FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 08-25-2011, 01:14 AM
Ben Hutchings
 
Default Bug#639122: fix crash in scsi_dispatch_cmd()

On Mon, 2011-08-08 at 19:10 +0100, Ben Hutchings wrote:
> On Mon, Aug 08, 2011 at 10:04:24AM -0700, Greg KH wrote:
> > On Sun, Aug 07, 2011 at 06:51:24PM +0100, Ben Hutchings wrote:
> > > On Sun, 2011-08-07 at 18:50 +0100, Ben Hutchings wrote:
> > > > On Fri, 2011-08-05 at 17:01 -0700, Greg KH wrote:
> > > > > 2.6.32-longterm review patch. If anyone has any objections, please let us know.
> > > > >
> > > > > ------------------
> > > > >
> > > > > From: James Bottomley <James.Bottomley@HansenPartnership.com>
> > > > >
> > > > > commit bfe159a51203c15d23cb3158fffdc25ec4b4dda1 upstream.
> > > > >
> > > > > USB surprise removal of sr is triggering an oops in
> > > > > scsi_dispatch_command(). What seems to be happening is that USB is
> > > > > hanging on to a queue reference until the last close of the upper
> > > > > device, so the crash is caused by surprise remove of a mounted CD
> > > > > followed by attempted unmount.
> > > > [...]
> > > >
> > > > This has been reported in 2.6.39.y and 3.0, but not in 2.6.32.y.
> > >
> > > That is, AFAIK.
> >
> > Oops, good catch, I've dropped this from the .32 and .33 queue now, it's
> > not needed there at all.
>
> Well, it is entirely possible that I am confusing multiple bugs (I
> actualy attempted to delete this message from my outgoing mail queue
> as I was becoming less confident about it). I assume James can
> confirm one way or the other.

Well it appears there is *a* bug in handling device removal in 2.6.32.
Does this look like the same one you were fixing, or something
different? The following log is from Debian's package version 2.6.32-35
which has longterm updates up to 2.6.32.41.

Ben.

[11229.532132] usb 1-3.1.2: new high speed USB device using ehci_hcd and address 10
[11229.625008] usb 1-3.1.2: New USB device found, idVendor=1058, idProduct=070a
[11229.625012] usb 1-3.1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[11229.625015] usb 1-3.1.2: Product: My Passport 070A
[11229.625017] usb 1-3.1.2: Manufacturer: Western Digital
[11229.625019] usb 1-3.1.2: SerialNumber: 57584630453739454E4A3034
[11229.625122] usb 1-3.1.2: configuration #1 chosen from 1 choice
...
[12729.505801] usb 1-3.1.2: USB disconnect, address 10
[12729.586599] BUG: unable to handle kernel NULL pointer dereference at 0000000000000087
[12729.586605] IP: [<ffffffff8117654d>] elv_may_queue+0x7/0x17
[12729.586613] PGD bce71067 PUD bcd94067 PMD 0
[12729.586616] Oops: 0000 [#1] SMP
[12729.586619] last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/1-3/1-3.1/1-3.1.1/1-3.1.1:1.0/host5/target5:0:0/5:0:0:0/block/sdb/uevent
[12729.586622] CPU 2
[12729.586624] Modules linked in: udf crc_itu_t ses enclosure drbd lru_cache cn ppdev lp nls_utf8 sco cifs bridge stp bnep acpi_cpufreq rfcomm l2cap bluetooth rfkill cpufreq_powersave cpufreq_userspace cpufreq_stats cpufreq_conservative nouveau ttm drm_kms_helper drm i2c_algo_bit nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs binfmt_misc fuse xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables loop usb_storage usbhid hid snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq snd_timer snd_seq_device snd uhci_hcd soundcore ehci_hcd nvidia(P) broadcom usbcore tg3 i2c_i801 libphy snd_page_alloc nls_base i2c_core rng_core sg dcdbas sr_mod cdrom parport_pc parport button processor wmi evdev pcspkr psmouse serio_raw ext4 mbcache jbd2 crc16 raid10 raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx raid1 raid0 multipath linear md_mod sd_mod crc_t10dif ata_generic ata_piix libata thermal thermal_sys scsi_mod
[12729.586684] Pid: 4655, comm: umount Tainted: P W 2.6.32-5-amd64 #1 OptiPlex 380
[12729.586686] RIP: 0010:[<ffffffff8117654d>] [<ffffffff8117654d>] elv_may_queue+0x7/0x17
[12729.586690] RSP: 0018:ffff8800bcd4bbc0 EFLAGS: 00010096
[12729.586692] RAX: 0000000000000017 RBX: ffff8800cf9ac240 RCX: 0000000000000010
[12729.586694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880127e31a70
[12729.586696] RBP: ffff880127e31a70 R08: 0000000000000000 R09: ffff8800cf9ac240
[12729.586697] R10: 0000000000000002 R11: ffff8800a511f0e0 R12: 0000000000000000
[12729.586699] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8800cf9ac240
[12729.586701] FS: 00007fc8fb0ec740(0000) GS:ffff880005480000(0000) knlGS:0000000000000000
[12729.586703] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[12729.586705] CR2: 0000000000000087 CR3: 00000000cfb2d000 CR4: 00000000000406e0
[12729.586707] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[12729.586709] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[12729.586711] Process umount (pid: 4655, threadinfo ffff8800bcd4a000, task ffff880129a18710)
[12729.586713] Stack:
[12729.586714] ffffffff8117f7f1 0000001000000002 0000000000000000 ffff88012b669d01
[12729.586717] <0> 0000000000000000 ffff880129bad0e0 ffff8800cf9ac240 ffff880127e31a70
[12729.586720] <0> 0000000000000000 0000000000000000 0000000000000000 ffff8800cf9ac240
[12729.586723] Call Trace:
[12729.586727] [<ffffffff8117f7f1>] ? get_request+0x30/0x2ba
[12729.586730] [<ffffffff8117fa9c>] ? get_request_wait+0x21/0x188
[12729.586737] [<ffffffffa0007274>] ? scsi_execute+0x3b/0x12f [scsi_mod]
[12729.586744] [<ffffffffa00073a8>] ? scsi_execute_req+0x40/0xb9 [scsi_mod]
[12729.586750] [<ffffffffa00073ef>] ? scsi_execute_req+0x87/0xb9 [scsi_mod]
[12729.586756] [<ffffffffa0001d20>] ? ioctl_internal_command+0x64/0x16a [scsi_mod]
[12729.586760] [<ffffffff810bc0e0>] ? pagevec_lookup+0x17/0x1e
[12729.586766] [<ffffffffa0001e80>] ? scsi_set_medium_removal+0x5a/0x98 [scsi_mod]
[12729.586771] [<ffffffffa0226eae>] ? cdrom_release+0x18f/0x1fe [cdrom]
[12729.586776] [<ffffffff810754ba>] ? smp_call_function_many+0x1ce/0x1ec
[12729.586779] [<ffffffff8110d561>] ? invalidate_bh_lru+0x0/0x42
[12729.586784] [<ffffffffa02333d2>] ? sr_block_release+0x11/0x1d [sr_mod]
[12729.586787] [<ffffffff811126a2>] ? __blkdev_put+0x94/0x14c
[12729.586791] [<ffffffff810f128d>] ? deactivate_super+0x60/0x77
[12729.586794] [<ffffffff81103c08>] ? sys_umount+0x2dc/0x30b
[12729.586798] [<ffffffff812fe9f6>] ? do_page_fault+0x2e0/0x2fc
[12729.586801] [<ffffffff81010b42>] ? system_call_fastpath+0x16/0x1b
[12729.586803] Code: 00 00 00 00 00 00 00 31 c0 c3 48 8b 47 18 48 8b 00 48 8b 40 68 48 85 c0 74 09 48 89 f7 49 89 c3 41 ff e3 c3 48 8b 47 18 48 8b 00 <48> 8b 40 70 48 85 c0 75 01 c3 49 89 c3 41 ff e3 48 8d be 88 00
[12729.586826] RIP [<ffffffff8117654d>] elv_may_queue+0x7/0x17
[12729.586829] RSP <ffff8800bcd4bbc0>
[12729.586831] CR2: 0000000000000087
[12729.586833] ---[ end trace a7919e7f17c0a727 ]---
 

Thread Tools




All times are GMT. The time now is 10:50 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org