21172 – OOPS in disk_replace_part_tbl.

Bug 21172 - OOPS in disk_replace_part_tbl.

Summary: OOPS in disk_replace_part_tbl.

Status:	RESOLVED CODE_FIX

Alias:	None

Product:	IO/Storage
Classification:	Unclassified
Component:	SCSI (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	linux-scsi@vger.kernel.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-10-26 13:28 UTC by Pawel Sikora
Modified:	2010-12-28 22:09 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	2.6.36-04464-g229aebb
Subsystem:
Regression:	Yes
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pawel Sikora 2010-10-26 13:28:45 UTC

hi,

the recent kernel from git oopses on my machine during
disconnecting usb cable from mobile phone.

here's the log from connecting usb device:

[   76.823339] usb 4-1: new full speed USB device using uhci_hcd and address 3
[   77.005567] usb 4-1: New USB device found, idVendor=22b8, idProduct=4810
[   77.005571] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.005574] usb 4-1: Product: Motorola Phone (K1)
[   77.005577] usb 4-1: Manufacturer: Motorola Inc.
[   77.005579] usb 4-1: SerialNumber: 35302301929943
[   77.074902] usb 4-1: selecting invalid altsetting 1
[   77.075147] usbcore: registered new interface driver uas
[   77.094325] usbcore: registered new interface driver libusual
[   77.107094] Initializing USB Mass Storage driver...
[   77.107252] scsi2 : usb-storage 4-1:1.0
[   77.109207] usbcore: registered new interface driver usb-storage
[   77.109213] USB Mass Storage support registered.
[   79.391176] scsi 2:0:0:0: Direct-Access     Motorola K1               2.31 PQ: 0 ANSI: 2
[   79.392753] sd 2:0:0:0: Attached scsi generic sg1 type 0
[   79.768076] sd 2:0:0:0: [sdb] Adjusting the sector count from its reported value: 990977
[   79.768087] sd 2:0:0:0: [sdb] 990976 512-byte logical blocks: (507 MB/483 MiB)
[   79.771072] sd 2:0:0:0: [sdb] Write Protect is off
[   79.771078] sd 2:0:0:0: [sdb] Mode Sense: 0b 00 00 08
[   79.771081] sd 2:0:0:0: [sdb] Assuming drive cache: write through
[   80.518936] sd 2:0:0:0: [sdb] Adjusting the sector count from its reported value: 990977
[   80.521933] sd 2:0:0:0: [sdb] Assuming drive cache: write through
[   80.543956]  sdb: sdb1
[   80.572979] sd 2:0:0:0: [sdb] Adjusting the sector count from its reported value: 990977
[   80.575961] sd 2:0:0:0: [sdb] Assuming drive cache: write through
[   80.575972] sd 2:0:0:0: [sdb] Attached SCSI removable disk

and disconnecting...

[   91.846701] usb 4-1: USB disconnect, address 3
[   91.847079] BUG: unable to handle kernel NULL pointer dereference at 00000000000003a0
[   91.849991] IP: [<ffffffff81201f77>] disk_replace_part_tbl.clone.16+0x27/0x60
[   91.849991] PGD 7a698067 PUD 7a6ec067 PMD 0 
[   91.849991] Oops: 0000 [#1] SMP 
[   91.849991] last sysfs file: /sys/devices/pci0000:00/0000:00:10.2/usb4/4-1/4-1:1.0/host2/target2:0:0/2:0:0:0/block/sdb/size
[   91.849991] CPU 0 
[   91.849991] Modules linked in: usb_storage usb_libusual uas ext2 ocfs2_dlmfs ocfs2_stackglue ocfs2_dlm ocfs2_nodemanager configfs nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs sch_sfq ext4 jbd2 crc16 dm_mod aoe autofs4 radeon ttm drm_kms_helper drm i2c_algo_bit configs ide_cd_mod cdrom ata_generic pata_acpi pata_via joydev usbhid hid ide_pci_generic snd_via82xx gameport snd_via82xx_modem snd_ac97_codec uhci_hcd ehci_hcd usbcore snd_mpu401_uart i2c_viapro edac_core i2c_core via82cxxx floppy ac97_bus snd_pcm shpchp ide_core evdev edac_mce_amd via_rhine snd_rawmidi snd_seq_device snd_timer thermal mii snd snd_page_alloc processor button k8temp pci_hotplug hwmon soundcore sg psmouse serio_raw pcspkr sd_mod crc_t10dif ext3 jbd mbcache sata_via libata scsi_mod [last unloaded: scsi_wait_scan]
[   91.849991] 
[   91.849991] Pid: 1549, comm: khubd Not tainted 2.6.36-04464-g229aebb #47 K8V-X SE/System Product Name
[   91.849991] RIP: 0010:[<ffffffff81201f77>]  [<ffffffff81201f77>] disk_replace_part_tbl.clone.16+0x27/0x60
[   91.849991] RSP: 0018:ffff88007955f9b0  EFLAGS: 00010282
[   91.849991] RAX: ffff88007fc14590 RBX: ffff8800653e6f80 RCX: ffff8800773b0900
[   91.849991] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880079901038
[   91.849991] RBP: ffff88007955f9c0 R08: ffff88007ae248a8 R09: 2222222222222222
[   91.849991] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   91.849991] R13: 0000000000000000 R14: ffff88007691d808 R15: 0000000000000293
[   91.849991] FS:  00007f82fe6bc7a0(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[   91.849991] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   91.849991] CR2: 00000000000003a0 CR3: 000000007a8e4000 CR4: 00000000000006f0
[   91.849991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   91.849991] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   91.849991] Process khubd (pid: 1549, threadinfo ffff88007955e000, task ffff8800799e7700)
[   91.849991] Stack:
[   91.849991]  ffff880079901000 ffffffff818384c0 ffff88007955f9e0 ffffffff81201fdb
[   91.849991] <0> ffffffff818384c0 0000000000000000 ffff88007955fa00 ffffffff812bf992
[   91.849991] <0> 0000000000000282 ffff880079901070 ffff88007955fa30 ffffffff81211d05
[   91.849991] Call Trace:
[   91.849991]  [<ffffffff81201fdb>] disk_release+0x2b/0x60
[   91.849991]  [<ffffffff812bf992>] device_release+0x22/0x90
[   91.849991]  [<ffffffff81211d05>] kobject_release+0x45/0x90
[   91.849991]  [<ffffffff81211cc0>] ? kobject_release+0x0/0x90
[   91.849991]  [<ffffffff81213497>] kref_put+0x37/0x70
[   91.849991]  [<ffffffff81211be7>] kobject_put+0x27/0x60
[   91.849991]  [<ffffffff81201072>] put_disk+0x12/0x20
[   91.849991]  [<ffffffffa01125c2>] sg_device_destroy+0x62/0x90 [sg]
[   91.849991]  [<ffffffffa0112560>] ? sg_device_destroy+0x0/0x90 [sg]
[   91.849991]  [<ffffffff81213497>] kref_put+0x37/0x70
[   91.849991]  [<ffffffffa0112434>] sg_put_dev+0x14/0x20 [sg]
[   91.849991]  [<ffffffffa011252e>] sg_remove+0xee/0x120 [sg]
[   91.849991]  [<ffffffff812c0611>] device_del+0xc1/0x1b0
[   91.849991]  [<ffffffff812c0711>] device_unregister+0x11/0x20
[   91.849991]  [<ffffffffa000f085>] __scsi_remove_device+0xa5/0xc0 [scsi_mod]
[   91.849991]  [<ffffffffa000db54>] scsi_forget_host+0x64/0x90 [scsi_mod]
[   91.849991]  [<ffffffffa000387a>] scsi_remove_host+0x6a/0x120 [scsi_mod]
[   91.849991]  [<ffffffffa033e402>] quiesce_and_remove_host+0x62/0xa0 [usb_storage]
[   91.849991]  [<ffffffffa033e4fd>] usb_stor_disconnect+0x1d/0x30 [usb_storage]
[   91.849991]  [<ffffffffa0354c55>] usb_unbind_interface+0x55/0x1a0 [usbcore]
[   91.849991]  [<ffffffff812c3510>] __device_release_driver+0x70/0xe0
[   91.849991]  [<ffffffff812c35a8>] device_release_driver+0x28/0x40
[   91.849991]  [<ffffffff812c3006>] bus_remove_device+0x76/0xa0
[   91.849991]  [<ffffffff812c0677>] device_del+0x127/0x1b0
[   91.849991]  [<ffffffffa0352754>] usb_disable_device+0x74/0x140 [usbcore]
[   91.849991]  [<ffffffffa034b133>] usb_disconnect+0x93/0x120 [usbcore]
[   91.849991]  [<ffffffffa034cebc>] hub_thread+0x95c/0x11e0 [usbcore]
[   91.849991]  [<ffffffff8103c63f>] ? dequeue_task+0x6f/0x1a0
[   91.849991]  [<ffffffff813fac09>] ? schedule+0x309/0xaf0
[   91.849991]  [<ffffffff81069700>] ? autoremove_wake_function+0x0/0x40
[   91.849991]  [<ffffffffa034c560>] ? hub_thread+0x0/0x11e0 [usbcore]
[   91.849991]  [<ffffffff810691b6>] kthread+0x96/0xa0
[   91.849991]  [<ffffffff81003b94>] kernel_thread_helper+0x4/0x10
[   91.849991]  [<ffffffff81069120>] ? kthread+0x0/0xa0
[   91.849991]  [<ffffffff81003b90>] ? kernel_thread_helper+0x0/0x10
[   91.849991] Code: 1f 44 00 00 55 48 89 e5 48 83 ec 10 4c 89 64 24 08 48 89 1c 24 49 89 f4 48 8b 1f 48 85 db 48 89 17 74 36 48 c7 43 18 00 00 00 00 <48> 8b be a0 03 00 00 e8 6d b7 1f 00 4c 89 e7 e8 d5 1f ff ff 49
[   91.849991] RIP  [<ffffffff81201f77>] disk_replace_part_tbl.clone.16+0x27/0x60
[   91.849991]  RSP <ffff88007955f9b0>
[   91.849991] CR2: 00000000000003a0
[   94.020068] ---[ end trace c31bf154fbac1c6b ]---

Comment 1 Pawel Sikora 2010-10-27 13:42:20 UTC

v2.6.36 from release tag works fine, so this is a recent regression in mainline.

Comment 2 kakaouete 2010-11-25 10:16:15 UTC

Hi, I noticed the same problem, it appeared between 2.6.36 and 2.6.36.1.

Every time I unplug a usb device storage (my phone as well my usb key), I get the oops:

usb 8-5: new high speed USB device using ehci_hcd and address 2
Initializing USB Mass Storage driver...
scsi6 : usb-storage 8-5:1.0
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
scsi 6:0:0:0: Direct-Access     Lexar    JD Secure II +   1100 PQ: 0 ANSI: 0 CCS
sd 6:0:0:0: Attached scsi generic sg2 type 0
sd 6:0:0:0: [sdb] 15663104 512-byte logical blocks: (8.01 GB/7.46 GiB)
sd 6:0:0:0: [sdb] Write Protect is off
sd 6:0:0:0: [sdb] Mode Sense: 43 00 00 00
sd 6:0:0:0: [sdb] Assuming drive cache: write through
sd 6:0:0:0: [sdb] Assuming drive cache: write through
 sdb: sdb1
sd 6:0:0:0: [sdb] Assuming drive cache: write through
sd 6:0:0:0: [sdb] Attached SCSI removable disk
usb 8-5: USB disconnect, address 2
BUG: unable to handle kernel NULL pointer dereference at 00000000000003a0
IP: [<ffffffff811dca07>] disk_replace_part_tbl.clone.15+0x27/0x70
PGD 13ac78067 PUD 13937e067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb8/8-5/speed
CPU 0 
Modules linked in: nls_cp437 vfat fat usb_storage fuse ipv6 rfcomm sco bnep coretemp l2cap crc16 ext2 loop pata_pcmcia usbhid hid usblp tpm_infineon snd_hda_codec_analog ide_cs ide_core btusb bluetooth uvcvideo videodev v4l1_compat v4l2_compat_ioctl32 snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_hda_intel fan parport_pc uinput arc4 snd_hda_codec snd_hwdep ecb snd_pcm sdhci_pci sdhci snd_timer joydev hp_wmi tpm_tis snd mmc_core soundcore snd_page_alloc tpm tpm_bios video firewire_ohci hp_accel cpufreq_powersave output container lis3lv02d input_polldev led_class firewire_core crc_itu_t cpufreq_ondemand wmi pcmcia acpi_cpufreq thermal ac battery button yenta_socket pcmcia_rsrc freq_table pcmcia_core iwlagn iwlcore mac80211 cfg80211 rfkill uhci_hcd ppdev ehci_hcd iTCO_wdt iTCO_vendor_support usbcore pcspkr psmouse intel_agp processor e1000e sg lp parport evdev serio_raw mperf ext3 jbd mbcache sr_mod cdrom sd_mod ahci libahci libata scsi_mod radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core

Pid: 1713, comm: khubd Not tainted 2.6.36-ARCH #1 30DC/HP EliteBook 6930p
RIP: 0010:[<ffffffff811dca07>]  [<ffffffff811dca07>] disk_replace_part_tbl.clone.15+0x27/0x70
RSP: 0018:ffff8801381559a0  EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff88005a24dd40 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88013b74ec38
RBP: ffff8801381559b0 R08: ffff88013fc380a8 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8800ad56ab68 R15: 0000000000000246
FS:  0000000000000000(0000) GS:ffff880001a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000000003a0 CR3: 000000013afdf000 CR4: 00000000000406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process khubd (pid: 1713, threadinfo ffff880138154000, task ffff8801383f6120)
Stack:
 ffff88013b74ec00 ffffffff81585160 ffff8801381559d0 ffffffff811dca7b
<0> ffff8800ad56ab68 0000000000000000 ffff8801381559f0 ffffffff812a0df2
<0> ffff8800ad56ab68 ffff88013b74ec70 ffff880138155a20 ffffffff811eaf15
Call Trace:
 [<ffffffff811dca7b>] disk_release+0x2b/0x50
 [<ffffffff812a0df2>] device_release+0x22/0x90
 [<ffffffff811eaf15>] kobject_release+0x45/0x90
 [<ffffffff811eaed0>] ? kobject_release+0x0/0x90
 [<ffffffff811ec737>] kref_put+0x37/0x70
 [<ffffffff811eadf7>] kobject_put+0x27/0x60
 [<ffffffff811db9b2>] put_disk+0x12/0x20
 [<ffffffffa022a3d1>] sg_device_destroy+0x51/0x70 [sg]
 [<ffffffffa022a380>] ? sg_device_destroy+0x0/0x70 [sg]
 [<ffffffff811ec737>] kref_put+0x37/0x70
 [<ffffffffa022a274>] sg_put_dev+0x14/0x20 [sg]
 [<ffffffffa022a376>] sg_remove+0xf6/0x100 [sg]
 [<ffffffff812a1ad1>] device_del+0xc1/0x1b0
 [<ffffffff812a1bd1>] device_unregister+0x11/0x20
 [<ffffffffa017adb5>] __scsi_remove_device+0xa5/0xc0 [scsi_mod]
 [<ffffffffa01798bc>] scsi_forget_host+0x5c/0x80 [scsi_mod]
 [<ffffffffa017047a>] scsi_remove_host+0x6a/0x120 [scsi_mod]
 [<ffffffffa04de332>] quiesce_and_remove_host+0x62/0xb0 [usb_storage]
 [<ffffffffa04de43d>] usb_stor_disconnect+0x1d/0x30 [usb_storage]
 [<ffffffffa0306bb5>] usb_unbind_interface+0x55/0x1a0 [usbcore]
 [<ffffffff812a4a60>] __device_release_driver+0x70/0xe0
 [<ffffffff812a4af8>] device_release_driver+0x28/0x40
 [<ffffffff812a4556>] bus_remove_device+0x76/0xa0
 [<ffffffff812a1b37>] device_del+0x127/0x1b0
 [<ffffffffa030474c>] usb_disable_device+0x6c/0x130 [usbcore]
 [<ffffffffa02fd0f5>] usb_disconnect+0x95/0x120 [usbcore]
 [<ffffffffa02fef5d>] hub_thread+0xaad/0x1200 [usbcore]
 [<ffffffff813931ed>] ? schedule+0x87d/0x9c0
 [<ffffffff81075af0>] ? autoremove_wake_function+0x0/0x40
 [<ffffffffa02fe4b0>] ? hub_thread+0x0/0x1200 [usbcore]
 [<ffffffff81075546>] kthread+0x96/0xa0
 [<ffffffff8100bd64>] kernel_thread_helper+0x4/0x10
 [<ffffffff810754b0>] ? kthread+0x0/0xa0
 [<ffffffff8100bd60>] ? kernel_thread_helper+0x0/0x10
Code: 1f 44 00 00 55 48 89 e5 48 83 ec 10 4c 89 64 24 08 48 89 1c 24 49 89 f4 48 8b 1f 48 85 db 48 89 17 74 38 48 c7 43 18 00 00 00 00 <48> 8b be a0 03 00 00 e8 8d 8e 1b 00 4c 89 e7 e8 b5 18 ff ff 49 
RIP  [<ffffffff811dca07>] disk_replace_part_tbl.clone.15+0x27/0x70
 RSP <ffff8801381559a0>
CR2: 00000000000003a0
---[ end trace 308505f4649cb883 ]---
ata1.00: configured for UDMA/100
ata1: EH complete
ata1.00: configured for UDMA/100
ata1: EH complete

Comment 3 Pawel Sikora 2010-12-28 22:09:27 UTC

works fine on 2.6.36.2.

Note You need to log in before you can comment on or make changes to this bug.