Bug 442253 - [rndis] Kernel oops on USB insert
Summary: [rndis] Kernel oops on USB insert
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel   
(Show other bugs)
Version: 8
Hardware: i686 Linux
Target Milestone: ---
Assignee: John W. Linville
QA Contact: Fedora Extras Quality Assurance
: 438616 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2008-04-13 13:16 UTC by Vegard Nossum
Modified: 2008-05-23 07:44 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-23 07:44:28 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Vegard Nossum 2008-04-13 13:16:39 UTC
Description of problem:
Inserting phone in USB causes kernel Oops

Version-Release number of selected component (if applicable):
Linux damson #1 SMP Sat Mar 29 09:54:46 EDT 2008 i686 i686 i386

How reproducible:

Steps to Reproduce:
1. Insert phone in USB
Actual results:
Kernel oops

Additional info:
Using proprietary NVIDIA module, but I doubt it matters as this looks completely

usb 3-1: new full speed USB device using uhci_hcd and address 2
usb 3-1: configuration #1 chosen from 1 choice
usbcore: registered new interface driver cdc_ether
rndis_host 3-1:1.0: RNDIS_MSG_QUERY(0x00010202) failed, -47
BUG: unable to handle kernel paging request at virtual address fffffff4
printing eip: f8d266d3 *pde = 00799067 *pte = 00000000
Oops: 0002 [#1] SMP
Modules linked in: rndis_host cdc_ether usbnet mii rfkill_input coretemp hwmon f
use cpufreq_ondemand acpi_cpufreq loop dm_multipath ipv6 snd_hda_intel(U) snd_se
q_oss(U) snd_seq_midi_event(U) snd_seq(U) arc4 ecb blkcipher snd_seq_device(U)
nvidia(P)(U) snd_pcm_oss(U) b43 snd_mixer_oss(U) rfkill sr_mod cdrom mac80211 snd
_pcm(U) snd_timer(U) cfg80211 i2c_i801 joydev input_polldev uvcvideo
snd_page_alloc(U) snd_hwdep(U) snd(U) sdhci firewire_ohci mmc_core firewire_core
battery ata_piix pata_acpi ricoh_mmc i2c_core tg3 ac compat_ioctl32 iTCO_wdt
video output soundcore ata_generic iTCO_vendor_support crc_itu_t videodev button
v4l1_compat v4l2_common ssb sg dm_snapshot dm_zero dm_mirror dm_mod ahci libata
sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd

Pid: 16726, comm: modprobe Tainted: P        ( #1)
EIP: 0060:[<f8d266d3>] EFLAGS: 00210286 CPU: 1
EIP is at generic_rndis_bind+0x219/0x3ca [rndis_host]
EAX: fffffff4 EBX: 00000616 ECX: 00200096 EDX: 00200000
ESI: f6b85d7c EDI: 00002000 EBP: f6bbe800 ESP: f6b85d48
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process modprobe (pid: 16726, ti=f6b85000 task=f5a5f3b0 task.ti=f6b85000)
Stack: 00010202 00000000 f6b85d80 f6b85d7c 00000000 000080d0 f5ab1400 00000001 
       f5ab1400 f6c38480 00000000 f6c38000 c05d4668 00000004 fffffff4 f6c38480 
       f8d26aa0 f8d26adc f4c6cf48 f8bbdea2 f7123c78 f45b7560 f4e8aab0 c0498ca2 
Call Trace:
 [<c05d4668>] ether_setup+0x0/0x76
 [<f8bbdea2>] usbnet_probe+0x1f5/0x534 [usbnet]
 [<c0498ca2>] iput+0x39/0x62
 [<c04c2211>] sysfs_addrm_finish+0x4a/0x194
 [<c05882b7>] usb_autopm_do_device+0xd0/0xda
 [<c04c2ba8>] sysfs_create_link+0xc1/0x105
 [<c0587e8a>] usb_match_one_id+0x1c/0x71
 [<c0588d2b>] usb_probe_interface+0xbf/0x102
 [<c05717ad>] driver_probe_device+0xe7/0x165
 [<c04fbf73>] kobject_uevent_env+0x353/0x377
 [<c05718d1>] __driver_attach+0x0/0xa5
 [<c0571941>] __driver_attach+0x70/0xa5
 [<c0570d23>] bus_for_each_dev+0x37/0x59
 [<c057160b>] driver_attach+0x16/0x18
 [<c05718d1>] __driver_attach+0x0/0xa5
 [<c0571009>] bus_add_driver+0x6d/0x197
 [<c058890f>] usb_register_driver+0x6d/0xd4
 [<c044d008>] sys_init_module+0x14d6/0x15f9
 [<c0488c87>] do_sync_read+0xc7/0x10a
 [<c04051da>] syscall_call+0x7/0xb
 [<c0620000>] xfrm_send_migrate+0x13/0x236
Code: 74 24 34 c7 44 24 34 04 00 00 00 89 74 24 0c c7 44 24 04 00 00 00 00 c7 04
24 02 02 01 00 e8 de fc ff ff 85 c0 74 0a 8b 44 24 38 <c7> 00 00 00 00 00 f6 44
24 1c 02 74 0d 8b 44 24 38 83 38 01 0f
EIP: [<f8d266d3>] generic_rndis_bind+0x219/0x3ca [rndis_host] SS:ESP 0068:f6b85d48
---[ end trace 15cc95e9ed07f21f ]---

Comment 1 Pete Zaitcev 2008-04-13 18:27:29 UTC
Looks pretty clear, bouncing to upstream.

Comment 2 Pete Zaitcev 2008-04-13 19:33:27 UTC
David Brownell says:
 Does this happen with 2.6.25-rc9?  If
 picked up any of the wireless RNDIS patches, it needs
 to pick up a bugfix which created an oopsing path there.

Looks like linux-2.6-wireless-pending.patch has the bug.

Comment 3 John W. Linville 2008-04-15 21:30:33 UTC
Patch in question is available in the (in progress) build here:


Give it a try when the build complete?

Comment 4 Chuck Ebbert 2008-04-18 17:48:12 UTC
Fixes are in

Comment 5 Chuck Ebbert 2008-04-18 22:22:45 UTC
*** Bug 438616 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.