Bug 159086 - crash on USB device disconnect
Summary: crash on USB device disconnect
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL:
Whiteboard:
: 169137 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-29 06:03 UTC by Jan Kratochvil
Modified: 2015-01-04 22:19 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-10-04 15:44:59 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jan Kratochvil 2005-05-29 06:03:28 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Galeon/1.3.21

Description of problem:
Right after disconnecting USB audio:
Bus 002 Device 002: ID 0499:3105 Yamaha Corp.

the Linux kernel crashed. Machine was partially usable although the keyboard was no longer functionable and the machine failed shutdown.


Version-Release number of selected component (if applicable):
kernel-2.6.11-1.1363_FC4

How reproducible:
Didn't try

Steps to Reproduce:
1. Run mplayer using USB audio through /dev/dsp1 through ALSA.
2. Disconnect the audio (as it was silent that time; another bug).


Actual Results:  The following crash:
May 29 14:48:20 kashome kernel: usb 2-1: USB disconnect, address 2
May 29 14:48:23 kashome hal.hotplug[12110]: DEVPATH is not set (subsystem input)
May 29 14:48:49 kashome kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000
May 29 14:48:49 kashome kernel:  printing eip:
May 29 14:48:49 kashome kernel: c020e7de
May 29 14:48:49 kashome kernel: *pde = 00000000
May 29 14:48:49 kashome kernel: Oops: 0000 [#1]
May 29 14:48:49 kashome kernel: Modules linked in: iptable_mangle ipt_LOG ipt_conntrack ipt_REJECT iptable_filter iptable_nat ip_conntrack ip_tables softdog hangcheck_timer it87 eeprom i2c_sensor i2c_isa rfcomm l2cap md5 ipv6 hci_usb bluetooth snd_usb_audio snd_usb_lib vfat fat dm_mod uhci_hcd ehci_hcd i2c_viapro i2c_core snd_via82xx gameport snd_ac97_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore via_rhine mii tulip floppy ext3 jbd
May 29 14:48:49 kashome kernel: CPU:    0
May 29 14:48:49 kashome kernel: EIP:    0060:[<c020e7de>]    Not tainted VLI
May 29 14:48:49 kashome kernel: EFLAGS: 00010246   (2.6.11-1.1363_FC4)
May 29 14:48:49 kashome kernel: EIP is at get_kobj_path_length+0x19/0x31
May 29 14:48:49 kashome kernel: eax: 00000000   ebx: 00000000   ecx: ffffffff   edx: ffffffff
May 29 14:48:49 kashome kernel: esi: 00000001   edi: 00000000   ebp: df738ca0   esp: c14f4e04
May 29 14:48:49 kashome kernel: ds: 007b   es: 007b   ss: 0068
May 29 14:48:49 kashome kernel: Process events/0 (pid: 4, threadinfo=c14f4000 task=c1756aa0)
May 29 14:48:49 kashome kernel: Stack: 000000d0 df738c7c c154b6f8 df738ca0 c020e854 c154b6e0 df738c7c c154b6f8
May 29 14:48:49 kashome kernel:        ddfc68e8 c0288a76 c02d6a88 00000000 ffffffff ffffffff c03917d2 c14f4e74
May 29 14:48:49 kashome kernel:        c03917d3 c154b6e0 00000000 00000000 c154b6e0 c03e5440 df738c58 c0288a42
May 29 14:48:49 kashome kernel: Call Trace:
May 29 14:48:49 kashome kernel:  [<c020e854>] kobject_get_path+0xd/0x48
May 29 14:48:49 kashome kernel:  [<c0288a76>] class_hotplug+0x34/0x1d1
May 29 14:48:49 kashome kernel:  [<c02d6a88>] usb_destroy_configuration+0x4f/0x115
May 29 14:48:49 kashome kernel:  [<c0288a42>] class_hotplug+0x0/0x1d1
May 29 14:48:49 kashome kernel:  [<c020f554>] kobject_hotplug+0x1a8/0x396
May 29 14:48:49 kashome kernel:  [<c020ede7>] kobject_release+0x0/0x8
May 29 14:48:49 kashome kernel:  [<c020f832>] kref_put+0x24/0x82
May 29 14:48:49 kashome kernel:  [<c01aac2c>] simple_unlink+0x3e/0x47
May 29 14:48:49 kashome kernel:  [<c0288f50>] class_device_del+0xa6/0xc7
May 29 14:48:49 kashome kernel:  [<c0288f79>] class_device_unregister+0x8/0x10
May 29 14:48:49 kashome kernel:  [<e08c43f7>] snd_unregister_device+0x6a/0xb0 [snd]
May 29 14:48:49 kashome kernel:  [<e09058ab>] snd_pcm_dev_unregister+0x63/0xea [snd_pcm]
May 29 14:48:49 kashome kernel:  [<e08c960f>] snd_device_free+0x90/0xa2 [snd]
May 29 14:48:49 kashome kernel:  [<e08c97b3>] snd_device_free_all+0x49/0x52 [snd]
May 29 14:48:49 kashome kernel:  [<e08c4e8c>] snd_card_free+0x10c/0x1cc [snd]
May 29 14:48:49 kashome kernel:  [<c0140052>] autoremove_wake_function+0x0/0x37
May 29 14:48:49 kashome kernel:  [<e08c4f6f>] snd_card_free_thread+0x23/0x5e [snd]
May 29 14:48:49 kashome kernel:  [<c0138e82>] worker_thread+0x198/0x457
May 29 14:48:49 kashome kernel:  [<c0372d7d>] schedule+0x31d/0x7b3
May 29 14:48:49 kashome kernel:  [<c011be46>] __wake_up_common+0x39/0x59
May 29 14:48:49 kashome kernel:  [<e08c4f4c>] snd_card_free_thread+0x0/0x5e [snd]
May 29 14:48:49 kashome kernel:  [<c011be01>] default_wake_function+0x0/0xc
May 29 14:48:49 kashome kernel:  [<c0138cea>] worker_thread+0x0/0x457
May 29 14:48:49 kashome kernel:  [<c013f50b>] kthread+0x87/0x8b
May 29 14:48:49 kashome kernel:  [<c013f484>] kthread+0x0/0x8b
May 29 14:48:49 kashome kernel:  [<c01012ad>] kernel_thread_helper+0x5/0xb
May 29 14:48:49 kashome kernel: Code: 89 c6 85 c0 74 ee 89 d8 e8 67 0a fc ff 89 f0 5b 5e c3 55 57 56 53 89 c5 be 01 00 00 00 31 db ba ff ff ff ff 8b 7d 00 89 d1 89 d8 <f2> ae f7 d1 49 01 f1 8d 71 01 8b 6d 24 85 ed 75 e8 89 f0 5b 5e


Expected Results:  Error message(s) from mplayer, no kernel crash.


Additional info:

Comment 1 Brian Millett 2005-09-22 17:21:45 UTC
I also with rawhide latest (9/22/2005) get an oops with a usb device removal. 
This is for a usbdisk:

kernel-2.6.13-1.1567_FC5

Kernel trace:
Sep 22 12:12:49 localhost kernel: usb 1-1: USB disconnect, address 3
Sep 22 12:12:49 localhost kernel: Unable to handle kernel paging request at
virtual address 6b6b6bb3
Sep 22 12:12:49 localhost kernel:  printing eip:
Sep 22 12:12:49 localhost kernel: dff35804
Sep 22 12:12:49 localhost kernel: *pde = 00000000
Sep 22 12:12:49 localhost kernel: Oops: 0002 [#1]
Sep 22 12:12:49 localhost kernel: Modules linked in: vfat fat sd_mod usb_storage
scsi_mod i915 drm loop lp autofs4 rfcomm l2cap bluetooth sunrpc dm_mirror dm_mod
video button battery ac uhci_hcd ehci_hcd parport_pc parport hw_random tpm_nsc
tpm i2c_i801 i2c_core snd_intel8x0m snd_intel8x0 snd_ac97_codec snd_ac97_bus
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc hostap_pci hostap
ieee80211_crypt 8139too mii ext3 jbd
Sep 22 12:12:49 localhost kernel: CPU:    0
Sep 22 12:12:49 localhost kernel: EIP:    0060:[<dff35804>]    Not tainted VLI
Sep 22 12:12:49 localhost kernel: EFLAGS: 00010286   (2.6.13-1.1567_FC5)
Sep 22 12:12:49 localhost kernel: EIP is at scsi_remove_device+0x2c/0x38 [scsi_mod]
Sep 22 12:12:49 localhost kernel: eax: 00000001   ebx: d31f6d60   ecx: 00000000
  edx: 6b6b6b6b
Sep 22 12:12:49 localhost kernel: esi: cd384d38   edi: cd384d38   ebp: ddd07248
  esp: c156ee84
Sep 22 12:12:49 localhost kernel: ds: 007b   es: 007b   ss: 0068
Sep 22 12:12:49 localhost kernel: Process khubd (pid: 98, threadinfo=c156e000
task=deeba030)
Sep 22 12:12:49 localhost kernel: Stack: d31f6d60 cd384d30 dff3588f ddd07248
cd384d3c cd384d38 cd384d40 dff34a09
Sep 22 12:12:49 localhost fstab-sync[8703]: removed mount point /media/usbdisk
for /dev/sda1
Sep 22 12:12:49 localhost kernel:        cd384d38 dfe72ac0 dfe72ae0 dd4546c8
dff2d3a2 cd385020 dfe72ac0 dfe6383b
Sep 22 12:12:49 localhost kernel:        dc7012c8 c0286d65 dc701384 dc7012dc
c023e5da dc7012dc dd45473c 00000000
Sep 22 12:12:49 localhost kernel: Call Trace:
Sep 22 12:12:49 localhost kernel:  [<dff3588f>] __scsi_remove_target+0x7f/0xb6
[scsi_mod]
Sep 22 12:12:49 localhost kernel:  [<dff34a09>] scsi_forget_host+0x37/0x5c
[scsi_mod]
Sep 22 12:12:49 localhost kernel:  [<dff2d3a2>] scsi_remove_host+0x3d/0x7a
[scsi_mod]
Sep 22 12:12:49 localhost kernel:  [<dfe6383b>] storage_disconnect+0xe/0x16
[usb_storage]
Sep 22 12:12:49 localhost kernel:  [<c0286d65>] usb_unbind_interface+0x34/0x60
Sep 22 12:12:49 localhost kernel:  [<c023e5da>] __device_release_driver+0x4c/0x64
Sep 22 12:12:49 localhost kernel:  [<c023e61c>] device_release_driver+0x2a/0x38
Sep 22 12:12:49 localhost kernel:  [<c023df74>] bus_remove_device+0x4f/0x5d
Sep 22 12:12:49 localhost kernel:  [<c023d2b3>] device_del+0x2b/0x5b
Sep 22 12:12:49 localhost kernel:  [<c028de8a>] usb_disable_device+0xbb/0x108
Sep 22 12:12:49 localhost kernel:  [<c0289078>] usb_disconnect+0xaa/0x14c
Sep 22 12:12:49 localhost kernel:  [<c0289efa>] hub_port_connect_change+0x51/0x393
Sep 22 12:12:49 localhost kernel:  [<c028a4b3>] hub_events+0x277/0x3bc
Sep 22 12:12:49 localhost kernel:  [<c028a5f8>] hub_thread+0x0/0xe5
Sep 22 12:12:49 localhost kernel:  [<c028a60c>] hub_thread+0x14/0xe5
Sep 22 12:12:49 localhost kernel:  [<c012dd16>] autoremove_wake_function+0x0/0x37
Sep 22 12:12:49 localhost kernel:  [<c012d8fb>] kthread+0x87/0x8b
Sep 22 12:12:49 localhost kernel:  [<c012d874>] kthread+0x0/0x8b
Sep 22 12:12:49 localhost kernel:  [<c01012fd>] kernel_thread_helper+0x5/0xb
Sep 22 12:12:49 localhost kernel: Code: 53 89 c3 8b 30 ba 66 00 00 00 b8 05 ac
f3 df e8 e5 2f 1e e0 e8 4c 66 3e e0 ff 4e 48 0f 88 a4 03 00 00 89 d8 e8 73 ff ff
ff 8b 13 <ff> 42 48 0f 8e 9f 03 00 00 5b 5e c3 55 57 56 53 89 c5 8b 98 b8
S

Comment 2 Dave Jones 2005-09-23 19:36:09 UTC
should be fixed in -git3, which is building right now. Tomorrows rawhide should
have this fixed.


Comment 3 Dave Jones 2005-09-23 19:40:24 UTC
*** Bug 169137 has been marked as a duplicate of this bug. ***

Comment 4 Tom London 2005-09-24 20:04:11 UTC
Sorry, but no joy.

I'm running 2.6.13-1.1574_FC5 and still getting this problem.

Actually, no problem disconnecting a USB drive, but disconnecting an iPod generated:

Sep 24 13:00:47 localhost kernel: usb 1-1: USB disconnect, address 4
Sep 24 13:00:47 localhost kernel: Unable to handle kernel paging request at
virtual address 6b6b6bb3
Sep 24 13:00:47 localhost kernel:  printing eip:
Sep 24 13:00:47 localhost kernel: f8aa6804
Sep 24 13:00:47 localhost kernel: *pde = 00000000
Sep 24 13:00:47 localhost kernel: Oops: 0002 [#1]
Sep 24 13:00:47 localhost kernel: Modules linked in: vfat fat vmnet(U)
parport_pc vmmon(U) loop ppdev lp autofs4 sunrpc ipt_REJECT ipt_state
ip_conntrack nfnetlink iptable_filter ip_tables video toshiba_acpi button
battery ac sd_mod ohci1394 ieee1394 usb_storage scsi_mod uhci_hcd ehci_hcd
parport hw_random tpm_nsc tpm i2c_i801 i2c_core snd_intel8x0m snd_intel8x0
snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore
snd_page_alloc ipw2200 ieee80211 ieee80211_crypt e1000 dm_snapshot dm_zero
dm_mirror ext3 jbd dm_mod
Sep 24 13:00:47 localhost kernel: CPU:    0
Sep 24 13:00:47 localhost kernel: EIP:    0060:[<f8aa6804>]    Tainted: P      VLI
Sep 24 13:00:47 localhost kernel: EFLAGS: 00010286   (2.6.13-1.1574_FC5)
Sep 24 13:00:47 localhost kernel: EIP is at scsi_remove_device+0x2c/0x38 [scsi_mod]
Sep 24 13:00:47 localhost kernel: eax: 00000001   ebx: f07da23c   ecx: 00000000
  edx: 6b6b6b6b
Sep 24 13:00:47 localhost kernel: esi: ecdd6e38   edi: ecdd6e38   ebp: f3f4daf8
  esp: f7e9ce84
Sep 24 13:00:47 localhost kernel: ds: 007b   es: 007b   ss: 0068
Sep 24 13:00:47 localhost kernel: Process khubd (pid: 127, threadinfo=f7e9c000
task=f7fda030)
Sep 24 13:00:47 localhost kernel: Stack: badc0ded f07da23c ecdd6e30 f8aa688f
f3f4daf8 ecdd6e3c ecdd6e38 ecdd6e40
Sep 24 13:00:47 localhost kernel:        f8aa5a09 ecdd6e38 f8ad1ac0 f8ad1ae0
e213ea94 f8a9e3a2 ecdd7120 f8ad1ac0
Sep 24 13:00:47 localhost kernel:        f8ac283b ee02413c c028d845 ee0241f8
ee024150 c02450ba ee024150 e213eb08
Sep 24 13:00:47 localhost kernel: Call Trace:
Sep 24 13:00:47 localhost kernel:  [<f8aa688f>] __scsi_remove_target+0x7f/0xb6
[scsi_mod]
Sep 24 13:00:47 localhost kernel:  [<f8aa5a09>] scsi_forget_host+0x37/0x5c
[scsi_mod]
Sep 24 13:00:47 localhost kernel:  [<f8a9e3a2>] scsi_remove_host+0x3d/0x7a
[scsi_mod]
Sep 24 13:00:47 localhost kernel:  [<f8ac283b>] storage_disconnect+0xe/0x16
[usb_storage]
Sep 24 13:00:47 localhost kernel:  [<c028d845>] usb_unbind_interface+0x34/0x60
Sep 24 13:00:47 localhost kernel:  [<c02450ba>] __device_release_driver+0x4c/0x64
Sep 24 13:00:47 localhost kernel:  [<c02450fc>] device_release_driver+0x2a/0x38
Sep 24 13:00:47 localhost kernel:  [<c0244a54>] bus_remove_device+0x4f/0x5d
Sep 24 13:00:47 localhost kernel:  [<c0243d93>] device_del+0x2b/0x5b
Sep 24 13:00:47 localhost kernel:  [<c029496a>] usb_disable_device+0xbb/0x108
Sep 24 13:00:47 localhost kernel:  [<c028fb58>] usb_disconnect+0xaa/0x14c
Sep 24 13:00:47 localhost kernel:  [<c02909da>] hub_port_connect_change+0x51/0x393
Sep 24 13:00:47 localhost kernel:  [<c0290f93>] hub_events+0x277/0x3bc
Sep 24 13:00:47 localhost kernel:  [<c02910d8>] hub_thread+0x0/0xe5
Sep 24 13:00:47 localhost kernel:  [<c02910ec>] hub_thread+0x14/0xe5
Sep 24 13:00:47 localhost kernel:  [<c0132df6>] autoremove_wake_function+0x0/0x37
Sep 24 13:00:47 localhost kernel:  [<c01329db>] kthread+0x87/0x8b
Sep 24 13:00:47 localhost kernel:  [<c0132954>] kthread+0x0/0x8b
Sep 24 13:00:47 localhost kernel:  [<c01012fd>] kernel_thread_helper+0x5/0xb
Sep 24 13:00:47 localhost kernel: Code: 53 89 c3 8b 30 ba 66 00 00 00 b8 05 bc
aa f8 e8 ba 70 67 c7 e8 ec c1 87 c7 ff 4e 48 0f 88 a4 03 00 00 89 d8 e8 73 ff ff
ff 8b 13 <ff> 42 48 0f 8e 9f 03 00 00 5b 5e c3 55 57 56 53 89 c5 8b 98 b8


Comment 5 Tom London 2005-09-27 15:06:52 UTC
Same Oops in 2.6.13-1.1578_FC5

Comment 6 Dave Jones 2005-10-04 08:15:59 UTC
should be fixed now, confirm ?

Comment 7 Brian Millett 2005-10-04 10:11:16 UTC
Well, seems to be ok here now with 2.6.13-1.1589_FC5.  No oops.  Can mount,
umount, then remove without any error.


Comment 8 Tom London 2005-10-04 13:50:43 UTC
Works for me.....


Note You need to log in before you can comment on or make changes to this bug.