Bug#801925: NULL pointer dereference: IP: [<f828a00c>] sr_runtime_suspend+0xc/0x20 [sr_mod]

To: linux-scsi@vger.kernel.org
Cc: "James E. J. Bottomley" <JBottomley@odin.com>, 801925@bugs.debian.org
Subject: Bug#801925: NULL pointer dereference: IP: [<f828a00c>] sr_runtime_suspend+0xc/0x20 [sr_mod]
From: Paul Menzel <paul.menzel@giantmonkey.de>
Date: Fri, 16 Oct 2015 10:52:56 +0200
Message-id: <[🔎] 1444985576.2703.5.camel@giantmonkey.de>
Reply-to: Paul Menzel <paul.menzel@giantmonkey.de>, 801925@bugs.debian.org
In-reply-to: <[🔎] 1444982077.2350.0.camel@giantmonkey.de>
References: <1444957547.1325.2.camel@giantmonkey.de> <[🔎] 1444982077.2350.0.camel@giantmonkey.de>

Dear Linux SCSI folks,


Am Freitag, den 16.10.2015, 09:54 +0200 schrieb Paul Menzel:
> Package: linux-image-4.2.0-1-686-pae
> Version: 4.2.3-2
> Severity: important

> please don’t include the address submit@bugs.debian.org in your reply.

this issue is now also tracked in the Debian Bug Tracking System [2] and
has the number #801925 [3]. Please keep that address in CC.

> Am Freitag, den 16.10.2015, 03:05 +0200 schrieb Paul Menzel:
> 
> > using Debian Sid/unstable with Linux 4.2.3-1 upgrading from systemd
> > 227-1 to 227-2 [1] and other packages, the system doesn’t start up
> > anymore and the /dev/md1 device doesn’t seem to be found and I am
> > dropped into shell from initramfs (BusyBox).
> > 
> > Only having wireless LAN and no serial or USB debug capabilities, and
> > mount a USB storage device did not work, I manually copied the beginning
> > of the Oops.
> > 
> > ```
> > BUG: unable to handle kernel NULL pointer dereference at 00000014
> > IP: [<f828a00c>] sr_runtime_suspend+0xc/0x20 [sr_mod]
> > *pdpt = 000000003696e001 *pde = 000000000000000000
> > Oops: 0000 [#1] SMB
> > Modules linked in: sd_mod(+) sr_mod(+) cdrom ata_generic ohci_pci ahci libahci pata_amd firwire_ohci firewire_core crc_iti_t forcedeth libata scsi_mod ohci_hcd ehci_pci ehci_hcd usbcore usb_common fan thermal thermal_sys floppy(+)
> > CPU: 1 PID: 73 Comm: systemd-udevd Not tainted 4.2.0-1-686-pae #1 Debian 4.2.3-1
> > Hardware name: Packard Bell imedia S3210/WMCP78M, BIOs P01-B2 11/06/2009
> > task: f68dd040 ti: f6988000 task.ti: f6988000
> > EIP: 0060:[<fh28a00c>] EFLAGS: 00010246 CPU: 1
> > EIP is at sr_runtime_suspend+0xc/0x20 [sr_mod]
> > EAX: 00000000 EBX: f6a30cd8 ECX: f6c03d2c EDX: 00000000
> > ESI: 00000000 EDI: f828e100 EBP: f6989ba8 ESP: f6989b88
> >  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> > CR0: 8005003b CR2: 00000014 CR3: 3696d780 CR4: 000006f0
> > Stack:
> >  af83346c3 00000000 00000001 fffffff5 f6a7d150 f6a30cd8 f6a30d3c 00000000
> >  f6989bbc c1390cb7 f6a30cd8 f8334660 00000000 f6989bd0 c1390d0f f6a30cd8
> >  f8334660 00000000 f6989c0c c13916cb f694a614 f68dd040 00000000 00000008
> > Call Trace:
> >  […] ? scsi_runtime_suspend+0x63/0xa0 [scsi_mod]
> >  […] ? __rpm_callback+0x27/0x60
> > […]
> > ```
> > 
> > I tried also to boot with Linux 4.1 and it fails the same way.
> > 
> > Is that a known problem and has been fixed in the mean time? It’d be
> > great if you helped me getting the system to boot again. Please tell me
> > if you need more information to debug this issue and I’ll do my best to
> > get it.
> 
> Ben Hutchings asked me to test the patch below to get more debug
> information.
> 
> ```
> diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
> index 8bd54a6..dd5b5b2 100644
> --- a/drivers/scsi/sr.c
> +++ b/drivers/scsi/sr.c
> @@ -144,6 +144,12 @@ static int sr_runtime_suspend(struct device *dev)
>  {
>  	struct scsi_cd *cd = dev_get_drvdata(dev);
>  
> +	if (WARN_ON(!cd)) {
> +		pr_info("%s: cd == NULL; power.usage_count = %d\n",
> +			__func__, atomic_read(&dev->power.usage_count));
> +		return 0;
> +	}
> +
>  	if (cd->media_present)
>  		return -EBUSY;
>  	else
> @@ -652,7 +658,13 @@ static int sr_probe(struct device *dev)
>  	struct scsi_cd *cd;
>  	int minor, error;
>  
> -	scsi_autopm_get_device(sdev);
> +	error = scsi_autopm_get_device(sdev);
> +	if (error) {
> +		pr_err("%s: scsi_autopm_get_device returned %d\n",
> +		       __func__, error);
> +		return error;
> +	}
> +
>  	error = -ENODEV;
>  	if (sdev->type != TYPE_ROM && sdev->type != TYPE_WORM)
>  		goto fail;
> @@ -719,6 +731,9 @@ static int sr_probe(struct device *dev)
>  	if (register_cdrom(&cd->cdi))
>  		goto fail_put;
>  
> +	pr_info("%s: power.usage_count = %d\n",
> +		__func__, atomic_read(&dev->power.usage_count));
> +
>  	/*
>  	 * Initialize block layer runtime PM stuffs before the
>  	 * periodic event checking request gets started in add_disk.
> ```
> 
> I’ll try that as soon as a spare drive has arrived, where I can copy the
> data to as a backup.
> 
> More thoughts are welcome! Especially, if that error suggests a failing
> drive or not.


Thanks,

Paul


> > [1] http://metadata.ftp-master.debian.org/changelogs//main/s/systemd/systemd_227-2_changelog
[2] https://www.debian.org/Bugs/
[3] https://bugs.debian.org/801925
-- 
GPG-Schlüssel: 33623E9B
Fingerabdruck = 0EB1 649D 4361 D04F 3C70  6F71 4DD7 BF75 3362 3E9B

Giant Monkey Software Engineering GmbH

Brunnenstr. 7D
10119 Berlin Mitte

Geschäftsführer Adrian Fuhrmann, Lion Vollnhals und Paul Menzel

USt-IdNr.: DE281524720
HRB 139495 B Amtsgericht Charlottenburg

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Bug#801925: NULL pointer dereference: IP: [<f828a00c>] sr_runtime_suspend+0xc/0x20 [sr_mod]
  - From: Paul Menzel <paul.menzel@giantmonkey.de>

Prev by Date: Bug#801925: NULL pointer dereference: IP: [<f828a00c>] sr_runtime_suspend+0xc/0x20 [sr_mod]
Next by Date: Bug#801975: linux-image-3.16.0-0.bpo.4-amd64: pm80xx report failing drive but mdadm doesn't set this drive failing
Previous by thread: Bug#801925: NULL pointer dereference: IP: [<f828a00c>] sr_runtime_suspend+0xc/0x20 [sr_mod]
Next by thread: Processed: Re: NULL pointer dereference: IP: [<f828a00c>] sr_runtime_suspend+0xc/0x20 [sr_mod]
Index(es):
- Date
- Thread