On Mon, 27 Feb 2012, Illia Zaitsev wrote: > When unplugging USB hub with inserted USB stick (with intensive traffic over it) the linux sometimes produces kernel Oops. After this Oops USB is non-usable. > > To do this you need USB stick plugged in into USB hub, make some sort of reading the data (via FAT in our case) and plug out the hub when data comes from the stick. > > Here is some log: > [ 198.841000] CPU 0 Unable to handle kernel paging request at virtual address > 00000034, epc == 801e62e8, ra == 801e62e0 > [ 198.841000] Oops[#1]: > [ 198.841000] ra : 801e62e0 usb_hcd_unlink_urb+0x58/0xc0 > [ 198.841000] Call Trace: > [ 198.841000] [<801e62e8>] usb_hcd_unlink_urb+0x60/0xc0 > [ 198.841000] [<801e7d24>] usb_kill_urb+0xc4/0x20c > [ 198.841000] [<801e6204>] usb_hcd_flush_endpoint+0xf0/0x174 > [ 198.841000] [<801e8c30>] usb_disable_endpoint+0x54/0xac > [ 198.841000] [<801e8cd0>] usb_disable_device+0x48/0x164 > [ 198.841000] [<801e2a9c>] usb_disconnect+0xd8/0x210 > [ 198.841000] [<801e2a88>] usb_disconnect+0xc4/0x210 > [ 198.841000] [<801e3950>] hub_thread+0x390/0x1498 > [ 198.841000] [<80068bb8>] kthread+0x84/0x8c > [ 198.841000] [<80021118>] kernel_thread_helper+0x10/0x18 > [ 198.841000] > [ 198.841000] > [ 198.841000] Code: 240403e8 8e020028 02403021<8c440034> 0c0797fa 02002821 8e040028 0c077b49 afa20010 > > So the issue appears in the function usb_hcd_unlink_urb() when it wants to do > hcd = bus_to_hcd(urb->dev->bus); > because of urb->dev becomes NULL. > > After some investigations we found the line > urb->dev = NULL; > in the sg_complete() function. > > But the problem is that the logic of sg_complete() logic uses urb->dev = NULL > by itself. > > To increase reproducibility you may insert msleep() function in usb_hcd_unlink_urb() function before falling line. > > As a workaround we've just commented the line in sg_complete() function. > > The issue is reproducible with inserted msleep() on the mips and x86 platforms. Does this patch fix the problem for you? Alan Stern drivers/usb/core/message.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) Index: usb-3.3/drivers/usb/core/message.c =================================================================== --- usb-3.3.orig/drivers/usb/core/message.c +++ usb-3.3/drivers/usb/core/message.c @@ -308,7 +308,8 @@ static void sg_complete(struct urb *urb) retval = usb_unlink_urb(io->urbs [i]); if (retval != -EINPROGRESS && retval != -ENODEV && - retval != -EBUSY) + retval != -EBUSY && + retval != -EIDRM) dev_err(&io->dev->dev, "%s, unlink --> %d\n", __func__, retval); @@ -317,7 +318,6 @@ static void sg_complete(struct urb *urb) } spin_lock(&io->lock); } - urb->dev = NULL; /* on the last completion, signal usb_sg_wait() */ io->bytes += urb->actual_length; @@ -524,7 +524,6 @@ void usb_sg_wait(struct usb_sg_request * case -ENXIO: /* hc didn't queue this one */ case -EAGAIN: case -ENOMEM: - io->urbs[i]->dev = NULL; retval = 0; yield(); break; @@ -542,7 +541,6 @@ void usb_sg_wait(struct usb_sg_request * /* fail any uncompleted urbs */ default: - io->urbs[i]->dev = NULL; io->urbs[i]->status = retval; dev_dbg(&io->dev->dev, "%s, submit --> %d\n", __func__, retval); -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
