Bug 143870

Summary: 2.6.9-1.715_FC3 oops at USB pen drive detachment
Product: [Fedora] Fedora Reporter: Davide Rossetti <davide.rossetti>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: pfrields, wtogami, zaitcev
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-30 00:52:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
/proc/pci
none
dmesg
none
cat /proc/cpuinfo
none
Oopss with newer kernel none

Description Davide Rossetti 2004-12-30 14:27:30 UTC 
Description of problem:

inserted a USB pen drive. used it. detached it. oops.

Version-Release number of selected component (if applicable):
kernel-2.6.9-1.715_FC3 i686

PC is a Dell Precision 340. P4 1.7GHz 512MB i850.

USB pen drive is a low cost one: PEAK 256MB USB2.0

I'll attach /proc/pci, /proc/cpuinfo and dmesg
Comment 1 Davide Rossetti 2004-12-30 14:28:20 UTC 
Created attachment 109181 [details]
/proc/pci
Comment 2 Davide Rossetti 2004-12-30 14:28:49 UTC 
Created attachment 109182 [details]
dmesg
Comment 3 Davide Rossetti 2004-12-30 14:29:21 UTC 
Created attachment 109183 [details]
cat /proc/cpuinfo
Comment 4 Davide Rossetti 2004-12-30 14:30:47 UTC 
after this oops the usb subsystem seems to be gone:
rossetti  3208  0.0  0.1  3344  584 pts/5    D+   15:22   0:00 lsusb
rossetti  3767  0.0  0.0  5200  404 pts/6    D+   15:29   0:00 cat
/proc/bus/usb/devices
Comment 5 Dave Jones 2005-01-02 05:19:57 UTC 
can you try the latest from http://people.redhat.com/davej/kernels/Fedora/FC3/

There's a scsi refcount bugfix that should have fixed this issue.
Comment 6 Davide Rossetti 2005-01-03 14:44:09 UTC 
Created attachment 109258 [details]
Oopss with newer kernel
Comment 7 Davide Rossetti 2005-01-03 14:47:45 UTC 
sorry, the attachment is from the pen connection, so only a kobject_register()
WARN, not a Oops as reported in the comment.
Now if I disconnect the pen I get the Oopps:

Unable to handle kernel NULL pointer dereference at virtual address 00000064
 printing eip:
c01a342e
*pde = 1a7de067
Oops: 0000 [#1]
Modules linked in: usb_storage nfs nfsd exportfs lockd md5 ipv6 parport_pc lp
parport autofs4 sunrpc dm_mod button bat
tery ac joydev uhci_hcd snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd_page_alloc gamepor
t snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore 3c59x floppy ext3 jbd
aic7xxx sd_mod scsi_mod
CPU:    0
EIP:    0060:[<c01a342e>]    Not tainted VLI
EFLAGS: 00010246   (2.6.9-1.724_FC3)
EIP is at sysfs_remove_dir+0x1e/0x101
eax: cc8ed290   ebx: cc8ed290   ecx: c6fe5000   edx: 00000050
esi: d3b977c0   edi: 00000000   ebp: df7019e0   esp: dfcf7e64
ds: 007b   es: 007b   ss: 0068
Process khubd (pid: 23, threadinfo=dfcf7000 task=dfcfd220)
Stack: 00000050 cc8ed290 d3b977c0 00000001 df7019e0 c01d2e1a cc8ed290 c01d2e2a
       d1c8f600 c01a0569 d9629db4 d9629db4 e0869d75 d9629db4 e086c004 c02385af
       e083ae20 e083ae6c c023878b d9629db4 c03606a8 d1c8f404 c0237a9b d9629db4
Call Trace:
 [<c01d2e1a>] kobject_del+0x16/0x1e
 [<c01d2e2a>] kobject_unregister+0x8/0x10
 [<c01a0569>] del_gendisk+0x1e/0xa9
 [<e0869d75>] sd_remove+0xf/0x5f [sd_mod]
 [<c02385af>] device_release_driver+0x3c/0x46
 [<c023878b>] bus_remove_device+0x5c/0x95
 [<c0237a9b>] device_del+0x6d/0x8e
 [<e0827231>] scsi_remove_device+0x67/0xb0 [scsi_mod]
 [<e08266c9>] scsi_forget_host+0xc6/0x19c [scsi_mod]
 [<e081f817>] scsi_remove_host+0x8/0x5c [scsi_mod]
 [<e0a7fd7f>] storage_disconnect+0x62/0x71 [usb_storage]
 [<c0271189>] usb_unbind_interface+0x2c/0x50
 [<c02385af>] device_release_driver+0x3c/0x46
 [<c023878b>] bus_remove_device+0x5c/0x95
 [<c0237a9b>] device_del+0x6d/0x8e
 [<c0277df6>] usb_disable_device+0x5d/0xc5
 [<c02732a5>] usb_disconnect+0xc2/0x206
 [<c0273d74>] hub_port_connect_change+0x5b/0x4a7
 [<c02744f1>] hub_events+0x331/0x3e2
 [<c02745a2>] hub_thread+0x0/0xe4
 [<c02745c0>] hub_thread+0x1e/0xe4
 [<c011cc48>] autoremove_wake_function+0x0/0x2d
 [<c02745a2>] hub_thread+0x0/0xe4
 [<c011cc48>] autoremove_wake_function+0x0/0x2d
 [<c01041d9>] kernel_thread_helper+0x5/0xb
Code: f8 5f 5d e9 49 57 fd ff e9 34 ff ff ff 55 57 56 53 52 8b 78 30 85 ff 74 10
8b 07 85 c0 75 08 0f 0b 1a 01 93 7c 3
0 c0 ff 07 85 ff <8b> 6f 64 0f 84 d4 00 00 00 8b 77 20 31 c9 ba 6b 00 00 00 b8 cc
Comment 8 Davide Rossetti 2005-01-03 16:44:16 UTC 
the errno returned by kobject_register is:
#define	EEXIST		17	/* File exists */
so there is something strange in the kobj string.

I'm rebuild this very kernel with removed #undef DEBUG in kobject.c.

of course the fact that add_partition() doesn't check kobject_register for
errors does not help :)

	p->kobj.parent = &disk->kobj;
	p->kobj.ktype = &ktype_part;
	kobject_register(&p->kobj);
	disk->part[part-1] = p;
Comment 9 Dave Jones 2005-07-15 18:05:29 UTC 
An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.
Comment 10 Davide Rossetti 2005-07-18 12:25:49 UTC 
The problem has been solved. thanks a lot.