Bug 8561 - list_add corruption. prev->next should be next (f7d28794), but was f0df8ed4 (prev=f0df8ed4) Kernel Bug at lib/list_debug.c:33
Summary: list_add corruption. prev->next should be next (f7d28794), but was f0df8ed4 ...
Status: CLOSED CODE_FIX
Alias: None
Product: Networking
Classification: Unclassified
Component: Other (show other bugs)
Hardware: i386 Linux
: P2 high
Assignee: Arnaldo Carvalho de Melo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-01 04:20 UTC by Paulo Pereira
Modified: 2008-09-23 11:22 UTC (History)
0 users

See Also:
Kernel Version: vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7 fedora
Tree: Mainline
Regression: ---


Attachments
DRUMP (2.81 KB, text/plain)
2007-06-01 04:22 UTC, Paulo Pereira
Details

Description Paulo Pereira 2007-06-01 04:20:25 UTC
Most recent kernel where this bug did *NOT* occur: vanilla kernel 2.6.22-rc3
Distribution:2.6.22-rc3
Hardware Environment:AMD ATHLON X2 4200+, M2V MOTHERBOARD
Software Environment:AMULE
Problem Description:

I'm using vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7 fedora 
kernel) with a huawei e220 3g, and when I open amule after sometime kernel 
panics: 
Comment 1 Paulo Pereira 2007-06-01 04:22:52 UTC
Created attachment 11636 [details]
DRUMP
Comment 2 Anonymous Emailer 2007-06-01 08:55:55 UTC
Reply-To: akpm@linux-foundation.org

On Fri, 1 Jun 2007 04:17:01 -0700 bugme-daemon@bugzilla.kernel.org wrote:
>

(Please folow up via emailed reply-to-all, not via the bugzilla web
interface)

> 
> http://bugzilla.kernel.org/show_bug.cgi?id=8561
> 
>            Summary: list_add corruption. prev->next should be next
>                     (f7d28794), but was f0df8ed4
>                     (prev=f0df8ed4)
>     Kernel Version: vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7
>                     fedora
>             Status: NEW
>           Severity: high
>              Owner: acme@ghostprotocols.net
>          Submitter: pfmp.404@gmail.com
> 
> 
> Most recent kernel where this bug did *NOT* occur: vanilla kernel 2.6.22-rc3

No, this question is asking what is the most recent kernel versions which
*did not* have this bug?

> Distribution:2.6.22-rc3
> Hardware Environment:AMD ATHLON X2 4200+, M2V MOTHERBOARD
> Software Environment:AMULE
> Problem Description:
> 
> I'm using vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7 fedora 
> kernel) with a huawei e220 3g, and when I open amule after sometime kernel 
> panics: 
> _
> list_add corruption. prev->next should be next (f7d28794), but was f0df8ed4 
> (prev=f0df8ed4)
> Kernel Bug at lib/list_debug.c:33
> SMP
> Modules linhed in: ppp_deflate zlib_deflate ppp_async crc_ccitt pp_generic 
> slhc sata_mv autofs4 hipd rfconn 12cap bluetooth sunrpc 
> nf_conntrack_netbios_ns
> ipt_REJECT nf_conntrack_ipv4 xt_satte nf_conntrack nfnetlink iptable_filter 
> ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables vfat fat 
> fuse dm_mirror dm_multipatch dm_mod video sbs button dock battery ac radeon 
> drm ipv6 lp option usbserial snd_emv10k1_synth snd_emux_synth snd_seq_virmidi 
> snd_seq_midi_emulbt878 tuner snd_emu10k1 msp3400 snd_rawmidi bttv 
> snd_hda_intell snd_ac97_codec ac97_bus snd_seq_dummy video_buf snd_seq_oss 
> ir_common compat_isctl32 i2c_algo_bit snd_seq_midi_event sg btcx_risc snd_seq 
> floppy snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_device snd_timer pata_via 
> tveeprom i2c_viapro snd_util_mem i2c_core snd_page_alloc snd_hwdep snd 
> videodev atl1 v4l2_common soundcore mii v4l1_compat emu10k1_gp sr_mod 
> gameport k8temp hwmon parport_pc parport cdrom serio_raw usb_storage sata_via 
> ata_generic libata sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd 
> uhci_hcd
> CPU: 0
> EIP: 0060:[<c04ddda5>] Not tainted VLI
> EFLAGS: 00010092 (2.6.22_rc3 #1)
> EIP is at __list_add+0x48/0x5c
> eax: 00000061___ebx: f0df8ed4___ecx: c06ced10___edx:00000086
> esi: f0df8ed4___edi: 00000246___ebp: f7d28788___esp: c0750e68
> ds: 007b________es: 007b________fs: 00d8________gs: 0033________ss: 0068
> Process Amule (pid: 9719, ti=c0750000 task=d1da38b0 task.ti=c7899000)
> Satck: _co69461e________f7d28794________f0df8ed4________f0df8ed4________f0df8ec0________ffffffff________c0558f09________
> 00000040
> ________00000021________f9316564________c180a120________00000000________d4884800________00000020________f7ece200________000000fc
> ________f7a45000________db1c8000________00000001________00000040________f90b8da0________f7a45000________d3740000________c409e470
> Call Trace:
> ________[<c0558f09>] usb_hcd_sumit_urb+0x9a/0x778
> ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]
> ________[<f931657d>] ppp_async_send+0xd/0x36 [ppp_async]
> ________[<f932d677>] ppp_push+0x67/0x4c1 [ppp_generic]
> ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]
> ________[<c043abdc>] timer_stats_update_stats+0x141/0x14d
> ________[<f90b73c6>] option_write+0xa1/0xe9 [option]
> ________[<f90ad586>] serial_write+0x9c/0xab [usbserial]
> ________[<f931627e>] ppp_async_push+0xa6/0x398 [ppp_async]
> ________[<f9316a31>] ppp_async_process+0x42/0x56 [ppp_async]
> ________[<c0427990>] tasklet_action+0x46/0x90
> ________[<c04278c3>] __do_softirq+0x5d/0xc1
> ________[<c0406cdb>] do_softirq+0x59/0xa8
> ________[<c0427772>] irq_exit+0x38/0x6b
> ________[<c0416c60>] smp_apic_timer_interrupt+0x74/0x80
> ________[<c04057e8>] apic_timer_interrupt+0x28/0x30
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
> Code:
> ________ce______45______69______c0______e8______3d______5c______f4______ff______0f______0b______eb______fe______8b______32______39______ce______74
> ________1c______89______54______24______0c______89______74______24______08______89______4c______24______04______c7______04______24______1e______46
> ________69______c0______e8______1b______5c______f4______ff______<0f>____0b______eb______fe______89______59______04______89______0b______89______43
> ________04______89______18______83______c4______10______5b______5e______c3______8b
> EIP: [<c04ddda5>] __list_add+0x48/0x5c__SS:ESP 0068:c0750e68
> Kernel panic - not syncing: Fatal exception in interrupt
> 

Could be a ppp bug, more likely a USB bug, but that's a well-tested code
path.

Greg? Anyone?  ANy idea where to start looking?

Paolo, I assume this crash is repeatable?

Comment 3 Paulo Pereira 2007-06-01 09:18:03 UTC
A Friday 01 June 2007 16:52:16, Andrew Morton escreveu:
> On Fri, 1 Jun 2007 04:17:01 -0700 bugme-daemon@bugzilla.kernel.org wrote:
>
>
> (Please folow up via emailed reply-to-all, not via the bugzilla web
> interface)
>
> > http://bugzilla.kernel.org/show_bug.cgi?id=8561
> >
> >            Summary: list_add corruption. prev->next should be next
> >                     (f7d28794), but was f0df8ed4
> >                     (prev=f0df8ed4)
> >     Kernel Version: vanilla kernel 2.6.22-rc3 (and I try'ed with
> > 2.6.21-fc7 fedora
> >             Status: NEW
> >           Severity: high
> >              Owner: acme@ghostprotocols.net
> >          Submitter: pfmp.404@gmail.com
> >
> >
> > Most recent kernel where this bug did *NOT* occur: vanilla kernel
> > 2.6.22-rc3
>
> No, this question is asking what is the most recent kernel versions which
> *did not* have this bug?
>
> > Distribution:2.6.22-rc3
> > Hardware Environment:AMD ATHLON X2 4200+, M2V MOTHERBOARD
> > Software Environment:AMULE
> > Problem Description:
> >
> > I'm using vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7 fedora
> > kernel) with a huawei e220 3g, and when I open amule after sometime
> > kernel panics:
> > _
> > list_add corruption. prev->next should be next (f7d28794), but was
> > f0df8ed4 (prev=f0df8ed4)
> > Kernel Bug at lib/list_debug.c:33
> > SMP
> > Modules linhed in: ppp_deflate zlib_deflate ppp_async crc_ccitt
> > pp_generic slhc sata_mv autofs4 hipd rfconn 12cap bluetooth sunrpc
> > nf_conntrack_netbios_ns
> > ipt_REJECT nf_conntrack_ipv4 xt_satte nf_conntrack nfnetlink
> > iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables
> > x_tables vfat fat fuse dm_mirror dm_multipatch dm_mod video sbs button
> > dock battery ac radeon drm ipv6 lp option usbserial snd_emv10k1_synth
> > snd_emux_synth snd_seq_virmidi snd_seq_midi_emulbt878 tuner snd_emu10k1
> > msp3400 snd_rawmidi bttv snd_hda_intell snd_ac97_codec ac97_bus
> > snd_seq_dummy video_buf snd_seq_oss ir_common compat_isctl32 i2c_algo_bit
> > snd_seq_midi_event sg btcx_risc snd_seq floppy snd_pcm_oss snd_mixer_oss
> > snd_pcm snd_seq_device snd_timer pata_via tveeprom i2c_viapro
> > snd_util_mem i2c_core snd_page_alloc snd_hwdep snd videodev atl1
> > v4l2_common soundcore mii v4l1_compat emu10k1_gp sr_mod gameport k8temp
> > hwmon parport_pc parport cdrom serio_raw usb_storage sata_via ata_generic
> > libata sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd
> > CPU: 0
> > EIP: 0060:[<c04ddda5>] Not tainted VLI
> > EFLAGS: 00010092 (2.6.22_rc3 #1)
> > EIP is at __list_add+0x48/0x5c
> > eax: 00000061___ebx: f0df8ed4___ecx: c06ced10___edx:00000086
> > esi: f0df8ed4___edi: 00000246___ebp: f7d28788___esp: c0750e68
> > ds: 007b________es: 007b________fs: 00d8________gs: 0033________ss: 0068
> > Process Amule (pid: 9719, ti=c0750000 task=d1da38b0 task.ti=c7899000)
> > Satck:
> > _co69461e________f7d28794________f0df8ed4________f0df8ed4________f0df8ec0
> >________ffffffff________c0558f09________ 00000040
> > ________00000021________f9316564________c180a120________00000000________d
> >4884800________00000020________f7ece200________000000fc
> > ________f7a45000________db1c8000________00000001________00000040________f
> >90b8da0________f7a45000________d3740000________c409e470 Call Trace:
> > ________[<c0558f09>] usb_hcd_sumit_urb+0x9a/0x778
> > ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]
> > ________[<f931657d>] ppp_async_send+0xd/0x36 [ppp_async]
> > ________[<f932d677>] ppp_push+0x67/0x4c1 [ppp_generic]
> > ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]
> > ________[<c043abdc>] timer_stats_update_stats+0x141/0x14d
> > ________[<f90b73c6>] option_write+0xa1/0xe9 [option]
> > ________[<f90ad586>] serial_write+0x9c/0xab [usbserial]
> > ________[<f931627e>] ppp_async_push+0xa6/0x398 [ppp_async]
> > ________[<f9316a31>] ppp_async_process+0x42/0x56 [ppp_async]
> > ________[<c0427990>] tasklet_action+0x46/0x90
> > ________[<c04278c3>] __do_softirq+0x5d/0xc1
> > ________[<c0406cdb>] do_softirq+0x59/0xa8
> > ________[<c0427772>] irq_exit+0x38/0x6b
> > ________[<c0416c60>] smp_apic_timer_interrupt+0x74/0x80
> > ________[<c04057e8>] apic_timer_interrupt+0x28/0x30
> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> > Code:
> > ________ce______45______69______c0______e8______3d______5c______f4______f
> >f______0f______0b______eb______fe______8b______32______39______ce______74
> > ________1c______89______54______24______0c______89______74______24______0
> >8______89______4c______24______04______c7______04______24______1e______46
> > ________69______c0______e8______1b______5c______f4______ff______<0f>____0
> >b______eb______fe______89______59______04______89______0b______89______43
> > ________04______89______18______83______c4______10______5b______5e______c
> >3______8b EIP: [<c04ddda5>] __list_add+0x48/0x5c__SS:ESP 0068:c0750e68
> > Kernel panic - not syncing: Fatal exception in interrupt
>
> Could be a ppp bug, more likely a USB bug, but that's a well-tested code
> path.
>
> Greg? Anyone?  ANy idea where to start looking?
>
> Paolo, I assume this crash is repeatable?

I don't have a kernel versions which *did not* have this bug, because this is 
my first one.

And yes this crash is repeatable, always that I put Amule or Ktorrent to work, 
30/45 minutes later is a kernel panic...

Comment 4 Paulo Pereira 2007-06-01 09:20:40 UTC
A Friday 01 June 2007 16:52:29, bugme-daemon@bugzilla.kernel.org escreveu:
> (prev=f0df8ed4)
> Kernel Bug at lib/list_debug.c:33
> X-Bugzilla-Reason:Reporter
> X-Bugzilla-Category: Networking
> X-Bugzilla-Component: Other
>
> http://bugzilla.kernel.org/show_bug.cgi?id=8561
>
>
>
>
>
> ------- Additional Comments From anonymous@kernel-bugs.osdl.org  2007-06-01
> 08:55 ------- Reply-To: akpm@linux-foundation.org
>
> On Fri, 1 Jun 2007 04:17:01 -0700 bugme-daemon@bugzilla.kernel.org wrote:
>
>
> (Please folow up via emailed reply-to-all, not via the bugzilla web
> interface)
>
> > http://bugzilla.kernel.org/show_bug.cgi?id=8561
> >
> >            Summary: list_add corruption. prev->next should be next
> >                     (f7d28794), but was f0df8ed4
> >                     (prev=f0df8ed4)
> >     Kernel Version: vanilla kernel 2.6.22-rc3 (and I try'ed with
> > 2.6.21-fc7 fedora
> >             Status: NEW
> >           Severity: high
> >              Owner: acme@ghostprotocols.net
> >          Submitter: pfmp.404@gmail.com
> >
> >
> > Most recent kernel where this bug did *NOT* occur: vanilla kernel
> > 2.6.22-rc3
>
> No, this question is asking what is the most recent kernel versions which
> *did not* have this bug?
>
> > Distribution:2.6.22-rc3
> > Hardware Environment:AMD ATHLON X2 4200+, M2V MOTHERBOARD
> > Software Environment:AMULE
> > Problem Description:
> >
> > I'm using vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7 fedora
> > kernel) with a huawei e220 3g, and when I open amule after sometime
> > kernel panics:
> > _
> > list_add corruption. prev->next should be next (f7d28794), but was
> > f0df8ed4 (prev=f0df8ed4)
> > Kernel Bug at lib/list_debug.c:33
> > SMP
> > Modules linhed in: ppp_deflate zlib_deflate ppp_async crc_ccitt
> > pp_generic slhc sata_mv autofs4 hipd rfconn 12cap bluetooth sunrpc
> > nf_conntrack_netbios_ns
> > ipt_REJECT nf_conntrack_ipv4 xt_satte nf_conntrack nfnetlink
> > iptable_filter ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables
> > x_tables vfat fat fuse dm_mirror dm_multipatch dm_mod video sbs button
> > dock battery ac radeon drm ipv6 lp option usbserial snd_emv10k1_synth
> > snd_emux_synth snd_seq_virmidi snd_seq_midi_emulbt878 tuner snd_emu10k1
> > msp3400 snd_rawmidi bttv snd_hda_intell snd_ac97_codec ac97_bus
> > snd_seq_dummy video_buf snd_seq_oss ir_common compat_isctl32 i2c_algo_bit
> > snd_seq_midi_event sg btcx_risc snd_seq floppy snd_pcm_oss snd_mixer_oss
> > snd_pcm snd_seq_device snd_timer pata_via tveeprom i2c_viapro
> > snd_util_mem i2c_core snd_page_alloc snd_hwdep snd videodev atl1
> > v4l2_common soundcore mii v4l1_compat emu10k1_gp sr_mod gameport k8temp
> > hwmon parport_pc parport cdrom serio_raw usb_storage sata_via ata_generic
> > libata sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd
> > CPU: 0
> > EIP: 0060:[<c04ddda5>] Not tainted VLI
> > EFLAGS: 00010092 (2.6.22_rc3 #1)
> > EIP is at __list_add+0x48/0x5c
> > eax: 00000061___ebx: f0df8ed4___ecx: c06ced10___edx:00000086
> > esi: f0df8ed4___edi: 00000246___ebp: f7d28788___esp: c0750e68
> > ds: 007b________es: 007b________fs: 00d8________gs: 0033________ss: 0068
> > Process Amule (pid: 9719, ti=c0750000 task=d1da38b0 task.ti=c7899000)
> > Satck:
> > _co69461e________f7d28794________f0df8ed4________f0df8ed4________f0df8ec0
> >________ffffffff________c0558f09________ 00000040
> > ________00000021________f9316564________c180a120________00000000________d
> >4884800________00000020________f7ece200________000000fc
> > ________f7a45000________db1c8000________00000001________00000040________f
> >90b8da0________f7a45000________d3740000________c409e470 Call Trace:
> > ________[<c0558f09>] usb_hcd_sumit_urb+0x9a/0x778
> > ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]
> > ________[<f931657d>] ppp_async_send+0xd/0x36 [ppp_async]
> > ________[<f932d677>] ppp_push+0x67/0x4c1 [ppp_generic]
> > ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]
> > ________[<c043abdc>] timer_stats_update_stats+0x141/0x14d
> > ________[<f90b73c6>] option_write+0xa1/0xe9 [option]
> > ________[<f90ad586>] serial_write+0x9c/0xab [usbserial]
> > ________[<f931627e>] ppp_async_push+0xa6/0x398 [ppp_async]
> > ________[<f9316a31>] ppp_async_process+0x42/0x56 [ppp_async]
> > ________[<c0427990>] tasklet_action+0x46/0x90
> > ________[<c04278c3>] __do_softirq+0x5d/0xc1
> > ________[<c0406cdb>] do_softirq+0x59/0xa8
> > ________[<c0427772>] irq_exit+0x38/0x6b
> > ________[<c0416c60>] smp_apic_timer_interrupt+0x74/0x80
> > ________[<c04057e8>] apic_timer_interrupt+0x28/0x30
> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> > Code:
> > ________ce______45______69______c0______e8______3d______5c______f4______f
> >f______0f______0b______eb______fe______8b______32______39______ce______74
> > ________1c______89______54______24______0c______89______74______24______0
> >8______89______4c______24______04______c7______04______24______1e______46
> > ________69______c0______e8______1b______5c______f4______ff______<0f>____0
> >b______eb______fe______89______59______04______89______0b______89______43
> > ________04______89______18______83______c4______10______5b______5e______c
> >3______8b EIP: [<c04ddda5>] __list_add+0x48/0x5c__SS:ESP 0068:c0750e68
> > Kernel panic - not syncing: Fatal exception in interrupt
>
> Could be a ppp bug, more likely a USB bug, but that's a well-tested code
> path.
>
> Greg? Anyone?  ANy idea where to start looking?
>
> Paolo, I assume this crash is repeatable?
>
>
>
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.

I don't have a kernel versions which *did not* have this bug, because this is 
my first one.

And yes this crash is repeatable, always that I put Amule or Ktorrent to work, 
30/45 minutes later is a kernel panic...

Comment 5 Alan Stern 2007-06-01 09:47:54 UTC
On Fri, 1 Jun 2007, Andrew Morton wrote:

> > I'm using vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7 fedora 
> > kernel) with a huawei e220 3g, and when I open amule after sometime kernel 
> > panics: 
> > _
> > list_add corruption. prev->next should be next (f7d28794), but was f0df8ed4 
> > (prev=f0df8ed4)
> > Kernel Bug at lib/list_debug.c:33

> > CPU: 0
> > EIP: 0060:[<c04ddda5>] Not tainted VLI
> > EFLAGS: 00010092 (2.6.22_rc3 #1)
> > EIP is at __list_add+0x48/0x5c
> > eax: 00000061___ebx: f0df8ed4___ecx: c06ced10___edx:00000086
> > esi: f0df8ed4___edi: 00000246___ebp: f7d28788___esp: c0750e68
> > ds: 007b________es: 007b________fs: 00d8________gs: 0033________ss: 0068
> > Process Amule (pid: 9719, ti=c0750000 task=d1da38b0 task.ti=c7899000)
> > Satck: _co69461e________f7d28794________f0df8ed4________f0df8ed4________f0df8ec0________ffffffff________c0558f09________
> > 00000040
> > ________00000021________f9316564________c180a120________00000000________d4884800________00000020________f7ece200________000000fc
> > ________f7a45000________db1c8000________00000001________00000040________f90b8da0________f7a45000________d3740000________c409e470
> > Call Trace:
> > ________[<c0558f09>] usb_hcd_sumit_urb+0x9a/0x778
> > ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]

> Could be a ppp bug, more likely a USB bug, but that's a well-tested code
> path.
> 
> Greg? Anyone?  ANy idea where to start looking?

Maybe the serial device driver is submitting an URB that is already in 
use.  This patch might catch the error.

Alan Stern



Index: usb-2.6/drivers/usb/core/urb.c
===================================================================
--- usb-2.6.orig/drivers/usb/core/urb.c
+++ usb-2.6/drivers/usb/core/urb.c
@@ -233,6 +233,12 @@ int usb_submit_urb(struct urb *urb, gfp_
 			|| dev->state == USB_STATE_SUSPENDED)
 		return -EHOSTUNREACH;
 
+	/* Not a precise test, but useful for debugging */
+	if (urb->status == -EINPROGRESS) {
+		WARN_ON(1);
+		return -EBUSY;
+	}
+
 	urb->status = -EINPROGRESS;
 	urb->actual_length = 0;
 

Comment 6 Paulo Pereira 2007-06-04 03:54:35 UTC
A Friday 01 June 2007 17:44:27, bugme-daemon@bugzilla.kernel.org escreveu:
> (prev=f0df8ed4)
> Kernel Bug at lib/list_debug.c:33
> X-Bugzilla-Reason:Reporter
> X-Bugzilla-Category: Networking
> X-Bugzilla-Component: Other
>
> http://bugzilla.kernel.org/show_bug.cgi?id=8561
>
>
>
>
>
> ------- Additional Comments From stern@rowland.harvard.edu  2007-06-01
> 09:47 -------
>
> On Fri, 1 Jun 2007, Andrew Morton wrote:
> > > I'm using vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7
> > > fedora kernel) with a huawei e220 3g, and when I open amule after
> > > sometime kernel panics:
> > > _
> > > list_add corruption. prev->next should be next (f7d28794), but was
> > > f0df8ed4 (prev=f0df8ed4)
> > > Kernel Bug at lib/list_debug.c:33
> > >
> > > CPU: 0
> > > EIP: 0060:[<c04ddda5>] Not tainted VLI
> > > EFLAGS: 00010092 (2.6.22_rc3 #1)
> > > EIP is at __list_add+0x48/0x5c
> > > eax: 00000061___ebx: f0df8ed4___ecx: c06ced10___edx:00000086
> > > esi: f0df8ed4___edi: 00000246___ebp: f7d28788___esp: c0750e68
> > > ds: 007b________es: 007b________fs: 00d8________gs: 0033________ss:
> > > 0068 Process Amule (pid: 9719, ti=c0750000 task=d1da38b0
> > > task.ti=c7899000) Satck:
> > > _co69461e________f7d28794________f0df8ed4________f0df8ed4________f0df8e
> > >c0________ffffffff________c0558f09________ 00000040
> > > ________00000021________f9316564________c180a120________00000000_______
> > >_d4884800________00000020________f7ece200________000000fc
> > > ________f7a45000________db1c8000________00000001________00000040_______
> > >_f90b8da0________f7a45000________d3740000________c409e470 Call Trace:
> > > ________[<c0558f09>] usb_hcd_sumit_urb+0x9a/0x778
> > > ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]
> >
> > Could be a ppp bug, more likely a USB bug, but that's a well-tested code
> > path.
> >
> > Greg? Anyone?  ANy idea where to start looking?
>
> Maybe the serial device driver is submitting an URB that is already in
> use.  This patch might catch the error.
>
> Alan Stern
>
>
>
> Index: usb-2.6/drivers/usb/core/urb.c
> ===================================================================
> --- usb-2.6.orig/drivers/usb/core/urb.c
> +++ usb-2.6/drivers/usb/core/urb.c
> @@ -233,6 +233,12 @@ int usb_submit_urb(struct urb *urb, gfp_
>
>  			|| dev->state == USB_STATE_SUSPENDED)
>
>  		return -EHOSTUNREACH;
>
> +	/* Not a precise test, but useful for debugging */
> +	if (urb->status == -EINPROGRESS) {
> +		WARN_ON(1);
> +		return -EBUSY;
> +	}
> +
>  	urb->status = -EINPROGRESS;
>  	urb->actual_length = 0;
>
>
>
>
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.

The patch that you send is not resolving the problem... :( 
I stil have Kernel panic after 45/60 min of work with Ktorrent/Amule...

The Drump is:

Call Trace:
[<c055fb36>] usb_hcd_submit+0xb1/0x763
[<f9276488>] ipt_do_table+0x2c7/0x2ef [ip_tables]
[<f929a6d7>] nf_ct_deliver_cached_events+0x41/0x96 [nf_conntrak]
[<f9288254>] ipv4_confirm+0x36/0c3b [nf_conntrack_ipv4]
[<c05ce7c2>] tcp_v4_rcv+0x827/0x899
[<c05afcc0>] nf_hook_slow+0x4d/0xb5
[<c042826f>] irq_enter+0x19/0x23
[<c042826f>] irq_enter+0x19/0x23
[<c040794c>] do_IRQ+0xbd/0xd1
[<f90893c9>] option_write+0xa7/0xef [option]
[<f90ba586>] serial_write+0x9c/0xab [usbserial]
[<f9b3b27e>] ppp_async_push+0xa6/0x398 [ppp_async]
[<c042ad84>] process_timeout+0x0/0x5
[<f9b3ba32>] ppp_async_process+0x42/0x56 [ppp_async]
[<c04282c4>] tasklet_action+0x4b/0xa4
[<c04281f9>] __do_softirq+0x5d/0xba
[<c0407837>] do_softirq+0x59/0xb1
[<c04280a8>] irq_exit+0x38/0x6b
[<c0416be7>] smp_apic_timer_interrupt+0x72/0x7e
[<c0406028>] apic_timer_interrupt+0x28/0x30
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

Code:
	81	3c	69	c0	e8	9e	ef	f3	ff	0f	0b	eb	fe	8b	32	39	ce	74	1c	89	54	24	0c	89	74	24	
08	89	4c	24	04	c7	04	24	d1	3c	69	c0	e8	7c	ef	f3	ff	<0f>	0b	eb	fe	89	59	04	89	
0b	89	43	04	89	18	83	c4	10	5b	5e	c3	8b

EIP: [<c04e56a5>] __list_add+0x48/0x5c	SS:ESP	0068:c074ee5c
Kernel panic - not syncing: Fatal exception in interrupt
BUG: warning at ach/i386/kernel/smp.c:549/smp_call_function()	(Not tainted)

[<c0414d2>] stop_this_cpu+0x0/0x2b
[<c0414af6>] smp_call_function+0x65/0xcb
[<c0537019>] do_unblank_screen+0x2a/0x129
[<c0424640>] printk+0x1f/0x92
[<c0414b77>] smp_send_stop+0x1b/0x24
[<c0423c1a>] panic+0x54/0xea
[<c0406bc3>] die+0207/0x23b
[<c0406fe8>] do_invalid_op+0x0/0xab
[<c040708a>] do_invalid_op+0xa2/0xab
[<c04e56a5>] __list_add+0x48/0x5c
[<c0423e57>] wake_up_klogd+0x33/0x35
[<c05c340e>] tcp_ack+0x11c6/0x1743
[<c05c8de2>] __tcp_push_pending_frames+0x48c/0x798
[<c05fa59c>] error_code+0x7c/0x90
[<c04e56a5>] __list_add+0x48/0x5c
[<c055fb36>] usb_hcd_submit_urb+0xb1/0x763
[<f9276488>] ipt_do_table+0x2c7/0x2ef [ip_tables]
[<f929a6d7>] nf_ct_deliver_cached_events+0x41/0x96 [nf_conntrack]
[<f9288254>] ipv4_confirm+0x36/0x3b [nf_conntrack_ipv4]
[<c05ce7c2>] tcp_v4_rcv+0x827/0x899
[<c05afcc0>] nf_hook_slow+0x4d/0xb5
[<c042826f>] irq_enter+0x19/0x23
[<c042826f>] irq_enter+0x19/0x23
[<c040794c>] do_IRQ+0xbd/0xd1
[<f90893c9>] option_write+0xa7/0xef [option]
[<f90ba586>] serial_write+0x9c/0xab [usbserial]
[<f9b3b27e>] ppp_async_push+0xa6/0x398 [ppp_async]
[<c042ad84>] process_timeout+0x0/0x5
[<f9b3ba32>] ppp_async_process+0x42/0x56 [ppp_async]
[<c04282c4>] tasklet_action+0x4b/0xa4
[<c04281f9>] __do_softirq+0x5d/0xba
[<c0407837>] do_softirq+0x59/0xb1
[<c04280a8>] irq_exit+0x38/0x6b
[<c0416be7>] smp_apic_timer_interrupt+0x72/0x7e
[<c0406028>] apic_timer_interrupt+0x28/0x30

But now I have notification of a BUG in /var/log/messages, that is:

Jun  4 09:08:58 localhost kernel: BUG: warning at 
kernel/softirq.c:138/local_bh_enable() (Not tainted)
Jun  4 09:08:58 localhost kernel:  [<c0427fe3>] local_bh_enable+0x45/0x92
Jun  4 09:08:58 localhost kernel:  [<c05f8f1c>] cond_resched_softirq+0x2c/0x42
Jun  4 09:08:58 localhost kernel:  [<c0593a7a>] release_sock+0x4f/0x9d
Jun  4 09:08:58 localhost kernel:  [<c05bf3a3>] tcp_sendmsg+0x909/0x9f7
Jun  4 09:08:58 localhost kernel:  [<c0593a3d>] release_sock+0x12/0x9d
Jun  4 09:08:58 localhost kernel:  [<c05c03e4>] tcp_recvmsg+0x8c5/0x9d1
Jun  4 09:08:58 localhost kernel:  [<c05d7931>] inet_sendmsg+0x3b/0x45
Jun  4 09:08:58 localhost kernel:  [<c05913a8>] sock_aio_write+0xf6/0x102
Jun  4 09:08:58 localhost kernel:  [<c0472395>] do_sync_readv_writev+0xc1/0xfe
Jun  4 09:08:58 localhost kernel:  [<c0472499>] do_sync_write+0xc7/0x10a
Jun  4 09:08:58 localhost kernel:  [<c0433d61>] 
autoremove_wake_function+0x0/0x35
Jun  4 09:08:58 localhost kernel:  [<c0472cff>] vfs_write+0xbc/0x15a
Jun  4 09:08:58 localhost kernel:  [<c0473308>] sys_write+0x41/0x67
Jun  4 09:08:58 localhost kernel:  [<c0404ff0>] syscall_call+0x7/0xb
Jun  4 09:08:58 localhost kernel:  =======================
Jun  4 09:08:58 localhost kernel: No dock devices found.

Comment 7 Paulo Pereira 2007-06-04 03:55:41 UTC
A Friday 01 June 2007 17:44:23, Alan Stern escreveu:
> On Fri, 1 Jun 2007, Andrew Morton wrote:
> > > I'm using vanilla kernel 2.6.22-rc3 (and I try'ed with 2.6.21-fc7
> > > fedora kernel) with a huawei e220 3g, and when I open amule after
> > > sometime kernel panics:
> > > _
> > > list_add corruption. prev->next should be next (f7d28794), but was
> > > f0df8ed4 (prev=f0df8ed4)
> > > Kernel Bug at lib/list_debug.c:33
> > >
> > > CPU: 0
> > > EIP: 0060:[<c04ddda5>] Not tainted VLI
> > > EFLAGS: 00010092 (2.6.22_rc3 #1)
> > > EIP is at __list_add+0x48/0x5c
> > > eax: 00000061___ebx: f0df8ed4___ecx: c06ced10___edx:00000086
> > > esi: f0df8ed4___edi: 00000246___ebp: f7d28788___esp: c0750e68
> > > ds: 007b________es: 007b________fs: 00d8________gs: 0033________ss:
> > > 0068 Process Amule (pid: 9719, ti=c0750000 task=d1da38b0
> > > task.ti=c7899000) Satck:
> > > _co69461e________f7d28794________f0df8ed4________f0df8ed4________f0df8e
> > >c0________ffffffff________c0558f09________ 00000040
> > > ________00000021________f9316564________c180a120________00000000_______
> > >_d4884800________00000020________f7ece200________000000fc
> > > ________f7a45000________db1c8000________00000001________00000040_______
> > >_f90b8da0________f7a45000________d3740000________c409e470 Call Trace:
> > > ________[<c0558f09>] usb_hcd_sumit_urb+0x9a/0x778
> > > ________[<f9316564>] ppp_async_push+0x38c/0x398 [ppp_async]
> >
> > Could be a ppp bug, more likely a USB bug, but that's a well-tested code
> > path.
> >
> > Greg? Anyone?  ANy idea where to start looking?
>
> Maybe the serial device driver is submitting an URB that is already in
> use.  This patch might catch the error.
>
> Alan Stern
>
>
>
> Index: usb-2.6/drivers/usb/core/urb.c
> ===================================================================
> --- usb-2.6.orig/drivers/usb/core/urb.c
> +++ usb-2.6/drivers/usb/core/urb.c
> @@ -233,6 +233,12 @@ int usb_submit_urb(struct urb *urb, gfp_
>
>  			|| dev->state == USB_STATE_SUSPENDED)
>
>  		return -EHOSTUNREACH;
>
> +	/* Not a precise test, but useful for debugging */
> +	if (urb->status == -EINPROGRESS) {
> +		WARN_ON(1);
> +		return -EBUSY;
> +	}
> +
>  	urb->status = -EINPROGRESS;
>  	urb->actual_length = 0;


The patch that you send is not resolving the problem... :( 
I stil have Kernel panic after 45/60 min of work with Ktorrent/Amule...

The Drump is:

Call Trace:
[<c055fb36>] usb_hcd_submit+0xb1/0x763
[<f9276488>] ipt_do_table+0x2c7/0x2ef [ip_tables]
[<f929a6d7>] nf_ct_deliver_cached_events+0x41/0x96 [nf_conntrak]
[<f9288254>] ipv4_confirm+0x36/0c3b [nf_conntrack_ipv4]
[<c05ce7c2>] tcp_v4_rcv+0x827/0x899
[<c05afcc0>] nf_hook_slow+0x4d/0xb5
[<c042826f>] irq_enter+0x19/0x23
[<c042826f>] irq_enter+0x19/0x23
[<c040794c>] do_IRQ+0xbd/0xd1
[<f90893c9>] option_write+0xa7/0xef [option]
[<f90ba586>] serial_write+0x9c/0xab [usbserial]
[<f9b3b27e>] ppp_async_push+0xa6/0x398 [ppp_async]
[<c042ad84>] process_timeout+0x0/0x5
[<f9b3ba32>] ppp_async_process+0x42/0x56 [ppp_async]
[<c04282c4>] tasklet_action+0x4b/0xa4
[<c04281f9>] __do_softirq+0x5d/0xba
[<c0407837>] do_softirq+0x59/0xb1
[<c04280a8>] irq_exit+0x38/0x6b
[<c0416be7>] smp_apic_timer_interrupt+0x72/0x7e
[<c0406028>] apic_timer_interrupt+0x28/0x30
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

Code:
	81	3c	69	c0	e8	9e	ef	f3	ff	0f	0b	eb	fe	8b	32	39	ce	74	1c	89	54	24	0c	89	74	24	
08	89	4c	24	04	c7	04	24	d1	3c	69	c0	e8	7c	ef	f3	ff	<0f>	0b	eb	fe	89	59	04	89	
0b	89	43	04	89	18	83	c4	10	5b	5e	c3	8b

EIP: [<c04e56a5>] __list_add+0x48/0x5c	SS:ESP	0068:c074ee5c
Kernel panic - not syncing: Fatal exception in interrupt
BUG: warning at ach/i386/kernel/smp.c:549/smp_call_function()	(Not tainted)

[<c0414d2>] stop_this_cpu+0x0/0x2b
[<c0414af6>] smp_call_function+0x65/0xcb
[<c0537019>] do_unblank_screen+0x2a/0x129
[<c0424640>] printk+0x1f/0x92
[<c0414b77>] smp_send_stop+0x1b/0x24
[<c0423c1a>] panic+0x54/0xea
[<c0406bc3>] die+0207/0x23b
[<c0406fe8>] do_invalid_op+0x0/0xab
[<c040708a>] do_invalid_op+0xa2/0xab
[<c04e56a5>] __list_add+0x48/0x5c
[<c0423e57>] wake_up_klogd+0x33/0x35
[<c05c340e>] tcp_ack+0x11c6/0x1743
[<c05c8de2>] __tcp_push_pending_frames+0x48c/0x798
[<c05fa59c>] error_code+0x7c/0x90
[<c04e56a5>] __list_add+0x48/0x5c
[<c055fb36>] usb_hcd_submit_urb+0xb1/0x763
[<f9276488>] ipt_do_table+0x2c7/0x2ef [ip_tables]
[<f929a6d7>] nf_ct_deliver_cached_events+0x41/0x96 [nf_conntrack]
[<f9288254>] ipv4_confirm+0x36/0x3b [nf_conntrack_ipv4]
[<c05ce7c2>] tcp_v4_rcv+0x827/0x899
[<c05afcc0>] nf_hook_slow+0x4d/0xb5
[<c042826f>] irq_enter+0x19/0x23
[<c042826f>] irq_enter+0x19/0x23
[<c040794c>] do_IRQ+0xbd/0xd1
[<f90893c9>] option_write+0xa7/0xef [option]
[<f90ba586>] serial_write+0x9c/0xab [usbserial]
[<f9b3b27e>] ppp_async_push+0xa6/0x398 [ppp_async]
[<c042ad84>] process_timeout+0x0/0x5
[<f9b3ba32>] ppp_async_process+0x42/0x56 [ppp_async]
[<c04282c4>] tasklet_action+0x4b/0xa4
[<c04281f9>] __do_softirq+0x5d/0xba
[<c0407837>] do_softirq+0x59/0xb1
[<c04280a8>] irq_exit+0x38/0x6b
[<c0416be7>] smp_apic_timer_interrupt+0x72/0x7e
[<c0406028>] apic_timer_interrupt+0x28/0x30

But now I have notification of a BUG in /var/log/messages, that is:

Jun  4 09:08:58 localhost kernel: BUG: warning at 
kernel/softirq.c:138/local_bh_enable() (Not tainted)
Jun  4 09:08:58 localhost kernel:  [<c0427fe3>] local_bh_enable+0x45/0x92
Jun  4 09:08:58 localhost kernel:  [<c05f8f1c>] cond_resched_softirq+0x2c/0x42
Jun  4 09:08:58 localhost kernel:  [<c0593a7a>] release_sock+0x4f/0x9d
Jun  4 09:08:58 localhost kernel:  [<c05bf3a3>] tcp_sendmsg+0x909/0x9f7
Jun  4 09:08:58 localhost kernel:  [<c0593a3d>] release_sock+0x12/0x9d
Jun  4 09:08:58 localhost kernel:  [<c05c03e4>] tcp_recvmsg+0x8c5/0x9d1
Jun  4 09:08:58 localhost kernel:  [<c05d7931>] inet_sendmsg+0x3b/0x45
Jun  4 09:08:58 localhost kernel:  [<c05913a8>] sock_aio_write+0xf6/0x102
Jun  4 09:08:58 localhost kernel:  [<c0472395>] do_sync_readv_writev+0xc1/0xfe
Jun  4 09:08:58 localhost kernel:  [<c0472499>] do_sync_write+0xc7/0x10a
Jun  4 09:08:58 localhost kernel:  [<c0433d61>] 
autoremove_wake_function+0x0/0x35
Jun  4 09:08:58 localhost kernel:  [<c0472cff>] vfs_write+0xbc/0x15a
Jun  4 09:08:58 localhost kernel:  [<c0473308>] sys_write+0x41/0x67
Jun  4 09:08:58 localhost kernel:  [<c0404ff0>] syscall_call+0x7/0xb
Jun  4 09:08:58 localhost kernel:  =======================
Jun  4 09:08:58 localhost kernel: No dock devices found.

Comment 8 Alan Stern 2007-06-05 08:58:04 UTC
On Mon, 4 Jun 2007, Paulo Pereira wrote:

> The patch that you send is not resolving the problem... :( 
> I stil have Kernel panic after 45/60 min of work with Ktorrent/Amule...
> 
> The Drump is:
> 
> Call Trace:
> [<c055fb36>] usb_hcd_submit+0xb1/0x763
> [<f9276488>] ipt_do_table+0x2c7/0x2ef [ip_tables]
> [<f929a6d7>] nf_ct_deliver_cached_events+0x41/0x96 [nf_conntrak]
> [<f9288254>] ipv4_confirm+0x36/0c3b [nf_conntrack_ipv4]
> [<c05ce7c2>] tcp_v4_rcv+0x827/0x899
> [<c05afcc0>] nf_hook_slow+0x4d/0xb5
> [<c042826f>] irq_enter+0x19/0x23
> [<c042826f>] irq_enter+0x19/0x23
> [<c040794c>] do_IRQ+0xbd/0xd1
> [<f90893c9>] option_write+0xa7/0xef [option]

Okay, from this it looks like there's a problem in the option.c serial 
driver.  Glancing at the code, it's obvious why: The thing totally 
abuses the USB API.

Try applying this patch; it should help.

Alan Stern


Index: usb-2.6/drivers/usb/serial/option.c
===================================================================
--- usb-2.6.orig/drivers/usb/serial/option.c
+++ usb-2.6/drivers/usb/serial/option.c
@@ -38,6 +38,7 @@
 #include <linux/tty.h>
 #include <linux/tty_flip.h>
 #include <linux/module.h>
+#include <linux/bitops.h>
 #include <linux/usb.h>
 #include <linux/usb/serial.h>
 
@@ -238,6 +239,7 @@ struct option_port_private {
 	/* Output endpoints and buffer for this port */
 	struct urb *out_urbs[N_OUT_URB];
 	char out_buffer[N_OUT_URB][OUT_BUFLEN];
+	unsigned long out_busy;		/* Bit vector of URBs in use */
 
 	/* Settings for the port */
 	int rts_state;	/* Handshaking pins (outputs) */
@@ -368,7 +370,7 @@ static int option_write(struct usb_seria
 			todo = OUT_BUFLEN;
 
 		this_urb = portdata->out_urbs[i];
-		if (this_urb->status == -EINPROGRESS) {
+		if (test_and_set_bit(i, &portdata->out_busy)) {
 			if (time_before(jiffies,
 					portdata->tx_start_time[i] + 10 * HZ))
 				continue;
@@ -392,6 +394,7 @@ static int option_write(struct usb_seria
 			dbg("usb_submit_urb %p (write bulk) failed "
 				"(%d, has %d)", this_urb,
 				err, this_urb->status);
+			clear_bit(i, &portdata->out_busy);
 			continue;
 		}
 		portdata->tx_start_time[i] = jiffies;
@@ -444,12 +447,23 @@ static void option_indat_callback(struct
 static void option_outdat_callback(struct urb *urb)
 {
 	struct usb_serial_port *port;
+	struct option_port_private *portdata;
+	int i;
 
 	dbg("%s", __FUNCTION__);
 
 	port = (struct usb_serial_port *) urb->context;
 
 	usb_serial_port_softint(port);
+
+	portdata = usb_get_serial_port_data(port);
+	for (i = 0; i < N_OUT_URB; ++i) {
+		if (portdata->out_urbs[i] == urb) {
+			smp_mb__before_clear_bit();
+			clear_bit(i, &portdata->out_busy);
+			break;
+		}
+	}
 }
 
 static void option_instat_callback(struct urb *urb)
@@ -516,7 +530,7 @@ static int option_write_room(struct usb_
 
 	for (i=0; i < N_OUT_URB; i++) {
 		this_urb = portdata->out_urbs[i];
-		if (this_urb && this_urb->status != -EINPROGRESS)
+		if (this_urb && !test_bit(i, &portdata->out_busy))
 			data_len += OUT_BUFLEN;
 	}
 
@@ -535,7 +549,7 @@ static int option_chars_in_buffer(struct
 
 	for (i=0; i < N_OUT_URB; i++) {
 		this_urb = portdata->out_urbs[i];
-		if (this_urb && this_urb->status == -EINPROGRESS)
+		if (this_urb && test_bit(i, &portdata->out_busy))
 			data_len += this_urb->transfer_buffer_length;
 	}
 	dbg("%s: %d", __FUNCTION__, data_len);

Comment 9 Paulo Pereira 2007-06-06 10:35:25 UTC
A Tuesday 05 June 2007 16:54:14, Alan Stern escreveu:
> On Mon, 4 Jun 2007, Paulo Pereira wrote:
> > The patch that you send is not resolving the problem... :(
> > I stil have Kernel panic after 45/60 min of work with Ktorrent/Amule...
> >
> > The Drump is:
> >
> > Call Trace:
> > [<c055fb36>] usb_hcd_submit+0xb1/0x763
> > [<f9276488>] ipt_do_table+0x2c7/0x2ef [ip_tables]
> > [<f929a6d7>] nf_ct_deliver_cached_events+0x41/0x96 [nf_conntrak]
> > [<f9288254>] ipv4_confirm+0x36/0c3b [nf_conntrack_ipv4]
> > [<c05ce7c2>] tcp_v4_rcv+0x827/0x899
> > [<c05afcc0>] nf_hook_slow+0x4d/0xb5
> > [<c042826f>] irq_enter+0x19/0x23
> > [<c042826f>] irq_enter+0x19/0x23
> > [<c040794c>] do_IRQ+0xbd/0xd1
> > [<f90893c9>] option_write+0xa7/0xef [option]
>
> Okay, from this it looks like there's a problem in the option.c serial
> driver.  Glancing at the code, it's obvious why: The thing totally
> abuses the USB API.
>
> Try applying this patch; it should help.
>
> Alan Stern
>
>
> Index: usb-2.6/drivers/usb/serial/option.c
> ===================================================================
> --- usb-2.6.orig/drivers/usb/serial/option.c
> +++ usb-2.6/drivers/usb/serial/option.c
> @@ -38,6 +38,7 @@
>  #include <linux/tty.h>
>  #include <linux/tty_flip.h>
>  #include <linux/module.h>
> +#include <linux/bitops.h>
>  #include <linux/usb.h>
>  #include <linux/usb/serial.h>
>
> @@ -238,6 +239,7 @@ struct option_port_private {
>  	/* Output endpoints and buffer for this port */
>  	struct urb *out_urbs[N_OUT_URB];
>  	char out_buffer[N_OUT_URB][OUT_BUFLEN];
> +	unsigned long out_busy;		/* Bit vector of URBs in use */
>
>  	/* Settings for the port */
>  	int rts_state;	/* Handshaking pins (outputs) */
> @@ -368,7 +370,7 @@ static int option_write(struct usb_seria
>  			todo = OUT_BUFLEN;
>
>  		this_urb = portdata->out_urbs[i];
> -		if (this_urb->status == -EINPROGRESS) {
> +		if (test_and_set_bit(i, &portdata->out_busy)) {
>  			if (time_before(jiffies,
>  					portdata->tx_start_time[i] + 10 * HZ))
>  				continue;
> @@ -392,6 +394,7 @@ static int option_write(struct usb_seria
>  			dbg("usb_submit_urb %p (write bulk) failed "
>  				"(%d, has %d)", this_urb,
>  				err, this_urb->status);
> +			clear_bit(i, &portdata->out_busy);
>  			continue;
>  		}
>  		portdata->tx_start_time[i] = jiffies;
> @@ -444,12 +447,23 @@ static void option_indat_callback(struct
>  static void option_outdat_callback(struct urb *urb)
>  {
>  	struct usb_serial_port *port;
> +	struct option_port_private *portdata;
> +	int i;
>
>  	dbg("%s", __FUNCTION__);
>
>  	port = (struct usb_serial_port *) urb->context;
>
>  	usb_serial_port_softint(port);
> +
> +	portdata = usb_get_serial_port_data(port);
> +	for (i = 0; i < N_OUT_URB; ++i) {
> +		if (portdata->out_urbs[i] == urb) {
> +			smp_mb__before_clear_bit();
> +			clear_bit(i, &portdata->out_busy);
> +			break;
> +		}
> +	}
>  }
>
>  static void option_instat_callback(struct urb *urb)
> @@ -516,7 +530,7 @@ static int option_write_room(struct usb_
>
>  	for (i=0; i < N_OUT_URB; i++) {
>  		this_urb = portdata->out_urbs[i];
> -		if (this_urb && this_urb->status != -EINPROGRESS)
> +		if (this_urb && !test_bit(i, &portdata->out_busy))
>  			data_len += OUT_BUFLEN;
>  	}
>
> @@ -535,7 +549,7 @@ static int option_chars_in_buffer(struct
>
>  	for (i=0; i < N_OUT_URB; i++) {
>  		this_urb = portdata->out_urbs[i];
> -		if (this_urb && this_urb->status == -EINPROGRESS)
> +		if (this_urb && test_bit(i, &portdata->out_busy))
>  			data_len += this_urb->transfer_buffer_length;
>  	}
>  	dbg("%s: %d", __FUNCTION__, data_len);

Hi I have a problem instaling the patch, I hope that anyone can help me...
When a trie to install the patch:

Comment 10 Paulo Pereira 2007-06-06 10:37:20 UTC
A Tuesday 05 June 2007 16:54:14, Alan Stern escreveu:
> On Mon, 4 Jun 2007, Paulo Pereira wrote:
> > The patch that you send is not resolving the problem... :(
> > I stil have Kernel panic after 45/60 min of work with Ktorrent/Amule...
> >
> > The Drump is:
> >
> > Call Trace:
> > [<c055fb36>] usb_hcd_submit+0xb1/0x763
> > [<f9276488>] ipt_do_table+0x2c7/0x2ef [ip_tables]
> > [<f929a6d7>] nf_ct_deliver_cached_events+0x41/0x96 [nf_conntrak]
> > [<f9288254>] ipv4_confirm+0x36/0c3b [nf_conntrack_ipv4]
> > [<c05ce7c2>] tcp_v4_rcv+0x827/0x899
> > [<c05afcc0>] nf_hook_slow+0x4d/0xb5
> > [<c042826f>] irq_enter+0x19/0x23
> > [<c042826f>] irq_enter+0x19/0x23
> > [<c040794c>] do_IRQ+0xbd/0xd1
> > [<f90893c9>] option_write+0xa7/0xef [option]
>
> Okay, from this it looks like there's a problem in the option.c serial
> driver.  Glancing at the code, it's obvious why: The thing totally
> abuses the USB API.
>
> Try applying this patch; it should help.
>
> Alan Stern
>
>
> Index: usb-2.6/drivers/usb/serial/option.c
> ===================================================================
> --- usb-2.6.orig/drivers/usb/serial/option.c
> +++ usb-2.6/drivers/usb/serial/option.c
> @@ -38,6 +38,7 @@
>  #include <linux/tty.h>
>  #include <linux/tty_flip.h>
>  #include <linux/module.h>
> +#include <linux/bitops.h>
>  #include <linux/usb.h>
>  #include <linux/usb/serial.h>
>
> @@ -238,6 +239,7 @@ struct option_port_private {
>  	/* Output endpoints and buffer for this port */
>  	struct urb *out_urbs[N_OUT_URB];
>  	char out_buffer[N_OUT_URB][OUT_BUFLEN];
> +	unsigned long out_busy;		/* Bit vector of URBs in use */
>
>  	/* Settings for the port */
>  	int rts_state;	/* Handshaking pins (outputs) */
> @@ -368,7 +370,7 @@ static int option_write(struct usb_seria
>  			todo = OUT_BUFLEN;
>
>  		this_urb = portdata->out_urbs[i];
> -		if (this_urb->status == -EINPROGRESS) {
> +		if (test_and_set_bit(i, &portdata->out_busy)) {
>  			if (time_before(jiffies,
>  					portdata->tx_start_time[i] + 10 * HZ))
>  				continue;
> @@ -392,6 +394,7 @@ static int option_write(struct usb_seria
>  			dbg("usb_submit_urb %p (write bulk) failed "
>  				"(%d, has %d)", this_urb,
>  				err, this_urb->status);
> +			clear_bit(i, &portdata->out_busy);
>  			continue;
>  		}
>  		portdata->tx_start_time[i] = jiffies;
> @@ -444,12 +447,23 @@ static void option_indat_callback(struct
>  static void option_outdat_callback(struct urb *urb)
>  {
>  	struct usb_serial_port *port;
> +	struct option_port_private *portdata;
> +	int i;
>
>  	dbg("%s", __FUNCTION__);
>
>  	port = (struct usb_serial_port *) urb->context;
>
>  	usb_serial_port_softint(port);
> +
> +	portdata = usb_get_serial_port_data(port);
> +	for (i = 0; i < N_OUT_URB; ++i) {
> +		if (portdata->out_urbs[i] == urb) {
> +			smp_mb__before_clear_bit();
> +			clear_bit(i, &portdata->out_busy);
> +			break;
> +		}
> +	}
>  }
>
>  static void option_instat_callback(struct urb *urb)
> @@ -516,7 +530,7 @@ static int option_write_room(struct usb_
>
>  	for (i=0; i < N_OUT_URB; i++) {
>  		this_urb = portdata->out_urbs[i];
> -		if (this_urb && this_urb->status != -EINPROGRESS)
> +		if (this_urb && !test_bit(i, &portdata->out_busy))
>  			data_len += OUT_BUFLEN;
>  	}
>
> @@ -535,7 +549,7 @@ static int option_chars_in_buffer(struct
>
>  	for (i=0; i < N_OUT_URB; i++) {
>  		this_urb = portdata->out_urbs[i];
> -		if (this_urb && this_urb->status == -EINPROGRESS)
> +		if (this_urb && test_bit(i, &portdata->out_busy))
>  			data_len += this_urb->transfer_buffer_length;
>  	}
>  	dbg("%s: %d", __FUNCTION__, data_len);

Hi I have a problem instaling the patch, I hope that anyone can help me...
When a trie to install the patch:
	patching file drivers/usb/serial/option.c
	patch: **** malformed patch at line 4: 
Comment 11 Alan Stern 2007-06-06 10:56:33 UTC
On Wed, 6 Jun 2007, Paulo Pereira wrote:

> Hi I have a problem instaling the patch, I hope that anyone can help me...
> When a trie to install the patch:
> 	patching file drivers/usb/serial/option.c
> 	patch: **** malformed patch at line 4: 
Comment 12 Anonymous Emailer 2007-06-06 11:20:04 UTC
Reply-To: akpm@linux-foundation.org

On Wed, 6 Jun 2007 18:33:53 +0100 Paulo Pereira <pfmp.404@gmail.com> wrote:

> Hi I have a problem instaling the patch, I hope that anyone can help me...
> When a trie to install the patch:
> 	patching file drivers/usb/serial/option.c
> 	patch: **** malformed patch at line 4: 

Note You need to log in before you can comment on or make changes to this bug.