon roque	no flags	Details
usb/slab.c errors (3.57 KB, text/plain) 2006-12-01 10:55 UTC, eamon roque	no flags	Details
message log on non-tainted kernel (4.22 KB, text/plain) 2006-12-04 15:45 UTC, Pasi Sainio	no flags	Details
Fix the double frees in the error path (1.20 KB, patch) 2006-12-05 03:58 UTC, Dan Carpenter	no flags	Details \| Diff
Oops when connecting S60 phone (Linux 2.6.19-1.2905.fc7 #0 SMP) (4.73 KB, text/plain) 2007-01-09 21:03 UTC, Klaus Pedersen	no flags	Details
View All

Description Pasi Sainio 2006-11-28 06:25:47 UTC

Description of problem: invalid opcode: 0000 [1] SMP when connection nokia S60
series phone to usb port

Nov 28 08:16:15 ameeba kernel: usb 1-3.6: new full speed USB device using
ehci_hcd and address 8
Nov 28 08:16:15 ameeba kernel: usb 1-3.6: configuration #1 chosen from 1 choice
Nov 28 08:16:16 ameeba kernel: usbcore: registered new driver cdc_ether
Nov 28 08:16:16 ameeba kernel: rndis_host 1-3.6:1.14: RNDIS init failed, -32
Nov 28 08:16:16 ameeba kernel: usb%d: unregister 'rndis_host'
usb-0000:00:02.1-3.6, RNDIS device
Nov 28 08:16:16 ameeba kernel: ----------- [cut here ] --------- [please bite
here ] ---------
Nov 28 08:16:16 ameeba kernel: Kernel BUG at mm/slab.c:594
Nov 28 08:16:16 ameeba kernel: invalid opcode: 0000 [1] SMP
Nov 28 08:16:16 ameeba kernel: last sysfs file:
/devices/pci0000:00/0000:00:02.1/usb1/1-3/1-3.6/1-3.6:1.15/usbdev1.8_ep0f/dev
Nov 28 08:16:16 ameeba kernel: CPU 0
Nov 28 08:16:16 ameeba kernel: Modules linked in: rndis_host cdc_ether usbnet
nfs fscache nfsd exportfs lockd nfs_acl autofs4 it87 hwmon_vid hwmon eeprom
i2c_isa hidp rfcomm l2cap bluetooth vmnet(U) vmmon(U) sunrpc vfat fat raid0
video sbs i2c_ec button battery asus_acpi ac ipv6 lp parport_pc parport usblp
usb_storage snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq_oss
snd_seq_midi_event ohci1394 snd_seq ieee1394 skge ehci_hcd ohci_hcd
snd_seq_device nvidia(U) sg serio_raw floppy snd_pcm_oss
snd_mixer_oss i2c_nforce2 snd_pcm snd_timer forcedeth snd i2c_core soundcore
k8_edac edac_mc pcspkr shpchp ide_cd snd_page_alloc cdrom dm_snapshot dm_zero
dm_mirror dm_mod raid1 ext3 jbd sata_nv sata_sil libata sd_mod scsi_mod
Nov 28 08:16:16 ameeba kernel: Pid: 21074, comm: modprobe Tainted: P     
2.6.18-1.2239.fc5 #1
Nov 28 08:16:16 ameeba kernel: RIP: 0010:[<ffffffff8020af7d>] 
[<ffffffff8020af7d>] kfree+0x8b/0x211
Nov 28 08:16:16 ameeba kernel: RSP: 0018:ffff810022cdbc78  EFLAGS: 00010006
Nov 28 08:16:16 ameeba kernel: RAX: 0000000000000060 RBX: 00000000ffffffe0 RCX:
0000000000000015
Nov 28 08:16:16 ameeba kernel: RDX: ffff810003b9fdc0 RSI: ffff8100010000a8 RDI:
ffff8100ae7b75d0
Nov 28 08:16:16 ameeba kernel: RBP: ffff810130776788 R08: ffff810021a8c400 R09:
ffff8100711a1d20
Nov 28 08:16:16 ameeba kernel: R10: 00000000ffffffe0 R11: 0000000000000000 R12:
ffff8100ae7b75d0
Nov 28 08:16:16 ameeba kernel: R13: ffff8100ae7b8000 R14: 0000000000000282 R15:
0000000000000000
Nov 28 08:16:16 ameeba udevd-event[21069]: run_program: '/sbin/modprobe'
abnormal exit
Nov 28 08:16:16 ameeba kernel: FS:  00002aaaaaaca210(0000)
GS:ffffffff80603000(0000) knlGS:00000000efc3dba0
Nov 28 08:16:16 ameeba kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Nov 28 08:16:16 ameeba kernel: CR2: 000055555566c358 CR3: 000000002905f000 CR4:
00000000000006e0
Nov 28 08:16:16 ameeba kernel: Process modprobe (pid: 21074, threadinfo
ffff810022cda000, task ffff81005ca47810)
Nov 28 08:16:16 ameeba kernel: Stack:  00000000fffffff4 ffff8100ae7b8770
00000000ffffffe0 ffff810130776788
Nov 28 08:16:16 ameeba kernel:  ffff8100ae7b8580 ffff8100ae7b8000
0000000000000000 ffffffff88c59298
Nov 28 08:16:16 ameeba kernel:  0000000000005b82 ffff81005ca47a00
ffff810100000000 ffff81013f5537d0
Nov 28 08:16:16 ameeba kernel: Call Trace:
Nov 28 08:16:16 ameeba kernel:  [<ffffffff88c59298>]
:usbnet:usbnet_probe+0x608/0x62f
Nov 28 08:16:16 ameeba kernel:  [<ffffffff803d6316>] usb_probe_interface+0x6c/0x9e
Nov 28 08:16:16 ameeba kernel:  [<ffffffff803a4976>] driver_probe_device+0x52/0xa2
Nov 28 08:16:16 ameeba kernel:  [<ffffffff803a4acf>] __driver_attach+0x86/0xd4
Nov 28 08:16:16 ameeba kernel:  [<ffffffff803a438a>] bus_for_each_dev+0x43/0x6e
Nov 28 08:16:16 ameeba kernel:  [<ffffffff803a3fcd>] bus_add_driver+0x7e/0x130
Nov 28 08:16:16 ameeba kernel:  [<ffffffff803d61c5>] usb_register_driver+0x74/0xd6
Nov 28 08:16:16 ameeba kernel:  [<ffffffff802a31a7>] sys_init_module+0x1708/0x18cc
Nov 28 08:16:16 ameeba kernel:  [<ffffffff8025c00e>] system_call+0x7e/0x83
Nov 28 08:16:16 ameeba kernel: DWARF2 unwinder stuck at system_call+0x7e/0x83
Nov 28 08:16:16 ameeba kernel: Leftover inexact backtrace:
Nov 28 08:16:16 ameeba kernel:
Nov 28 08:16:16 ameeba kernel:
Nov 28 08:16:16 ameeba kernel: Code: 0f 0b 68 56 1a 48 80 c2 52 02 4c 8b 6a 30
65 8b 04 25 2c 00
Nov 28 08:16:16 ameeba kernel: RIP  [<ffffffff8020af7d>] kfree+0x8b/0x211
Nov 28 08:16:16 ameeba kernel:  RSP <ffff810022cdbc78>
Nov 28 08:16:16 ameeba kernel:  <3>BUG: sleeping function called from invalid
context at kernel/rwsem.c:20
Nov 28 08:16:16 ameeba kernel: in_atomic():0, irqs_disabled():1
Nov 28 08:16:16 ameeba kernel:
Nov 28 08:16:16 ameeba kernel: Call Trace:
Nov 28 08:16:16 ameeba kernel:  [<ffffffff802691d9>] show_trace+0x34/0x47
Nov 28 08:16:16 ameeba kernel:  [<ffffffff802691fe>] dump_stack+0x12/0x17
Nov 28 08:16:16 ameeba kernel:  [<ffffffff8029db75>] down_read+0x15/0x23
Nov 28 08:16:16 ameeba kernel:  [<ffffffff80296114>]
blocking_notifier_call_chain+0x13/0x36
Nov 28 08:16:16 ameeba kernel:  [<ffffffff80214e8a>] do_exit+0x1f/0x8c3
Nov 28 08:16:16 ameeba kernel:  [<ffffffff802694f1>] kernel_math_error+0x0/0x90
Nov 28 08:16:16 ameeba kernel:



Version-Release number of selected component (if applicable):
Linux ameeba.home.tkl 2.6.18-1.2239.fc5 #1 SMP Fri Nov 10 12:51:06 EST 2006
x86_64 x86_64 x86_64 GNU/Linux


How reproducible: every time


Steps to Reproduce:
1.plug the phone with USB cable
2.
3.
  
Actual results:modprobe hangs


Expected results:phone gets recognized


Additional info:

Comment 1 Dan Carpenter 2006-11-28 08:13:39 UTC

This is the same as bug 211223.  This looks like an nvidia bug.  You're the
second person to report this bug today but the other reporter didn't have a
reproducable test case.

Could you try reproducing it without the nvidia driver loaded?  I've looked at
the code and it's hard to see how that kfree() is wrong...

Comment 2 Pasi Sainio 2006-11-28 13:55:54 UTC

Not quite sure if I did this correctly, this is in single user mode after a
couple rmmods:

Nov 28 15:44:17 ameeba kernel: Kernel BUG at mm/slab.c:594
Nov 28 15:44:17 ameeba kernel: invalid opcode: 0000 [1] SMP
Nov 28 15:44:17 ameeba kernel: last sysfs file:
/devices/pci0000:00/0000:00:02.1/usb1/1-3/1-3.7/1-3.7:1.15/usbdev1.8_ep0f/dev
Nov 28 15:44:17 ameeba kernel: CPU 0
Nov 28 15:44:17 ameeba kernel: Modules linked in: rndis_host cdc_ether usbnet
cdc_acm vfat fat raid0 video button battery asus_acpi ac lp parport_pc parport
hci_usb bluetooth usb_storage usblp snd_intel8x0 snd_ac97_codec snd_ac97_bus
snd_seq_dummy snd_seq_oss snd_seq_midi_event ohci1394 snd_seq ieee1394 sg
snd_seq_device snd_pcm_oss snd_mixer_oss serio_raw skge k8_edac snd_pcm floppy
ohci_hcd ide_cd snd_timer ehci_hcd edac_mc cdrom i2c_nforce2 snd i2c_core
forcedeth soundcore shpchp snd_page_alloc pcspkr dm_snapshot dm_zero dm_mirror
dm_mod raid1 ext3 jbd sata_nv sata_sil libata sd_mod scsi_mod
Nov 28 15:44:17 ameeba kernel: Pid: 2582, comm: modprobe Tainted: P     
2.6.18-1.2239.fc5 #1
Nov 28 15:44:17 ameeba kernel: RIP: 0010:[<ffffffff8020af7d>] 
[<ffffffff8020af7d>] kfree+0x8b/0x211
Nov 28 15:44:17 ameeba kernel: RSP: 0018:ffff81013b573c78  EFLAGS: 00010006
Nov 28 15:44:17 ameeba kernel: RAX: 0000000000000060 RBX: 00000000ffffffe0 RCX:
0000000000000027
Nov 28 15:44:17 ameeba kernel: RDX: ffff810005ed8940 RSI: ffff810001000138 RDI:
ffff81013b5e599e
Nov 28 15:44:17 ameeba kernel: RBP: ffff81013e46d6c8 R08: ffff81013ead3000 R09:
ffff81013d046e60
Nov 28 15:44:17 ameeba kernel: R10: 00000000ffffffe0 R11: 0000000000000000 R12:
ffff81013b5e599e
Nov 28 15:44:17 ameeba kernel: R13: ffff81013b5ec000 R14: 0000000000000282 R15:
0000000000000000
Nov 28 15:44:17 ameeba kernel: FS:  00002aaaaaaca210(0000)
GS:ffffffff80603000(0000) knlGS:0000000000000000
Nov 28 15:44:17 ameeba kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Nov 28 15:44:17 ameeba kernel: CR2: 0000555555667190 CR3: 000000013e35d000 CR4:
00000000000006e0
Nov 28 15:44:17 ameeba kernel: Process modprobe (pid: 2582, threadinfo
ffff81013b572000, task ffff81013e3b7040)
Nov 28 15:44:17 ameeba kernel: Stack:  00000000fffffff4 ffff81013b5ec770
00000000ffffffe0 ffff81013e46d6c8
Nov 28 15:44:17 ameeba kernel:  ffff81013b5ec580 ffff81013b5ec000
0000000000000000 ffffffff88369298
Nov 28 15:44:17 ameeba kernel:  0000000000003120 ffff81013e3b7230
ffff810100000000 ffff81013fed4810
Nov 28 15:44:17 ameeba kernel: Call Trace:
Nov 28 15:44:17 ameeba kernel:  [<ffffffff88369298>]
:usbnet:usbnet_probe+0x608/0x62f
Nov 28 15:44:17 ameeba kernel:  [<ffffffff803d6316>] usb_probe_interface+0x6c/0x9e
Nov 28 15:44:17 ameeba kernel:  [<ffffffff803a4976>] driver_probe_device+0x52/0xa2
Nov 28 15:44:17 ameeba kernel:  [<ffffffff803a4acf>] __driver_attach+0x86/0xd4
Nov 28 15:44:17 ameeba kernel:  [<ffffffff803a438a>] bus_for_each_dev+0x43/0x6e
Nov 28 15:44:17 ameeba kernel:  [<ffffffff803a3fcd>] bus_add_driver+0x7e/0x130
Nov 28 15:44:17 ameeba kernel:  [<ffffffff803d61c5>] usb_register_driver+0x74/0xd6
Nov 28 15:44:17 ameeba kernel:  [<ffffffff802a31a7>] sys_init_module+0x1708/0x18cc
Nov 28 15:44:17 ameeba kernel:  [<ffffffff8025c00e>] system_call+0x7e/0x83
Nov 28 15:44:17 ameeba kernel: DWARF2 unwinder stuck at system_call+0x7e/0x83
Nov 28 15:44:17 ameeba kernel: Leftover inexact backtrace:
Nov 28 15:44:17 ameeba kernel:
Nov 28 15:44:17 ameeba kernel:
Nov 28 15:44:17 ameeba kernel: Code: 0f 0b 68 56 1a 48 80 c2 52 02 4c 8b 6a 30
65 8b 04 25 2c 00
Nov 28 15:44:17 ameeba kernel: RIP  [<ffffffff8020af7d>] kfree+0x8b/0x211
Nov 28 15:44:17 ameeba kernel:  RSP <ffff81013b573c78>
Nov 28 15:44:17 ameeba kernel:  <3>BUG: sleeping function called from invalid
context at kernel/rwsem.c:20
Nov 28 15:44:17 ameeba kernel: in_atomic():0, irqs_disabled():1
Nov 28 15:44:17 ameeba kernel:
Nov 28 15:44:17 ameeba kernel: Call Trace:
Nov 28 15:44:17 ameeba kernel:  [<ffffffff802691d9>] show_trace+0x34/0x47
Nov 28 15:44:17 ameeba kernel:  [<ffffffff802691fe>] dump_stack+0x12/0x17
Nov 28 15:44:17 ameeba kernel:  [<ffffffff8029db75>] down_read+0x15/0x23
Nov 28 15:44:17 ameeba kernel:  [<ffffffff80296114>]
blocking_notifier_call_chain+0x13/0x36
Nov 28 15:44:17 ameeba kernel:  [<ffffffff80214e8a>] do_exit+0x1f/0x8c3
Nov 28 15:44:17 ameeba kernel:  [<ffffffff802694f1>] kernel_math_error+0x0/0x90
Nov 28 15:44:17 ameeba kernel:

Comment 3 Pasi Sainio 2006-11-29 06:07:14 UTC

I just tried this on another box with 2.6.9-42.0.3.ELsmp kernel and nvidia
module loaded and it works fine.  Different motherboard though, but same nvidia
chipset I believe.

Comment 4 Dan Carpenter 2006-11-29 08:48:02 UTC

It still has the tainted flag...

Nov 28 15:44:17 ameeba kernel: Pid: 2582, comm: modprobe Tainted: P

You should be able to rename the nvidia.ko module to nvidia.ko.ORIG and reboot.

Comment 5 Pasi Sainio 2006-11-29 15:09:57 UTC

Doh!  I left the cable in the office, I'll get it Monday...

Comment 6 eamon roque 2006-12-01 10:54:23 UTC

Created attachment 142554 [details]
usb/slab.c errors

Comment 7 eamon roque 2006-12-01 10:55:58 UTC

Created attachment 142555 [details]
usb/slab.c errors

this is on an Compaq Evo with i845G graphic, so this is not an NVidia issue.
The error occurs when attaching my SGH-X800 (Samsung) phone to the USB port.
Sometimes it even hard locks the machine.

Comment 8 eamon roque 2006-12-01 10:59:23 UTC

On a freshly updated (today) FC6.

Comment 9 Pasi Sainio 2006-12-04 15:45:12 UTC

Created attachment 142742 [details]
message log on non-tainted kernel

Hi

I re-installed the box fresh to FC6, so this is now kernel version
2.6.18-1.2849.fc6, finally a non-tainted trace.  Let me know, if you need
anything else.

 - Pasi -

Comment 10 Dan Carpenter 2006-12-05 03:58:10 UTC

Created attachment 142805 [details]
Fix the double frees in the error path

This patch should make it not crash any more...  It's definitely a correct
thing to do, but it still won't make the device work as it's supposed to.  :/

I don't have the hardware...  In drivers/usb/net/rndis_host.c there are some
lines like this:
// #define	DEBUG			// error path messages, extra info
// #define	VERBOSE 		// more; success messages
If someone who had the hardware could uncomment those lines, recompile and post
the dmesg I'd take a look at it.

Comment 11 Matti Somppi 2006-12-12 12:19:21 UTC

The patch (#10) seems to solve the problem for me.

Comment 12 Pete Zaitcev 2006-12-12 17:42:37 UTC

The patch is definitely not the correct thing to do. It simply shortcuts
the recovery, and adds a bogus comment. If probe fails, disconnect is not called.

Comment 13 Pasi Sainio 2006-12-12 18:32:02 UTC

Okay,

I sure can provide any debug you need or even let you folks access my box to try
things.  If you need a debug kernel, I can compile one but I would like to do
that "Fedora way" creating a RPM so that I can remove it later, any pointers how
I could do that?

  - Pasi -

Comment 14 Juha Tuomala 2007-01-02 11:41:10 UTC

I've Nokia E61 and if I hook it with USB to SMP opteron fc6 box, it fc6 
crashes.

Had the same problem with fc5 with latest updates, upgrading didn't help.

This box doesn't have any nvidia cards, ATI card with vesa drivers. 

Unfortunately this is very reproducible. I can test fixes if RPM is provided.

Comment 15 Pasi Sainio 2007-01-04 09:19:07 UTC

Any progress on this?

Comment 16 Klaus Pedersen 2007-01-09 21:03:37 UTC

Created attachment 145193 [details]
Oops when connecting S60 phone (Linux 2.6.19-1.2905.fc7 #0 SMP)

Comment 17 Klaus Pedersen 2007-01-09 21:06:36 UTC

This bug also hit me on "2.6.19-1.2905.fc7 #0 SMP"

One thing that puzzles me is what cdc_ether is doing here in the first place. I
would only expect to see (and care about) the cdc_acm interface. 

2.6.20.rc3 seems to do the right thing (I get ttyACM0 and the kernel doesn't Oops).

Comment 18 Juha Tuomala 2007-01-11 12:13:36 UTC

Adding following line into modprobe.conf:

install rndis_host /usr/bin/logger -tmodprobe -p'kern.WARNING' "Avoiding buggy 
rndis_host"

prevents rndis_host module from loading and thus system crashing. dgollub at 
#opensync tipped that crash is caused when that module is unloaded.

Comment 19 Chuck Ebbert 2007-02-26 16:10:24 UTC


*** This bug has been marked as a duplicate of 228231 ***

Note You need to log in before you can comment on or make changes to this bug.