Bug 42951 - Kernel oops when unplugging USB flash drive
Summary: Kernel oops when unplugging USB flash drive
Status: RESOLVED DUPLICATE of bug 42783
Alias: None
Product: IO/Storage
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: io_other
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-17 22:20 UTC by mlambda
Modified: 2012-03-25 20:22 UTC (History)
1 user (show)

See Also:
Kernel Version: 3.3-rc7
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description mlambda 2012-03-17 22:20:56 UTC 
I copied two files from a USB flash drive plugged into one of the two USB 2.0 ports, unmounted it and got the following error as I unplugged it (I didn't experience this error before):

[10019.724987] usb 2-1.1: new high-speed USB device number 5 using ehci_hcd
[10019.839068] scsi7 : usb-storage 2-1.1:1.0
[10020.836416] scsi 7:0:0:0: Direct-Access              USB DISK 2.0     PMAP PQ: 0 ANSI: 0 CCS
[10020.837364] sd 7:0:0:0: Attached scsi generic sg4 type 0
[10021.868949] sd 7:0:0:0: [sdd] 2007040 512-byte logical blocks: (1.02 GB/980 MiB)
[10021.869528] sd 7:0:0:0: [sdd] Write Protect is off
[10021.869533] sd 7:0:0:0: [sdd] Mode Sense: 23 00 00 00
[10021.870042] sd 7:0:0:0: [sdd] No Caching mode page present
[10021.870048] sd 7:0:0:0: [sdd] Assuming drive cache: write through
[10021.872521] sd 7:0:0:0: [sdd] No Caching mode page present
[10021.872526] sd 7:0:0:0: [sdd] Assuming drive cache: write through
[10021.873372]  sdd: sdd1
[10021.875263] sd 7:0:0:0: [sdd] No Caching mode page present
[10021.875267] sd 7:0:0:0: [sdd] Assuming drive cache: write through
[10021.875270] sd 7:0:0:0: [sdd] Attached SCSI removable disk
[10145.623944] usb 2-1.1: USB disconnect, device number 5
[10145.624621] scsi 7:0:0:0: killing request
[10145.624708] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[10145.624764] IP: [<ffffffff814a8409>] sd_revalidate_disk+0x39/0x1d00
[10145.624803] PGD 1e0f23067 PUD 1e0f24067 PMD 0 
[10145.624844] Oops: 0000 [#1] SMP 
[10145.624880] CPU 1 
[10145.624900] Modules linked in: vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) radeon ttm iwlwifi r8169
[10145.625018] 
[10145.625039] Pid: 2140, comm: udisks-daemon Tainted: G        W  O 3.3.0-rc7-custom #1 Hewlett-Packard HP Pavilion dv7 Notebook PC/3389
[10145.625154] RIP: 0010:[<ffffffff814a8409>]  [<ffffffff814a8409>] sd_revalidate_disk+0x39/0x1d00
[10145.625237] RSP: 0018:ffff8801e0f41a38  EFLAGS: 00010246
[10145.625286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88013c84a280
[10145.625349] RDX: 0000000000000005 RSI: 0000000000000002 RDI: ffff88024bab5000
[10145.625413] RBP: ffff8801e0f41af8 R08: 0000000800000000 R09: 00000008ffffffff
[10145.625476] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88024bab5000
[10145.625542] R13: 00000000ffffff85 R14: ffff880251438698 R15: ffff88024bab5000
[10145.625607] FS:  00007f564b9637c0(0000) GS:ffff88025fa40000(0000) knlGS:0000000000000000
[10145.625679] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[10145.625732] CR2: 0000000000000008 CR3: 00000001e0f22000 CR4: 00000000000406e0
[10145.625797] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[10145.625861] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[10145.625927] Process udisks-daemon (pid: 2140, threadinfo ffff8801e0f40000, task ffff8802518d5a80)
[10145.625982] Stack:
[10145.626001]  ffff8801e0f41a88 ffffffff8117e04a ffffffff814671bf ffffffff81198db0
[10145.626060]  ffff8801e0f41a98 ffff88024bab5048 0000000000000000 00000000ffffff85
[10145.626106]  ffff8801e0f41aa8 ffffffff81166b98 ffff88024bab5000 ffff880251438760
[10145.626151] Call Trace:
[10145.626171]  [<ffffffff8117e04a>] ? iget5_locked+0x9a/0x1e0
[10145.626203]  [<ffffffff814671bf>] ? device_release+0x2f/0xa0
[10145.626235]  [<ffffffff81198db0>] ? bdev_test+0x20/0x20
[10145.626264]  [<ffffffff81166b98>] ? get_super+0x28/0xd0
[10145.626293]  [<ffffffff8117d948>] ? iput+0x48/0x210
[10145.626322]  [<ffffffff8132081a>] rescan_partitions+0xaa/0x2d0
[10145.626355]  [<ffffffff8119a71e>] __blkdev_get+0x2de/0x440
[10145.626385]  [<ffffffff8131365a>] ? freed_request+0x4a/0x70
[10145.626416]  [<ffffffff8119a8d3>] blkdev_get+0x53/0x300
[10145.626445]  [<ffffffff8119abdd>] blkdev_open+0x5d/0x80
[10145.626475]  [<ffffffff81161cd0>] __dentry_open+0x290/0x360
[10145.626505]  [<ffffffff8119ab80>] ? blkdev_get+0x300/0x300
[10145.626536]  [<ffffffff811703d0>] ? do_lookup+0x50/0x3d0
[10145.626576]  [<ffffffff81163161>] nameidata_to_filp+0x71/0x80
[10145.628254]  [<ffffffff81172d8c>] do_last+0x26c/0x910
[10145.629929]  [<ffffffff81173543>] path_openat+0xd3/0x3c0
[10145.631425]  [<ffffffff81827575>] ? __slab_free+0xea/0x23f
[10145.633154]  [<ffffffff81488044>] ? scsi_device_put+0x44/0x60
[10145.634236]  [<ffffffff81173952>] do_filp_open+0x42/0xa0
[10145.635155]  [<ffffffff8117fd8f>] ? alloc_fd+0x4f/0x150
[10145.636078]  [<ffffffff81163268>] do_sys_open+0xf8/0x1d0
[10145.636994]  [<ffffffff81163361>] sys_open+0x21/0x30
[10145.637880]  [<ffffffff818382d2>] system_call_fastpath+0x16/0x1b
[10145.638749] Code: 81 ec 98 00 00 00 66 66 66 66 90 48 8b 9f 48 03 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 c8 31 c0 8b 05 db eb e6 00 48 89 7d 90 <4c> 8b 7b 08 c1 e8 15 83 e0 07 83 f8 03 0f 87 7a 1b 00 00 41 8b 
[10145.640785] RIP  [<ffffffff814a8409>] sd_revalidate_disk+0x39/0x1d00
[10145.641773]  RSP <ffff8801e0f41a38>
[10145.642715] CR2: 0000000000000008
[10145.711076] ---[ end trace a7919e7f17c0a727 ]---
Comment 1 mlambda 2012-03-18 21:29:39 UTC 
I just tried to reproduce the bug several times and with the other USB ports, but it didn't work out.
Comment 2 Stefan Richter 2012-03-25 20:19:10 UTC 
It should have been fixed between v3.3-rc7 and v3.3 by commit fe316bf2d5847bc5dd975668671a7b1067603bc7 and 9f53d2fe815b4011ff930a7b6db98385d45faa68.
Comment 3 Stefan Richter 2012-03-25 20:22:51 UTC 

*** This bug has been marked as a duplicate of bug 42783 ***
Note You need to log in before you can comment on or make changes to this bug.