64562 – Perhaps related to 53005: Stopping hotplug causes kernel crash

Bug 64562 - Perhaps related to 53005: Stopping hotplug causes kernel crash

Summary: Perhaps related to 53005: Stopping hotplug causes kernel crash

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High critical (vote)
Assignee:	Gentoo Kernel Bug Wranglers and Kernel Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-09-18 14:44 UTC by Nix N. Nix
Modified:	2004-09-18 16:25 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nix N. Nix 2004-09-18 14:44:16 UTC

The hotplug service is stopped before local file systems are umount-ed / remounted read-only.  Unfortunately, this allows for the following situation:

1. A partition on a USB Mass storage device is mounted.
2. Stopping hotplug causes (uhci|ohci|ehci)_hcd to be rmmod-ed.
3. When attempting to umount the file system, the kernel crashes.

Reproducible: Always
Steps to Reproduce:
1. emerge hotplug
2. Plug in a USB drive.
3. Mount a partition of the USB drive.
4. Shut down/reboot

Actual Results:  
The kernel crashes as follows:

scsi0 (0:): rejecting I/O to dead device
FAT bread failed in fat_clusters_flush
Unable to handle kernel paging request at virtual address e0a1a348
 printing eip:
e0a3decd
*pde = 1fe38067
*pte = 00000000
Oops: 0000 [#1]
Modules linked in: nls_iso8859_1 nls_cp437 vfat fat sg floppy nfsd exportfs
lockd sunrpc intel_agp agpgart sch_cbq ipt_REJECT ipt_mark ipt_state
ipt_MASQUERADE iptable_mangle iptable_filter ip_nat_ftp iptable_nat ip_tables
ip_conntrack_ftp ip_conntrack sd_mod usb_storage loop 3c59x usbhid usblp usbcore
parport_pc evdev rtc lp parport nvram fan button thermal processor ac isofs
nls_base zlib_inflate af_packet non_fatal ide_cd sr_mod scsi_mod cdrom unix
reiserfs raid0 md ide_disk pdc202xx_new piix ide_core
CPU:    0
EIP:    0060:[<e0a3decd>]    Not tainted
EFLAGS: 00010282   (2.6.8.1)
EIP is at hcd_pci_release+0xd/0x11 [usbcore]
eax: dfdddc64   ebx: dfdddcb8   ecx: dfdddcb0   edx: e0a1a320
esi: c028c4dc   edi: c028c500   ebp: e0a4f234   esp: dd14aeb4
ds: 007b   es: 007b   ss: 0068
Process umount (pid: 13105, threadinfo=dd14a000 task=df11c3b0)
Stack: e0a39b73 c01bfb44 00000001 dfe18600 dfb02800 e0a3d006 dfdddcb8 c0182cf7
       dfb02800 c028c2a8 c028c2c0 dfca6c68 e0a366c9 dfb028f0 c01be05d 00000000
       00000000 00000000 00000000 c0182cf7 df03e9c8 e0a5b360 debe638c dfe12480
Call Trace:
 [<e0a39b73>] usb_host_release+0x10/0x12 [usbcore]
 [<c01bfb44>] class_dev_release+0x5d/0x65
 [<e0a3d006>] usb_destroy_configuration+0xcd/0xed [usbcore]
 [<c0182cf7>] kobject_cleanup+0x8c/0x8e
 [<e0a366c9>] usb_release_dev+0x31/0x3f [usbcore]
 [<c01be05d>] device_release+0x53/0x57
 [<c0182cf7>] kobject_cleanup+0x8c/0x8e
 [<e0a5810b>] scsi_disk_put+0x2a/0x4a [sd_mod]
 [<e0a584ab>] sd_release+0x36/0x59 [sd_mod]
 [<c014bee5>] blkdev_put+0x100/0x11b
 [<c014bebb>] blkdev_put+0xd6/0x11b
 [<c014a548>] deactivate_super+0x43/0x58
 [<c015b85e>] sys_umount+0x3b/0x84
 [<c013c2c7>] do_munmap+0xed/0x119
 [<c015b8be>] sys_oldumount+0x17/0x1b
 [<c0105c0f>] syscall_call+0x7/0xb
Code: ff 52 28 c3 55 57 89 c7 56 53 89 d3 83 ec 34 e8 19 8d ff ff


Expected Results:  
hotplug should not remove the usb-storage pipeline (sd_mod,*_hcd,usb_storage) if
a partition on a usb_storage device is mounted.

In this case, the expected result was for the system to go down cleanly.

I have observed this behaviour on:
- x86 (Pentium 4)
- ppc (Apple iBook G4)

Please also have a look at a recent thread on the mailing list
"linux-usb-devel@lists.sourceforge.net" entitled "[linux-usb-devel] usb_storage
crash when writing to USB drive."

Comment 1 Greg Kroah-Hartman (RETIRED) gentoo-dev

2004-09-18 16:25:06 UTC

This is an upstream bug, nothing gentoo specific here.

Please file a bug at bugzilla.kernel.org for this.