Bug 3011 - kernel oops when remove usb stick
Summary: kernel oops when remove usb stick
Status: RESOLVED WORKSFORME
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 1
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-10 18:00 CEST by phaleon phaleon
Modified: 2011-12-11 17:52 CET (History)
2 users (show)

See Also:
Source RPM: util-linux-ng-2.18-4.mga1
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description phaleon phaleon 2011-10-10 18:00:57 CEST 
Description of problem:
kernel oops when removing usb stick 

Version-Release number of selected component (if applicable):
util-linux-ng-2.18-4.mga1 

How reproducible:


Steps to Reproduce:
1.removing usb stick 
2.
3.

Oct 10 17:00:48 cyber05 kernel: usb 5-7: USB disconnect, address 5
Oct 10 17:00:48 cyber05 kernel: scsi: killing requests for dead queue
Oct 10 17:00:48 cyber05 kernel: BUG: unable to handle kernel NULL pointer dereference at 0000036c
Oct 10 17:00:48 cyber05 kernel: IP: [<f40feb3b>] scsi_prep_state_check+0xb/0x80 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: *pde = 00000000
Oct 10 17:00:48 cyber05 kernel: Oops: 0000 [#1] SMP
Oct 10 17:00:48 cyber05 kernel: last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/class
Oct 10 17:00:48 cyber05 kernel: Modules linked in: nls_utf8 isofs nls_iso8859_1 nls_cp437 vfat fat uas usb_storage fuse ipt_IFWLOG xt_state ipt_LOG xt_time xt_connlimit xt_helper xt_realm xt_NFQUEUE xt_tcpmss xt_tcpudp ipt_addrtype xt_pkttype xt_set ip_set_hash_ip ip_set nfnetlink iptable_raw xt_TPROXY nf_tproxy_core ip6_tables nf_defrag_ipv6 xt_CLASSIFY xt_mark xt_hashlimit xt_comment ipt_REJECT xt_length xt_connmark xt_owner xt_recent xt_iprange xt_physdev xt_policy xt_multiport iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables af_packet ipv6 binfmt_misc
loop dm_mirror dm_region_hash dm_log dm_mod cpufreq_ondemand cpufreq_conservative cpufreq_powersave acpi_cpufreq freq_table mperf usbhid hid snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_pcm snd_timer i82975x_edac iTCO_wdt iTCO_vendor_support hp_wmi sg ppdev parport_pc parport ehci_hcd rng
Oct 10 17:00:48 cyber05 kernel: _core sparse_keymap evdev snd_mixer_oss snd rfkill soundcore sr_mod tg3 libphy edac_core serio_raw uhci_hcd button floppy snd_page_alloc wmi processor usbcore ata_piix ahci libahci libata sd_mod scsi_mod crc_t10dif ext3 jbd radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Oct 10 17:00:48 cyber05 kernel:
Oct 10 17:00:48 cyber05 kernel: Pid: 13446, comm: umount Not tainted 2.6.38.8-desktop586-5.mga #1 Hewlett-Packard HP xw4400 Workstation/0A68h
Oct 10 17:00:48 cyber05 kernel: EIP: 0060:[<f40feb3b>] EFLAGS: 00010082 CPU: 0
Oct 10 17:00:48 cyber05 kernel: EIP is at scsi_prep_state_check+0xb/0x80 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: EAX: 00000000 EBX: f07032b8 ECX: 00000001 EDX: f07032b8
Oct 10 17:00:48 cyber05 kernel: ESI: eed4c620 EDI: f07032b8 EBP: eb9b3c8c ESP: eb9b3c80
Oct 10 17:00:48 cyber05 kernel: DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Oct 10 17:00:48 cyber05 kernel: Process umount (pid: 13446, ti=eb9b2000 task=e887cb60 task.ti=eb9b2000)
Oct 10 17:00:48 cyber05 kernel: Stack:
Oct 10 17:00:48 cyber05 kernel: 00000004 00000000 eb9b3cb8 eb9b3ca4 f40ff4de 00000000 f07032b8 eed4c620
Oct 10 17:00:48 cyber05 kernel: f07032b8 eb9b3cb4 f40ff645 f07032b8 eed4c620 eb9b3cdc c02acfe0 febd3ab2
Oct 10 17:00:48 cyber05 kernel: 00000000 00000001 eed4c920 eb9b3cdc 00000000 00000001 f07032b8 eb9b3d14
Oct 10 17:00:48 cyber05 kernel: Call Trace:
Oct 10 17:00:48 cyber05 kernel: [<f40ff4de>] scsi_setup_blk_pc_cmnd+0x1e/0x140 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: [<f40ff645>] scsi_prep_fn+0x45/0x50 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: [<c02acfe0>] blk_peek_request+0xb0/0x1d0
Oct 10 17:00:48 cyber05 kernel: [<f40ffcc5>] scsi_request_fn+0x3e5/0x430 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: [<c0157b59>] ? del_timer+0x69/0xb0
Oct 10 17:00:48 cyber05 kernel: [<c02acb80>] __generic_unplug_device+0x30/0x40
Oct 10 17:00:48 cyber05 kernel: [<c02b05be>] blk_execute_rq_nowait+0x5e/0xa0
Oct 10 17:00:48 cyber05 kernel: [<c02b066d>] blk_execute_rq+0x6d/0xf0
Oct 10 17:00:48 cyber05 kernel: [<c02b0530>] ? blk_end_sync_rq+0x0/0x30
Oct 10 17:00:48 cyber05 kernel: [<c02acbb2>] ? get_request_wait+0x22/0x160
Oct 10 17:00:48 cyber05 kernel: [<c01ce3e7>] ? find_get_pages_tag+0x37/0xf0
Oct 10 17:00:48 cyber05 kernel: [<c02acd53>] ? blk_get_request+0x63/0x90
Oct 10 17:00:48 cyber05 kernel: [<f40ff79c>] scsi_execute+0xcc/0x120 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: [<f40ffe6a>] scsi_execute_req+0x9a/0x110 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: [<f40fa3b6>] ioctl_internal_command.clone.4+0x66/0x1a0 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: [<f40fa55e>] scsi_set_medium_removal+0x6e/0xa0 [scsi_mod]
Oct 10 17:00:48 cyber05 kernel: [<c023623b>] ? writeback_single_inode+0xfb/0x1d0
Oct 10 17:00:48 cyber05 kernel: [<c0249de6>] ? inotify_ignored_and_remove_idr+0xa6/0xc0
Oct 10 17:00:48 cyber05 kernel: [<f418caeb>] sr_lock_door+0x1b/0x20 [sr_mod]
Oct 10 17:00:48 cyber05 kernel: [<c038299c>] cdrom_release+0x12c/0x250
Oct 10 17:00:48 cyber05 kernel: [<c0248171>] ? fsnotify_clear_marks_by_inode+0x21/0xb0
Oct 10 17:00:48 cyber05 kernel: [<c01a3a52>] ? call_rcu_sched+0x12/0x20
Oct 10 17:00:48 cyber05 kernel: [<f5aaa5e5>] ? isofs_destroy_inode+0x15/0x20 [isofs]
Oct 10 17:00:48 cyber05 kernel: [<c022b95b>] ? destroy_inode+0x2b/0x50
Oct 10 17:00:48 cyber05 kernel: [<f418b7fe>] sr_block_release+0x2e/0x50 [sr_mod]
Oct 10 17:00:48 cyber05 kernel: [<c0242990>] __blkdev_put+0x120/0x160
Oct 10 17:00:48 cyber05 kernel: [<c0242a7d>] blkdev_put+0xad/0x130
Oct 10 17:00:48 cyber05 kernel: [<c0217ca5>] kill_block_super+0x45/0x80
Oct 10 17:00:48 cyber05 kernel: [<c0217f6d>] deactivate_locked_super+0x3d/0x60
Oct 10 17:00:48 cyber05 kernel: [<c0218be8>] deactivate_super+0x48/0x70
Oct 10 17:00:48 cyber05 kernel: [<c022f469>] mntput_no_expire+0xa9/0xf0
Oct 10 17:00:48 cyber05 kernel: [<c022fd80>] sys_umount+0x60/0x320
Oct 10 17:00:48 cyber05 kernel: [<c0475140>] ? do_device_not_available+0x0/0x20
Oct 10 17:00:48 cyber05 kernel: [<c0103b23>] sysenter_do_call+0x12/0x28
Oct 10 17:00:48 cyber05 kernel: Code: 89 4d d0 e8 88 c1 04 cc 8b 4d d0 c6 05 dd 9b 11 f4 01 e9 b1 fe ff ff 89 f6 8d bc 27 00 00 00 00 55 89 e5 83 ec 0c 3e 8d 74 26 00 <8b> 88 6c 03 00 00 83 f9 02 75 04 31 c0 c9 c3 83 e9 04 83 f9 04
Oct 10 17:00:48 cyber05 kernel: EIP: [<f40feb3b>] scsi_prep_state_check+0xb/0x80 [scsi_mod] SS:ESP 0068:eb9b3c80
Oct 10 17:00:48 cyber05 kernel: CR2: 000000000000036c
Oct 10 17:00:48 cyber05 kernel: ---[ end trace 83ed98478f13556d ]---
Comment 1 Remco Rijnders 2011-10-17 09:29:34 CEST 
Thomas,

Is this anything you can assist with?

CC: (none) => tmb

Comment 2 phaleon phaleon 2011-10-17 10:24:23 CEST 
I am not a dev/guru...just a user.

kernel: BUG: unable to handle kernel NULL pointer
dereference at 0000036c...
I don't have the skills to really understand what that means...
will try with a custom kernel
Comment 3 Thomas Backlund 2011-10-17 10:30:14 CEST 
This happends as you unplug the usb without unmounting it first.

Some app or the filesystem still keeps a reference to the usbstick, and as you remove it, the reference turns into nonexistent point  and when something tries to access that reference -> kernel NULL pointer and you get the crash.

It should handle the failure better, but I haven't checked yet if it's fixed upstream (or not)
Comment 4 phaleon phaleon 2011-10-17 11:48:28 CEST 
Thanks you very much for your explanations. 
I just tried with others usb sticks and it doesn't crash.
I guess, my users (I maintain a cyber cafe) didn't follow the process you just describe.
Thanks again for your time
Comment 5 Marja Van Waes 2011-12-11 17:52:46 CET 
(In reply to comment #4)
> Thanks you very much for your explanations. 
> I just tried with others usb sticks and it doesn't crash.
> I guess, my users (I maintain a cyber cafe) didn't follow the process you just
> describe.
> Thanks again for your time

Thanks for replying

Closing this report

Status: NEW => RESOLVED
CC: (none) => marja11
Resolution: (none) => WORKSFORME
Note You need to log in before you can comment on or make changes to this bug.