Ooooh... a good test case. This is repeateable, right? I've been waiting for some additions to the scsi core for hot unplugging. At least some have just been added, so expect patches soonish. I'd love to have you test them.
Matt
On Sun, Feb 16, 2003 at 01:00:02PM -0800, David Brownell wrote:
> Hi Matt,
>
> When running some storage tests, a couple of times I've gotten
> oopses. Attached is 'dmesg' output for one sequence ... another
> was in_irq (dead box), with the usb_storage_queuecommand() null
> pointer getting triggered on the khubd usb_device_remove() path.
>
> Seems like for some reason the host would get driven off-line
> (electrical loading? VIA roothub wierdness?) and the cleanup
> (new code) didn't happen as it should ... this is basically
> that "unplug during disk i/o" case, except that I didn't do
> anything to the cable.
>
> I thought you should know about this ...
>
> - Dave
>
>
>
>
> hub 2-0:0: new USB device on port 1, assigned address 2
> usb 2-1: new device strings: Mfr=73, Product=90, SerialNumber=110
> usb 2-1: Product: USB Storage Adapter
> usb 2-1: Manufacturer: In-System Design
> usb 2-1: SerialNumber: 000000003045
> drivers/usb/core/usb.c: usb_hotplug
> usb 2-1: usb_new_device - registering interface 2-1:0
> usb-storage 2-1:0: usb_device_probe
> usb-storage 2-1:0: usb_device_probe - got id
> scsi0 : SCSI emulation for USB Mass Storage devices
> Vendor: QUANTUM Model: FIREBALLlct1 Rev: A03.
> Type: Direct-Access ANSI SCSI revision: 02
> SCSI device sda: 20044080 512-byte hdwr sectors (10263 MB)
> sda: asking for cache data failed
> sda: assuming drive cache: write through
> sda: sda1
> Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
> WARNING: USB Mass Storage data integrity not assured
> USB Mass Storage device found at 2
> drivers/usb/core/usb.c: usb_hotplug
> ehci-hcd 00:0c.2: GetStatus port 1 status 001803 POWER sig=j CSC CONNECT
> hub 2-0:0: port 1, status 501, change 1, 480 Mb/s
> usb 2-1: USB disconnect, address 2
> usb 2-1: unregistering interfaces
> drivers/usb/core/usb.c: usb_hotplug
> SCSI device not inactive - rq_status=1, target=0, pid=73094, state=4099, owner=258.
> drivers/scsi/hosts.c:245: spin_is_locked on uninitialized spinlock dfd4f4e8.
> Device busy???
> ------------[ cut here ]------------
> kernel BUG at drivers/usb/storage/usb.c:981!
> invalid operand: 0000
> CPU: 0
> EIP: 0060:[<e0860931>] Not tainted
> EFLAGS: 00010202
> EIP is at storage_disconnect+0x211/0x1f79f8e0 [usb_storage]
> eax: 00000001 ebx: d0957a00 ecx: 00000001 edx: dfd4f4a4
> esi: d0957a00 edi: e0864040 ebp: d0935e88 esp: d0935e80
> ds: 007b es: 007b ss: 0068
> Process khubd (pid: 1381, threadinfo=d0934000 task=d0fba9c0)
> Stack: e08640dc d08f7ad4 d0935ea8 e0870293 d08f7ad4 00000001 e0864040 d08f7aec
> e0864058 d08f7aec d0935ebc c01e7d76 d08f7aec e088cae0 e088cb20 d0935ed4
> c01e7edb d08f7aec c02aab94 d08f7aec d081bce0 d0935ef4 c01e72ca d08f7aec
> Call Trace:
> [<e08640dc>] usb_storage_driver+0x9c/0x1f79bfc0 [usb_storage]
> [<e0870293>] usb_device_remove+0xe3/0x1f78fe50 [usbcore]
> [<e0864040>] usb_storage_driver+0x0/0x1f79bfc0 [usb_storage]
> [<e0864058>] usb_storage_driver+0x18/0x1f79bfc0 [usb_storage]
> [<c01e7d76>] device_release_driver+0x46/0x60
> [<e088cae0>] usb_bus_type+0x0/0x1f773520 [usbcore]
> [<e088cb20>] usb_bus_type+0x40/0x1f773520 [usbcore]
> [<c01e7edb>] bus_remove_device+0x5b/0xb0
> [<c01e72ca>] device_del+0x6a/0xa0
> [<c01e730d>] device_unregister+0xd/0x1a
> [<e0870c84>] usb_disconnect+0xc4/0x1f78f440 [usbcore]
> [<e0873b1b>] usb_hub_port_connect_change+0xab/0x1f78c590 [usbcore]
> [<e0874007>] usb_hub_events+0x287/0x1f78c280 [usbcore]
>
> Code: 0f 0b d5 03 31 15 86 e0 8d 65 f8 5b 5e 5d c3 ff b3 c0 00 00
> <1>Unable to handle kernel NULL pointer dereference at virtual address 000000cc
> printing eip:
> e085d028
> *pde = 00000000
> Oops: 0000
> CPU: 0
> EIP: 0060:[<e085d028>] Not tainted
> EFLAGS: 00010046
> EIP is at usb_storage_queuecommand+0x18/0x1f7a2ff0 [usb_storage]
> eax: dfd4f4a4 ebx: dfd4f4a4 ecx: d08dc084 edx: 00000000
> esi: d086fed4 edi: 00000296 ebp: d086fe90 esp: d086fe90
> ds: 007b es: 007b ss: 0068
> Process scsi_eh_0 (pid: 1479, threadinfo=d086e000 task=d0fb8940)
> Stack: d086ff18 c022f6b4 d08dc084 c022f4b0 d086fedc d081bce0 00002002 00000000
> 00000000 1d244b3c 00000000 0000000a c02c3c2b 00000000 00000000 d086fefc
> d086fefc c02c3c2b dfad0adc 00000000 00000000 1d244b3c 00000000 0000000a
> Call Trace:
> [<c022f6b4>] scsi_send_eh_cmnd+0x1b4/0x5e0
> [<c022f4b0>] scsi_eh_done+0x0/0x50
> [<c022ff9a>] scsi_eh_tur+0x7a/0xb0
> [<c022fe6c>] scsi_try_to_abort_cmd+0x11c/0x1d0
> [<c022fffa>] scsi_eh_abort_cmd+0x2a/0x60
> [<c0230d34>] scsi_unjam_host+0x34/0xc0
> [<c02311b8>] scsi_error_handler+0x3f8/0x460
> [<c0230dc0>] scsi_error_handler+0x0/0x460
> [<c0107369>] kernel_thread_helper+0x5/0xc
>
> Code: 8b 82 cc 00 00 00 48 74 08 0f 0b 95 00 60 19 86 e0 8b 82 c4
> <6>note: scsi_eh_0[1479] exited with preempt_count 1
--
Matthew Dharm Home: [EMAIL PROTECTED]
Maintainer, Linux USB Mass Storage Driver
What the hell are you?
-- Pitr to Dust Puppy
User Friendly, 12/3/1997
msg11518/pgp00000.pgp
Description: PGP signature
