Bug#283440: kernel-image-2.6.8-1-686: broken usb-flash memory crashes khubd and causes usb to hang

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#283440: kernel-image-2.6.8-1-686: broken usb-flash memory crashes khubd and causes usb to hang
From: Benjamin Schweizer <besh@gmx.net>
Date: Mon, 29 Nov 2004 02:48:43 +0100
Message-id: <[🔎] E1CYaer-00088b-00@master.debian.org>
Reply-to: Benjamin Schweizer <besh@gmx.net>, 283440@bugs.debian.org

Package: kernel-image-2.6.8-1-686
Version: 2.6.8-5
Severity: normal

I've got a broken usb flash memory device. The driver doesn't handle the
failure correctly and khubd crashes. This terminates the whole usb
subsystem and it can't be stopped/restarted anymore.
You might say this is a hardware problem, but as usb is used for
interconnection, I see the possibility of a denial of service.
Anyhow this is a minor bug and it probably should go to the kernel
hackers who maintain mm/slab.c.


-- kernel messages:

Buffer I/O error on device sda1, logical block 9
lost page write due to I/O error on sda1
scsi0 (0:0): rejecting I/O to offline device
scsi0 (0:0): rejecting I/O to offline device
usb 1-1: USB disconnect, address 2
slab error in kmem_cache_destroy(): cache `scsi_cmd_cache': Can't free all objects
 [<c013e5e6>] kmem_cache_destroy+0x86/0x100
 [<cac1b467>] scsi_destroy_command_freelist+0x57/0x90 [scsi_mod]
 [<cac1c592>] scsi_host_dev_release+0x32/0x90 [scsi_mod]
 [<c01f4d6b>] device_release+0x5b/0x60
 [<c01a4758>] kobject_cleanup+0x98/0xa0
 [<cadb6c58>] usb_stor_release_resources+0xc8/0x100 [usb_storage]
 [<cadb6f66>] storage_disconnect+0x66/0x76 [usb_storage]
 [<caba6106>] usb_unbind_interface+0x76/0x80 [usbcore]
 [<c01f60c6>] device_release_driver+0x66/0x70
 [<c01f6344>] bus_remove_device+0x64/0xb0
 [<c01f50fd>] device_del+0x5d/0xa0
 [<cabad008>] usb_disable_device+0xc8/0x110 [usbcore]
 [<caba8316>] usb_disconnect+0xb6/0x150 [usbcore]
 [<caba9405>] hub_port_connect_change+0x3c5/0x400 [usbcore]
 [<caba860f>] hub_port_status+0x3f/0xb0 [usbcore]
 [<caba96c1>] hub_events+0x281/0x3d0 [usbcore]
 [<caba9845>] hub_thread+0x35/0x120 [usbcore]
 [<c0119e10>] autoremove_wake_function+0x0/0x60
 [<c0105f12>] ret_from_fork+0x6/0x14
 [<c0119e10>] autoremove_wake_function+0x0/0x60
 [<caba9810>] hub_thread+0x0/0x120 [usbcore]
 [<c01042ad>] kernel_thread_helper+0x5/0x18
usb 1-1: new full speed USB device using address 3
usb 1-1: control timeout on ep0out
usb 1-1: device not accepting address 3, error -71
usb 1-1: new full speed USB device using address 4
usb 1-1: control timeout on ep0out
usb 1-1: device not accepting address 4, error -71
usb 1-1: new full speed USB device using address 5
kmem_cache_create: duplicate cache scsi_cmd_cache
------------[ cut here ]------------
kernel BUG at mm/slab.c:1382!
invalid operand: 0000 [#1]
PREEMPT 
Modules linked in: nls_iso8859_1 nls_cp437 usb_storage rfcomm l2cap bluetooth ipv6 orinoco_cs orinoco hermes ds apm snd_opl3_lib snd_hwdep snd_cs4231_lib snd_mpu401_uart snd_ad1848_lib af_packet pci_hotplug intel_agp irtty_sir sir_dev irda crc_ccitt analog ns558 parport_pc parport floppy pcspkr agpgart snd_cs46xx snd_rawmidi snd_seq_device snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc gameport sd_mod scsi_mod vfat fat dm_mod tsdev capability commoncap evdev psmouse mousedev ide_cd cdrom uhci_hcd usbcore yenta_socket pcmcia_core rtc ext3 jbd mbcache ide_generic piix ide_disk ide_core unix fbcon font vesafb cfbcopyarea cfbimgblt cfbfillrect
CPU:    0
EIP:    0060:[<c013e1c8>]    Not tainted
EFLAGS: 00010202   (2.6.8-1-686) 
EIP is at kmem_cache_create+0x3d8/0x570
eax: 00000032   ebx: c9e2c2d0   ecx: c03643d8   edx: c02bc3b8
esi: cac25f2f   edi: cac25f2f   ebp: c9e2c1e0   esp: c8a87d38
ds: 007b   es: 007b   ss: 0068
Process khubd (pid: 529, threadinfo=c8a86000 task=c8a73180)
Stack: c0293c20 cac25f20 00000020 00002000 c8a87d58 c9e2c21c c0000000 ffffffe0 
       000000a0 c1386e00 cac37d00 c1386e0c cac37d28 cac1b37f cac25f20 00000160 
       00000020 00002000 00000000 00000000 000001d8 c1386e00 c1386fd8 cadc3300 
Call Trace:
 [<cac1b37f>] scsi_setup_command_freelist+0x6f/0x100 [scsi_mod]
 [<cac1c798>] scsi_host_alloc+0x1a8/0x2b0 [scsi_mod]
 [<cadb5a29>] usb_stor_Bulk_max_lun+0x59/0xa0 [usb_storage]
 [<cadb6ad5>] usb_stor_acquire_resources+0x75/0x130 [usb_storage]
 [<cadb6e37>] storage_probe+0x117/0x1e0 [usb_storage]
 [<c0191f94>] sysfs_add_file+0xa4/0xb0
 [<caba607d>] usb_probe_interface+0x5d/0x70 [usbcore]
 [<c01f5eef>] bus_match+0x3f/0x70
 [<c01f5f5f>] device_attach+0x3f/0xa0
 [<c01f628b>] bus_add_device+0x5b/0xb0
 [<c01f4fb1>] device_add+0xa1/0x130
 [<cabad6c3>] usb_set_configuration+0x2f3/0x460 [usbcore]
 [<caba8512>] usb_new_device+0xb2/0x170 [usbcore]
 [<caba924e>] hub_port_connect_change+0x20e/0x400 [usbcore]
 [<caba96c1>] hub_events+0x281/0x3d0 [usbcore]
 [<caba9845>] hub_thread+0x35/0x120 [usbcore]
 [<c0119e10>] autoremove_wake_function+0x0/0x60
 [<c0105f12>] ret_from_fork+0x6/0x14
 [<c0119e10>] autoremove_wake_function+0x0/0x60
 [<caba9810>] hub_thread+0x0/0x120 [usbcore]
 [<c01042ad>] kernel_thread_helper+0x5/0x18
Code: 0f 0b 66 05 be 33 29 c0 8b 0b e9 63 ff ff ff 8b 47 34 c7 04 
 

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (1001, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=C, LC_CTYPE=C

Versions of packages kernel-image-2.6.8-1-686 depends on:
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  initrd-tools                  0.1.74     tools to create initrd image for p
ii  module-init-tools             3.1-pre6-1 tools for managing Linux kernel mo

-- no debconf information

Reply to:

Prev by Date: Re: 2.4.27-6 source and i386 images available for testing
Next by Date: Re: 2.4.27-6 source and i386 images available for testing
Previous by thread: Bug#283426: Missing sym link cause lilo fail with kernel image 2.6.9
Next by thread: Bug#283455: Need a new kbuild package, scripts/mod/ changes
Index(es):
- Date
- Thread