143870 – 2.6.9-1.715_FC3 oops at USB pen drive detachment

Bug 143870 - 2.6.9-1.715_FC3 oops at USB pen drive detachment

Summary: 2.6.9-1.715_FC3 oops at USB pen drive detachment

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	3
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Dave Jones
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-12-30 14:27 UTC by Davide Rossetti
Modified:	2015-01-04 22:14 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2005-07-30 00:52:44 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
/proc/pci (2.14 KB, text/plain) 2004-12-30 14:28 UTC, Davide Rossetti	no flags	Details
dmesg (15.13 KB, text/plain) 2004-12-30 14:28 UTC, Davide Rossetti	no flags	Details
cat /proc/cpuinfo (420 bytes, text/plain) 2004-12-30 14:29 UTC, Davide Rossetti	no flags	Details
Oopss with newer kernel (4.71 KB, text/plain) 2005-01-03 14:44 UTC, Davide Rossetti	no flags	Details
View All

Description Davide Rossetti 2004-12-30 14:27:30 UTC

Description of problem:

inserted a USB pen drive. used it. detached it. oops.

Version-Release number of selected component (if applicable):
kernel-2.6.9-1.715_FC3 i686

PC is a Dell Precision 340. P4 1.7GHz 512MB i850.

USB pen drive is a low cost one: PEAK 256MB USB2.0

I'll attach /proc/pci, /proc/cpuinfo and dmesg

Comment 1 Davide Rossetti 2004-12-30 14:28:20 UTC

Created attachment 109181 [details]
/proc/pci

Comment 2 Davide Rossetti 2004-12-30 14:28:49 UTC

Created attachment 109182 [details]
dmesg

Comment 3 Davide Rossetti 2004-12-30 14:29:21 UTC

Created attachment 109183 [details]
cat /proc/cpuinfo

Comment 4 Davide Rossetti 2004-12-30 14:30:47 UTC

after this oops the usb subsystem seems to be gone:
rossetti  3208  0.0  0.1  3344  584 pts/5    D+   15:22   0:00 lsusb
rossetti  3767  0.0  0.0  5200  404 pts/6    D+   15:29   0:00 cat
/proc/bus/usb/devices

Comment 5 Dave Jones 2005-01-02 05:19:57 UTC

can you try the latest from http://people.redhat.com/davej/kernels/Fedora/FC3/

There's a scsi refcount bugfix that should have fixed this issue.

Comment 6 Davide Rossetti 2005-01-03 14:44:09 UTC

Created attachment 109258 [details]
Oopss with newer kernel

Comment 7 Davide Rossetti 2005-01-03 14:47:45 UTC

sorry, the attachment is from the pen connection, so only a kobject_register()
WARN, not a Oops as reported in the comment.
Now if I disconnect the pen I get the Oopps:

Unable to handle kernel NULL pointer dereference at virtual address 00000064
 printing eip:
c01a342e
*pde = 1a7de067
Oops: 0000 [#1]
Modules linked in: usb_storage nfs nfsd exportfs lockd md5 ipv6 parport_pc lp
parport autofs4 sunrpc dm_mod button bat
tery ac joydev uhci_hcd snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd_page_alloc gamepor
t snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore 3c59x floppy ext3 jbd
aic7xxx sd_mod scsi_mod
CPU:    0
EIP:    0060:[<c01a342e>]    Not tainted VLI
EFLAGS: 00010246   (2.6.9-1.724_FC3)
EIP is at sysfs_remove_dir+0x1e/0x101
eax: cc8ed290   ebx: cc8ed290   ecx: c6fe5000   edx: 00000050
esi: d3b977c0   edi: 00000000   ebp: df7019e0   esp: dfcf7e64
ds: 007b   es: 007b   ss: 0068
Process khubd (pid: 23, threadinfo=dfcf7000 task=dfcfd220)
Stack: 00000050 cc8ed290 d3b977c0 00000001 df7019e0 c01d2e1a cc8ed290 c01d2e2a
       d1c8f600 c01a0569 d9629db4 d9629db4 e0869d75 d9629db4 e086c004 c02385af
       e083ae20 e083ae6c c023878b d9629db4 c03606a8 d1c8f404 c0237a9b d9629db4
Call Trace:
 [<c01d2e1a>] kobject_del+0x16/0x1e
 [<c01d2e2a>] kobject_unregister+0x8/0x10
 [<c01a0569>] del_gendisk+0x1e/0xa9
 [<e0869d75>] sd_remove+0xf/0x5f [sd_mod]
 [<c02385af>] device_release_driver+0x3c/0x46
 [<c023878b>] bus_remove_device+0x5c/0x95
 [<c0237a9b>] device_del+0x6d/0x8e
 [<e0827231>] scsi_remove_device+0x67/0xb0 [scsi_mod]
 [<e08266c9>] scsi_forget_host+0xc6/0x19c [scsi_mod]
 [<e081f817>] scsi_remove_host+0x8/0x5c [scsi_mod]
 [<e0a7fd7f>] storage_disconnect+0x62/0x71 [usb_storage]
 [<c0271189>] usb_unbind_interface+0x2c/0x50
 [<c02385af>] device_release_driver+0x3c/0x46
 [<c023878b>] bus_remove_device+0x5c/0x95
 [<c0237a9b>] device_del+0x6d/0x8e
 [<c0277df6>] usb_disable_device+0x5d/0xc5
 [<c02732a5>] usb_disconnect+0xc2/0x206
 [<c0273d74>] hub_port_connect_change+0x5b/0x4a7
 [<c02744f1>] hub_events+0x331/0x3e2
 [<c02745a2>] hub_thread+0x0/0xe4
 [<c02745c0>] hub_thread+0x1e/0xe4
 [<c011cc48>] autoremove_wake_function+0x0/0x2d
 [<c02745a2>] hub_thread+0x0/0xe4
 [<c011cc48>] autoremove_wake_function+0x0/0x2d
 [<c01041d9>] kernel_thread_helper+0x5/0xb
Code: f8 5f 5d e9 49 57 fd ff e9 34 ff ff ff 55 57 56 53 52 8b 78 30 85 ff 74 10
8b 07 85 c0 75 08 0f 0b 1a 01 93 7c 3
0 c0 ff 07 85 ff <8b> 6f 64 0f 84 d4 00 00 00 8b 77 20 31 c9 ba 6b 00 00 00 b8 cc

Comment 8 Davide Rossetti 2005-01-03 16:44:16 UTC

the errno returned by kobject_register is:
#define	EEXIST		17	/* File exists */
so there is something strange in the kobj string.

I'm rebuild this very kernel with removed #undef DEBUG in kobject.c.

of course the fact that add_partition() doesn't check kobject_register for
errors does not help :)

	p->kobj.parent = &disk->kobj;
	p->kobj.ktype = &ktype_part;
	kobject_register(&p->kobj);
	disk->part[part-1] = p;

Comment 9 Dave Jones 2005-07-15 18:05:29 UTC

An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.

Comment 10 Davide Rossetti 2005-07-18 12:25:49 UTC

The problem has been solved. thanks a lot.

Note You need to log in before you can comment on or make changes to this bug.