This upstream commit is causing an oops:
d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")This patch has already been included in several -stable kernels. Here are the affected kernels: 4.5.0-rc4 (current git) 4.4.2 4.3.6 (currently in review) 4.1.18 3.18.27 3.14.61 How to reproduce the problem: Boot kernel with slub debugging enabled (otherwise memory corruption will cause random oopses later instead of immediately) Plug in USB 3.0 disk to xhci USB 3.0 port dd if=/dev/sdc of=/dev/null bs=65536 (where /dev/sdc is the USB 3.0 disk) Unplug USB cable while dd is still going Oops is immediate: blk_update_request: I/O error, dev sdc, sector 864768 blk_update_request: I/O error, dev sdc, sector 865008 blk_update_request: I/O error, dev sdc, sector 865024 blk_update_request: I/O error, dev sdc, sector 865264 blk_update_request: I/O error, dev sdc, sector 864768 Buffer I/O error on dev sdc, logical block 108096, async page read general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC Modules linked in: netconsole igb i2c_algo_bit ptp pps_core sg eeprom i2c_i801 CPU: 3 PID: 24 Comm: kworker/3:0 Not tainted 4.5.0-rc4-00095-g2850713 #14 Hardware name: Supermicro X8DTH-i/6/iF/6F/X8DTH, BIOS 2.1b 05/04/12 Workqueue: usb_hub_wq hub_event task: ffff88042b09f080 ti: ffff88042b0a4000 task.ti: ffff88042b0a4000 RIP: 0010:[<ffffffff8030bcd9>] [<ffffffff8030bcd9>] kfree+0x49/0x110 RSP: 0018:ffff88042b0a7988 EFLAGS: 00010207 RAX: ffffea0000000000 RBX: 6b6b6b6b00000100 RCX: 0000000000000018 RDX: 0000000000000018 RSI: 0000000000000000 RDI: 01ad998dac000000 RBP: ffff88042b0a79c8 R08: ffffea0010a72210 R09: ffffea0010a72218 R10: ffff880429c88548 R11: 0000000000000001 R12: ffff8800bb1b8000 R13: ffff880429a21ce0 R14: ffff8800bb1a0690 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff88043dc60000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f3a6186b990 CR3: 0000000000a0a000 CR4: 00000000000006e0 Stack: ffffea0002ea2220 0000000000000000 ffff880429c88548 0000000000000001 ffff88042b0a79e8 ffffffff804f56cb ffff880401002801 ffff880429c80948 ffff88042b0a79e8 ffffffff804f3df0 ffff8800bb1a0690 ffff880429c80948 Call Trace: [<ffffffff804f56cb>] ? usb_destroy_configuration+0x11b/0x140 [<ffffffff804f3df0>] usb_release_bos_descriptor+0x20/0x40 [<ffffffff804e6b2c>] usb_release_dev+0x2c/0x70 [<ffffffff804a5433>] device_release+0x33/0xa0 [<ffffffff80402a57>] kobject_release+0x47/0x90 [<ffffffff80402acc>] kobject_put+0x2c/0x60 [<ffffffff804a4d12>] put_device+0x12/0x20 [<ffffffff804eac4b>] usb_disconnect+0x1cb/0x220 [<ffffffff804ebcca>] hub_event+0x46a/0x1070 [<ffffffff80287eca>] ? dequeue_task_fair+0x73a/0x820 [<ffffffff802e6c15>] ? next_zone+0x25/0x30 [<ffffffff8028a9d9>] ? pick_next_task_fair+0xa9/0x850 [<ffffffff80274471>] process_one_work+0x151/0x3c0 [<ffffffff802a4909>] ? mod_timer+0xe9/0x160 [<ffffffff802a4715>] ? lock_timer_base+0x55/0x70 [<ffffffff806088bb>] ? schedule+0x3b/0xa0 [<ffffffff80274838>] worker_thread+0x158/0x6b0 [<ffffffff8060830a>] ? __schedule+0x27a/0x6e0 [<ffffffff80282fbd>] ? default_wake_function+0xd/0x10 [<ffffffff8028fb31>] ? __wake_up_common+0x51/0x80 [<ffffffff806088bb>] ? schedule+0x3b/0xa0 [<ffffffff802746e0>] ? process_one_work+0x3c0/0x3c0 [<ffffffff80279817>] kthread+0xc7/0xf0 [<ffffffff80279750>] ? kthread_parkme+0x20/0x20 [<ffffffff8060bd9f>] ret_from_fork+0x3f/0x70 [<ffffffff80279750>] ? kthread_parkme+0x20/0x20 Code: 00 00 80 ff 77 00 00 48 01 df 48 0f 42 05 50 33 70 00 48 8d 3c 38 48 b8 00 00 00 00 00 ea ff ff 48 c1 ef 0c 48 c1 e7 06 48 01 c7 <48> 8b 47 20 48 89 45 e0 a8 01 75 64 48 8b 47 20 48 8d 57 20 48 RIP [<ffffffff8030bcd9>] kfree+0x49/0x110 RSP <ffff88042b0a7988> ---[ end trace a3bcfa253dbef567 ]--- BUG: unable to handle kernel paging request at ffffffffffffffd8 IP: [<ffffffff8027923b>] kthread_data+0xb/0x20 PGD a0b067 PUD a0d067 PMD 0 Oops: 0000 [#2] SMP DEBUG_PAGEALLOC Modules linked in: netconsole igb i2c_algo_bit ptp pps_core sg eeprom i2c_i801 CPU: 3 PID: 24 Comm: kworker/3:0 Tainted: G D 4.5.0-rc4-00095-g2850713 #14 Hardware name: Supermicro X8DTH-i/6/iF/6F/X8DTH, BIOS 2.1b 05/04/12 task: ffff88042b09f080 ti: ffff88042b0a4000 task.ti: ffff88042b0a4000 RIP: 0010:[<ffffffff8027923b>] [<ffffffff8027923b>] kthread_data+0xb/0x20 RSP: 0018:ffff88042b0a7608 EFLAGS: 00010096 RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffff88043dc73840 RDX: ffff88042b09f080 RSI: 0000000000000003 RDI: ffff88042b09f080 RBP: ffff88042b0a7608 R08: ffff88043dc738a8 R09: 0000000000016800 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000013840 R13: ffff88042b09f4c8 R14: 0000000000000003 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88043dc60000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000028 CR3: 0000000000a0a000 CR4: 00000000000006e0 Stack: ffff88042b0a7648 ffffffff802731c0 ffff88042b0a7648 ffffffff8027d642 ffff88042b09f448 ffff88043dc73840 0000000000013840 ffff88043dc73840 ffff88042b0a76f8 ffffffff80608438 ffff88042b09f3e0 ffff88042b09f080 Call Trace: [<ffffffff802731c0>] wq_worker_sleeping+0x10/0xa0 [<ffffffff8027d642>] ? deactivate_task+0x52/0x60 [<ffffffff80608438>] __schedule+0x3a8/0x6e0 [<ffffffff8026215d>] ? exit_notify+0xed/0x1e0 [<ffffffff806088bb>] schedule+0x3b/0xa0 [<ffffffff802625ea>] do_exit+0x39a/0x580 [<ffffffff80296cba>] ? vprintk_default+0x1a/0x20 [<ffffffff802cf886>] ? printk+0x41/0x43 [<ffffffff80205bd2>] oops_end+0x72/0xa0 [<ffffffff80205cf6>] die+0x56/0x80 [<ffffffff8020415e>] do_general_protection+0xce/0x150 [<ffffffff8060d11f>] general_protection+0x1f/0x30 [<ffffffff8030bcd9>] ? kfree+0x49/0x110 [<ffffffff804f3e5a>] ? usb_release_interface_cache+0x4a/0x60 [<ffffffff804f56cb>] ? usb_destroy_configuration+0x11b/0x140 [<ffffffff804f3df0>] usb_release_bos_descriptor+0x20/0x40 [<ffffffff804e6b2c>] usb_release_dev+0x2c/0x70 [<ffffffff804a5433>] device_release+0x33/0xa0 [<ffffffff80402a57>] kobject_release+0x47/0x90 [<ffffffff80402acc>] kobject_put+0x2c/0x60 [<ffffffff804a4d12>] put_device+0x12/0x20 [<ffffffff804eac4b>] usb_disconnect+0x1cb/0x220 [<ffffffff804ebcca>] hub_event+0x46a/0x1070 [<ffffffff80287eca>] ? dequeue_task_fair+0x73a/0x820 [<ffffffff802e6c15>] ? next_zone+0x25/0x30 [<ffffffff8028a9d9>] ? pick_next_task_fair+0xa9/0x850 [<ffffffff80274471>] process_one_work+0x151/0x3c0 [<ffffffff802a4909>] ? mod_timer+0xe9/0x160 [<ffffffff802a4715>] ? lock_timer_base+0x55/0x70 [<ffffffff806088bb>] ? schedule+0x3b/0xa0 [<ffffffff80274838>] worker_thread+0x158/0x6b0 [<ffffffff8060830a>] ? __schedule+0x27a/0x6e0 [<ffffffff80282fbd>] ? default_wake_function+0xd/0x10 [<ffffffff8028fb31>] ? __wake_up_common+0x51/0x80 [<ffffffff806088bb>] ? schedule+0x3b/0xa0 [<ffffffff802746e0>] ? process_one_work+0x3c0/0x3c0 [<ffffffff80279817>] kthread+0xc7/0xf0 [<ffffffff80279750>] ? kthread_parkme+0x20/0x20 [<ffffffff8060bd9f>] ret_from_fork+0x3f/0x70 [<ffffffff80279750>] ? kthread_parkme+0x20/0x20 Code: 25 00 ac 00 00 48 8b 80 e8 03 00 00 48 8b 40 c8 c9 48 d1 e8 83 e0 01 c3 0f 1f 84 00 00 00 00 00 55 48 8b 87 e8 03 00 00 48 89 e5 <48> 8b 40 d8 c9 c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 RIP [<ffffffff8027923b>] kthread_data+0xb/0x20 RSP <ffff88042b0a7608> CR2: ffffffffffffffd8 ---[ end trace a3bcfa253dbef568 ]--- Fixing recursive fault but reboot is needed! With the patch reverted, everything works fine. So far I have been unable to reproduce the problem using EHCI (USB 2.0). Tony Battersby Cybernetics -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
