This upstream commit is causing an oops:
d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")
This patch has already been included in several -stable kernels. Here
are the affected kernels:
4.5.0-rc4 (current git)
4.4.2
4.3.6 (currently in review)
4.1.18
3.18.27
3.14.61
How to reproduce the problem:
Boot kernel with slub debugging enabled (otherwise memory corruption
will cause random oopses later instead of immediately)
Plug in USB 3.0 disk to xhci USB 3.0 port
dd if=/dev/sdc of=/dev/null bs=65536
(where /dev/sdc is the USB 3.0 disk)
Unplug USB cable while dd is still going
Oops is immediate:
blk_update_request: I/O error, dev sdc, sector 864768
blk_update_request: I/O error, dev sdc, sector 865008
blk_update_request: I/O error, dev sdc, sector 865024
blk_update_request: I/O error, dev sdc, sector 865264
blk_update_request: I/O error, dev sdc, sector 864768
Buffer I/O error on dev sdc, logical block 108096, async page read
general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
Modules linked in: netconsole igb i2c_algo_bit ptp pps_core sg eeprom i2c_i801
CPU: 3 PID: 24 Comm: kworker/3:0 Not tainted 4.5.0-rc4-00095-g2850713 #14
Hardware name: Supermicro X8DTH-i/6/iF/6F/X8DTH, BIOS 2.1b 05/04/12
Workqueue: usb_hub_wq hub_event
task: ffff88042b09f080 ti: ffff88042b0a4000 task.ti: ffff88042b0a4000
RIP: 0010:[<ffffffff8030bcd9>] [<ffffffff8030bcd9>] kfree+0x49/0x110
RSP: 0018:ffff88042b0a7988 EFLAGS: 00010207
RAX: ffffea0000000000 RBX: 6b6b6b6b00000100 RCX: 0000000000000018
RDX: 0000000000000018 RSI: 0000000000000000 RDI: 01ad998dac000000
RBP: ffff88042b0a79c8 R08: ffffea0010a72210 R09: ffffea0010a72218
R10: ffff880429c88548 R11: 0000000000000001 R12: ffff8800bb1b8000
R13: ffff880429a21ce0 R14: ffff8800bb1a0690 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88043dc60000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f3a6186b990 CR3: 0000000000a0a000 CR4: 00000000000006e0
Stack:
ffffea0002ea2220 0000000000000000 ffff880429c88548 0000000000000001
ffff88042b0a79e8 ffffffff804f56cb ffff880401002801 ffff880429c80948
ffff88042b0a79e8 ffffffff804f3df0 ffff8800bb1a0690 ffff880429c80948
Call Trace:
[<ffffffff804f56cb>] ? usb_destroy_configuration+0x11b/0x140
[<ffffffff804f3df0>] usb_release_bos_descriptor+0x20/0x40
[<ffffffff804e6b2c>] usb_release_dev+0x2c/0x70
[<ffffffff804a5433>] device_release+0x33/0xa0
[<ffffffff80402a57>] kobject_release+0x47/0x90
[<ffffffff80402acc>] kobject_put+0x2c/0x60
[<ffffffff804a4d12>] put_device+0x12/0x20
[<ffffffff804eac4b>] usb_disconnect+0x1cb/0x220
[<ffffffff804ebcca>] hub_event+0x46a/0x1070
[<ffffffff80287eca>] ? dequeue_task_fair+0x73a/0x820
[<ffffffff802e6c15>] ? next_zone+0x25/0x30
[<ffffffff8028a9d9>] ? pick_next_task_fair+0xa9/0x850
[<ffffffff80274471>] process_one_work+0x151/0x3c0
[<ffffffff802a4909>] ? mod_timer+0xe9/0x160
[<ffffffff802a4715>] ? lock_timer_base+0x55/0x70
[<ffffffff806088bb>] ? schedule+0x3b/0xa0
[<ffffffff80274838>] worker_thread+0x158/0x6b0
[<ffffffff8060830a>] ? __schedule+0x27a/0x6e0
[<ffffffff80282fbd>] ? default_wake_function+0xd/0x10
[<ffffffff8028fb31>] ? __wake_up_common+0x51/0x80
[<ffffffff806088bb>] ? schedule+0x3b/0xa0
[<ffffffff802746e0>] ? process_one_work+0x3c0/0x3c0
[<ffffffff80279817>] kthread+0xc7/0xf0
[<ffffffff80279750>] ? kthread_parkme+0x20/0x20
[<ffffffff8060bd9f>] ret_from_fork+0x3f/0x70
[<ffffffff80279750>] ? kthread_parkme+0x20/0x20
Code: 00 00 80 ff 77 00 00 48 01 df 48 0f 42 05 50 33 70 00 48 8d 3c 38 48 b8 00 00 00 00 00 ea ff ff 48 c1 ef 0c 48 c1 e7 06 48 01 c7 <48> 8b 47 20 48 89 45 e0 a8 01 75 64 48 8b 47 20 48 8d 57 20 48
RIP [<ffffffff8030bcd9>] kfree+0x49/0x110
RSP <ffff88042b0a7988>
---[ end trace a3bcfa253dbef567 ]---
BUG: unable to handle kernel paging request at ffffffffffffffd8
IP: [<ffffffff8027923b>] kthread_data+0xb/0x20
PGD a0b067 PUD a0d067 PMD 0
Oops: 0000 [#2] SMP DEBUG_PAGEALLOC
Modules linked in: netconsole igb i2c_algo_bit ptp pps_core sg eeprom i2c_i801
CPU: 3 PID: 24 Comm: kworker/3:0 Tainted: G D 4.5.0-rc4-00095-g2850713 #14
Hardware name: Supermicro X8DTH-i/6/iF/6F/X8DTH, BIOS 2.1b 05/04/12
task: ffff88042b09f080 ti: ffff88042b0a4000 task.ti: ffff88042b0a4000
RIP: 0010:[<ffffffff8027923b>] [<ffffffff8027923b>] kthread_data+0xb/0x20
RSP: 0018:ffff88042b0a7608 EFLAGS: 00010096
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffff88043dc73840
RDX: ffff88042b09f080 RSI: 0000000000000003 RDI: ffff88042b09f080
RBP: ffff88042b0a7608 R08: ffff88043dc738a8 R09: 0000000000016800
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000013840
R13: ffff88042b09f4c8 R14: 0000000000000003 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88043dc60000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000028 CR3: 0000000000a0a000 CR4: 00000000000006e0
Stack:
ffff88042b0a7648 ffffffff802731c0 ffff88042b0a7648 ffffffff8027d642
ffff88042b09f448 ffff88043dc73840 0000000000013840 ffff88043dc73840
ffff88042b0a76f8 ffffffff80608438 ffff88042b09f3e0 ffff88042b09f080
Call Trace:
[<ffffffff802731c0>] wq_worker_sleeping+0x10/0xa0
[<ffffffff8027d642>] ? deactivate_task+0x52/0x60
[<ffffffff80608438>] __schedule+0x3a8/0x6e0
[<ffffffff8026215d>] ? exit_notify+0xed/0x1e0
[<ffffffff806088bb>] schedule+0x3b/0xa0
[<ffffffff802625ea>] do_exit+0x39a/0x580
[<ffffffff80296cba>] ? vprintk_default+0x1a/0x20
[<ffffffff802cf886>] ? printk+0x41/0x43
[<ffffffff80205bd2>] oops_end+0x72/0xa0
[<ffffffff80205cf6>] die+0x56/0x80
[<ffffffff8020415e>] do_general_protection+0xce/0x150
[<ffffffff8060d11f>] general_protection+0x1f/0x30
[<ffffffff8030bcd9>] ? kfree+0x49/0x110
[<ffffffff804f3e5a>] ? usb_release_interface_cache+0x4a/0x60
[<ffffffff804f56cb>] ? usb_destroy_configuration+0x11b/0x140
[<ffffffff804f3df0>] usb_release_bos_descriptor+0x20/0x40
[<ffffffff804e6b2c>] usb_release_dev+0x2c/0x70
[<ffffffff804a5433>] device_release+0x33/0xa0
[<ffffffff80402a57>] kobject_release+0x47/0x90
[<ffffffff80402acc>] kobject_put+0x2c/0x60
[<ffffffff804a4d12>] put_device+0x12/0x20
[<ffffffff804eac4b>] usb_disconnect+0x1cb/0x220
[<ffffffff804ebcca>] hub_event+0x46a/0x1070
[<ffffffff80287eca>] ? dequeue_task_fair+0x73a/0x820
[<ffffffff802e6c15>] ? next_zone+0x25/0x30
[<ffffffff8028a9d9>] ? pick_next_task_fair+0xa9/0x850
[<ffffffff80274471>] process_one_work+0x151/0x3c0
[<ffffffff802a4909>] ? mod_timer+0xe9/0x160
[<ffffffff802a4715>] ? lock_timer_base+0x55/0x70
[<ffffffff806088bb>] ? schedule+0x3b/0xa0
[<ffffffff80274838>] worker_thread+0x158/0x6b0
[<ffffffff8060830a>] ? __schedule+0x27a/0x6e0
[<ffffffff80282fbd>] ? default_wake_function+0xd/0x10
[<ffffffff8028fb31>] ? __wake_up_common+0x51/0x80
[<ffffffff806088bb>] ? schedule+0x3b/0xa0
[<ffffffff802746e0>] ? process_one_work+0x3c0/0x3c0
[<ffffffff80279817>] kthread+0xc7/0xf0
[<ffffffff80279750>] ? kthread_parkme+0x20/0x20
[<ffffffff8060bd9f>] ret_from_fork+0x3f/0x70
[<ffffffff80279750>] ? kthread_parkme+0x20/0x20
Code: 25 00 ac 00 00 48 8b 80 e8 03 00 00 48 8b 40 c8 c9 48 d1 e8 83 e0 01 c3 0f 1f 84 00 00 00 00 00 55 48 8b 87 e8 03 00 00 48 89 e5 <48> 8b 40 d8 c9 c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00
RIP [<ffffffff8027923b>] kthread_data+0xb/0x20
RSP <ffff88042b0a7608>
CR2: ffffffffffffffd8
---[ end trace a3bcfa253dbef568 ]---
Fixing recursive fault but reboot is needed!
With the patch reverted, everything works fine.
So far I have been unable to reproduce the problem using EHCI (USB 2.0).
Tony Battersby
Cybernetics
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html