Bug 215487

Summary: usb driver crash due to usbip events
Product: Drivers Reporter: Daniel Oltmanns (oltmanns)
Component: USBAssignee: Default virtual assignee for Drivers/USB (drivers_usb)
Status: NEW ---    
Severity: normal CC: nilskemail+linux, oltmanns, sosthene
Priority: P1    
Hardware: ARM   
OS: Linux   
Kernel Version: 5.10.63-v7l+ Subsystem:
Regression: No Bisected commit-id:
Attachments: collection of multiple oops messages on different hosts
kernel error bullseye

Description Daniel Oltmanns 2022-01-12 16:59:44 UTC 
Created attachment 300257 [details]
collection of multiple oops messages on different hosts

USB commands become unresponsive after kernel oops occurred in relation to usbip commands.

Currently, we haven't found a way to reproduce this issue, as it occurs after some arbitrary amount of time, and we couldn't identify the exact conditions yet, except it only occurs in relations to the JTAG device.

We run a pool full of Raspberry PIs Model 4B running 5.10.63-v7l+. All latest usbip commits should be present in this version. Each PI has an FTDI and "Atmel JTAG ICE 3" (JTAG) connected. The JTAG will have external power cycles, both FTDI and JTAG will have internal power cycles through the USB controller. Devices will be bound to the usbip daemon through udev rules.

With the current behavior, all usb commands will become unresponsive and only a full power cycle will be able to solve this. In the attachments, a collection of multiple different kernel oops messages can be found with some previous and later usbip messages.

If this is an issue related to the Raspberry Pi specific firmware, we will continue our issue (https://github.com/raspberrypi/linux/issues/4730) in their repository. But currently we think this is a specific usbip issue.
Comment 1 Daniel Oltmanns 2022-04-08 10:17:16 UTC 
UPDATE: We have upgraded to the new Bullseye 64Bit OS on the raspberry pi. We now received the following error with the following Call trace:

Error: "Unable to handle kernel NULL pointer dereference at virtual address 000000000000004c"

Call Trace:
- stub_rx_loop+0x42c/0xb20 [usbip_host]
- kthread+0x140/0x158
- ret_from_fork+0x10/0x20

The full error message can be seen in the new attachment 'kernel_oops_bullseye'.
Comment 2 Daniel Oltmanns 2022-04-08 10:17:45 UTC 
Created attachment 300722 [details]
kernel error bullseye