Re: kernel BUG at drivers/block/ub.c:820!

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Boaz Harrosh <bharrosh@panasas.com>
To: schwidefsky@de.ibm.com
Cc: linux-kernel@vger.kernel.org, k-ueda@ct.jp.nec.com,
	j-nomura@ce.jp.nec.com, jens.axboe@oracle.com,
	zaitcev@redhat.com
Subject: Re: kernel BUG at drivers/block/ub.c:820!
Date: Thu, 03 Apr 2008 14:32:20 +0300	[thread overview]
Message-ID: <47F4C044.1090609@panasas.com> (raw)
In-Reply-To: <1207212156.5602.5.camel@localhost>

On Thu, Apr 03 2008 at 11:42 +0300, Martin Schwidefsky <schwidefsky@de.ibm.com> wrote:
> Greetings,
> I have an 'evil' USB stick that crashes my T43 with the yesterdays git.
> All I have to do is to insert the USB stick and watch the kernel die:
> 
> kernel BUG at drivers/block/ub.c:820!
> invalid opcode: 0000 [#1] PREEMPT
> Modules linked in: usb_storage ub ipt_LOG xt_limit ipt_REJECT xt_tcpudp
> xt_state iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack
> iptable_filter ip_tables x_tables deflate zlib_deflate ctr twofish
> twofish_common camellia serpent blowfish des_generic cbc aes_i586
> aes_generic xcbc sha256_generic sha1_generic crypto_null af_key
> nls_iso8859_1 nsl_cp437 vfat fat fuse dm_crypt crypto_blkcipher
> dm_snapshot dm_mirror dm_mod freq_table ide_generic ide_disk irtty_sir
> mousedev sir_dev snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm_oss
> snd_mixer_oss snd_pcm snd_timer pcmcia nsc_ircc snd_ipw2200 psmouse
> sdhci irda ieee80211 ieee80211_crypt serio_raw soundcore i2c_i801 rtc
> crc_ccitt parport_pc parport 8250_pnp pcspkr snd_page_alloc i2c_core
> 8250_pci yenta_socket rsrc_nonstatic pcmcia_core mmc_core firmware_class
> video output intel_agp agpgart evdev thinkpad_acpi sg sr_mod sd_mod
> ide_pci_generic ata_piix floppy pata_acpi libata scsi_mod ehci_hcd
> uhci_hcd usbcore tg3 unix ide_cd_mod cdrom
> 
> Pid: 3893, comm: udevd Not tainted (2.6.25-rc8 #4)
> EIP: 0060:[<f8ca6b99>] EFLAGS: 00010002 CPU: 0
> EIP is at ub_end_rq+0x2b/0x33 [ub]
> EAX: 00000001 EBX: f78f296c ECX: 00000024 EDX: 00000001
> ESI: 00000000 EDI: f7bb5ad4 EBP: f79fde0c ESP: f79fde04
>  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> Process udevd (pid: 3893, ti=f79fc000 task=f64e01b0 task.ti=f79fc000)
> Stack: f7bb5ad4 00000000 f79fde34 f8ca6fa1 f7b6f400 f7bb5a00 f7bb5a34 f78f296c
>        00000086 f7b6f400 f7b6f400 f7bb5ad4 f79fde48 f8ca73b6 f7b6f400 c03ec2ec
>        0000000a f79fde6c f8ca7c06 f7b6f5c0 f7b6f550 00000286 f7bb5ad4 00000000
> Call Trace:
>  [<f8ca6fa1>] ? ub_rw_cmd_done+0x1c2/0x1d8 [ub]
>  [<f8ca73b6>] ? ub_scsi_urb_compl+0x31c/0x35b [ub]
>  [<f8ca7c06>] ? ub_scsi_action+0x18f/0x1c4 [ub]
>  [<c011e0bf>] ? tasklet_action+0x35/0x56
>  [<c011e01e>] ? __do_softirq+0x38/0x7a
>  [<c011e085>] ? do_softirq+0x25/0x2a
>  [<c011e1db>] ? irq_exit+0x28/0x61
>  [<c010630f>] ? do_IRQ+0x58/0x6d
>  [<c01052c3>] ? common_interrupt+0x23/0x28
>  [<c024cf52>] ? skb_dequeue+0x3d/0x50
>  [<c024d2a0>] ? skb_queue_purge+0x14/0x1b
>  [<f8843544>] ? unix_sock_destructor+0xe/0xb4 [unix]
>  [<f8841e65>] ? unix_release+0x1a/0x20 [unix]
>  [<c0248ee6>] ? sock_release+0x14/0x6f
>  [<c02492fe>] ? sock_close+0x29/0x30
>  [<c015afa5>] ? __fput+0x93/0x14a
>  [<c015b1e4>] ? fput+0x16/0x18
>  [<c0158aad>] ? filp_close+0x50/0x5a
>  [<c0159d1e>] ? sys_close+0x6f/0xb9
>  [<c01048b2>] ? sysenter_past_esp+0x5f/0x85
>  [<c02a0000>] ? __xfrm_state_bump_genids+0x22/0xfd
>  =======================
> Code: 55 89 e5 56 31 f6 85 d2 53 89 c3 74 08 89 50 7c be fb ff ff ff 89 d8 e8 75
>  b5 51 c7 89 f2 89 c1 89 d8 e8 30 c0 51 c7 85 c0 74 04 <0f> 0b eb fe 5b 5e 5d c3
>  55 89 e5 57 56 53 83 ec 14 89 45 e8 8b
> EIP: [<f8ca6b99>] ub_end_rq+0x2b/0x33 [ub] SS:ESP 0068:f79fde04
> Kernel panic - not syncing: Fatal exception in interrupt
> 
> Looking at the code I find:
> 
> static void ub_end_rq(struct request *rq, unsigned int scsi_status)
> {
>         int error;
> 
> 	if (scsi_status == 0) {
> 		error = 0;
> 	} else {
> 		error = -EIO;
> 		rq->errors = scsi_status;
> 	}
> 	if (__blk_end_request(rq, error, blk_rq_bytes(rq)))
> 		BUG();  <-- kernel crashes here.
> 	}
> }
> 
> With git bisect I could came up with:
> 610d8b0c972e3b75493efef8e96175518fd736d3 good
> 3bcddeac1c4c7e6fb90531b80f236b1a05dfe514 compile error
> 5450d3e1d68f10be087f0855d8bad5458b50ecbe compile error
> b8286239ddaf2632cec65c01e68a403ac4c3d079 compile error
> 7d699bafe258ebd8f9b4ec182c554200b369a504 bad
> 
> If I replace the BUG() with a printk my kernel survives the usb plug but
> udev doesn't find the stick.
> 

It is not the right fix but what happens if you change above code to this:

static void ub_end_rq(struct request *rq, unsigned int scsi_status)
{
        int error;

	if (scsi_status == 0) {
		error = 0;
	} else {
		error = -EIO;
		rq->errors = scsi_status;
	}
	if (__blk_end_request(rq, error, blk_rq_bytes(rq)))
		__blk_end_request(rq, error, ~0);  /* <-- added line BUG removed. */
	}
}

Boaz

next prev parent reply	other threads:[~2008-04-03 11:34 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-04-03  8:42 kernel BUG at drivers/block/ub.c:820! Martin Schwidefsky
2008-04-03 11:32 ` Boaz Harrosh [this message]
2008-04-03 13:57   ` Martin Schwidefsky
2008-04-03 14:15     ` Boaz Harrosh
2008-04-03 15:02       ` Martin Schwidefsky
2008-04-03 16:08 ` Kiyoshi Ueda
2008-04-03 15:18   ` Martin Schwidefsky
2008-04-03 16:30     ` Pete Zaitcev
2008-04-03 17:36       ` Boaz Harrosh
2008-04-04  4:30         ` Andrew Morton
2008-04-04 15:29           ` Kiyoshi Ueda
2008-04-04 19:45             ` Pete Zaitcev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47F4C044.1090609@panasas.com \
    --to=bharrosh@panasas.com \
    --cc=j-nomura@ce.jp.nec.com \
    --cc=jens.axboe@oracle.com \
    --cc=k-ueda@ct.jp.nec.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=schwidefsky@de.ibm.com \
    --cc=zaitcev@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.