Hi,
I am trying to debug a panic for our 2.6.32 based kernel (there isn't any
changes to usb other than usb3 stuff in our version of 2.6.32)
The panic is attached below and I am having trouble reproducing it, so I
am trying to 'think' this one out. I believe there is a race condition
but I don't know enough about the paths in usb to understand it and was
hoping for some help from the mailing list.
The problem is when running a stress test (scrashme) on a powerpc blade,
we believe someone accidentally pushed a button on the blade that 'magical
routes' the side mounted usb cdrom to that blade. A few moments later, we
believe that someone realized their error and pressed the button on the
correct blade, thus disconnecting the cdrom and having it routed to the
other blade.
As a result the below panic happened. Looking at where the panic happened
and the assembly code, I am reasonably confident the panic happened at:
drivers/usb/core/hcd.c::usb_hcd_unlink_urb::1459
(right before the unlink1 command)
hcd = bus_to_hcd(urb->dev->bus);
what happens is that urb->dev is NULL and thus the derefence to dev->bus
panics the box.
The only way I can see that happening is usb_put_dev went to zero and
released the device (which would mean the usb_put_dev a couple lines later
would cause another friendly message). My first impression is that there
is a race condition somewhere, but I don't know the different paths well
enough to know where.
Does anyone have any thoughts about this or can help me through this
(especially since I am having trouble reproducing it :-/).
Thanks in advance.
Cheers,
Don
-----------------------------------------------------------------
usb 1-1: new high speed USB device using ehci_hcd and address 2
usb 1-1: New USB device found, idVendor=04b4, idProduct=6560
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: configuration #1 chosen from 1 choice
hub 1-1:1.0: USB hub found
hub 1-1:1.0: 4 ports detected
usb 1-1.2: new high speed USB device using ehci_hcd and address 3
usb 1-1.2: New USB device found, idVendor=04b4, idProduct=6560
usb 1-1.2: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1.2: configuration #1 chosen from 1 choice
hub 1-1.2:1.0: USB hub found
hub 1-1.2:1.0: 4 ports detected
usb 1-1.2.3: new high speed USB device using ehci_hcd and address 4
usb 1-1.2.3: New USB device found, idVendor=04b4, idProduct=6830
usb 1-1.2.3: New USB device strings: Mfr=56, Product=78, SerialNumber=100
usb 1-1.2.3: Product: USB2.0 Storage Device
usb 1-1.2.3: Manufacturer: Cypress Semiconductor
usb 1-1.2.3: SerialNumber: 1234567890ABCDEF
usb 1-1.2.3: configuration #1 chosen from 1 choice
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
scsi1 : SCSI emulation for USB Mass Storage devices
usbcore: registered new interface driver ums-cypress
scsi 1:0:0:0: CD-ROM MATSHITA UJDA765aDVD/CDRW 1.20 PQ: 0 ANSI:
0
scsi 1:0:0:0: Attached scsi generic sg3 type 5
sr0: scsi3-mmc drive: 24x/24x writer cd/rw xa/form2 cdda tray
Uniform CD-ROM driver Revision: 3.20
usb 1-1: USB disconnect, address 2
usb 1-1.2: USB disconnect, address 3
usb 1-1.2.3: USB disconnect, address 4
Unable to handle kernel paging request for data at address 0x00000040
Faulting instruction address: 0xc00000000043ad74
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=1024 NUMA pSeries
Modules linked in: sr_mod cdrom ums_cypress usb_storage aes_generic ts_kmp
nls_koi8_u nls_cp932 sunrpc ipv6 dm_mirror dm_region_hash dm_log ses
enclosure sg ehea ext4 jbd2 mbcache sd_mod crc_t10dif ipr radeon ttm
drm_kms_helper drm hwmon i2c_algo_bit i2c_core power_supply dm_mod [last
unloaded: rmd128]
NIP: c00000000043ad74 LR: c00000000043ad64 CTR: c00000000045cf20
REGS: c0000000e31eb4d0 TRAP: 0300 Not tainted
(2.6.32-114.el6.ppc64.debug)
MSR: 8000000000009032 <EE,ME,IR,DR> CR: 24004024 XER: 00000008
DAR: 0000000000000040, DSISR: 0000000040000000
TASK = c0000000e31da3d0[44] 'khubd' THREAD: c0000000e31e8000 CPU: 2
GPR00: c00000000043ad64 c0000000e31eb750 c0000000014b8c30 0000000000000001
GPR04: c0000000de44fb00 fffffffffffffffe 0000000000000000 0000000000000002
GPR08: 0000000000000001 0000000000000000 c00000000043ad38 0000000000000000
GPR12: 0000000024004022 c000000001592a00 c00000000414f398 c0000000013e5a48
GPR16: c00000000405dbc0 c0000000e50fd080 c00000000414f3a0 0000000000000002
GPR20: 0000000000000001 c00000000414f3a8 c00000000414f3a0 0000000000000000
GPR24: c0000000e50fd080 c0000000de442fa0 c0000000de44fb14 0000000000000001
GPR28: fffffffffffffffe c0000000de44fb00 c00000000145f658 c0000000013e5ca8
NIP [c00000000043ad74] .usb_hcd_unlink_urb+0x74/0x170
LR [c00000000043ad64] .usb_hcd_unlink_urb+0x64/0x170
Call Trace:
[c0000000e31eb750] [c00000000043ad64] .usb_hcd_unlink_urb+0x64/0x170
(unreliable)
[c0000000e31eb7f0] [c00000000043cdec] .usb_kill_urb+0x8c/0x140
[c0000000e31eb8c0] [c00000000043abe0] .usb_hcd_flush_endpoint+0x120/0x240
[c0000000e31eb970] [c00000000043dfc8] .usb_disable_endpoint+0x68/0xc0
[c0000000e31eba00] [c00000000043e0a0] .usb_disable_device+0x80/0x290
[c0000000e31ebab0] [c000000000435660] .usb_disconnect+0x110/0x250
[c0000000e31ebb60] [c000000000435630] .usb_disconnect+0xe0/0x250
[c0000000e31ebc10] [c000000000435630] .usb_disconnect+0xe0/0x250
[c0000000e31ebcc0] [c000000000437524] .hub_thread+0x6b4/0x1850
[c0000000e31ebea0] [c0000000000bcfcc] .kthread+0xbc/0xd0
[c0000000e31ebf90] [c000000000033174] .kernel_thread+0x54/0x70
Instruction dump:
2f800000 409d0078 e87d0048 4bff52d1 60000000 7fe3fb78 7f64db78 48189521
60000000 e93d0048 7f85e378 7fa4eb78 <e8690040> 4bfffbb9 7c7f1b78 e87d0048
Kernel panic - not syncing: Fatal exception
Call Trace:
[c0000000e31eb1f0] [c000000000013844] .show_stack+0x74/0x1c0 (unreliable)
[c0000000e31eb2a0] [c0000000005ca4ac] .panic+0x80/0x1c0
[c0000000e31eb330] [c000000000030c1c] .die+0x21c/0x2a0
[c0000000e31eb3e0] [c000000000043328] .bad_page_fault+0x98/0xe0
[c0000000e31eb460] [c00000000000525c] handle_page_fault+0x3c/0x74
--- Exception: 300 at .usb_hcd_unlink_urb+0x74/0x170
LR = .usb_hcd_unlink_urb+0x64/0x170
[c0000000e31eb7f0] [c00000000043cdec] .usb_kill_urb+0x8c/0x140
[c0000000e31eb8c0] [c00000000043abe0] .usb_hcd_flush_endpoint+0x120/0x240
[c0000000e31eb970] [c00000000043dfc8] .usb_disable_endpoint+0x68/0xc0
[c0000000e31eba00] [c00000000043e0a0] .usb_disable_device+0x80/0x290
[c0000000e31ebab0] [c000000000435660] .usb_disconnect+0x110/0x250
[c0000000e31ebb60] [c000000000435630] .usb_disconnect+0xe0/0x250
[c0000000e31ebc10] [c000000000435630] .usb_disconnect+0xe0/0x250
[c0000000e31ebcc0] [c000000000437524] .hub_thread+0x6b4/0x1850
[c0000000e31ebea0] [c0000000000bcfcc] .kthread+0xbc/0xd0
[c0000000e31ebf90] [c000000000033174] .kernel_thread+0x54/0x70
panic occurred, switching back to text console
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
