Ubuntu
linux package

[regression] modprobe isp1760 triggers kernel oops during bootup in 2.6.27-11

Bug #322553 reported by Jesse Michael
10
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
High
Stefan Bader
Intrepid
Fix Released
High
Stefan Bader

Bug Description

SRU justification:

Impact: Updates from the 2.6.27.12 enabled the isp1761 module implicitly, triggering a bug in the probe function as a side effect. This causes a kernel oops at boot on machines with that hw.

Fix: Patch from upstream (2.6.28rc2, so Jaunty is not affected) which fixes the probing code. Updated kernel has been verified to solve the problem. Changes a limited to that specific driver.

Testcase: Boot with affected hw (see report).

I'm running into a regression between 2.6.27-9 and 2.6.29-11 where loading the isp1760 driver during bootup causes a kernel oops in isp1761_pci_probe. This prevents my laptop from continuing to boot up.

Adding "blacklist isp1761" to my /etc/modprobe.d/blacklist file allows me to boot up again.

Description: Ubuntu 8.10
Release: 8.10

linux-image-2.6.27-11-generic:
  Installed: 2.6.27-11.25
  Candidate: 2.6.27-11.25
  Version table:
 *** 2.6.27-11.25 0
        500 http://us.archive.ubuntu.com intrepid-updates/main Packages
        100 /var/lib/dpkg/status

See original description
Revision history for this message
Jesse Michael (jesse.michael) wrote :
Revision history for this message
Jesse Michael (jesse.michael) wrote :
Revision history for this message
Jesse Michael (jesse.michael) wrote :
Revision history for this message
Jesse Michael (jesse.michael) wrote :
Revision history for this message
Jesse Michael (jesse.michael) wrote :
Revision history for this message
Jesse Michael (jesse.michael) wrote :
Revision history for this message
Kees Cook (kees) wrote :

This seems to be related to the isp1760 module suddenly coming into existence. It was not built in -9, and with this commit[1], it got turned on.

[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ff30bf1ca4b548c0928dae6bfce89458b95e5bf4

Changed in linux:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Steve Beattie (sbeattie) wrote :

The ips1760 module was there before, but in 2.6.27-9, we had the following in our kernel config:

  CONFIG_USB_ISP1760_HCD=m
  # CONFIG_USB_ISP1760_PCI is not set

The change in the 2.6.27.7 commit that Kees pointed to above includes the following little tidbit:

  -#ifdef CONFIG_USB_ISP1760_PCI
  +#ifdef CONFIG_PCI
          ret = pci_register_driver(&isp1761_pci_driver);

Thus, before the change, the isp1761_pci_driver in the code existed but wouldn't get registered, and thus the oops'ing function isp1761_pci_probe() would never get invoked (Kees: in other words, a debdiff wouldn't have caught this).

I believe Kees is building a test kernel based on the fix in http://lkml.org/lkml/2009/1/15/439 .

Revision history for this message
Kees Cook (kees) wrote :

This patch appears to fix the hang.

Stefan Bader (smb)
Changed in linux:
assignee: nobody → stefan-bader-canonical
status: Confirmed → In Progress
Revision history for this message
Andy Whitcroft (apw) wrote :

This not only causes an oops but prevents bootup.

Changed in linux:
assignee: stefan-bader-canonical → nobody
importance: Medium → High
status: In Progress → Triaged
assignee: nobody → stefan-bader-canonical
status: Triaged → In Progress
Revision history for this message
Stefan Bader (smb) wrote :

@Jesse,

I placed a set of updated kernels at http://people.ubuntu.com/~smb/bug322553/
Can you test the one matching your architecture and let me know whether this works. Then I can get a quick update for this.
Thanks.

Revision history for this message
Jesse Michael (jesse.michael) wrote :

I grabbed linux-image-2.6.27-11-generic_2.6.27-11.27_amd64.deb and tried booting up without the "blacklist isp1670" entry.

I get these entries in syslog, but my laptop booted up normally otherwise, so I'd call it a success--

[ 18.099400] isp1760 0000:03:04.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 18.101494] isp1760: scratch register mismatch ffff
[ 18.101506] isp1760: probe of 0000:03:04.0 failed with error -12

Revision history for this message
Stefan Bader (smb) wrote :

Fix commited to Intrepid kernel tree.

Changed in linux:
status: In Progress → Fix Committed
Stefan Bader (smb)
description: updated
Revision history for this message
Steve Beattie (sbeattie) wrote :

Accepting the Intrepid nomination, marking the jaunty task fixed.

Changed in linux:
assignee: nobody → stefan-bader-canonical
importance: Undecided → High
status: New → Fix Committed
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.27-11.27

---------------
linux (2.6.27-11.27) intrepid-security; urgency=low

  [ Upstream Kernel Changes ]

  * USB: isp1760: Fix probe in PCI glue code
    - LP: #322553

linux (2.6.27-11.26) intrepid-security; urgency=low

  Re-release of 2.6.27-11.25 as security release

  [Upstream Kernel Changes]

  * ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table
    - CVE-2008-5079
  * Fix inotify watch removal/umount races
    - CVE-2008-5182
  * net: Fix soft lockups/OOM issues w/ unix garbage collector
    - CVE-2008-5300
  * parisc: fix kernel crash when unwinding a userspace process
    - CVE-2008-5395
  * Enforce a minimum SG_IO timeout
    - CVE-2008-5700
  * ib700wdt.c - fix buffer_underflow bug
    - CVE-2008-5702

 -- Stefan Bader <email address hidden> Thu, 29 Jan 2009 10:37:27 +0000

Changed in linux:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.