Bug 5265

Summary: oops when disconnecting usb-storage device
Product: Drivers Reporter: Greg Kroah-Hartman (greg)
Component: USBAssignee: Matthew Dharm (mdharm-usb)
Status: RESOLVED CODE_FIX    
Severity: high CC: rjenster, stern
Priority: P2    
Hardware: i386   
OS: Linux   
Kernel Version: 2.6.14-rc1 Subsystem:
Regression: --- Bisected commit-id:
Bug Depends on:    
Bug Blocks: 5089    
Attachments: Full oops with sysfs and driver core debug messages
Fix SCSI device removal
SCSI error handler exit patch

Description Greg Kroah-Hartman 2005-09-15 11:58:24 UTC 
Most recent kernel where this bug did not occur: 2.6.13

Here's the oops I get when disconnecting a usb-storage device with the latest
2.6.14-rc1-git tree (also happens with 2.6.14-rc1 clean.)

Nothing is mounted, the device has not been mounted at all yet.

Unable to handle kernel paging request at virtual address 6b6b6b9b
 printing eip:
c028f8cc
*pde = 00000000
Oops: 0002 [#1]
SMP 
Modules linked in: ub usb_storage usbhid uhci_hcd ehci_hcd usbcore
CPU:    1
EIP:    0060:[<c028f8cc>]    Not tainted VLI
EFLAGS: 00010286   (2.6.14-rc1-g1619cca2) 
EIP is at scsi_remove_device+0x39/0x4f
eax: 00000001   ebx: f711b2ec   ecx: 00000000   edx: 6b6b6b6b
esi: f7a28e60   edi: f7a28e58   ebp: f6f480bc   esp: f7bf7dbc
ds: 007b   es: 007b   ss: 0068
Process khubd (pid: 1292, threadinfo=f7bf6000 task=f7ac0030)
Stack: f711b4f8 00000066 f711b2ec f7a28e60 c028f963 f711b2ec f7a28e64 f7a28e60 
       f7a28e64 f7a28e68 c028e739 f6f480bc f7a28e60 f8aaab00 f8aaab20 f7a29380 
       c02869c2 f7a28e60 00000003 f7a290dc f8aaab00 f8a9bcc0 f7a28e60 f79ee2c8 
Call Trace:
 [<c028f963>] __scsi_remove_target+0x81/0xa9
 [<c028e739>] scsi_forget_host+0x3b/0x61
 [<c02869c2>] scsi_remove_host+0x49/0x93
 [<f8a9bcc0>] storage_disconnect+0x19/0x26 [usb_storage]
 [<f88351c3>] usb_unbind_interface+0x7e/0x80 [usbcore]
 [<f8835145>] usb_unbind_interface+0x0/0x80 [usbcore]
 [<c025e52d>] __device_release_driver+0x9a/0xbc
 [<c025e580>] device_release_driver+0x31/0x43
 [<c025dbbb>] bus_remove_device+0x96/0xb0
 [<c025ca16>] device_del+0x2c/0x6e
 [<f883f21d>] usb_disable_device+0x12b/0x1a0 [usbcore]
 [<f8838006>] usb_disconnect+0xcc/0x1c5 [usbcore]
 [<f883a394>] hub_port_connect_change+0x39c/0x53c [usbcore]
 [<f883a92c>] hub_events+0x3f8/0x622 [usbcore]
 [<f883ab6f>] hub_thread+0x19/0x101 [usbcore]
 [<c013630a>] autoremove_wake_function+0x0/0x57
 [<c013630a>] autoremove_wake_function+0x0/0x57
 [<f883ab56>] hub_thread+0x0/0x101 [usbcore]
 [<c0135e54>] kthread+0xba/0xf0
 [<c0135d9a>] kthread+0x0/0xf0
 [<c0101469>] kernel_thread_helper+0x5/0xb
Code: 14 8b 33 c7 44 24 04 66 00 00 00 c7 04 24 48 57 34 c0 e8 30 e3 e8 ff f0 ff
4e 30 0f 88 20 04 00 00 89 1c 24 e8 36 ff ff ff 8b 13 <f0> ff 42 30 0f 8e 19 04
00 00 8b 5c 24 08 8b 74 24 0c 83 c4 10
Comment 1 Greg Kroah-Hartman 2005-09-15 12:00:02 UTC 
Created attachment 6033 [details]
Full oops with sysfs and driver core debug messages

Here's the full oops, with sysfs and driver core and usb core debug messages
enabled.  I'll enable usb-storage debug if you think it would help out any...
Comment 2 Alan Stern 2005-09-15 12:20:28 UTC 
Created attachment 6036 [details]
Fix SCSI device removal

This is a known problem.  I sent a patch for it to James Bottomley at the end
of July, but he hasn't applied it yet.	If you want to read the patch comment,
it's

http://marc.theaimsgroup.com/?l=linux-scsi&m=112238804301664&w=2

The attached patch for 2.6.14-rc1 fixes this problem plus another
newly-introduced bug.  There's yet a third bug fixed in the next attachment.
Comment 3 Alan Stern 2005-09-15 12:22:47 UTC 
Created attachment 6037 [details]
SCSI error handler exit patch

When the SCSI error handler was converted to use the kthread library, the
thread-exit code was botched.  This fixes it.
Comment 4 Greg Kroah-Hartman 2005-09-17 08:27:23 UTC 
*** Bug 5270 has been marked as a duplicate of this bug. ***
Comment 5 Greg Kroah-Hartman 2005-10-05 10:36:20 UTC 
Fixed now in 2.6.14-rc3