When unplugging USB hub with inserted USB stick (with intensive traffic over it) the linux sometimes produces kernel Oops. After this Oops USB is non-usable. To do this you need USB stick plugged in into USB hub, make some sort of reading the data (via FAT in our case) and plug out the hub when data comes from the stick. Here is some log: [ 198.841000] CPU 0 Unable to handle kernel paging request at virtual address 00000034, epc == 801e62e8, ra == 801e62e0 [ 198.841000] Oops[#1]: [ 198.841000] Cpu 0 [ 198.841000] $ 0 : 00000000 10008700 00000000 00000001 [ 198.841000] $ 4 : c206c0e8 10008701 fffffffe ffff00fe [ 198.841000] $ 8 : c20b1fe0 00008700 00000000 c0e1c000 [ 198.841000] $12 : 000000c6 0000245b 0122bf5c 01ed0000 [ 198.841000] $16 : c198bc80 80340000 fffffffe 80342354 [ 198.841000] $20 : c1676400 80340000 c21d1538 c1676400 [ 198.841000] $24 : 01ed295c 8005b228 [ 198.841000] $28 : c20b0000 c20b1ce0 804ea840 801e62e0 [ 198.841000] Hi : 00000000 [ 198.841000] Lo : 3b9aca00 [ 198.841000] epc : 801e62e8 usb_hcd_unlink_urb+0x60/0xc0 [ 198.841000] Tainted: P [ 198.841000] ra : 801e62e0 usb_hcd_unlink_urb+0x58/0xc0 [ 198.841000] Status: 10008703 KERNEL EXL IE [ 198.841000] Cause : 00800008 [ 198.841000] BadVA : 00000034 [ 198.841000] PrId : 0002a044 (Broadcom BMIPS4380) [ 198.841000] Modules linked in: nls_iso8859_1 nls_cp437 vfat fat bcmscbeth(P) pod97125(P) rtl8150 asix usbnet adb_bcm(P) deflate zlib_deflate lzo crypto_algapi lzo_decompress lzo_compress ubifs crypto nfs lockd sunrpc ext3 jbd mbcache sd_mod usb_storage scsi_mod ohci_brcm ehci_brcm usb_brcm nandmap(P) cbd(P) squashfs adb_core(P) pcbinfo(P) [ 198.841000] Process khubd (pid: 71, threadinfo=c20b0000, task=c206c0e8, tls=00000000) [ 198.841000] Stack : 00000000 8001af94 10008700 8001b0e4 10008701 c16764d8 c198bc80 804ea840 [ 198.841000] 80342354 801e7d24 d21e2380 800bbd90 10008700 8001af80 d21e23cc e03c01b8 [ 198.841000] c198bc80 801e810c c198bc80 8001af54 80342354 c198bc80 c21d152c 80342354 [ 198.841000] 80342354 801e6204 00019b17 00000000 c20b1d20 00000018 c22f8400 c21d152c [ 198.841000] 00000001 c22f849c 0000001f c22f847c 0000001f 801e8c30 c22f8468 c22f849c [ 198.841000] ... [ 198.841000] Call Trace: [ 198.841000] [<801e62e8>] usb_hcd_unlink_urb+0x60/0xc0 [ 198.841000] [<801e7d24>] usb_kill_urb+0xc4/0x20c [ 198.841000] [<801e6204>] usb_hcd_flush_endpoint+0xf0/0x174 [ 198.841000] [<801e8c30>] usb_disable_endpoint+0x54/0xac [ 198.841000] [<801e8cd0>] usb_disable_device+0x48/0x164 [ 198.841000] [<801e2a9c>] usb_disconnect+0xd8/0x210 [ 198.841000] [<801e2a88>] usb_disconnect+0xc4/0x210 [ 198.841000] [<801e3950>] hub_thread+0x390/0x1498 [ 198.841000] [<80068bb8>] kthread+0x84/0x8c [ 198.841000] [<80021118>] kernel_thread_helper+0x10/0x18 [ 198.841000] [ 198.841000] [ 198.841000] Code: 240403e8 8e020028 02403021<8c440034> 0c0797fa 02002821 8e040028 0c077b49 afa20010 So the issue appears in the function usb_hcd_unlink_urb() when it wants to do hcd = bus_to_hcd(urb->dev->bus); because of urb->dev becomes NULL. After some investigations we found the line urb->dev = NULL; in the sg_complete() function. But the problem is that the logic of sg_complete() logic uses urb->dev = NULL by itself. To increase reproducibility you may insert msleep() function in usb_hcd_unlink_urb() function before falling line. As a workaround we've just commented the line in sg_complete() function. The issue is reproducible with inserted msleep() on the mips and x86 platforms. -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
