Bug 222083 - USB spinlock recursion bug in acm_read_bulk
USB spinlock recursion bug in acm_read_bulk
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
6
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Pete Zaitcev
Brian Brock
:
Depends On:
Blocks: 237323
  Show dependency treegraph
 
Reported: 2007-01-09 22:45 EST by Robert Hentosh
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-07 19:49:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Full serial capture of failed system (22.07 KB, text/plain)
2007-01-09 22:45 EST, Robert Hentosh
no flags Details
Candidate patch #1 (RHEL 5) (2.92 KB, patch)
2007-03-01 20:58 EST, Pete Zaitcev
no flags Details | Diff

  None (edit)
Description Robert Hentosh 2007-01-09 22:45:07 EST
Description of problem:
Random system lockups, seems uneffected by usage or load.

Version-Release number of selected component (if applicable):
kernel-2.6.18-1.2869.fc6

How reproducible:
Issue occurs randomly about 0 to four times a day.  It has been occuring on
multiple kernel versions (possibly even on FC5). Issue has appeared on 2
seperate Dell Latitude D600 laptops.  Has been appearing more frequently with
the use of a USB modem (cellphone teather) to access network.

Steps to Reproduce:
1. Use FC6 with USB modem to access network.
2. Can use system for web browsing or leave idle
3.
  
Actual results:
System lockup

Expected results:
no lockup

Additional info:

Previously no information was attained, was finally able to reproduce issue with
serial console capture.

BUG: spinlock recursion on CPU#0, firefox-bin/5756 (Not tainted)
 lock: e51c66c8, .magic: dead4ead, .owner: firefox-bin/5756, .owner_cpu: 0
 [<c04051db>] dump_trace+0x69/0x1af
 [<c0405339>] show_trace_log_lvl+0x18/0x2c
 [<c04058ed>] show_trace+0xf/0x11
 [<c04059ea>] dump_stack+0x15/0x17
 [<c04e978d>] _raw_spin_lock+0x35/0xdc
 [<f0c132f9>] acm_read_bulk+0x51/0xbf [cdc_acm]
 [<c058189f>] usb_hcd_giveback_urb+0x2d/0x5d
 [<f082865c>] uhci_giveback_urb+0x104/0x12b [uhci_hcd]
 [<f0828c79>] uhci_scan_schedule+0x4fc/0x77b [uhci_hcd]
 [<f082a6ed>] uhci_irq+0x129/0x13f [uhci_hcd]
 [<c05823f3>] usb_hcd_irq+0x23/0x50
 [<c044dcee>] handle_IRQ_event+0x23/0x49
 [<c044ddaa>] __do_IRQ+0x96/0xf2
 [<c04068bf>] do_IRQ+0x9e/0xbc
 =======================
Comment 1 Robert Hentosh 2007-01-09 22:45:08 EST
Created attachment 145220 [details]
Full serial capture of failed system
Comment 2 Pete Zaitcev 2007-03-01 20:50:19 EST
Robert, I'm convinced that the failure is fixed in updated kernels for FC-6.
I have verified the 2.6.20-1.2923.fc6, and the change is plainly there.
Please re-test with an updated kernel and close the bug if the problem
is gone.

The 2.6.20 has this versus the 2.6.18:

 next_buffer:
-       spin_lock(&acm->read_lock);
+       spin_lock_irqsave(&acm->read_lock, flags);
        if (list_empty(&acm->filled_read_bufs)) {
-               spin_unlock(&acm->read_lock);
+               spin_unlock_irqrestore(&acm->read_lock, flags);
                goto urbs;
        }
Comment 3 Pete Zaitcev 2007-03-01 20:52:17 EST
Oooh, wait. I see what the problem is. The RHEL 5 has this problem, because
it ships with 2.6.18. It's just the Bugzilla has product version set to fc6.
Comment 4 Pete Zaitcev 2007-03-01 20:58:44 EST
Created attachment 149082 [details]
Candidate patch #1 (RHEL 5)

This is a small backport from Fedora, which should be sufficient.
Comment 5 Pete Zaitcev 2007-03-08 20:51:40 EST
I have verified that the fix is in 2.6.19-1.2911.6.4.fc6.
Robert, please verify that it works and close the bug.
Comment 6 Robert Hentosh 2007-04-20 09:33:32 EDT
I have also verified that the patch works on FC5 2.6.18-1.2239 and RHEL5
2.6.18-15.el5. Both patch cleanly. Both were tested heavily for a day. Would
have expected around 8-10 failures in that time.

Patch works.
Comment 7 Pete Zaitcev 2007-04-20 15:58:37 EDT
What about FC-6 though? Can we close the bug?

BTW, I cloned this into bug 237323 for RHEL 5.
Comment 8 Pete Zaitcev 2007-09-07 19:49:34 EDT
Closing this as "in Rawhide", but actually I think F-7 has the fix too.

Note You need to log in before you can comment on or make changes to this bug.