Linux 3.0 oopses when pulling a USB CDROM

From: Andi Kleen
Date: Fri Jul 01 2011 - 13:07:10 EST

Next message: Joe Perches: "[rfc] Remove member .name from struct netpoll"
Previous message: Dan Carpenter: "Re: [PATCH v2] staging: zcache: support multiple clients, prep forKVM and RAMster"
Next in thread: Dave Jones: "Re: Linux 3.0 oopses when pulling a USB CDROM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I found I can reliably crash a 3.0 system by pulling the
USB cable of a mounted USB cdrom (or rather a USB device which
has a builtin fake CD-ROM)

I suspect it's a regression too.

It ends with a NULL pointer reference on a NULL sdev in
scsi_prep_state_check.

Here's a somewhat incomplete backtrace (written down by hand)

scsi_prep_state_check
scsi_setup_blk_pc_cmnd
blk_peek_request
...
scsi_request_fn
...
ioctl_internal_command
...
scsi_set_medium_removal
sr_lock_door
cdrom_release
...
umount

I tried adding a

if (!sdev)
return BLKPREP_KILL;

to scsi_prep_state_check, but that caused a RCU CPU stall
and a generally unhappy system instead.

The sdev must be still there in scsi_set_medium_removal because it's
referenced, so it must get lost somewhere in SCSI or in the block layer.

Any ideas how to fix this?

-Andi
--
ak@xxxxxxxxxxxxxxx -- Speaking for myself only
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe Perches: "[rfc] Remove member .name from struct netpoll"
Previous message: Dan Carpenter: "Re: [PATCH v2] staging: zcache: support multiple clients, prep forKVM and RAMster"
Next in thread: Dave Jones: "Re: Linux 3.0 oopses when pulling a USB CDROM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]