subject:"USB oops regression caused by \-stable patch"

Re: USB oops regression caused by -stable patch

2016-02-22 Thread Tony Battersby

Thanks, that fixes it.  Tested on 4.5.0-rc5 and 3.18.27.  Just to be
clear, I tested it *without* reverting d8f00cd685f5.  So this patch is
in addition to d8f00cd685f5 instead of replacing it.

Tested-by: Tony Battersby 

On 02/21/2016 09:27 PM, Du, Changbin wrote:
> Thanks for reporting, Tony. It was remiss of me.
> There is another BOS free operation in label re_enumerate. This cause a 
> double-free of BOS.
> USB2 doesn't have BOS desc, so you cannot reproduce it.
>
> I am on a travel. It is appreciated if you can help try below fix.
>
> Hi, Greg, I will commit a final patch once returned from travel.
>
> --- a/drivers/usb/core/hub.c
> +++ b/drivers/usb/core/hub.c
> @@ -5501,8 +5501,10 @@ done:
> return 0;
>  
>  re_enumerate:
> -   usb_release_bos_descriptor(udev);
> -   udev->bos = bos;
> +   if (udev->bos != bos) {
> +   usb_release_bos_descriptor(udev);
> +   udev->bos = bos;
> +   }
>
> Best Regards,
> Du, Changbin
>
>> On Fri, Feb 19, 2016 at 09:39:57AM -0500, Tony Battersby wrote:
>>> This upstream commit is causing an oops:
>>> d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")
>>>
>>> This patch has already been included in several -stable kernels.  Here
>>> are the affected kernels:
>>> 4.5.0-rc4 (current git)
>>> 4.4.2
>>> 4.3.6 (currently in review)
>>> 4.1.18
>>> 3.18.27
>>> 3.14.61
>>>
>>> How to reproduce the problem:
>>> Boot kernel with slub debugging enabled (otherwise memory corruption
>>> will cause random oopses later instead of immediately)
>>> Plug in USB 3.0 disk to xhci USB 3.0 port
>>> dd if=/dev/sdc of=/dev/null bs=65536
>>> (where /dev/sdc is the USB 3.0 disk)
>>> Unplug USB cable while dd is still going
>>> Oops is immediate:
>> Not good, thanks for letting us know.  I've now reverted this and will
>> get the fix into 4.5-rc6.
>>
>> greg k-h

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

RE: USB oops regression caused by -stable patch

2016-02-21 Thread Du, Changbin

Thanks for reporting, Tony. It was remiss of me.
There is another BOS free operation in label re_enumerate. This cause a 
double-free of BOS.
USB2 doesn't have BOS desc, so you cannot reproduce it.

I am on a travel. It is appreciated if you can help try below fix.

Hi, Greg, I will commit a final patch once returned from travel.

--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5501,8 +5501,10 @@ done:
return 0;
 
 re_enumerate:
-   usb_release_bos_descriptor(udev);
-   udev->bos = bos;
+   if (udev->bos != bos) {
+   usb_release_bos_descriptor(udev);
+   udev->bos = bos;
+   }

Best Regards,
Du, Changbin

> On Fri, Feb 19, 2016 at 09:39:57AM -0500, Tony Battersby wrote:
> > This upstream commit is causing an oops:
> > d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")
> >
> > This patch has already been included in several -stable kernels.  Here
> > are the affected kernels:
> > 4.5.0-rc4 (current git)
> > 4.4.2
> > 4.3.6 (currently in review)
> > 4.1.18
> > 3.18.27
> > 3.14.61
> >
> > How to reproduce the problem:
> > Boot kernel with slub debugging enabled (otherwise memory corruption
> > will cause random oopses later instead of immediately)
> > Plug in USB 3.0 disk to xhci USB 3.0 port
> > dd if=/dev/sdc of=/dev/null bs=65536
> > (where /dev/sdc is the USB 3.0 disk)
> > Unplug USB cable while dd is still going
> > Oops is immediate:
> 
> Not good, thanks for letting us know.  I've now reverted this and will
> get the fix into 4.5-rc6.
> 
> greg k-h


0001-usb-hub-fix-panic-in-usb_reset_and_verify_device.patch
Description: 0001-usb-hub-fix-panic-in-usb_reset_and_verify_device.patch

Re: USB oops regression caused by -stable patch

2016-02-20 Thread Greg Kroah-Hartman

On Fri, Feb 19, 2016 at 09:39:57AM -0500, Tony Battersby wrote:
> This upstream commit is causing an oops:
> d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")
> 
> This patch has already been included in several -stable kernels.  Here
> are the affected kernels:
> 4.5.0-rc4 (current git)
> 4.4.2
> 4.3.6 (currently in review)
> 4.1.18
> 3.18.27
> 3.14.61
> 
> How to reproduce the problem:
> Boot kernel with slub debugging enabled (otherwise memory corruption
> will cause random oopses later instead of immediately)
> Plug in USB 3.0 disk to xhci USB 3.0 port
> dd if=/dev/sdc of=/dev/null bs=65536
> (where /dev/sdc is the USB 3.0 disk)
> Unplug USB cable while dd is still going
> Oops is immediate:

Not good, thanks for letting us know.  I've now reverted this and will
get the fix into 4.5-rc6.

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

USB oops regression caused by -stable patch

2016-02-19 Thread Tony Battersby

This upstream commit is causing an oops:
d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")

This patch has already been included in several -stable kernels.  Here
are the affected kernels:
4.5.0-rc4 (current git)
4.4.2
4.3.6 (currently in review)
4.1.18
3.18.27
3.14.61

How to reproduce the problem:
Boot kernel with slub debugging enabled (otherwise memory corruption
will cause random oopses later instead of immediately)
Plug in USB 3.0 disk to xhci USB 3.0 port
dd if=/dev/sdc of=/dev/null bs=65536
(where /dev/sdc is the USB 3.0 disk)
Unplug USB cable while dd is still going
Oops is immediate:

blk_update_request: I/O error, dev sdc, sector 864768
blk_update_request: I/O error, dev sdc, sector 865008
blk_update_request: I/O error, dev sdc, sector 865024
blk_update_request: I/O error, dev sdc, sector 865264
blk_update_request: I/O error, dev sdc, sector 864768
Buffer I/O error on dev sdc, logical block 108096, async page read
general protection fault:  [#1] SMP DEBUG_PAGEALLOC 
Modules linked in: netconsole igb i2c_algo_bit ptp pps_core sg eeprom i2c_i801
CPU: 3 PID: 24 Comm: kworker/3:0 Not tainted 4.5.0-rc4-00095-g2850713 #14
Hardware name: Supermicro X8DTH-i/6/iF/6F/X8DTH, BIOS 2.1b   05/04/12  
Workqueue: usb_hub_wq hub_event
task: 88042b09f080 ti: 88042b0a4000 task.ti: 88042b0a4000
RIP: 0010:[]  [] kfree+0x49/0x110
RSP: 0018:88042b0a7988  EFLAGS: 00010207
RAX: ea00 RBX: 6b6b6b6b0100 RCX: 0018
RDX: 0018 RSI:  RDI: 01ad998dac00
RBP: 88042b0a79c8 R08: ea0010a72210 R09: ea0010a72218
R10: 880429c88548 R11: 0001 R12: 8800bb1b8000
R13: 880429a21ce0 R14: 8800bb1a0690 R15: 0001
FS:  () GS:88043dc6() knlGS:
CS:  0010 DS:  ES:  CR0: 8005003b
CR2: 7f3a6186b990 CR3: 00a0a000 CR4: 06e0
Stack:
 ea0002ea2220  880429c88548 0001
 88042b0a79e8 804f56cb 880401002801 880429c80948
 88042b0a79e8 804f3df0 8800bb1a0690 880429c80948
Call Trace:
 [] ? usb_destroy_configuration+0x11b/0x140
 [] usb_release_bos_descriptor+0x20/0x40
 [] usb_release_dev+0x2c/0x70
 [] device_release+0x33/0xa0
 [] kobject_release+0x47/0x90
 [] kobject_put+0x2c/0x60
 [] put_device+0x12/0x20
 [] usb_disconnect+0x1cb/0x220
 [] hub_event+0x46a/0x1070
 [] ? dequeue_task_fair+0x73a/0x820
 [] ? next_zone+0x25/0x30
 [] ? pick_next_task_fair+0xa9/0x850
 [] process_one_work+0x151/0x3c0
 [] ? mod_timer+0xe9/0x160
 [] ? lock_timer_base+0x55/0x70
 [] ? schedule+0x3b/0xa0
 [] worker_thread+0x158/0x6b0
 [] ? __schedule+0x27a/0x6e0
 [] ? default_wake_function+0xd/0x10
 [] ? __wake_up_common+0x51/0x80
 [] ? schedule+0x3b/0xa0
 [] ? process_one_work+0x3c0/0x3c0
 [] kthread+0xc7/0xf0
 [] ? kthread_parkme+0x20/0x20
 [] ret_from_fork+0x3f/0x70
 [] ? kthread_parkme+0x20/0x20
Code: 00 00 80 ff 77 00 00 48 01 df 48 0f 42 05 50 33 70 00 48 8d 3c 38 48 b8 
00 00 00 00 00 ea ff ff 48 c1 ef 0c 48 c1 e7 06 48 01 c7 <48> 8b 47 20 48 89 45 
e0 a8 01 75 64 48 8b 47 20 48 8d 57 20 48 
RIP  [] kfree+0x49/0x110
 RSP 
---[ end trace a3bcfa253dbef567 ]---
BUG: unable to handle kernel paging request at ffd8
IP: [] kthread_data+0xb/0x20
PGD a0b067 PUD a0d067 PMD 0 
Oops:  [#2] SMP DEBUG_PAGEALLOC 
Modules linked in: netconsole igb i2c_algo_bit ptp pps_core sg eeprom i2c_i801
CPU: 3 PID: 24 Comm: kworker/3:0 Tainted: G  D 
4.5.0-rc4-00095-g2850713 #14
Hardware name: Supermicro X8DTH-i/6/iF/6F/X8DTH, BIOS 2.1b   05/04/12  
task: 88042b09f080 ti: 88042b0a4000 task.ti: 88042b0a4000
RIP: 0010:[]  [] kthread_data+0xb/0x20
RSP: 0018:88042b0a7608  EFLAGS: 00010096
RAX:  RBX: 0003 RCX: 88043dc73840
RDX: 88042b09f080 RSI: 0003 RDI: 88042b09f080
RBP: 88042b0a7608 R08: 88043dc738a8 R09: 00016800
R10: 0001 R11: 0001 R12: 00013840
R13: 88042b09f4c8 R14: 0003 R15: 
FS:  () GS:88043dc6() knlGS:
CS:  0010 DS:  ES:  CR0: 8005003b
CR2: 0028 CR3: 00a0a000 CR4: 06e0
Stack:
 88042b0a7648 802731c0 88042b0a7648 8027d642
 88042b09f448 88043dc73840 00013840 88043dc73840
 88042b0a76f8 80608438 88042b09f3e0 88042b09f080
Call Trace:
 [] wq_worker_sleeping+0x10/0xa0
 [] ? deactivate_task+0x52/0x60
 [] __schedule+0x3a8/0x6e0
 [] ? exit_notify+0xed/0x1e0
 [] schedule+0x3b/0xa0
 [] do_exit+0x39a/0x580
 [] ? vprintk_default+0x1a/0x20
 [] ? printk+0x41/0x43
 [] oops_end+0x72/0xa0
 [] die+0x56/0x80
 [] do_general_protection+0xce/0x150
 [] general_protection+0x1f/0x30
 [] ? kfree+0x49/0x110
 [] ? usb_release_interface_cache+0x4a/0x60
 [] ? usb_destroy_configuration+0x11b/0x140

Re: USB oops regression caused by -stable patch

RE: USB oops regression caused by -stable patch

Re: USB oops regression caused by -stable patch

USB oops regression caused by -stable patch

4 matches

Site Navigation

Mail list logo

Footer information