On 02/27/2012 06:11 PM, Alan Stern wrote:
On Mon, 27 Feb 2012, Illia Zaitsev wrote:
When unplugging USB hub with inserted USB stick (with intensive traffic over it) the linux sometimes produces kernel Oops. After this Oops USB is non-usable.
To do this you need USB stick plugged in into USB hub, make some sort of reading the data (via FAT in our case) and plug out the hub when data comes from the stick.
Here is some log:
[ 198.841000] CPU 0 Unable to handle kernel paging request at virtual address
00000034, epc == 801e62e8, ra == 801e62e0
[ 198.841000] Oops[#1]:
[ 198.841000] ra : 801e62e0 usb_hcd_unlink_urb+0x58/0xc0
[ 198.841000] Call Trace:
[ 198.841000] [<801e62e8>] usb_hcd_unlink_urb+0x60/0xc0
[ 198.841000] [<801e7d24>] usb_kill_urb+0xc4/0x20c
[ 198.841000] [<801e6204>] usb_hcd_flush_endpoint+0xf0/0x174
[ 198.841000] [<801e8c30>] usb_disable_endpoint+0x54/0xac
[ 198.841000] [<801e8cd0>] usb_disable_device+0x48/0x164
[ 198.841000] [<801e2a9c>] usb_disconnect+0xd8/0x210
[ 198.841000] [<801e2a88>] usb_disconnect+0xc4/0x210
[ 198.841000] [<801e3950>] hub_thread+0x390/0x1498
[ 198.841000] [<80068bb8>] kthread+0x84/0x8c
[ 198.841000] [<80021118>] kernel_thread_helper+0x10/0x18
[ 198.841000]
[ 198.841000]
[ 198.841000] Code: 240403e8 8e020028 02403021<8c440034> 0c0797fa 02002821 8e040028 0c077b49 afa20010
So the issue appears in the function usb_hcd_unlink_urb() when it wants to do
hcd = bus_to_hcd(urb->dev->bus);
because of urb->dev becomes NULL.
After some investigations we found the line
urb->dev = NULL;
in the sg_complete() function.
But the problem is that the logic of sg_complete() logic uses urb->dev = NULL
by itself.
To increase reproducibility you may insert msleep() function in usb_hcd_unlink_urb() function before falling line.
As a workaround we've just commented the line in sg_complete() function.
The issue is reproducible with inserted msleep() on the mips and x86 platforms.
Does this patch fix the problem for you?
Alan Stern
drivers/usb/core/message.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
Index: usb-3.3/drivers/usb/core/message.c
===================================================================
--- usb-3.3.orig/drivers/usb/core/message.c
+++ usb-3.3/drivers/usb/core/message.c
@@ -308,7 +308,8 @@ static void sg_complete(struct urb *urb)
retval = usb_unlink_urb(io->urbs [i]);
if (retval != -EINPROGRESS&&
retval != -ENODEV&&
- retval != -EBUSY)
+ retval != -EBUSY&&
+ retval != -EIDRM)
dev_err(&io->dev->dev,
"%s, unlink --> %d\n",
__func__, retval);
@@ -317,7 +318,6 @@ static void sg_complete(struct urb *urb)
}
spin_lock(&io->lock);
}
- urb->dev = NULL;
/* on the last completion, signal usb_sg_wait() */
io->bytes += urb->actual_length;
@@ -524,7 +524,6 @@ void usb_sg_wait(struct usb_sg_request *
case -ENXIO: /* hc didn't queue this one */
case -EAGAIN:
case -ENOMEM:
- io->urbs[i]->dev = NULL;
retval = 0;
yield();
break;
@@ -542,7 +541,6 @@ void usb_sg_wait(struct usb_sg_request *
/* fail any uncompleted urbs */
default:
- io->urbs[i]->dev = NULL;
io->urbs[i]->status = retval;
dev_dbg(&io->dev->dev, "%s, submit --> %d\n",
__func__, retval);
Thanks, this helps us much with our current problem - now no oops are
present.
But now we did our tests longer and we found that if we additionally
plug USB-Ethernet bridge it starts to do strange things after 1000
cycles of plugging/unplugging on our mips platform.
If we are plugging USB stick only it works as usual.
Did you have familiar behavior of your hardware or do you know something
about?
BR, Illia Zaitsev, ADB engineer.
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
