Bug 15908

Summary: Not able to use nozomi modem
Product: Drivers Reporter: Marek (marwooj)
Component: OtherAssignee: drivers_other
Status: CLOSED CODE_FIX    
Severity: normal CC: alan, jirislaby
Priority: P1    
Hardware: i386   
OS: Linux   
Kernel Version: 2.6.34-rc6 Subsystem:
Regression: No Bisected commit-id:
Attachments: nozomi tty count fix
nozomi-set-tty-driver_data

Description Marek 2010-05-05 12:32:57 UTC 
There is device in /dev/ directory:

ls -l /dev/noz*
crw-rw---- 1 root dialout 251, 0 2010-05-05 11:31 /dev/noz0
crw-rw---- 1 root dialout 251, 1 2010-05-05 11:31 /dev/noz1
crw-rw---- 1 root dialout 251, 2 2010-05-05 11:31 /dev/noz2
crw-rw---- 1 root dialout 251, 3 2010-05-05 11:31 /dev/noz3

but trying to use it from any probram (pppd, comgt) gives:
Can't open device /dev/noz0

and the dmesg has:

Warning: dev (noz0) tty->count(0) != #fd's(1) in tty_open
noz: activated 0: f685b860
BUG: unable to handle kernel NULL pointer dereference at 000000bc
IP: [<c046b03c>] mutex_lock+0xc/0x30
*pde = 00000000
Oops: 0002 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:14.4/0000:02:06.0/net/mon.wlan0                                              /flags
Modules linked in: binfmt_misc xt_state xt_tcpudp ipt_MASQUERADE iptable_nat nf_                                              nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 nozomi arc4 pcmcia ecb ath5k m                                              ac80211 ath iptable_filter ppdev yenta_socket parport_pc rsrc_nonstatic r8169 ip                                              _tables lp x_tables usbserial pcmcia_core mii shpchp parport cfg80211 i2c_piix4                                               k8temp led_class serio_raw

Pid: 1429, comm: wvdial Not tainted 2.6.34-rc6-m03 #1 GA-MA69VM-S2/GA-MA69VM-S2
EIP: 0060:[<c046b03c>] EFLAGS: 00210296 CPU: 0
EIP is at mutex_lock+0xc/0x30
EAX: 000000bc EBX: 000000bc ECX: f4e1ec00 EDX: f685b800
ESI: 00001000 EDI: 000000bc EBP: 00000000 ESP: f68f5b18
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process wvdial (pid: 1429, ti=f68f4000 task=f60462e0 task.ti=f68f4000)
Stack:
 00000000 00001000 f802d3c5 f4e1ec00 00000000 f802d410 c02fda15 c02fb625
<0> f6ad2700 f4e1ec00 f6ba78b8 00000000 c02f7a9a f306bac0 c02fb4d0 00000004
<0> 00000010 f6ad2700 00000000 c01c67b7 f306bac0 00200286 ff000000 00000005
Call Trace:
 [<f802d3c5>] ? ntty_write_room+0x45/0x90 [nozomi]
 [<f802d410>] ? ntty_write+0x0/0x1f0 [nozomi]
 [<c02fda15>] ? tty_write_room+0x15/0x20
 [<c02fb625>] ? n_tty_poll+0x155/0x170
 [<c02f7a9a>] ? tty_poll+0x6a/0x80
 [<c02fb4d0>] ? n_tty_poll+0x0/0x170
 [<c01c67b7>] ? do_select+0x2b7/0x4f0
 [<c01c6f30>] ? __pollwait+0x0/0xf0
 [<c028c569>] ? elv_rb_add+0x79/0x90
 [<c029904c>] ? cfq_insert_request+0x46c/0x4f0
 [<c02a1516>] ? vsnprintf+0xb6/0x7f0
 [<c03d1972>] ? raw_pci_write+0x82/0x90
 [<c014f22b>] ? up+0xb/0x40
 [<c01368eb>] ? release_console_sem+0x1ab/0x1f0
 [<c01b488d>] ? __mem_cgroup_try_charge+0x5d/0x400
 [<c061ffff>] ? powernow_cpu_init+0x16/0x426
 [<c02a07db>] ? string+0x3b/0xd0
 [<c046a164>] ? printk+0x17/0x1b
 [<f802be4e>] ? ntty_activate+0x7e/0xf0 [nozomi]
 [<c012a262>] ? __wake_up+0x42/0x60
 [<c0300757>] ? tty_port_block_til_ready+0x1e7/0x270
 [<c03008b9>] ? tty_port_tty_set+0x39/0x60
 [<c014a400>] ? autoremove_wake_function+0x0/0x40
 [<c02fa8f9>] ? tty_open+0x279/0x530
 [<c031ddc2>] ? kobj_lookup+0xf2/0x140
 [<c01c6ba3>] ? core_sys_select+0x1b3/0x2b0
 [<c02fe899>] ? tty_mode_ioctl+0xa9/0x420
 [<c02f9679>] ? tty_ioctl+0xc9/0x7d0
 [<c0198e19>] ? handle_mm_fault+0x139/0x9c0
 [<c02f95b0>] ? tty_ioctl+0x0/0x7d0
 [<c01c480b>] ? vfs_ioctl+0x2b/0xb0
 [<c01c49f9>] ? do_vfs_ioctl+0x79/0x5c0
 [<c046f3a0>] ? do_page_fault+0x0/0x3e0
 [<c046f544>] ? do_page_fault+0x1a4/0x3e0
 [<c01c6e5f>] ? sys_select+0x2f/0xb0
 [<c0102c10>] ? sysenter_do_call+0x12/0x22
Code: 8b 74 24 24 8b 7c 24 28 8b 6c 24 2c 83 c4 30 c3 00 00 00 00 00 00 00 00 00                                               00 00 00 00 00 00 83 ec 08 89 1c 24 89 c3 89 74 24 04 <3e> ff 08 79 05 e8 ba 00                                               00 00 89 e0 8b 74 24 04 25 00 e0 ff ff
EIP: [<c046b03c>] mutex_lock+0xc/0x30 SS:ESP 0068:f68f5b18
CR2: 00000000000000bc
---[ end trace 6e73d3662da499c0 ]---
Warning: dev (noz0) tty->count(0) != #fd's(1) in tty_release_dev
tty_release_dev: bad tty->count (-1) for noz0




strace comgt sig -d /dev/noz0
execve("/usr/local/bin/comgt", ["comgt", "sig", "-d", "/dev/noz0"], [/* 19 vars */]) = 0
brk(0)                                  = 0x84d2000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f7000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=60969, ...}) = 0
mmap2(NULL, 60969, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77e8000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260l\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1319364, ...}) = 0
mmap2(NULL, 1329512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb76a3000
mprotect(0xb77e1000, 4096, PROT_NONE)   = 0
mmap2(0xb77e2000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e) = 0xb77e2000
mmap2(0xb77e5000, 10600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb77e5000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb76a2000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb76a26c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb77e2000, 8192, PROT_READ)   = 0
mprotect(0x8050000, 4096, PROT_READ)    = 0
mprotect(0xb7815000, 4096, PROT_READ)   = 0
munmap(0xb77e8000, 60969)               = 0
time(NULL)                              = 1273052631
gettimeofday({1273052631, 353770}, NULL) = 0
ioctl(1, SNDCTL_TMR_TEMPO or TCGETA, {B38400 opost isig icanon echo ...}) = 0
brk(0)                                  = 0x84d2000
brk(0x84f4000)                          = 0x84f4000
brk(0x84f3000)                          = 0x84f3000
open("/dev/noz0", O_RDWR|O_EXCL|O_NOCTTY|O_NONBLOCK) = -1 EIO (Input/output error)
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f6000
write(1, "Can't open device /dev/noz0.\n", 29Can't open device /dev/noz0.
) = 29
ioctl(1, SNDCTL_TMR_SOURCE or TCSETA, {B38400 opost isig icanon echo ...}) = 0
exit_group(1)                           = ?


Gnu C                  4.4.1
Gnu make               3.81
binutils               2.20
util-linux             2.16
mount                  support
module-init-tools      3.10
e2fsprogs              1.41.9
pcmciautils            014
PPP                    2.4.5
Linux C Library        2.10.1
Dynamic linker (ldd)   2.10.1
Procps                 3.2.8
Net-tools              1.60
Kbd                    1.15
Sh-utils               7.4
wireless-tools         29
Modules Loaded         ipt_REDIRECT ppp_async crc_ccitt binfmt_misc arc4 ecb xt_state
 xt_tcpudp ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nozomi nf_conntrack
 nf_defrag_ipv4 ath5k mac80211 ath iptable_filter ip_tables cfg80211 x_tables
 rfkill_backport pcmcia compat yenta_socket ppdev parport_pc rsrc_nonstaticlp
 pcmcia_core led_class parport usbserial serio_raw k8temp shpchp i2c_piix4 r8169 mii
Comment 1 Marek 2010-05-08 11:28:49 UTC 
[ 2555.073036] Warning: dev (noz0) tty->count(0) != #fd's(1) in tty_open
[ 2555.073137] noz: activated 0: f3bd4060
[ 2555.276931] BUG: unable to handle kernel NULL pointer dereference at 000001b8
[ 2555.276968] IP: [<c04fd355>] __mutex_lock_common+0x75/0x340
[ 2555.277000] *pde = 00000000
[ 2555.277018] Oops: 0002 [#1] SMP
[ 2555.277042] last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
[ 2555.277057] Modules linked in: ipt_REDIRECT binfmt_misc xt_state xt_tcpudp ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 arc4 ecb nozomi pcmcia iptable_filter ip_tables x_tables ath5k mac80211 ath yenta_socket rsrc_nonstatic cfg80211 r8169 serio_raw pcmcia_core mii led_class k8temp i2c_piix4 ppdev shpchp parport_pc parport
[ 2555.277312]
[ 2555.277327] Pid: 1672, comm: comgt Not tainted 2.6.34-rc6-m04 #2 GA-MA69VM-S2/GA-MA69VM-S2
[ 2555.277340] EIP: 0060:[<c04fd355>] EFLAGS: 00010046 CPU: 0
[ 2555.277353] EIP is at __mutex_lock_common+0x75/0x340
[ 2555.277364] EAX: 00000100 EBX: 000001b4 ECX: 00000000 EDX: e8458000
[ 2555.277376] ESI: 000001b8 EDI: 00000202 EBP: e3cf5abc ESP: e3cf5a74
[ 2555.277387]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 2555.277399] Process comgt (pid: 1672, ti=e3cf5000 task=e8458000 task.ti=e3cf5000)
[ 2555.277409] Stack:
[ 2555.277417]  00000000 00000002 00000000 f80c3d9a e3cf5000 c0306d04 000001f0 00000002
[ 2555.277474] <0> 00000000 e8458000 00000000 00000246 00000000 00000000 f80c3de0 00000000
[ 2555.277542] <0> 000001b4 00001000 e3cf5ad0 c04fd6d5 f80c3d9a 00000000 000001b4 e3cf5ae4
[ 2555.277616] Call Trace:
[ 2555.277636]  [<f80c3d9a>] ? ntty_write_room+0x4a/0x90 [nozomi]
[ 2555.277654]  [<c0306d04>] ? trace_hardirqs_on_thunk+0xc/0x10
[ 2555.277670]  [<f80c3de0>] ? ntty_write+0x0/0x1f0 [nozomi]
[ 2555.277683]  [<c04fd6d5>] ? mutex_lock_nested+0x35/0x40
[ 2555.277698]  [<f80c3d9a>] ? ntty_write_room+0x4a/0x90 [nozomi]
[ 2555.277713]  [<f80c3d9a>] ? ntty_write_room+0x4a/0x90 [nozomi]
[ 2555.277727]  [<f80c3de0>] ? ntty_write+0x0/0x1f0 [nozomi]
[ 2555.277743]  [<c0375c98>] ? tty_write_room+0x18/0x20
[ 2555.277757]  [<c037382d>] ? n_tty_poll+0x13d/0x150
[ 2555.277770]  [<c036f449>] ? tty_poll+0x69/0x80
[ 2555.277783]  [<c03736f0>] ? n_tty_poll+0x0/0x150
[ 2555.277798]  [<c0210d7b>] ? do_select+0x3db/0x740
[ 2555.277811]  [<c02109a0>] ? do_select+0x0/0x740
[ 2555.277825]  [<c0210800>] ? __pollwait+0x0/0xd0
[ 2555.277838]  [<c02108d0>] ? pollwake+0x0/0x60
[ 2555.277850]  [<c02108d0>] ? pollwake+0x0/0x60
[ 2555.277867]  [<c012e89b>] ? kmemcheck_show_all+0x2b/0x40
[ 2555.277881]  [<c0502510>] ? do_page_fault+0x0/0x470
[ 2555.277894]  [<c012ea18>] ? kmemcheck_show+0x28/0x70
[ 2555.277907]  [<c012ef9f>] ? kmemcheck_fault+0x4f/0x70
[ 2555.277920]  [<c0502863>] ? do_page_fault+0x353/0x470
[ 2555.277934]  [<c012f1ce>] ? kmemcheck_pte_lookup+0xe/0x40
[ 2555.277947]  [<c012f1ce>] ? kmemcheck_pte_lookup+0xe/0x40
[ 2555.277961]  [<c012f370>] ? kmemcheck_shadow_lookup+0x40/0x60
[ 2555.277975]  [<c012f1ce>] ? kmemcheck_pte_lookup+0xe/0x40
[ 2555.277988]  [<c012f370>] ? kmemcheck_shadow_lookup+0x40/0x60
[ 2555.278002]  [<c012eb72>] ? kmemcheck_write_strict+0x32/0x50
[ 2555.278015]  [<c012f1ce>] ? kmemcheck_pte_lookup+0xe/0x40
[ 2555.278029]  [<c012f1ce>] ? kmemcheck_pte_lookup+0xe/0x40
[ 2555.278043]  [<c012f370>] ? kmemcheck_shadow_lookup+0x40/0x60
[ 2555.278056]  [<c012ea93>] ? kmemcheck_read_strict+0x33/0x80
[ 2555.278070]  [<c012eb11>] ? kmemcheck_read+0x31/0x60
[ 2555.278083]  [<c021181c>] ? core_sys_select+0x7c/0x2e0
[ 2555.278097]  [<c012f1ce>] ? kmemcheck_pte_lookup+0xe/0x40
[ 2555.278110]  [<c012e85b>] ? kmemcheck_show_addr+0xb/0x20
[ 2555.278123]  [<c012e89b>] ? kmemcheck_show_all+0x2b/0x40
[ 2555.278136]  [<c0502510>] ? do_page_fault+0x0/0x470
[ 2555.278149]  [<c012ea18>] ? kmemcheck_show+0x28/0x70
[ 2555.278162]  [<c012ef9f>] ? kmemcheck_fault+0x4f/0x70
[ 2555.278176]  [<c012f1ce>] ? kmemcheck_pte_lookup+0xe/0x40
[ 2555.278189]  [<c012e83b>] ? kmemcheck_hide_addr+0xb/0x20
[ 2555.278203]  [<c012e938>] ? kmemcheck_hide+0x58/0xe0
[ 2555.278218]  [<c01dc9d6>] ? might_fault+0x46/0xa0
[ 2555.278232]  [<c0306d04>] ? trace_hardirqs_on_thunk+0xc/0x10
[ 2555.278245]  [<c01dc9d6>] ? might_fault+0x46/0xa0
[ 2555.278258]  [<c01dca1c>] ? might_fault+0x8c/0xa0
[ 2555.278271]  [<c01dc9d6>] ? might_fault+0x46/0xa0
[ 2555.278284]  [<c021191b>] ? core_sys_select+0x17b/0x2e0
[ 2555.278297]  [<c02117c7>] ? core_sys_select+0x27/0x2e0
[ 2555.278312]  [<c04ffbee>] ? debug_stack_correct+0x2e/0x40
[ 2555.278328]  [<c0139671>] ? cpuacct_charge+0x81/0xe0
[ 2555.278342]  [<c0139685>] ? cpuacct_charge+0x95/0xe0
[ 2555.278355]  [<c013960a>] ? cpuacct_charge+0x1a/0xe0
[ 2555.278369]  [<c0135610>] ? finish_task_switch+0x0/0xc0
[ 2555.278382]  [<c0135681>] ? finish_task_switch+0x71/0xc0
[ 2555.278396]  [<c01dc9d6>] ? might_fault+0x46/0xa0
[ 2555.278411]  [<c016f4e9>] ? ktime_get_ts+0xd9/0x110
[ 2555.278426]  [<c0211c3c>] ? sys_select+0x2c/0xb0
[ 2555.278440]  [<c0102e90>] ? sysenter_do_call+0x12/0x32
[ 2555.278450] Code: 61 8e c0 85 f6 75 14 89 e0 25 00 f0 ff ff f7 40 14 00 ff ff 07 0f 85 ab 02 00 00 9c 5f fa e8 33 a7 c7 ff 8d 73 04 b8 00 01 00 00 <3e> 66 0f c1 43 04 38 e0 74 07 f3 90 8a 43 04 eb f5 8b 0d 80 61
[ 2555.278879] EIP: [<c04fd355>] __mutex_lock_common+0x75/0x340 SS:ESP 0068:e3cf5a74
[ 2555.278906] CR2: 00000000000001b8
[ 2555.278925] ---[ end trace 2645684b80d67991 ]---
[ 2555.372271] comgt used greatest stack depth: 944 bytes left
Comment 2 Jiri Slaby 2010-07-27 20:50:33 UTC 
Created attachment 27278 [details]
nozomi tty count fix

Could you try this patch?
Comment 3 Jiri Slaby 2010-07-29 10:10:47 UTC 
Created attachment 27295 [details]
nozomi-set-tty-driver_data

Eh, one more fix.