Red Hat Bugzilla – Bug 222083
USB spinlock recursion bug in acm_read_bulk
Last modified: 2007-11-30 17:11:52 EST
Description of problem: Random system lockups, seems uneffected by usage or load. Version-Release number of selected component (if applicable): kernel-2.6.18-1.2869.fc6 How reproducible: Issue occurs randomly about 0 to four times a day. It has been occuring on multiple kernel versions (possibly even on FC5). Issue has appeared on 2 seperate Dell Latitude D600 laptops. Has been appearing more frequently with the use of a USB modem (cellphone teather) to access network. Steps to Reproduce: 1. Use FC6 with USB modem to access network. 2. Can use system for web browsing or leave idle 3. Actual results: System lockup Expected results: no lockup Additional info: Previously no information was attained, was finally able to reproduce issue with serial console capture. BUG: spinlock recursion on CPU#0, firefox-bin/5756 (Not tainted) lock: e51c66c8, .magic: dead4ead, .owner: firefox-bin/5756, .owner_cpu: 0 [<c04051db>] dump_trace+0x69/0x1af [<c0405339>] show_trace_log_lvl+0x18/0x2c [<c04058ed>] show_trace+0xf/0x11 [<c04059ea>] dump_stack+0x15/0x17 [<c04e978d>] _raw_spin_lock+0x35/0xdc [<f0c132f9>] acm_read_bulk+0x51/0xbf [cdc_acm] [<c058189f>] usb_hcd_giveback_urb+0x2d/0x5d [<f082865c>] uhci_giveback_urb+0x104/0x12b [uhci_hcd] [<f0828c79>] uhci_scan_schedule+0x4fc/0x77b [uhci_hcd] [<f082a6ed>] uhci_irq+0x129/0x13f [uhci_hcd] [<c05823f3>] usb_hcd_irq+0x23/0x50 [<c044dcee>] handle_IRQ_event+0x23/0x49 [<c044ddaa>] __do_IRQ+0x96/0xf2 [<c04068bf>] do_IRQ+0x9e/0xbc =======================
Created attachment 145220 [details] Full serial capture of failed system
Robert, I'm convinced that the failure is fixed in updated kernels for FC-6. I have verified the 2.6.20-1.2923.fc6, and the change is plainly there. Please re-test with an updated kernel and close the bug if the problem is gone. The 2.6.20 has this versus the 2.6.18: next_buffer: - spin_lock(&acm->read_lock); + spin_lock_irqsave(&acm->read_lock, flags); if (list_empty(&acm->filled_read_bufs)) { - spin_unlock(&acm->read_lock); + spin_unlock_irqrestore(&acm->read_lock, flags); goto urbs; }
Oooh, wait. I see what the problem is. The RHEL 5 has this problem, because it ships with 2.6.18. It's just the Bugzilla has product version set to fc6.
Created attachment 149082 [details] Candidate patch #1 (RHEL 5) This is a small backport from Fedora, which should be sufficient.
I have verified that the fix is in 2.6.19-1.2911.6.4.fc6. Robert, please verify that it works and close the bug.
I have also verified that the patch works on FC5 2.6.18-1.2239 and RHEL5 2.6.18-15.el5. Both patch cleanly. Both were tested heavily for a day. Would have expected around 8-10 failures in that time. Patch works.
What about FC-6 though? Can we close the bug? BTW, I cloned this into bug 237323 for RHEL 5.
Closing this as "in Rawhide", but actually I think F-7 has the fix too.