Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 159086 - crash on USB device disconnect
Summary: crash on USB device disconnect
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL:
Whiteboard:
: 169137 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-29 06:03 UTC by Jan Kratochvil
Modified: 2015-01-04 22:19 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-10-04 15:44:59 UTC


Attachments (Terms of Use)

Description Jan Kratochvil 2005-05-29 06:03:28 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Galeon/1.3.21

Description of problem:
Right after disconnecting USB audio:
Bus 002 Device 002: ID 0499:3105 Yamaha Corp.

the Linux kernel crashed. Machine was partially usable although the keyboard was no longer functionable and the machine failed shutdown.


Version-Release number of selected component (if applicable):
kernel-2.6.11-1.1363_FC4

How reproducible:
Didn't try

Steps to Reproduce:
1. Run mplayer using USB audio through /dev/dsp1 through ALSA.
2. Disconnect the audio (as it was silent that time; another bug).


Actual Results:  The following crash:
May 29 14:48:20 kashome kernel: usb 2-1: USB disconnect, address 2
May 29 14:48:23 kashome hal.hotplug[12110]: DEVPATH is not set (subsystem input)
May 29 14:48:49 kashome kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000
May 29 14:48:49 kashome kernel:  printing eip:
May 29 14:48:49 kashome kernel: c020e7de
May 29 14:48:49 kashome kernel: *pde = 00000000
May 29 14:48:49 kashome kernel: Oops: 0000 [#1]
May 29 14:48:49 kashome kernel: Modules linked in: iptable_mangle ipt_LOG ipt_conntrack ipt_REJECT iptable_filter iptable_nat ip_conntrack ip_tables softdog hangcheck_timer it87 eeprom i2c_sensor i2c_isa rfcomm l2cap md5 ipv6 hci_usb bluetooth snd_usb_audio snd_usb_lib vfat fat dm_mod uhci_hcd ehci_hcd i2c_viapro i2c_core snd_via82xx gameport snd_ac97_codec snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore via_rhine mii tulip floppy ext3 jbd
May 29 14:48:49 kashome kernel: CPU:    0
May 29 14:48:49 kashome kernel: EIP:    0060:[<c020e7de>]    Not tainted VLI
May 29 14:48:49 kashome kernel: EFLAGS: 00010246   (2.6.11-1.1363_FC4)
May 29 14:48:49 kashome kernel: EIP is at get_kobj_path_length+0x19/0x31
May 29 14:48:49 kashome kernel: eax: 00000000   ebx: 00000000   ecx: ffffffff   edx: ffffffff
May 29 14:48:49 kashome kernel: esi: 00000001   edi: 00000000   ebp: df738ca0   esp: c14f4e04
May 29 14:48:49 kashome kernel: ds: 007b   es: 007b   ss: 0068
May 29 14:48:49 kashome kernel: Process events/0 (pid: 4, threadinfo=c14f4000 task=c1756aa0)
May 29 14:48:49 kashome kernel: Stack: 000000d0 df738c7c c154b6f8 df738ca0 c020e854 c154b6e0 df738c7c c154b6f8
May 29 14:48:49 kashome kernel:        ddfc68e8 c0288a76 c02d6a88 00000000 ffffffff ffffffff c03917d2 c14f4e74
May 29 14:48:49 kashome kernel:        c03917d3 c154b6e0 00000000 00000000 c154b6e0 c03e5440 df738c58 c0288a42
May 29 14:48:49 kashome kernel: Call Trace:
May 29 14:48:49 kashome kernel:  [<c020e854>] kobject_get_path+0xd/0x48
May 29 14:48:49 kashome kernel:  [<c0288a76>] class_hotplug+0x34/0x1d1
May 29 14:48:49 kashome kernel:  [<c02d6a88>] usb_destroy_configuration+0x4f/0x115
May 29 14:48:49 kashome kernel:  [<c0288a42>] class_hotplug+0x0/0x1d1
May 29 14:48:49 kashome kernel:  [<c020f554>] kobject_hotplug+0x1a8/0x396
May 29 14:48:49 kashome kernel:  [<c020ede7>] kobject_release+0x0/0x8
May 29 14:48:49 kashome kernel:  [<c020f832>] kref_put+0x24/0x82
May 29 14:48:49 kashome kernel:  [<c01aac2c>] simple_unlink+0x3e/0x47
May 29 14:48:49 kashome kernel:  [<c0288f50>] class_device_del+0xa6/0xc7
May 29 14:48:49 kashome kernel:  [<c0288f79>] class_device_unregister+0x8/0x10
May 29 14:48:49 kashome kernel:  [<e08c43f7>] snd_unregister_device+0x6a/0xb0 [snd]
May 29 14:48:49 kashome kernel:  [<e09058ab>] snd_pcm_dev_unregister+0x63/0xea [snd_pcm]
May 29 14:48:49 kashome kernel:  [<e08c960f>] snd_device_free+0x90/0xa2 [snd]
May 29 14:48:49 kashome kernel:  [<e08c97b3>] snd_device_free_all+0x49/0x52 [snd]
May 29 14:48:49 kashome kernel:  [<e08c4e8c>] snd_card_free+0x10c/0x1cc [snd]
May 29 14:48:49 kashome kernel:  [<c0140052>] autoremove_wake_function+0x0/0x37
May 29 14:48:49 kashome kernel:  [<e08c4f6f>] snd_card_free_thread+0x23/0x5e [snd]
May 29 14:48:49 kashome kernel:  [<c0138e82>] worker_thread+0x198/0x457
May 29 14:48:49 kashome kernel:  [<c0372d7d>] schedule+0x31d/0x7b3
May 29 14:48:49 kashome kernel:  [<c011be46>] __wake_up_common+0x39/0x59
May 29 14:48:49 kashome kernel:  [<e08c4f4c>] snd_card_free_thread+0x0/0x5e [snd]
May 29 14:48:49 kashome kernel:  [<c011be01>] default_wake_function+0x0/0xc
May 29 14:48:49 kashome kernel:  [<c0138cea>] worker_thread+0x0/0x457
May 29 14:48:49 kashome kernel:  [<c013f50b>] kthread+0x87/0x8b
May 29 14:48:49 kashome kernel:  [<c013f484>] kthread+0x0/0x8b
May 29 14:48:49 kashome kernel:  [<c01012ad>] kernel_thread_helper+0x5/0xb
May 29 14:48:49 kashome kernel: Code: 89 c6 85 c0 74 ee 89 d8 e8 67 0a fc ff 89 f0 5b 5e c3 55 57 56 53 89 c5 be 01 00 00 00 31 db ba ff ff ff ff 8b 7d 00 89 d1 89 d8 <f2> ae f7 d1 49 01 f1 8d 71 01 8b 6d 24 85 ed 75 e8 89 f0 5b 5e


Expected Results:  Error message(s) from mplayer, no kernel crash.


Additional info:

Comment 1 Brian Millett 2005-09-22 17:21:45 UTC
I also with rawhide latest (9/22/2005) get an oops with a usb device removal. 
This is for a usbdisk:

kernel-2.6.13-1.1567_FC5

Kernel trace:
Sep 22 12:12:49 localhost kernel: usb 1-1: USB disconnect, address 3
Sep 22 12:12:49 localhost kernel: Unable to handle kernel paging request at
virtual address 6b6b6bb3
Sep 22 12:12:49 localhost kernel:  printing eip:
Sep 22 12:12:49 localhost kernel: dff35804
Sep 22 12:12:49 localhost kernel: *pde = 00000000
Sep 22 12:12:49 localhost kernel: Oops: 0002 [#1]
Sep 22 12:12:49 localhost kernel: Modules linked in: vfat fat sd_mod usb_storage
scsi_mod i915 drm loop lp autofs4 rfcomm l2cap bluetooth sunrpc dm_mirror dm_mod
video button battery ac uhci_hcd ehci_hcd parport_pc parport hw_random tpm_nsc
tpm i2c_i801 i2c_core snd_intel8x0m snd_intel8x0 snd_ac97_codec snd_ac97_bus
snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc hostap_pci hostap
ieee80211_crypt 8139too mii ext3 jbd
Sep 22 12:12:49 localhost kernel: CPU:    0
Sep 22 12:12:49 localhost kernel: EIP:    0060:[<dff35804>]    Not tainted VLI
Sep 22 12:12:49 localhost kernel: EFLAGS: 00010286   (2.6.13-1.1567_FC5)
Sep 22 12:12:49 localhost kernel: EIP is at scsi_remove_device+0x2c/0x38 [scsi_mod]
Sep 22 12:12:49 localhost kernel: eax: 00000001   ebx: d31f6d60   ecx: 00000000
  edx: 6b6b6b6b
Sep 22 12:12:49 localhost kernel: esi: cd384d38   edi: cd384d38   ebp: ddd07248
  esp: c156ee84
Sep 22 12:12:49 localhost kernel: ds: 007b   es: 007b   ss: 0068
Sep 22 12:12:49 localhost kernel: Process khubd (pid: 98, threadinfo=c156e000
task=deeba030)
Sep 22 12:12:49 localhost kernel: Stack: d31f6d60 cd384d30 dff3588f ddd07248
cd384d3c cd384d38 cd384d40 dff34a09
Sep 22 12:12:49 localhost fstab-sync[8703]: removed mount point /media/usbdisk
for /dev/sda1
Sep 22 12:12:49 localhost kernel:        cd384d38 dfe72ac0 dfe72ae0 dd4546c8
dff2d3a2 cd385020 dfe72ac0 dfe6383b
Sep 22 12:12:49 localhost kernel:        dc7012c8 c0286d65 dc701384 dc7012dc
c023e5da dc7012dc dd45473c 00000000
Sep 22 12:12:49 localhost kernel: Call Trace:
Sep 22 12:12:49 localhost kernel:  [<dff3588f>] __scsi_remove_target+0x7f/0xb6
[scsi_mod]
Sep 22 12:12:49 localhost kernel:  [<dff34a09>] scsi_forget_host+0x37/0x5c
[scsi_mod]
Sep 22 12:12:49 localhost kernel:  [<dff2d3a2>] scsi_remove_host+0x3d/0x7a
[scsi_mod]
Sep 22 12:12:49 localhost kernel:  [<dfe6383b>] storage_disconnect+0xe/0x16
[usb_storage]
Sep 22 12:12:49 localhost kernel:  [<c0286d65>] usb_unbind_interface+0x34/0x60
Sep 22 12:12:49 localhost kernel:  [<c023e5da>] __device_release_driver+0x4c/0x64
Sep 22 12:12:49 localhost kernel:  [<c023e61c>] device_release_driver+0x2a/0x38
Sep 22 12:12:49 localhost kernel:  [<c023df74>] bus_remove_device+0x4f/0x5d
Sep 22 12:12:49 localhost kernel:  [<c023d2b3>] device_del+0x2b/0x5b
Sep 22 12:12:49 localhost kernel:  [<c028de8a>] usb_disable_device+0xbb/0x108
Sep 22 12:12:49 localhost kernel:  [<c0289078>] usb_disconnect+0xaa/0x14c
Sep 22 12:12:49 localhost kernel:  [<c0289efa>] hub_port_connect_change+0x51/0x393
Sep 22 12:12:49 localhost kernel:  [<c028a4b3>] hub_events+0x277/0x3bc
Sep 22 12:12:49 localhost kernel:  [<c028a5f8>] hub_thread+0x0/0xe5
Sep 22 12:12:49 localhost kernel:  [<c028a60c>] hub_thread+0x14/0xe5
Sep 22 12:12:49 localhost kernel:  [<c012dd16>] autoremove_wake_function+0x0/0x37
Sep 22 12:12:49 localhost kernel:  [<c012d8fb>] kthread+0x87/0x8b
Sep 22 12:12:49 localhost kernel:  [<c012d874>] kthread+0x0/0x8b
Sep 22 12:12:49 localhost kernel:  [<c01012fd>] kernel_thread_helper+0x5/0xb
Sep 22 12:12:49 localhost kernel: Code: 53 89 c3 8b 30 ba 66 00 00 00 b8 05 ac
f3 df e8 e5 2f 1e e0 e8 4c 66 3e e0 ff 4e 48 0f 88 a4 03 00 00 89 d8 e8 73 ff ff
ff 8b 13 <ff> 42 48 0f 8e 9f 03 00 00 5b 5e c3 55 57 56 53 89 c5 8b 98 b8
S

Comment 2 Dave Jones 2005-09-23 19:36:09 UTC
should be fixed in -git3, which is building right now. Tomorrows rawhide should
have this fixed.


Comment 3 Dave Jones 2005-09-23 19:40:24 UTC
*** Bug 169137 has been marked as a duplicate of this bug. ***

Comment 4 Tom London 2005-09-24 20:04:11 UTC
Sorry, but no joy.

I'm running 2.6.13-1.1574_FC5 and still getting this problem.

Actually, no problem disconnecting a USB drive, but disconnecting an iPod generated:

Sep 24 13:00:47 localhost kernel: usb 1-1: USB disconnect, address 4
Sep 24 13:00:47 localhost kernel: Unable to handle kernel paging request at
virtual address 6b6b6bb3
Sep 24 13:00:47 localhost kernel:  printing eip:
Sep 24 13:00:47 localhost kernel: f8aa6804
Sep 24 13:00:47 localhost kernel: *pde = 00000000
Sep 24 13:00:47 localhost kernel: Oops: 0002 [#1]
Sep 24 13:00:47 localhost kernel: Modules linked in: vfat fat vmnet(U)
parport_pc vmmon(U) loop ppdev lp autofs4 sunrpc ipt_REJECT ipt_state
ip_conntrack nfnetlink iptable_filter ip_tables video toshiba_acpi button
battery ac sd_mod ohci1394 ieee1394 usb_storage scsi_mod uhci_hcd ehci_hcd
parport hw_random tpm_nsc tpm i2c_i801 i2c_core snd_intel8x0m snd_intel8x0
snd_ac97_codec snd_ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq
snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore
snd_page_alloc ipw2200 ieee80211 ieee80211_crypt e1000 dm_snapshot dm_zero
dm_mirror ext3 jbd dm_mod
Sep 24 13:00:47 localhost kernel: CPU:    0
Sep 24 13:00:47 localhost kernel: EIP:    0060:[<f8aa6804>]    Tainted: P      VLI
Sep 24 13:00:47 localhost kernel: EFLAGS: 00010286   (2.6.13-1.1574_FC5)
Sep 24 13:00:47 localhost kernel: EIP is at scsi_remove_device+0x2c/0x38 [scsi_mod]
Sep 24 13:00:47 localhost kernel: eax: 00000001   ebx: f07da23c   ecx: 00000000
  edx: 6b6b6b6b
Sep 24 13:00:47 localhost kernel: esi: ecdd6e38   edi: ecdd6e38   ebp: f3f4daf8
  esp: f7e9ce84
Sep 24 13:00:47 localhost kernel: ds: 007b   es: 007b   ss: 0068
Sep 24 13:00:47 localhost kernel: Process khubd (pid: 127, threadinfo=f7e9c000
task=f7fda030)
Sep 24 13:00:47 localhost kernel: Stack: badc0ded f07da23c ecdd6e30 f8aa688f
f3f4daf8 ecdd6e3c ecdd6e38 ecdd6e40
Sep 24 13:00:47 localhost kernel:        f8aa5a09 ecdd6e38 f8ad1ac0 f8ad1ae0
e213ea94 f8a9e3a2 ecdd7120 f8ad1ac0
Sep 24 13:00:47 localhost kernel:        f8ac283b ee02413c c028d845 ee0241f8
ee024150 c02450ba ee024150 e213eb08
Sep 24 13:00:47 localhost kernel: Call Trace:
Sep 24 13:00:47 localhost kernel:  [<f8aa688f>] __scsi_remove_target+0x7f/0xb6
[scsi_mod]
Sep 24 13:00:47 localhost kernel:  [<f8aa5a09>] scsi_forget_host+0x37/0x5c
[scsi_mod]
Sep 24 13:00:47 localhost kernel:  [<f8a9e3a2>] scsi_remove_host+0x3d/0x7a
[scsi_mod]
Sep 24 13:00:47 localhost kernel:  [<f8ac283b>] storage_disconnect+0xe/0x16
[usb_storage]
Sep 24 13:00:47 localhost kernel:  [<c028d845>] usb_unbind_interface+0x34/0x60
Sep 24 13:00:47 localhost kernel:  [<c02450ba>] __device_release_driver+0x4c/0x64
Sep 24 13:00:47 localhost kernel:  [<c02450fc>] device_release_driver+0x2a/0x38
Sep 24 13:00:47 localhost kernel:  [<c0244a54>] bus_remove_device+0x4f/0x5d
Sep 24 13:00:47 localhost kernel:  [<c0243d93>] device_del+0x2b/0x5b
Sep 24 13:00:47 localhost kernel:  [<c029496a>] usb_disable_device+0xbb/0x108
Sep 24 13:00:47 localhost kernel:  [<c028fb58>] usb_disconnect+0xaa/0x14c
Sep 24 13:00:47 localhost kernel:  [<c02909da>] hub_port_connect_change+0x51/0x393
Sep 24 13:00:47 localhost kernel:  [<c0290f93>] hub_events+0x277/0x3bc
Sep 24 13:00:47 localhost kernel:  [<c02910d8>] hub_thread+0x0/0xe5
Sep 24 13:00:47 localhost kernel:  [<c02910ec>] hub_thread+0x14/0xe5
Sep 24 13:00:47 localhost kernel:  [<c0132df6>] autoremove_wake_function+0x0/0x37
Sep 24 13:00:47 localhost kernel:  [<c01329db>] kthread+0x87/0x8b
Sep 24 13:00:47 localhost kernel:  [<c0132954>] kthread+0x0/0x8b
Sep 24 13:00:47 localhost kernel:  [<c01012fd>] kernel_thread_helper+0x5/0xb
Sep 24 13:00:47 localhost kernel: Code: 53 89 c3 8b 30 ba 66 00 00 00 b8 05 bc
aa f8 e8 ba 70 67 c7 e8 ec c1 87 c7 ff 4e 48 0f 88 a4 03 00 00 89 d8 e8 73 ff ff
ff 8b 13 <ff> 42 48 0f 8e 9f 03 00 00 5b 5e c3 55 57 56 53 89 c5 8b 98 b8


Comment 5 Tom London 2005-09-27 15:06:52 UTC
Same Oops in 2.6.13-1.1578_FC5

Comment 6 Dave Jones 2005-10-04 08:15:59 UTC
should be fixed now, confirm ?

Comment 7 Brian Millett 2005-10-04 10:11:16 UTC
Well, seems to be ok here now with 2.6.13-1.1589_FC5.  No oops.  Can mount,
umount, then remove without any error.


Comment 8 Tom London 2005-10-04 13:50:43 UTC
Works for me.....


Note You need to log in before you can comment on or make changes to this bug.