USB oops regression caused by -stable patch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tony Battersby <tonyb@cybernetics.com>
To: linux-usb@vger.kernel.org, "Du, Changbin" <changbin.du@intel.com>,
	stable <stable@vger.kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: USB oops regression caused by -stable patch
Date: Fri, 19 Feb 2016 09:39:57 -0500	[thread overview]
Message-ID: <56C7293D.2040105@cybernetics.com> (raw)

This upstream commit is causing an oops:
d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")

This patch has already been included in several -stable kernels.  Here
are the affected kernels:
4.5.0-rc4 (current git)
4.4.2
4.3.6 (currently in review)
4.1.18
3.18.27
3.14.61

How to reproduce the problem:
Boot kernel with slub debugging enabled (otherwise memory corruption
will cause random oopses later instead of immediately)
Plug in USB 3.0 disk to xhci USB 3.0 port
dd if=/dev/sdc of=/dev/null bs=65536
(where /dev/sdc is the USB 3.0 disk)
Unplug USB cable while dd is still going
Oops is immediate:

blk_update_request: I/O error, dev sdc, sector 864768
blk_update_request: I/O error, dev sdc, sector 865008
blk_update_request: I/O error, dev sdc, sector 865024
blk_update_request: I/O error, dev sdc, sector 865264
blk_update_request: I/O error, dev sdc, sector 864768
Buffer I/O error on dev sdc, logical block 108096, async page read
general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC 
Modules linked in: netconsole igb i2c_algo_bit ptp pps_core sg eeprom i2c_i801
CPU: 3 PID: 24 Comm: kworker/3:0 Not tainted 4.5.0-rc4-00095-g2850713 #14
Hardware name: Supermicro X8DTH-i/6/iF/6F/X8DTH, BIOS 2.1b       05/04/12  
Workqueue: usb_hub_wq hub_event
task: ffff88042b09f080 ti: ffff88042b0a4000 task.ti: ffff88042b0a4000
RIP: 0010:[<ffffffff8030bcd9>]  [<ffffffff8030bcd9>] kfree+0x49/0x110
RSP: 0018:ffff88042b0a7988  EFLAGS: 00010207
RAX: ffffea0000000000 RBX: 6b6b6b6b00000100 RCX: 0000000000000018
RDX: 0000000000000018 RSI: 0000000000000000 RDI: 01ad998dac000000
RBP: ffff88042b0a79c8 R08: ffffea0010a72210 R09: ffffea0010a72218
R10: ffff880429c88548 R11: 0000000000000001 R12: ffff8800bb1b8000
R13: ffff880429a21ce0 R14: ffff8800bb1a0690 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff88043dc60000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f3a6186b990 CR3: 0000000000a0a000 CR4: 00000000000006e0
Stack:
 ffffea0002ea2220 0000000000000000 ffff880429c88548 0000000000000001
 ffff88042b0a79e8 ffffffff804f56cb ffff880401002801 ffff880429c80948
 ffff88042b0a79e8 ffffffff804f3df0 ffff8800bb1a0690 ffff880429c80948
Call Trace:
 [<ffffffff804f56cb>] ? usb_destroy_configuration+0x11b/0x140
 [<ffffffff804f3df0>] usb_release_bos_descriptor+0x20/0x40
 [<ffffffff804e6b2c>] usb_release_dev+0x2c/0x70
 [<ffffffff804a5433>] device_release+0x33/0xa0
 [<ffffffff80402a57>] kobject_release+0x47/0x90
 [<ffffffff80402acc>] kobject_put+0x2c/0x60
 [<ffffffff804a4d12>] put_device+0x12/0x20
 [<ffffffff804eac4b>] usb_disconnect+0x1cb/0x220
 [<ffffffff804ebcca>] hub_event+0x46a/0x1070
 [<ffffffff80287eca>] ? dequeue_task_fair+0x73a/0x820
 [<ffffffff802e6c15>] ? next_zone+0x25/0x30
 [<ffffffff8028a9d9>] ? pick_next_task_fair+0xa9/0x850
 [<ffffffff80274471>] process_one_work+0x151/0x3c0
 [<ffffffff802a4909>] ? mod_timer+0xe9/0x160
 [<ffffffff802a4715>] ? lock_timer_base+0x55/0x70
 [<ffffffff806088bb>] ? schedule+0x3b/0xa0
 [<ffffffff80274838>] worker_thread+0x158/0x6b0
 [<ffffffff8060830a>] ? __schedule+0x27a/0x6e0
 [<ffffffff80282fbd>] ? default_wake_function+0xd/0x10
 [<ffffffff8028fb31>] ? __wake_up_common+0x51/0x80
 [<ffffffff806088bb>] ? schedule+0x3b/0xa0
 [<ffffffff802746e0>] ? process_one_work+0x3c0/0x3c0
 [<ffffffff80279817>] kthread+0xc7/0xf0
 [<ffffffff80279750>] ? kthread_parkme+0x20/0x20
 [<ffffffff8060bd9f>] ret_from_fork+0x3f/0x70
 [<ffffffff80279750>] ? kthread_parkme+0x20/0x20
Code: 00 00 80 ff 77 00 00 48 01 df 48 0f 42 05 50 33 70 00 48 8d 3c 38 48 b8 00 00 00 00 00 ea ff ff 48 c1 ef 0c 48 c1 e7 06 48 01 c7 <48> 8b 47 20 48 89 45 e0 a8 01 75 64 48 8b 47 20 48 8d 57 20 48 
RIP  [<ffffffff8030bcd9>] kfree+0x49/0x110
 RSP <ffff88042b0a7988>
---[ end trace a3bcfa253dbef567 ]---
BUG: unable to handle kernel paging request at ffffffffffffffd8
IP: [<ffffffff8027923b>] kthread_data+0xb/0x20
PGD a0b067 PUD a0d067 PMD 0 
Oops: 0000 [#2] SMP DEBUG_PAGEALLOC 
Modules linked in: netconsole igb i2c_algo_bit ptp pps_core sg eeprom i2c_i801
CPU: 3 PID: 24 Comm: kworker/3:0 Tainted: G      D         4.5.0-rc4-00095-g2850713 #14
Hardware name: Supermicro X8DTH-i/6/iF/6F/X8DTH, BIOS 2.1b       05/04/12  
task: ffff88042b09f080 ti: ffff88042b0a4000 task.ti: ffff88042b0a4000
RIP: 0010:[<ffffffff8027923b>]  [<ffffffff8027923b>] kthread_data+0xb/0x20
RSP: 0018:ffff88042b0a7608  EFLAGS: 00010096
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffff88043dc73840
RDX: ffff88042b09f080 RSI: 0000000000000003 RDI: ffff88042b09f080
RBP: ffff88042b0a7608 R08: ffff88043dc738a8 R09: 0000000000016800
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000013840
R13: ffff88042b09f4c8 R14: 0000000000000003 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88043dc60000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000028 CR3: 0000000000a0a000 CR4: 00000000000006e0
Stack:
 ffff88042b0a7648 ffffffff802731c0 ffff88042b0a7648 ffffffff8027d642
 ffff88042b09f448 ffff88043dc73840 0000000000013840 ffff88043dc73840
 ffff88042b0a76f8 ffffffff80608438 ffff88042b09f3e0 ffff88042b09f080
Call Trace:
 [<ffffffff802731c0>] wq_worker_sleeping+0x10/0xa0
 [<ffffffff8027d642>] ? deactivate_task+0x52/0x60
 [<ffffffff80608438>] __schedule+0x3a8/0x6e0
 [<ffffffff8026215d>] ? exit_notify+0xed/0x1e0
 [<ffffffff806088bb>] schedule+0x3b/0xa0
 [<ffffffff802625ea>] do_exit+0x39a/0x580
 [<ffffffff80296cba>] ? vprintk_default+0x1a/0x20
 [<ffffffff802cf886>] ? printk+0x41/0x43
 [<ffffffff80205bd2>] oops_end+0x72/0xa0
 [<ffffffff80205cf6>] die+0x56/0x80
 [<ffffffff8020415e>] do_general_protection+0xce/0x150
 [<ffffffff8060d11f>] general_protection+0x1f/0x30
 [<ffffffff8030bcd9>] ? kfree+0x49/0x110
 [<ffffffff804f3e5a>] ? usb_release_interface_cache+0x4a/0x60
 [<ffffffff804f56cb>] ? usb_destroy_configuration+0x11b/0x140
 [<ffffffff804f3df0>] usb_release_bos_descriptor+0x20/0x40
 [<ffffffff804e6b2c>] usb_release_dev+0x2c/0x70
 [<ffffffff804a5433>] device_release+0x33/0xa0
 [<ffffffff80402a57>] kobject_release+0x47/0x90
 [<ffffffff80402acc>] kobject_put+0x2c/0x60
 [<ffffffff804a4d12>] put_device+0x12/0x20
 [<ffffffff804eac4b>] usb_disconnect+0x1cb/0x220
 [<ffffffff804ebcca>] hub_event+0x46a/0x1070
 [<ffffffff80287eca>] ? dequeue_task_fair+0x73a/0x820
 [<ffffffff802e6c15>] ? next_zone+0x25/0x30
 [<ffffffff8028a9d9>] ? pick_next_task_fair+0xa9/0x850
 [<ffffffff80274471>] process_one_work+0x151/0x3c0
 [<ffffffff802a4909>] ? mod_timer+0xe9/0x160
 [<ffffffff802a4715>] ? lock_timer_base+0x55/0x70
 [<ffffffff806088bb>] ? schedule+0x3b/0xa0
 [<ffffffff80274838>] worker_thread+0x158/0x6b0
 [<ffffffff8060830a>] ? __schedule+0x27a/0x6e0
 [<ffffffff80282fbd>] ? default_wake_function+0xd/0x10
 [<ffffffff8028fb31>] ? __wake_up_common+0x51/0x80
 [<ffffffff806088bb>] ? schedule+0x3b/0xa0
 [<ffffffff802746e0>] ? process_one_work+0x3c0/0x3c0
 [<ffffffff80279817>] kthread+0xc7/0xf0
 [<ffffffff80279750>] ? kthread_parkme+0x20/0x20
 [<ffffffff8060bd9f>] ret_from_fork+0x3f/0x70
 [<ffffffff80279750>] ? kthread_parkme+0x20/0x20
Code: 25 00 ac 00 00 48 8b 80 e8 03 00 00 48 8b 40 c8 c9 48 d1 e8 83 e0 01 c3 0f 1f 84 00 00 00 00 00 55 48 8b 87 e8 03 00 00 48 89 e5 <48> 8b 40 d8 c9 c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 
RIP  [<ffffffff8027923b>] kthread_data+0xb/0x20
 RSP <ffff88042b0a7608>
CR2: ffffffffffffffd8
---[ end trace a3bcfa253dbef568 ]---
Fixing recursive fault but reboot is needed!

With the patch reverted, everything works fine.

So far I have been unable to reproduce the problem using EHCI (USB 2.0).

Tony Battersby
Cybernetics

next             reply	other threads:[~2016-02-19 14:39 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-19 14:39 Tony Battersby [this message]
2016-02-20 22:21 ` USB oops regression caused by -stable patch Greg Kroah-Hartman
2016-02-22  2:27   ` Du, Changbin
2016-02-22 15:36     ` Tony Battersby

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56C7293D.2040105@cybernetics.com \
    --to=tonyb@cybernetics.com \
    --cc=changbin.du@intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.