Bug#652484: linux-image-3.1.0-1-amd64: kernel oops when USB drive hot unplugged
On Fri, 2011-12-30 at 13:08 +0100, Ben Hutchings wrote:
> This bug seems to be known but not yet fully understood by the kernel
> developers. There was a change in Linux 3.1.5 which should result in
> logging more information in case this bug is triggered. Have you seen
> it happen again?
I upgraded to 3.1.5 and saw it twice more. The first time, I missed it,
as some other stuff filled the dmesg ring buffer before I copied it. I
restarted, and reproduced the bug again. Here is the dmesg:
[17455.033004] usb 1-2.3: USB disconnect, device number 14
[17455.035097] scsi 14:0:0:0: killing request
[17455.035236] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[17455.035351] IP: [<ffffffffa00e3792>] sd_revalidate_disk+0x33/0x1603 [sd_mod]
[17455.035455] PGD 2d3b6067 PUD 41463067 PMD 0
[17455.035523] Oops: 0000 [#1] SMP
[17455.035575] CPU 0
[17455.035603] Modules linked in: joydev xpad ff_memless kvm_amd kvm bnep rfcomm bluetooth rfkill crc16 ppdev lp uinput fuse bridge stp tun ipt_REJECT xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack xt_owner iptable_filter ip_tables x_tables ext2 loop snd_hda_codec_hdmi usblp snd_hda_codec_via snd_hda_intel radeon snd_hda_codec snd_usb_audio snd_usbmidi_lib snd_hwdep ttm snd_pcm_oss snd_seq_midi snd_seq_midi_event drm_kms_helper amd64_edac_mod drm snd_mixer_oss sp5100_tco snd_pcm snd_rawmidi edac_core snd_seq snd_seq_device i2c_piix4 i2c_algo_bit parport_pc i2c_core snd_timer edac_mce_amd power_supply parport pcspkr snd k10temp soundcore snd_page_alloc tpm_tis tpm tpm_bios processor thermal_sys asus_atk0110 wmi shpchp pci_hotplug evdev button ext3 jbd mbcache sha256_generic cryptd aes_x86_64 aes_generic cbc dm_crypt dm_mod raid456 md_mod async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx usbhid hid sg sr_mod sd_mod cdrom crc_t10dif usb_storage ata_generic uas pata_atiixp ohci_hcd ahci libahci ehci_hcd libata scsi_mod usbcore r8169 mii [last unloaded: scsi_wait_scan]
[17455.037291]
[17455.037314] Pid: 14285, comm: hald-addon-stor Not tainted 3.1.0-1-amd64 #1 System manufacturer System Product Name/M4A88T-M
[17455.037470] RIP: 0010:[<ffffffffa00e3792>] [<ffffffffa00e3792>] sd_revalidate_disk+0x33/0x1603 [sd_mod]
[17455.037600] RSP: 0018:ffff8800b0e17af8 EFLAGS: 00010246
[17455.037673] RAX: 0000000000000000 RBX: ffff88010bd97bc0 RCX: 0000000000000004
[17455.037767] RDX: 0000000000000004 RSI: ffff880119cb6800 RDI: ffff8800c9855400
[17455.037861] RBP: 0000000000000000 R08: 00000008ffffffff R09: 0000000000000007
[17455.037955] R10: ffff880119012690 R11: ffff880119012690 R12: ffff8800c9855400
[17455.038049] R13: 0000000000000000 R14: ffff88010bd97bd8 R15: ffff88010bd97bc0
[17455.038143] FS: 00007effecab5700(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000
[17455.038250] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[17455.038326] CR2: 0000000000000008 CR3: 00000000b5e5d000 CR4: 00000000000006f0
[17455.038420] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[17455.038514] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[17455.038608] Process hald-addon-stor (pid: 14285, threadinfo ffff8800b0e16000, task ffff880063298e60)
[17455.038729] Stack:
[17455.038757] ffff88011b24b800 ffffffff81106c49 ffffffff8119b57c ffff8800c9855448
[17455.038868] 0000000000000000 ffff8800c9855400 000000000000001d ffff88010bd97bd8
[17455.038978] ffff88010bd97bc0 ffff8800c9855400 ffff88010bd97bc0 ffff88010bd97bc0
[17455.039012] Call Trace:
[17455.039012] [<ffffffff81106c49>] ? iget5_locked+0x5c/0x127
[17455.039012] [<ffffffff8119b57c>] ? add_uevent_var+0xdc/0xdc
[17455.039012] [<ffffffff811412f1>] ? rescan_partitions+0xac/0x41b
[17455.039012] [<ffffffff8111aeb6>] ? __blkdev_get+0x1a6/0x37e
[17455.039012] [<ffffffff8111b335>] ? blkdev_get+0x2a7/0x2a7
[17455.039012] [<ffffffff8111b255>] ? blkdev_get+0x1c7/0x2a7
[17455.039012] [<ffffffff8111b335>] ? blkdev_get+0x2a7/0x2a7
[17455.039012] [<ffffffff810f2676>] ? __dentry_open+0x17f/0x296
[17455.039012] [<ffffffff810fb96c>] ? dget+0x12/0x1e
[17455.039012] [<ffffffff810feb2b>] ? do_last+0x47c/0x591
[17455.039012] [<ffffffff810fef98>] ? path_openat+0xce/0x31c
[17455.039012] [<ffffffff8103e39e>] ? try_to_wake_up+0x182/0x192
[17455.039012] [<ffffffff810ff2a8>] ? do_filp_open+0x2a/0x6e
[17455.039012] [<ffffffff8132c4b7>] ? _cond_resched+0x7/0x1c
[17455.039012] [<ffffffff811a2c49>] ? __strncpy_from_user+0x18/0x48
[17455.039012] [<ffffffff81107e6f>] ? alloc_fd+0x64/0x109
[17455.039012] [<ffffffff810f3537>] ? do_sys_open+0x5e/0xe5
[17455.039012] [<ffffffff81332792>] ? system_call_fastpath+0x16/0x1b
[17455.039012] Code: 55 53 48 81 ec 88 00 00 00 48 8b af 28 03 00 00 65 48 8b 04 25 28 00 00 00 48 89 44 24 78 31 c0 8b 05 23 9b f8 ff 48 89 7c 24 48 <4c> 8b 7d 08 c1 e8 15 83 e0 07 83 f8 03 76 43 48 8b 8d 78 02 00
[17455.039012] RIP [<ffffffffa00e3792>] sd_revalidate_disk+0x33/0x1603 [sd_mod]
[17455.039012] RSP <ffff8800b0e17af8>
[17455.039012] CR2: 0000000000000008
[17455.080302] ---[ end trace b5e7fd11c94c6bf3 ]---
Reply to: