139187 – usb-storage / "revoltec" / Unable to handle kernel NULL pointer

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 139187 - usb-storage / "revoltec" / Unable to handle kernel NULL pointer

Summary: usb-storage / "revoltec" / Unable to handle kernel NULL pointer

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Dave Jones
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-11-13 19:58 UTC by Stig Hackvan
Modified:	2015-01-04 22:12 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-10-03 01:19:03 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Stig Hackvan 2004-11-13 19:58:32 UTC

Description of problem:

somewhere after kernel-2.6.6 my external USB dvd-writer stopped being
recognized properly...it came up as "revoltec" and so i lingered at
2.6.6 waiting for the glitch to pass.  with fc3, i got a new kernel
and tested the USB disk enclosure by plugging it in and watching the
log...satisfied that it was recognizing the drive instead of the
usb-ide-bridge "revoltec?", i unplugged it and that's when i got the
crash...

Version-Release number of selected component (if applicable):

Name        : kernel                       Relocations: (not relocatable)
Version     : 2.6.9                             Vendor: Red Hat, Inc.
Release     : 1.667                         Build Date: Tue 02 Nov
2004 12:24:55 PM PST
Install Date: Wed 10 Nov 2004 02:25:13 PM PST      Build Host:
tweety.build.redhat.com
Group       : System Environment/Kernel     Source RPM:
kernel-2.6.9-1.667.src.rpm
Size        : 43753461                         License: GPLv2
Signature   : DSA/SHA1, Tue 02 Nov 2004 01:06:30 PM PST, Key ID
b44269d04f2a6fd2
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.


How reproducible:

plug in semi-generic usb/ide box (some aspects of usb-storage called
it 'revoltec' in recent kernel versions)...then unplug it...BOOM


  
Actual results:

Nov 13 11:01:56 ix kernel: usb 1-1: new full speed USB device using
address 4
Nov 13 11:01:58 ix kernel: SCSI subsystem initialized
Nov 13 11:01:58 ix kernel: Initializing USB Mass Storage driver...
Nov 13 11:01:58 ix kernel: scsi0 : SCSI emulation for USB Mass Storage
devices
Nov 13 11:01:59 ix kernel:   Vendor: LITE-ON   Model: DVD+RW LDW-401S
  Rev: ES0J
Nov 13 11:01:59 ix kernel:   Type:   CD-ROM                          
  ANSI SCSI revision: 02
Nov 13 11:01:59 ix scsi.agent[30405]: cdrom at
/devices/pci0000:00/0000:00:07.2/usb1/1-1/1-1:1.0/host0/0:0:0:0
Nov 13 11:01:59 ix kernel: usbcore: registered new driver usb-storage
Nov 13 11:01:59 ix kernel: USB Mass Storage support registered.
Nov 13 11:01:59 ix kernel: sr0: scsi3-mmc drive: 94x/40x writer cd/rw
xa/form2 cdda tray
Nov 13 11:02:44 ix kernel: usb 1-1: USB disconnect, address 4
Nov 13 11:02:49 ix kernel: scsi: Device offlined - not ready after
error recovery: host 0 channel 0 id 0 lun 0
Nov 13 11:02:49 ix kernel: sr 0:0:0:0: Illegal state transition
cancel->offline
Nov 13 11:02:49 ix kernel: Badness in scsi_device_set_state at
drivers/scsi/scsi_lib.c:1688
Nov 13 11:02:49 ix kernel:  [<12ab0645>]
scsi_device_set_state+0xc8/0xd3 [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aadb8b>]
scsi_eh_offline_sdevs+0x49/0x5e [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aae146>] scsi_unjam_host+0x22d/0x23e
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aae291>]
scsi_error_handler+0x13a/0x191 [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<0211b3d9>] schedule_tail+0xc/0x37
Nov 13 11:02:49 ix kernel:  [<12aae157>] scsi_error_handler+0x0/0x191
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<021041d9>] kernel_thread_helper+0x5/0xb
Nov 13 11:02:49 ix kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000008
Nov 13 11:02:49 ix kernel:  printing eip:
Nov 13 11:02:49 ix kernel: 0224fb8f
Nov 13 11:02:49 ix kernel: *pde = 00000000
Nov 13 11:02:49 ix kernel: Oops: 0000 [#1]
Nov 13 11:02:49 ix kernel: Modules linked in: sr_mod usb_storage
scsi_mod ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables ds
parport_pc lp parport autofs4 i2c_dev i2c_core nfs lockd sunrpc
microcode vfat fat dm_mod md5 ipv6 joydev yenta_socket pcmcia_core
uhci_hcd snd_maestro3 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm
snd_timer snd_page_alloc snd soundcore tulip floppy ext3 jbd
Nov 13 11:02:49 ix kernel: CPU:    0
Nov 13 11:02:49 ix kernel: EIP:    0060:[<0224fb8f>]    Not tainted VLI
Nov 13 11:02:49 ix kernel: EFLAGS: 00010046   (2.6.9-1.667)
Nov 13 11:02:49 ix kernel: EIP is at cfq_insert_request+0x45/0xdf
Nov 13 11:02:49 ix kernel: eax: 11c1b290   ebx: 11cdbeb0   ecx:
00000001   edx: 11cdbeb0
Nov 13 11:02:49 ix kernel: esi: 00000001   edi: 00000000   ebp:
00000000   esp: 0fe6defc
Nov 13 11:02:49 ix kernel: ds: 007b   es: 007b   ss: 0068
Nov 13 11:02:49 ix kernel: Process scsi_eh_0 (pid: 30386,
threadinfo=0fe6d000 task=09bb4d10)
Nov 13 11:02:49 ix kernel: Stack: 11c1b290 11c1b290 00000001 11cdbeb0
00000202 02246367 11c1b290 00000001
Nov 13 11:02:49 ix kernel:        11cdbeb0 02246329 00000000 022484d8
0ce3fc40 0c8ff800 0ac87000 00001057
Nov 13 11:02:49 ix kernel:        12aae576 0ce3fc40 00000001 0ce3fc40
0fe6df74 0fe6df74 0fe6df7c 12aadec8
Nov 13 11:02:49 ix kernel: Call Trace:
Nov 13 11:02:49 ix kernel:  [<02246367>] __elv_add_request+0x3c/0x71
Nov 13 11:02:49 ix kernel:  [<02246329>] elv_requeue_request+0x29/0x2b
Nov 13 11:02:49 ix kernel:  [<022484d8>] blk_insert_request+0xba/0x18b
Nov 13 11:02:49 ix kernel:  [<12aae576>] scsi_queue_insert+0x84/0x8d
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aadec8>]
scsi_eh_flush_done_q+0x7d/0xce [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aae14f>] scsi_unjam_host+0x236/0x23e
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<12aae291>]
scsi_error_handler+0x13a/0x191 [scsi_mod]
Nov 13 11:02:49 ix kernel:  [<0211b3d9>] schedule_tail+0xc/0x37
Nov 13 11:02:49 ix kernel:  [<12aae157>] scsi_error_handler+0x0/0x191
[scsi_mod]
Nov 13 11:02:49 ix kernel:  [<021041d9>] kernel_thread_helper+0x5/0xb
Nov 13 11:02:49 ix kernel: Code: 74 29 eb 51 83 f9 03 74 33 eb 4a 8b
04 24 89 fa e8 f8 fa ff ff 85 c0 75 f2 8b 47 08 8b 50 04 89 03 89 58
04 89 1a 89 53 04 eb 3f <8b> 47 08 8b 10 89 5a 04 89 13 89 43 04 89 18
eb 2e f6 42 08 10


Expected results:


Additional info:

Comment 1 Stig Hackvan 2004-11-28 02:09:19 UTC

this device is now recognized properly again (as of FC3 kernels) but
it fails when detached and reattached...  see the other related report...

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138755

Comment 2 Orion Poplawski 2004-12-13 17:53:32 UTC

This appears to be fixed in the current development kernel
kernel-2.6.9-1.1021_FC4.  Perusing the linux-kernel lists and change logs it
appears that the usb-storage driver removal problem has been fixed upstream as
well.  It would be good to see a FC3 (and FC2?) errata kernel soon as this is a
pretty big problem.

Comment 3 Dave Jones 2005-07-15 19:11:17 UTC

An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.

Comment 4 Dave Jones 2005-10-03 01:19:03 UTC

This bug has been automatically closed as part of a mass update.
It had been in NEEDINFO state since July 2005.
If this bug still exists in current errata kernels, please reopen this bug.

There are a large number of inactive bugs in the database, and this is the only
way to purge them.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.