Bug#292478: oops on boot with usb cdburner attached

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#292478: oops on boot with usb cdburner attached
From: Matt Taggart <taggart@debian.org>
Date: Thu, 27 Jan 2005 01:17:26 -0800
Message-id: <[🔎] 20050127091726.1D3ADC01C@cyrix.home.bogus>
Reply-to: Matt Taggart <taggart@debian.org>, 292478@bugs.debian.org
Package: kernel-image-2.6.8-2-k7
Version: 2.6.8-13
Severity: normal

I am filing this bug against 2.6.8-2 since that's the focus for
sarge, but it affects all 2.6 kernels older than 2.6.10.

If I attempt to boot with a Plextor "48/24/48U PX-W4824TU" USB 2.0 cd
writer attached to my system I get a kernel oops,

scsi: Device offlined - not ready after error recovery: host 2 channel 0
id 0 lun 0
sr 2:0:0:0: Illegal state transition cancel->offline
Badness in scsi_device_set_state at drivers/scsi/scsi_lib.c:1643
 [<f8863c46>] scsi_device_set_state+0xc6/0x120 [scsi_mod]
 [<f8861594>] scsi_eh_offline_sdevs+0x64/0x80 [scsi_mod]
 [<f8861bbc>] scsi_unjam_host+0xcc/0x200 [scsi_mod]
 [<c0118aa0>] default_wake_function+0x0/0x20
 [<f8861df3>] scsi_error_handler+0x103/0x1c0 [scsi_mod]
 [<f8861cf0>] scsi_error_handler+0x0/0x1c0 [scsi_mod]
 [<c0104291>] kernel_thread_helper+0x5/0x14
Badness in kobject_get at lib/kobject.c:433
 [<c01a3ccc>] kobject_get+0x4c/0x50
 [<c01f4768>] get_device+0x18/0x30
 [<f8863395>] scsi_request_fn+0x25/0x400 [scsi_mod]
 [<c01fb56a>] blk_insert_request+0xba/0xe0
 [<f88621c9>] scsi_queue_insert+0x89/0xd0 [scsi_mod]
 [<f8861a71>] scsi_eh_flush_done_q+0x71/0xf0 [scsi_mod]
 [<f8861b88>] scsi_unjam_host+0x98/0x200 [scsi_mod]
 [<c0118aa0>] default_wake_function+0x0/0x20
 [<f8861df3>] scsi_error_handler+0x103/0x1c0 [scsi_mod]
 [<f8861cf0>] scsi_error_handler+0x0/0x1c0 [scsi_mod]
 [<c0104291>] kernel_thread_helper+0x5/0x14
Unable to handle kernel paging request at virtual address 00100104
 printing eip:
f8865a70
*pde = 00000000
Oops: 0002 [#1]
PREEMPT 
Modules linked in: e1000 emu10k1_gp snd_emu10k1 snd_util_mem snd_hwdep
emu10k1 sound sis900 ehci_hcd tsdev mousedev joydev usbhid ohci_hcd
snd_intel8x0 snd_ac97_codec snd_pcm snd_timer snd_page_alloc
snd_mpu401_uart snd_rawmidi snd_seq_device snd i810_audio ac97_codec
soundcore sis5513 pci_hotplug sis_agp agpgart analog gameport parport_pc
parport floppy pcspkr rtc evdev capability commoncap ext3 jbd mbcache
sr_mod cdrom sd_mod usb_storage usbcore ide_core sg aic7xxx scsi_mod
unix font vesafb cfbcopyarea cfbimgblt cfbfillrect
CPU:    0
EIP:    0060:[<f8865a70>]    Not tainted
EFLAGS: 00010002   (2.6.8-2-k7) 
EIP is at scsi_device_dev_release+0x30/0x110 [scsi_mod]
eax: 00100100   ebx: f78af808   ecx: 00200200   edx: f78af984
esi: f78af800   edi: 00000282   ebp: f7e6aeb4   esp: f7969ea8
ds: 007b   es: 007b   ss: 0068
Process scsi_eh_2 (pid: 1585, threadinfo=f7968000 task=f743d710)
Stack: 00000000 f78af9a8 c02fb448 c02fb460 f7e6aed8 c01f4458 f78af984
f78af9a8 
       c02fb448 c02fb460 c01a3d68 f78af9a8 f7968000 f78af800 f7968000
f7968000 
       f8863592 f78af9a8 f7e6a6b0 f78af800 f7e6a6b0 f78af984 f7e6a6b0
f78af800 
Call Trace:
 [<c01f4458>] device_release+0x58/0x60
 [<c01a3d68>] kobject_cleanup+0x98/0xa0
 [<f8863592>] scsi_request_fn+0x222/0x400 [scsi_mod]
 [<c01fb56a>] blk_insert_request+0xba/0xe0
 [<f88621c9>] scsi_queue_insert+0x89/0xd0 [scsi_mod]
 [<f8861a71>] scsi_eh_flush_done_q+0x71/0xf0 [scsi_mod]
 [<f8861b88>] scsi_unjam_host+0x98/0x200 [scsi_mod]
 [<c0118aa0>] default_wake_function+0x0/0x20
 [<f8861df3>] scsi_error_handler+0x103/0x1c0 [scsi_mod]
 [<f8861cf0>] scsi_error_handler+0x0/0x1c0 [scsi_mod]
 [<c0104291>] kernel_thread_helper+0x5/0x14
Code: 89 48 04 89 01 c7 43 04 00 02 20 00 8d 9a 8c fe ff ff 8b 82 
 <6>note: scsi_eh_2[1585] exited with preempt_count 1
Badness in kobject_get at lib/kobject.c:433
 [<c01a3ccc>] kobject_get+0x4c/0x50
 [<c01f4768>] get_device+0x18/0x30
 [<f8863395>] scsi_request_fn+0x25/0x400 [scsi_mod]
 [<c01f8e36>] elv_next_request+0x16/0x110
 [<c01fab2e>] __generic_unplug_device+0x3e/0x40
 [<c01fab4e>] generic_unplug_device+0x1e/0x40
 [<c01fabb0>] blk_unplug_work+0x10/0x20
 [<c012ae3c>] worker_thread+0x1cc/0x290
 [<c01faba0>] blk_unplug_work+0x0/0x20
 [<c0118aa0>] default_wake_function+0x0/0x20
 [<c0118aa0>] default_wake_function+0x0/0x20
 [<c012ac70>] worker_thread+0x0/0x290
 [<c012e965>] kthread+0xa5/0xb0
 [<c012e8c0>] kthread+0x0/0xb0
 [<c0104291>] kernel_thread_helper+0x5/0x14
e1000: eth1: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex
Unable to handle kernel paging request at virtual address 00100104
 printing eip:
f8865a70
*pde = 00000000
Oops: 0002 [#2]
PREEMPT 
Modules linked in: e1000 emu10k1_gp snd_emu10k1 snd_util_mem snd_hwdep
emu10k1 sound sis900 ehci_hcd tsdev mousedev joydev usbhid ohci_hcd
snd_intel8x0 snd_ac97_codec snd_pcm snd_timer snd_page_alloc
snd_mpu401_uart snd_rawmidi snd_seq_device snd i810_audio ac97_codec
soundcore sis5513 pci_hotplug sis_agp agpgart analog gameport parport_pc
parport floppy pcspkr rtc evdev capability commoncap ext3 jbd mbcache
sr_mod cdrom sd_mod usb_storage usbcore ide_core sg aic7xxx scsi_mod
unix font vesafb cfbcopyarea cfbimgblt cfbfillrect
CPU:    0
EIP:    0060:[<f8865a70>]    Not tainted
EFLAGS: 00010002   (2.6.8-2-k7) 
EIP is at scsi_device_dev_release+0x30/0x110 [scsi_mod]
eax: 00100100   ebx: f78af808   ecx: 00200200   edx: f78af984
esi: f78af800   edi: 00000286   ebp: f7e6aeb4   esp: f7e53ec0
ds: 007b   es: 007b   ss: 0068
Process kblockd/0 (pid: 41, threadinfo=f7e52000 task=f7e51690)
Stack: 00000000 f78af9a8 c02fb448 c02fb460 f7e6aed8 c01f4458 f78af984
f78af9a8 
       c02fb448 c02fb460 c01a3d68 f78af9a8 f7e52000 f78af800 f7e52000
f7e52000 
       f8863592 f78af9a8 f7e6a6b0 c01f8e36 c1b7802c f78af984 c1b7802c
f7e52000 
Call Trace:
 [<c01f4458>] device_release+0x58/0x60
 [<c01a3d68>] kobject_cleanup+0x98/0xa0
 [<f8863592>] scsi_request_fn+0x222/0x400 [scsi_mod]
 [<c01f8e36>] elv_next_request+0x16/0x110
 [<c01fab2e>] __generic_unplug_device+0x3e/0x40
 [<c01fab4e>] generic_unplug_device+0x1e/0x40
 [<c01fabb0>] blk_unplug_work+0x10/0x20
 [<c012ae3c>] worker_thread+0x1cc/0x290
 [<c01faba0>] blk_unplug_work+0x0/0x20
 [<c0118aa0>] default_wake_function+0x0/0x20
 [<c0118aa0>] default_wake_function+0x0/0x20
 [<c012ac70>] worker_thread+0x0/0x290
 [<c012e965>] kthread+0xa5/0xb0
 [<c012e8c0>] kthread+0x0/0xb0
 [<c0104291>] kernel_thread_helper+0x5/0x14
Code: 89 48 04 89 01 c7 43 04 00 02 20 00 8d 9a 8c fe ff ff 8b 82 
 <6>note: kblockd/0[41] exited with preempt_count 1

Notes:
* The scsi device it's complaining about is the usb cd writer under
  the usb scsi emulation mode
* Booting with the device attached works on 2.4.27 and 2.6.10.
* If I boot 2.6.8 without the drive, and then hotplug it after after
  boot it doesn't cause an oops.
* I haven't tried booting with the drive and same kernel on another
    system or different controller (I can maybe try to do this
    if needed)

I have put full boot logs for 2.6.8 with the CD drive attached, 2.6.8
without the CD drive attached, and 2.6.10 with the drive attached at,

 http://people.debian.org/~taggart/tmp/2.6/

Using a graphical diff program on the two 2.6.8 logs may be useful.

The system is a Gigabyte GA-7S748 mainboard which uses the SiS963 south
bridge chipset which implements USB 1/2 controllers. Here's the lspci -v
output for those devices,

0000:00:03.0 USB Controller: Silicon Integrated Systems [SiS] USB 1.0
Controller
 (rev 0f) (prog-if 10 [OHCI])
        Subsystem: Silicon Integrated Systems [SiS] USB 1.0 Controller
        Flags: bus master, medium devsel, latency 32, IRQ 11
        Memory at e7041000 (32-bit, non-prefetchable) [size=4K]

0000:00:03.1 USB Controller: Silicon Integrated Systems [SiS] USB 1.0
Controller
 (rev 0f) (prog-if 10 [OHCI])
        Subsystem: Silicon Integrated Systems [SiS] USB 1.0 Controller
        Flags: bus master, medium devsel, latency 32, IRQ 9
        Memory at e7044000 (32-bit, non-prefetchable) [size=4K]

0000:00:03.3 USB Controller: Silicon Integrated Systems [SiS] USB 2.0
Controller
 (prog-if 20 [EHCI])
        Subsystem: Giga-byte Technology: Unknown device 5004
        Flags: bus master, medium devsel, latency 32, IRQ 10
        Memory at e7045000 (32-bit, non-prefetchable) [size=4K]
        Capabilities: [50] Power Management version 2


I noticed that #291348 mentions a problem with an SiS controller that
occurs on 2.6.8 and not 2.6.10 and while the symptoms are different (usb
doesn't work, as opposed to an oops) I think it might be related. The
submitter there mentions a known fixed problem in 2.6.10. Hopefully
it will be possible to find what changed in 2.6.10 and backport it to
 2.6.8.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages kernel-image-2.6.8-2-k7 depends on:
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  fileutils                     5.2.1-2    The GNU file management utilities 
ii  initrd-tools                  0.1.77     tools to create initrd image for p
ii  module-init-tools             3.2-pre1-1 tools for managing Linux kernel mo

-- no debconf information

Sorry this bug report is so long, I didn't have time to make it shorter.
Let me know if you need to to test anything for diagnose further.

Thanks,

-- 
Matt Taggart
taggart@debian.org
Reply to:
Prev by Date: Processed: bug not fixed
Next by Date: Bug#292491: /usr/sbin/mkinitrd: line 1359: mkext2fs: command not found
Previous by thread: Processed: bug not fixed
Next by thread: Bug#292491: /usr/sbin/mkinitrd: line 1359: mkext2fs: command not found
Index(es):
- Date
- Thread