Bug 5541

Summary: oops in drivers/usb/ipaq when connecting to dell axim x51v
Product: Drivers Reporter: Chris Morgan (cmorgan)
Component: USBAssignee: Greg Kroah-Hartman (greg)
Status: REJECTED INSUFFICIENT_DATA    
Severity: normal CC: bunk, hades.himself, lcapitulino, protasnb, twogood
Priority: P2    
Hardware: i386   
OS: Linux   
Kernel Version: 2.6.14 amd64 Subsystem:
Regression: --- Bisected commit-id:
Bug Depends on:    
Bug Blocks: 5089    

Description Chris Morgan 2005-11-02 18:12:38 UTC
Most recent kernel where this bug did not occur: 2.6.14 compiled with gcc 4.0.2
Distribution: debian(hand built 2.6.14 kernel though)
Hardware Environment: amd64 3500+ cpu, 1gb ram, not overclocked
Software Environment: debian unstable
Problem Description:

Loaded up usbserial and ipaq driver with vendor=0x413c product=0x4011.  dmesg
shows the pda being found and ttyUSB0 and ttyUSB1 created.

I run these commands as root to establish a connection through the character device:

synce-serial-config ttyUSB0
synce-serial-start

and after running 'synce-serial-start' get this oops:

ipaq 2-1.4:1.1: device disconnected
usb 2-1.4: new full speed USB device using ehci_hcd and address 4
ipaq 2-1.4:1.0: PocketPC PDA converter detected
usb 2-1.4: PocketPC PDA converter now attached to ttyUSB0
ipaq 2-1.4:1.1: PocketPC PDA converter detected
usb 2-1.4: PocketPC PDA converter now attached to ttyUSB1
CSLIP: code copyright 1989 Regents of the University of California
PPP generic driver version 2.4.2
ip_tables: (C) 2000-2002 Netfilter core team
Unable to handle kernel NULL pointer dereference at 0000000000000048 RIP: 
<ffffffff881a0984>{:ipaq:ipaq_open+468}
PGD 3291a067 PUD 312d4067 PMD 0 
Oops: 0002 [1] PREEMPT 
CPU 0 
Modules linked in: iptable_filter ip_tables ppp_async ppp_generic slhc 
crc_ccitt ipv6 ns558 gameport parport_pc parport floppy pcspkr shpchp 
pci_hotplug generic amd74xx snd_intel8x0 snd_ac97_codec snd_ac97_bus 
snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc 
ehci_hcd ohci_hcd i2c_nforce2 eth1394 forcedeth ohci1394 reiserfs raid1 
md_mod rtc tsdev w83627hf hwmon_vid i2c_isa i2c_core ipaq usbserial sbp2 
ieee1394 psmouse ide_generic ide_disk ide_cd ide_scsi ide_core sr_mod cdrom 
sd_mod sg aic7xxx scsi_transport_spi unix sata_nv libata scsi_mod ext3 jbd 
ext2 mbcache
Pid: 5863, comm: pppd Not tainted 2.6.14 #1
RIP: 0010:[<ffffffff881a0984>] <ffffffff881a0984>{:ipaq:ipaq_open+468}
RSP: 0018:ffff810031403d58  EFLAGS: 00010286
RAX: ffff810032ab3000 RBX: ffff810032ab7680 RCX: 000000000000000f
RDX: 0000000000000000 RSI: 00000000000000d0 RDI: ffff81003ffef8c0
RBP: 0000000000000064 R08: ffff8100350b5030 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000100
R13: ffff81003f0b2ec0 R14: ffff81003d42a800 R15: ffff81003dc85640
FS:  00002aaaab260e90(0000) GS:ffffffff803f4800(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000048 CR3: 0000000032bfb000 CR4: 00000000000006e0
Process pppd (pid: 5863, threadinfo ffff810031402000, task ffff8100371942c0)
Stack: ffff81003e21eff0 ffff810031403df0 ffff81003f3e3800 ffffffff881a96c0 
       ffff81003dc85640 ffff81003d42a800 0000000000000001 00000000ffffffed 
       ffff8100371efb80 ffffffff881972ef 
Call Trace:<ffffffff881972ef>{:usbserial:serial_open+287} 
<ffffffff8022c645>{tty_open+517}
       <ffffffff80186f72>{chrdev_open+498} 
<ffffffff8017c5f7>{__dentry_open+295}
       <ffffffff8017c840>{filp_open+144} 
<ffffffff88029daa>{:ext3:ext3_discard_reservation+90}
       <ffffffff8017b976>{get_unused_fd+230} 
<ffffffff8017c951>{do_sys_open+81}
       <ffffffff8010eb4a>{system_call+126} 

Code: 48 89 42 48 49 8b 96 80 00 00 00 49 8b 46 70 48 89 42 48 49 
RIP <ffffffff881a0984>{:ipaq:ipaq_open+468} RSP <ffff810031403d58>
CR2: 0000000000000048




I get this oops under 2.6.12, likely tainted by loading the nvidia driver:


CSLIP: code copyright 1989 Regents of the University of California
PPP generic driver version 2.4.2
ip_tables: (C) 2000-2002 Netfilter core team
Unable to handle kernel NULL pointer dereference at 0000000000000048 RIP: 
<ffffffff88611974>{:ipaq:ipaq_open+468}
PGD 2f2ba067 PUD 2279c067 PMD 0 
Oops: 0002 [1] 
CPU 0 
Modules linked in: iptable_filter ip_tables ppp_async ppp_generic slhc 
crc_ccitt md5 ipv6 ns558 gameport parport_pc parport floppy pcspkr shpchp 
pci_hotplug amd74xx snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss 
snd_pcm snd_timer snd soundcore snd_page_alloc ehci_hcd ohci_hcd i2c_nforce2 
eth1394 forcedeth ohci1394 reiserfs raid1 md rtc tsdev evdev w83627hf 
i2c_sensor i2c_isa i2c_core ipaq usbserial nvidia sbp2 ieee1394 psmouse 
ide_generic ide_disk ide_cd ide_scsi ide_core sr_mod cdrom sd_mod sg aic7xxx 
scsi_transport_spi unix fbcon tileblit font bitblit vesafb cfbcopyarea 
cfbimgblt cfbfillrect softcursor sata_nv libata scsi_mod ext3 jbd ext2 
mbcache
Pid: 5404, comm: pppd Tainted: P      2.6.12-1-amd64-k8
RIP: 0010:[<ffffffff88611974>] <ffffffff88611974>{:ipaq:ipaq_open+468}
RSP: 0018:ffff81001fd87d98  EFLAGS: 00010286
RAX: ffff81002275a000 RBX: ffff81002206ca80 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff81003ffefcb0 RDI: 000000000000000c
RBP: 0000000000000064 R08: 000000000000000b R09: ffff81002206ca28
R10: ffff81003ffeb190 R11: 0000000000000001 R12: 0000000000000100
R13: ffff81002748dd80 R14: ffff81003a254000 R15: ffff81003acf5a80
FS:  00002aaaab260e90(0000) GS:ffffffff8040f940(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000048 CR3: 00000000227aa000 CR4: 00000000000006e0
Process pppd (pid: 5404, threadinfo ffff81001fd86000, task ffff81001fd21900)
Stack: ffff81003a4ad200 ffffffff80211acd 0000000c6a9c6366 ffff81003acf5a80 
       00000000ffffffed ffff81003a254000 ffff81002268ea80 0000000000000000 
       0000000000008802 ffffffff88608240 
Call Trace:<ffffffff80211acd>{init_dev+1165} 
<ffffffff88608240>{:usbserial:serial_open+208}
       <ffffffff80211e15>{tty_open+517} <ffffffff80179883>{chrdev_open+307}
       <ffffffff80170926>{dentry_open+246} <ffffffff80170a84>{filp_open+68}
       <ffffffff8016fd7a>{get_unused_fd+90} <ffffffff80170b1c>{sys_open+76}
       <ffffffff8010e67a>{system_call+126} 

Code: 48 89 42 48 49 8b 96 80 00 00 00 49 8b 46 70 48 89 42 48 49 
RIP <ffffffff88611974>{:ipaq:ipaq_open+468} RSP <ffff81001fd87d98>
CR2: 0000000000000048
Comment 1 David Eriksson 2005-11-03 00:21:07 UTC
The SynCE project has received a number of reports about crashes with the "ipaq"
driver and Windows Mobile 2005 devices. The Dell Axim X51v is such a device.

Contrary to all devices known to work with the "ipaq" driver, these have
bDeviceClass, bDeviceSubClass and bDeviceProtocol set as in the
/proc/bus/usb/devices output below:

T:  Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  9 Spd=12  MxCh= 0
D:  Ver= 2.00 Cls=ef(unk. ) Sub=01 Prot=01 MxPS=16 #Cfgs=  1
P:  Vendor=0bb4 ProdID=0b01 Rev= 0.00
S:  Manufacturer=MSFT
S:  Product=PocketPC USB Sync
C:* #Ifs= 2 Cfg#= 1 Atr=c0 MxPwr=500mA
I:  If#= 0 Alt= 0 #EPs= 1 Cls=ef(unk. ) Sub=01 Prot=01 Driver=(none)
E:  Ad=81(I) Atr=03(Int.) MxPS=   8 Ivl=1ms
I:  If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=(none)
E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=03(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms

If the "ipaq" driver is loaded with the vendor/product identifier above,
and the device is connected, the module crashes.

There is a bug in the SynCE bug tracker for this:

https://sourceforge.net/tracker/index.php?func=detail&aid=1332550&group_id=30550&atid=399601

I have compared SnoopyPro output from a working device with output from
these new devices and they are quite different. (SnoopPro .usblog files
available on request.)

The latest version of the ActiveSync software contains a file
WceRndis.inf with the following comment. It makes me 100% sure that Windows
Mobile 2005 devices uses some variant of the RNDIS over USB protocol:


; WceRndis.INF -- This is the inf installation script for the stand-alone
;                  release of RNDIS-over-USB host driver for Windows Mobile USB
Function devices.

.
.
.

[WindowsCeDevices]
%WindowsCeDevice%    = RNDIS, USB\Class_EF&SubClass_01&Prot_01


The above is a modified version of the following mail I sent to the
linux-usb-devel list and Ganesh Varadarajan the other day:

http://marc.theaimsgroup.com/?l=linux-usb-devel&m=113079438715563


My recommendation is to start working on getting these devices working with the
host RNDIS over USB code in usbnet. 

SynCE user Peter McClure (owner of a "HTC Universal" device) has been in some
contact with David Brownell but has not been able to get his device working with
usbnet yet.

I expect that the primary reason for usbnet not working with these devices is
that usbnet expects RNDIS over USB devices to have
bDeviceClass/bDeviceSubClass/bDeviceProtocol set to 02/00/00 and not ef/01/01.
There may of course be other differences too...
Comment 2 Chris Morgan 2005-11-03 20:33:21 UTC
After the patch by V Ganesh to ipaq.c I get these messages in dmesg when I do:

synce-serial-config ttyUSB0
synce-serial-start

and 

synce-serial-config ttyUSB1
synce-serial-start

The control urb error is from the ttyUSB1 case.

ipaq 2-1.4:1.1: PocketPC PDA converter detected
usb 2-1.4: PocketPC PDA converter now attached to ttyUSB1
CSLIP: code copyright 1989 Regents of the University of California
PPP generic driver version 2.4.2
ip_tables: (C) 2000-2002 Netfilter core team
drivers/usb/serial/ipaq.c: ipaq_open - This device doesn't have the correct
endpoints

drivers/usb/serial/ipaq.c: ipaq_open - failed doing control urb, error -32




However if I do:

plug in axim
synce-serial-config ttyUSB0
synce-serial-start
unplug axim

Everything works fine.

Doing the same process, plugging in, config with ttyUSB1, serial-start and
unplugging results in this oops when the axim is unplugged:

ipaq 2-1.4:1.1: PocketPC PDA converter detected
usb 2-1.4: PocketPC PDA converter now attached to ttyUSB1
drivers/usb/serial/ipaq.c: ipaq_open - failed doing control urb, error -32
usb 2-1.4: USB disconnect, address 6
PocketPC PDA ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0
ipaq 2-1.4:1.0: device disconnected
----------- [cut here ] --------- [please bite here ] ---------
Kernel BUG at kernel/workqueue.c:104
invalid operand: 0000 [1] 
CPU 0 
Modules linked in: iptable_filter ip_tables ppp_async ppp_generic slhc crc_ccitt
ipv6 ns558 gameport parport_pc parport floppy pcspkr shpchp pci_hotplug generic
amd74xx snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd soundcore snd_page_alloc ehci_hcd ohci_hcd i2c_nforce2
eth1394 forcedeth ohci1394 reiserfs raid1 md_mod rtc tsdev w83627hf hwmon_vid
i2c_isa i2c_core ipaq usbserial sbp2 ieee1394 psmouse ide_generic ide_disk
ide_cd ide_scsi ide_core sr_mod cdrom sd_mod sg aic7xxx scsi_transport_spi unix
sata_nv libata scsi_mod ext3 jbd ext2 mbcache
Pid: 145, comm: khubd Not tainted 2.6.14 #1
RIP: 0010:[<ffffffff8014170a>] <ffffffff8014170a>{queue_work+26}
RSP: 0000:ffff81003f8dfcf8  EFLAGS: 00010286
RAX: ffff810036fe0a10 RBX: 0000000000000000 RCX: ffff81003de692c0
RDX: 0000000000000000 RSI: ffff810036fe0a08 RDI: ffff81003fe25180
RBP: ffff81003de699c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff80236890 R12: ffff81003de699c0
R13: ffff810037e62420 R14: ffff81003d766400 R15: 0000000000000100
FS:  00002aaaab0606d0(0000) GS:ffffffff803d3800(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00000000005bb850 CR3: 00000000362ce000 CR4: 00000000000006e0
Process khubd (pid: 145, threadinfo ffff81003f8de000, task ffff81003f8dd530)
Stack: ffffffff80236890 ffffffff8818fe49 ffff810037e62490 ffffffff881a23e0 
       ffff810037e62400 ffffffff881a2420 ffff810037e62420 ffffffff802499c3 
       ffff810037e624f0 ffff810037e62420 
Call Trace:<ffffffff80236890>{klist_devices_put+0}
<ffffffff8818fe49>{:usbserial:usb_serial_disconnect+105}
       <ffffffff802499c3>{usb_unbind_interface+83}
<ffffffff8023630b>{__device_release_driver+107}
       <ffffffff8023661d>{device_release_driver+45}
<ffffffff80235d42>{bus_remove_device+146}
       <ffffffff80234ca7>{device_del+55} <ffffffff8024f615>{usb_disable_device+165}
       <ffffffff80249f61>{usb_disconnect+193} <ffffffff8024c589>{hub_thread+873}
       <ffffffff80145790>{autoremove_wake_function+0}
<ffffffff8024c220>{hub_thread+0}
       <ffffffff8014559d>{kthread+205} <ffffffff8010f3c2>{child_rip+8}
       <ffffffff801e9b60>{vgacon_cursor+0}
<ffffffff80145370>{keventd_create_kthread+0}
       <ffffffff801454d0>{kthread+0} <ffffffff8010f3ba>{child_rip+0}
       

Code: 0f 0b 68 f8 6c 2e 80 c2 68 00 e8 e7 fb ff ff ba 01 00 00 00 
RIP <ffffffff8014170a>{queue_work+26} RSP <ffff81003f8dfcf8>
Comment 3 Luis F Balbinot 2005-11-09 10:00:18 UTC
Same with me. Loaded ipaq with vendor=0x413c product=0x4011 (Dell Axim x51v) and
it created /dev/tts/USB0 and /dev/tts/USB1. I'm using 2.6.13-gentoo-r3.

And ooops:

hades ~ # synce-serial-config /dev/tts/USB0

You can now run synce-serial-start to start a serial connection.

hades ~ # synce-serial-start

synce-serial-start is now waiting for your device to connect

hades ~ # Oops: 0002 [#1]
PREEMPT
Modules linked in: ppp_async ppp_generic slhc ipaq usbserial snd_pcm_oss
snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
snd_hda_intel snd_hda_codec snd_pcm snd_timer snd soundcore snd_page_alloc
ipw2200 ieee80211 ieee80211_crypt
CPU:    0
EIP:    0060:[<e0ddd188>]    Not tainted VLI
EFLAGS: 00010286   (2.6.13-gentoo-r3)
EIP is at ipaq_open+0x188/0x360 [ipaq]
eax: ddc88000   ebx: ddde4560   ecx: ddeea400   edx: 00000000
esi: 00000100   edi: dda11ae0   ebp: dda11af4   esp: de7bbe78
ds: 007b   es: 007b   ss: 0068
Process pppd (pid: 9868, threadinfo=de7ba000 task=df24a590)
Stack: dfe8f880 000000d0 00000000 000000d0 e0e8d50d 00000000 00000000 00000000
       00000001 ddf909c0 ddf909c0 ddeea400 dd86b000 0bc00000 e0e8a422 ddeea400
       df0b2540 df0b2540 e0e8a370 df0b2540 00000000 c022b6ed dd86b000 df0b2540
Call Trace:
 [<e0e8a422>] serial_open+0xb2/0x100 [usbserial]
 [<e0e8a370>] serial_open+0x0/0x100 [usbserial]
 [<c022b6ed>] tty_open+0x26d/0x310
 [<c016999a>] chrdev_open+0xba/0x190
 [<c015f4fa>] dentry_open+0x11a/0x1a0
 [<c015f3d8>] filp_open+0x68/0x70
 [<c015f5de>] get_unused_fd+0x5e/0xd0
 [<c015f71f>] sys_open+0x4f/0xe0
 [<c01031c5>] syscall_call+0x7/0xb
Code: 44 24 04 a1 c4 22 3e c0 89 04 24 e8 33 d4 36 df 8b 4c 24 3c 85 c0 89 41 38
0f 84 4b 01 00 00 8b 44 24 3c 8b 50 30 89 c1 8b 40 28 <89> 42 2c 8b 51 40 8b 41
38 89 42 2c 8b 41 30 c7 40 34 00 10 00
Comment 4 Greg Kroah-Hartman 2005-11-14 21:39:51 UTC
Can someone send me the patch that fixes the oops from happening that
I saw references to?
Comment 5 David Eriksson 2006-01-04 00:26:41 UTC
I just created the SynCE-WindowsMobile5 mailing list. If you are interested in
Windows Mobile 5 support in Linux and SynCE, join it and discuss with other WM5
device owners how to proceed in order to support these devices.
 
https://lists.sourceforge.net/lists/listinfo/synce-windowsmobile5
Comment 6 Greg Kroah-Hartman 2006-03-06 10:28:37 UTC
No response in 2 months, closing.  If this is still a problem, please reopen
with the requested information.
Comment 7 Greg Kroah-Hartman 2006-05-15 14:22:52 UTC
Hm, you reopened it, but did not provide any new information.

Setting to NEED INFO until you do...
Comment 8 Peter Kreussel 2006-06-21 09:03:15 UTC
Kernel 2.6.16.13 (Suse 10.1)

trying to connect an HP ipaq rx 1950 with windows mobile 5 -> I guess this
belongs here.

synce-serial-config ttyUSB0 , synce-serial-start

leads to:

Jun 21 17:34:30 linux-h9s7 kernel: PPP generic driver version 2.4.2
Jun 21 17:34:30 linux-h9s7 synce-serial-start: Executing /usr/sbin/pppd call
synce-device
Jun 21 17:34:30 linux-h9s7 pppd[15514]: pppd 2.4.3 started by peter, uid 0
Jun 21 17:34:30 linux-h9s7 kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000030
Jun 21 17:34:30 linux-h9s7 kernel:  printing eip:
Jun 21 17:34:30 linux-h9s7 kernel: f92aa8bb
Jun 21 17:34:30 linux-h9s7 kernel: *pde = 00000000
Jun 21 17:34:30 linux-h9s7 kernel: Oops: 0002 [#1]
Jun 21 17:34:30 linux-h9s7 kernel: SMP
Jun 21 17:34:30 linux-h9s7 kernel: last sysfs file:
/devices/pci0000:00/0000:00:1d.2/usb3/3-1/3-1:1.1/power/state
Jun 21 17:34:30 linux-h9s7 kernel: Modules linked in: ppp_async ppp_generic slhc
crc_ccitt joydev st sr_mod nls_iso8859_1 nls_cp437 vfat fat sg sd_mod
usb_storage scsi_mod ipaq usbserial ipv6 snd_pcm_oss snd_mixer_oss snd_seq
snd_seq_device af_packet edd button battery ac apparmor aamatch_pcre loop dm_mod
e100 mii i2c_i801 snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd
soundcore snd_page_alloc shpchp ehci_hcd pci_hotplug i8xx_tco i2c_core uhci_hcd
usbcore ide_cd cdrom parport_pc lp parport ext3 jbd fan thermal processor piix
ide_disk ide_core
Jun 21 17:34:30 linux-h9s7 kernel: CPU:    0
Jun 21 17:34:30 linux-h9s7 kernel: EIP:    0060:[<f92aa8bb>]    Not tainted VLI
Jun 21 17:34:30 linux-h9s7 kernel: EFLAGS: 00010286   (2.6.16.13-4-smp #1)
Jun 21 17:34:30 linux-h9s7 kernel: EIP is at ipaq_open+0x185/0x2aa [ipaq]
Jun 21 17:34:30 linux-h9s7 kernel: eax: 00000000   ebx: f30dc4e0   ecx: 00000000
  edx: e2173000
Jun 21 17:34:30 linux-h9s7 kernel: esi: e0de42b4   edi: 00000100   ebp: c1aa1000
  esp: c8de5e94
Jun 21 17:34:30 linux-h9s7 kernel: ds: 007b   es: 007b   ss: 0068
Jun 21 17:34:30 linux-h9s7 kernel: Process pppd (pid: 15514, threadinfo=c8de4000
task=c1a3d6b0)
Jun 21 17:34:30 linux-h9s7 kernel: Stack: <0>e0de42a0 d6e0a540 00000000 c1aa1000
d6e0a540 f68d9000 ffffffed f92c6cb8
Jun 21 17:34:30 linux-h9s7 kernel:        c1af3ec0 c1aa100c 00000802 c1af3ec0
00000000 0bc00000 c0200a21 00000000
Jun 21 17:34:30 linux-h9s7 kernel:        0802d800 00000000 f68d9000 00000000
e4591c04 00000000 f6dcda84 c01634ce
Jun 21 17:34:30 linux-h9s7 kernel: Call Trace:
Jun 21 17:34:30 linux-h9s7 kernel:  [<f92c6cb8>] serial_open+0xee/0x165 [usbserial]
Jun 21 17:34:30 linux-h9s7 kernel:  [<c0200a21>] tty_open+0x196/0x311
Jun 21 17:34:30 linux-h9s7 kernel:  [<c01634ce>] chrdev_open+0x124/0x161
Jun 21 17:34:30 linux-h9s7 kernel:  [<c01633aa>] chrdev_open+0x0/0x161
Jun 21 17:34:30 linux-h9s7 kernel:  [<c015a457>] __dentry_open+0xc7/0x1ab
Jun 21 17:34:30 linux-h9s7 kernel:  [<c015a59f>] nameidata_to_filp+0x19/0x28
Jun 21 17:34:30 linux-h9s7 kernel:  [<c015a5da>] do_filp_open+0x2c/0x32
Jun 21 17:34:30 linux-h9s7 kernel:  [<c015a61e>] do_sys_open+0x3e/0xb0
Jun 21 17:34:30 linux-h9s7 kernel:  [<c015a6bd>] sys_open+0x16/0x18
Jun 21 17:34:30 linux-h9s7 kernel:  [<c0103c89>] syscall_call+0x7/0xb
Jun 21 17:34:30 linux-h9s7 kernel: Code: 45 40 0f 84 12 01 00 00 a1 98 a3 2f c0
ba d0 00 00 00 e8 2b df ea c6 8b 55 40 85 c0 89 45 50 75 07 89 d0 e9 ed 00 00 00
8b 45 48 <89> 50 30 8b 55 58 8b 45 50 89 42 30 8b 45 48 c7 40 38 00 10 00
Comment 9 Greg Kroah-Hartman 2006-06-21 09:31:55 UTC
Can you please try the 2.6.17 kernel release instead of 2.6.16?
Comment 10 Peter Kreussel 2006-06-22 01:27:02 UTC
Sorry, should have tried 2.6.17 in the first place.
This is the reaction of Kernel 2.6.17.1 (plain vanilla):

Jun 22 10:23:25 linux-h9s7 kernel: PPP generic driver version 2.4.2
Jun 22 10:23:25 linux-h9s7 synce-serial-start: Executing /usr/sbin/pppd call
synce-device
Jun 22 10:23:25 linux-h9s7 pppd[4266]: pppd 2.4.3 started by peter, uid 0
Jun 22 10:23:25 linux-h9s7 kernel: BUG: unable to handle kernel NULL pointer
dereference at virtual address 00000030
Jun 22 10:23:25 linux-h9s7 kernel:  printing eip:
Jun 22 10:23:25 linux-h9s7 kernel: f8fbc8bb
Jun 22 10:23:25 linux-h9s7 kernel: *pde = 00000000
Jun 22 10:23:25 linux-h9s7 kernel: Oops: 0002 [#2]
Jun 22 10:23:25 linux-h9s7 kernel: SMP
Jun 22 10:23:25 linux-h9s7 kernel: Modules linked in: ppp_async ppp_generic slhc
crc_ccitt ipaq usbserial ipv6 snd_pcm_oss snd_mixer_oss snd_seq snd_seq_device
af_packet edd button battery ac sg sd_mod loop usb_storage scsi_mod dm_mod
uhci_hcd ehci_hcd e100 usbcore snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm
snd_timer snd soundcore snd_page_alloc shpchp i2c_i801 pci_hotplug i8xx_tco
ide_cd cdrom mii i2c_core parport_pc lp parport ext3 jbd fan thermal processor
piix ide_disk ide_core
Jun 22 10:23:25 linux-h9s7 kernel: CPU:    0
Jun 22 10:23:25 linux-h9s7 kernel: EIP:    0060:[<f8fbc8bb>]    Not tainted VLI
Jun 22 10:23:25 linux-h9s7 kernel: EFLAGS: 00010286   (2.6.17.1-smp #1)
Jun 22 10:23:25 linux-h9s7 kernel: EIP is at ipaq_open+0x185/0x2aa [ipaq]
Jun 22 10:23:25 linux-h9s7 kernel: eax: 00000000   ebx: ead1d660   ecx: dfffd440
  edx: ebf02000
Jun 22 10:23:25 linux-h9s7 kernel: esi: c192f694   edi: 00000100   ebp: f7c50600
  esp: edb41ea0
Jun 22 10:23:25 linux-h9s7 kernel: ds: 007b   es: 007b   ss: 0068
Jun 22 10:23:25 linux-h9s7 kernel: Process pppd (pid: 4266, threadinfo=edb40000
task=dffbd030)
Jun 22 10:23:25 linux-h9s7 kernel: Stack: c192f680 ed6a55c0 f7c5060c f7c50600
ed6a55c0 f795c800 f7c5060c f8f41ca9
Jun 22 10:23:25 linux-h9s7 kernel:        f3b57800 ffffffed 00000802 f3b57800
00000000 0bc00001 c01fb5d0 00000000
Jun 22 10:23:25 linux-h9s7 kernel:        0802c800 00000001 f795c800 00000000
c1af7a04 00000000 f7ff25d4 c0162901
Jun 22 10:23:25 linux-h9s7 kernel: Call Trace:
Jun 22 10:23:25 linux-h9s7 kernel:  <f8f41ca9> serial_open+0xdf/0x154
[usbserial]  <c01fb5d0> tty_open+0x176/0x2eb
Jun 22 10:23:25 linux-h9s7 kernel:  <c0162901> chrdev_open+0x124/0x161 
<c01627dd> chrdev_open+0x0/0x161
Jun 22 10:23:25 linux-h9s7 kernel:  <c0159865> __dentry_open+0xc7/0x1ab 
<c01599ad> nameidata_to_filp+0x19/0x28
Jun 22 10:23:25 linux-h9s7 kernel:  <c01599e8> do_filp_open+0x2c/0x32 
<c0159a2c> do_sys_open+0x3e/0xb0
Jun 22 10:23:25 linux-h9s7 kernel:  <c0159acb> sys_open+0x16/0x18  <c0103c27>
syscall_call+0x7/0xb
Jun 22 10:23:25 linux-h9s7 kernel: Code: 45 3c 0f 84 12 01 00 00 a1 58 08 2e c0
ba d0 00 00 00 e8 4f b3 19 c7 8b 55 3c 85 c0 89 45 4c 75 07 89 d0 e9 ed 00 00 00
8b 45 44 <89> 50 30 8b 55 54 8b 45 4c 89 42 30 8b 45 44 c7 40 38 00 10 00
Jun 22 10:23:25 linux-h9s7 kernel: EIP: [<f8fbc8bb>] ipaq_open+0x185/0x2aa
[ipaq] SS:ESP 0068:edb41ea0


Comment 11 Greg Kroah-Hartman 2006-08-30 01:14:08 UTC
I really don't know what to suggest here.

If someone can point me to a fix for this issue, I'll gladly apply it.

Are you still having this same problem on the latest 2.6.18-rc5 release?
Comment 12 Luiz Fernando N. Capitulino 2006-09-11 12:35:58 UTC
Yes, there're some fixes for ip
Comment 13 Natalie Protasevich 2007-06-11 17:54:42 UTC
Peter,
Any updates on this problem? Have you tried later kernels? It's been a lot of fixes to usb after 2.6.18.

--Natalie
Comment 14 Adrian Bunk 2007-09-09 12:11:55 UTC
Please reopen this bug if it's still present with kernel 2.6.22.