Bug 5098

Summary: Oops when disconnecting Iriver MP3-Player too early
Product: File System Reporter: Jochen Spieker (js+bugs)
Component: SysFSAssignee: Greg Kroah-Hartman (greg)
Status: RESOLVED CODE_FIX    
Severity: normal CC: greg
Priority: P2    
Hardware: i386   
OS: Linux   
Kernel Version: 2.6.12 Subsystem:
Regression: --- Bisected commit-id:
Bug Depends on:    
Bug Blocks: 5089    

Description Jochen Spieker 2005-08-20 08:27:48 UTC 
Distribution: Debian GNU/Linux
Hardware Environment: Laptop Asus M2400N
Software Environment: see distribution
Problem Description:

Hi,

I am using an Iriver H120 MP3-Player (USB mass-storage device) with a free
firmware from <http://rockbox.org>. It generally works fine, but when I plug in
the device and unplug before it before "it has settled", I get a kernel oops:

Aug 20 17:09:49 localhost kernel: usb 4-2: USB disconnect, address 4
Aug 20 17:10:18 localhost kernel: usb 4-2: new high speed USB device using
ehci_hcd and address 5
Aug 20 17:10:18 localhost kernel: scsi2 : SCSI emulation for USB Mass Storage
devices
Aug 20 17:10:18 localhost kernel: usb-storage: device found at 5
Aug 20 17:10:18 localhost kernel: usb-storage: waiting for device to settle
before scanning
Aug 20 17:10:23 localhost kernel:   Vendor: TOSHIBA   Model: MK2004GAL        
Rev: JC10
Aug 20 17:10:23 localhost kernel:   Type:   Direct-Access                     
ANSI SCSI revision: 00
Aug 20 17:10:23 localhost kernel: SCSI device sda: 39063024 512-byte hdwr
sectors (20000 MB)
Aug 20 17:10:23 localhost kernel: sda: assuming drive cache: write through
Aug 20 17:10:23 localhost kernel: SCSI device sda: 39063024 512-byte hdwr
sectors (20000 MB)
Aug 20 17:10:23 localhost kernel: sda: assuming drive cache: write through
Aug 20 17:10:23 localhost kernel:  sda: sda1
Aug 20 17:10:23 localhost kernel: Attached scsi disk sda at scsi2, channel 0, id
0, lun 0
Aug 20 17:10:23 localhost kernel: usb-storage: device scan complete
Aug 20 17:12:46 localhost kernel: usb 4-2: USB disconnect, address 5
Aug 20 17:12:56 localhost kernel: usb 4-2: new high speed USB device using
ehci_hcd and address 6
Aug 20 17:12:56 localhost kernel: scsi3 : SCSI emulation for USB Mass Storage
devices
Aug 20 17:12:56 localhost kernel: usb-storage: device found at 6
Aug 20 17:12:56 localhost kernel: usb-storage: waiting for device to settle
before scanning
Aug 20 17:13:51 localhost kernel: scsi: Device offlined - not ready after error
recovery: host 3 channel 0 id 0 lun 0
Aug 20 17:13:51 localhost kernel: usb 4-2: USB disconnect, address 6
Aug 20 17:13:51 localhost kernel: usb-storage: device scan complete
Aug 20 17:13:51 localhost kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000048
Aug 20 17:13:51 localhost kernel:  printing eip:
Aug 20 17:13:51 localhost kernel: c019ad8b
Aug 20 17:13:51 localhost kernel: *pde = 00000000
Aug 20 17:13:51 localhost kernel: Oops: 0000 [#1]
Aug 20 17:13:51 localhost kernel: PREEMPT


Aug 20 17:13:51 localhost kernel: Modules linked in: bnep rfcomm l2cap evdev
8250_pci 8250 serial_core usbhid usb_storage ehci_hcd uhci_hcd prism54 ohci1394
ieee1394
Aug 20 17:13:51 localhost kernel: CPU:    0
Aug 20 17:13:51 localhost kernel: EIP:    0060:[sysfs_hash_and_remove+11/248]  
 Not tainted VLI
Aug 20 17:13:51 localhost kernel: EFLAGS: 00010292   (2.6.12)
Aug 20 17:13:51 localhost kernel: EIP is at sysfs_hash_and_remove+0xb/0xf8
Aug 20 17:13:51 localhost kernel: eax: 00000000   ebx: eccfd24c   ecx: 00000001
  edx: c0504088
Aug 20 17:13:51 localhost kernel: esi: eccfd244   edi: c0504080   ebp: c0504020
  esp: ef459df8
Aug 20 17:13:51 localhost kernel: ds: 007b   es: 007b   ss: 0068
Aug 20 17:13:51 localhost kernel: Process khubd (pid: 98, threadinfo=ef458000
task=ef6475a0)
Aug 20 17:13:51 localhost kernel: Stack: 00000003 00000001 00000000 eccfd24c
eccfd244 c0504080 c0504020 c03147e1
Aug 20 17:13:51 localhost kernel:        00000000 c046cd18 c0504088 eccfd244
eccfd190 ed4d3028 ea07dcc0 c0314830
Aug 20 17:13:51 localhost kernel:        eccfd244 eccfd000 c03501d4 eccfd244
00000003 ed4d2ff8 eccfd000 ed4d3000
Aug 20 17:13:51 localhost kernel: Call Trace:
Aug 20 17:13:51 localhost kernel:  [class_device_del+145/208]
class_device_del+0x91/0xd0
Aug 20 17:13:51 localhost kernel:  [class_device_unregister+16/32]
class_device_unregister+0x10/0x20
Aug 20 17:13:51 localhost kernel:  [scsi_remove_device+100/176]
scsi_remove_device+0x64/0xb0
Aug 20 17:13:51 localhost kernel:  [__scsi_remove_target+162/272]
__scsi_remove_target+0xa2/0x110
Aug 20 17:13:51 localhost kernel:  [scsi_forget_host+88/176]
scsi_forget_host+0x58/0xb0
Aug 20 17:13:51 localhost kernel:  [scsi_remove_host+23/112]
scsi_remove_host+0x17/0x70
Aug 20 17:13:51 localhost kernel:  [pg0+804572278/1067795456]
storage_disconnect+0x56/0x72 [usb_storage]
Aug 20 17:13:51 localhost kernel:  [usb_unbind_interface+62/128]
usb_unbind_interface+0x3e/0x80
Aug 20 17:13:51 localhost kernel:  [device_release_driver+96/128]
device_release_driver+0x60/0x80
Aug 20 17:13:51 localhost kernel:  [bus_remove_device+108/176]
bus_remove_device+0x6c/0xb0
Aug 20 17:13:51 localhost kernel:  [device_del+92/160] device_del+0x5c/0xa0
Aug 20 17:13:51 localhost kernel:  [usb_disable_device+192/320]
usb_disable_device+0xc0/0x140
Aug 20 17:13:51 localhost kernel:  [usb_disconnect+170/352]
usb_disconnect+0xaa/0x160
Aug 20 17:13:51 localhost kernel:  [hub_port_connect_change+84/1104]
hub_port_connect_change+0x54/0x450
Aug 20 17:13:51 localhost kernel:  [hub_events+777/1200] hub_events+0x309/0x4b0
Aug 20 17:13:51 localhost kernel:  [hub_thread+79/272] hub_thread+0x4f/0x110
Aug 20 17:13:51 localhost kernel:  [autoremove_wake_function+0/96]
autoremove_wake_function+0x0/0x60
Aug 20 17:13:51 localhost kernel:  [hub_thread+0/272] hub_thread+0x0/0x110
Aug 20 17:13:51 localhost kernel:  [kernel_thread_helper+5/12]
kernel_thread_helper+0x5/0xc
Aug 20 17:13:51 localhost kernel: Code: b5 e8 2a de 29 00 eb bf 90 8d b4 26 00
00 00 00 e8 1b de 29 00 e9 31 ff ff ff 8d b6 00 00 00 00 55 57 56 53 83 ec 0c 8b
44 24 20 <8b> 50 48 8b 48 08 ff 49 70 0f 88 de 00 00 00 8b 42 0c 8d 68 fc
Comment 1 Andrew Morton 2005-08-20 22:18:50 UTC 
Alan Stern <stern@rowland.harvard.edu> wrote:

> This is a SCSI problem, not a USB problem.  Probably a known bug with
> patches already available, maybe even already in -mm.  Can you re-assign 
> the bug to James Bottomley?
Comment 2 James Bottomley 2005-08-21 06:13:06 UTC 
It's Not a SCSI bug, it's a sysfs bug.  The fix is here

http://marc.theaimsgroup.com/?l=linux-scsi&m=112398346008284
Comment 3 Jochen Spieker 2005-08-24 11:30:47 UTC 
Hi,

thanks for your comments. I tried the patch that has been suggested, but it
didn't prevent the Oops from ocurring again - but read on:

It looks as if a bug in Rockbox (the firmware for my USB device) was triggering
this kernel bug. The daily build of Rockbox from Aug 21 prevented the device
from "settling" and when you pulled the USB plug you got the Oops. Since then I
used newer daily builds of Rockbox that didn't show that behaviour anymore and I
cannot reproduce the Oops with a later firmware and by pulling the plug very quick.

But still, if I use the firmware from Aug 21 and the suggested patch, I get the
kernel Oops when pulling the plug before the device has settled (which never
happens because of the firmware bug). I'll leave it up to you whether you still
consider this a bug in the kernel.

Thanks a lot,
Jochen.
Comment 4 Greg Kroah-Hartman 2005-09-02 00:34:17 UTC 
I'll just close this as newer versions of the firmware don't cause this
problem anymore :)