Bug 70271

Summary: rmmod st causes general protection fault
Product: IO/Storage Reporter: Andreas Steinmetz (ast)
Component: SCSIAssignee: linux-scsi (linux-scsi)
Status: RESOLVED CODE_FIX    
Severity: high CC: alan, mlombard
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.13.1 Subsystem:
Regression: No Bisected commit-id:

Description Andreas Steinmetz 2014-02-07 18:20:27 UTC 
Run a system with st loaded as a module, access the tape device (running stinit for the tape is sufficient) and then try to rmmod the st module gives:

nero ~ # stinit
Initialized 1 tape device.
nero ~ # dmesg
[ 1386.626266] st0: Block limits 1 - 16777215 bytes.
nero ~ # rmmod st
Segmentation fault
nero ~ # dmesg
[ 1386.626266] st0: Block limits 1 - 16777215 bytes.
[ 1395.583549] general protection fault: 0000 [#1] SMP 
[ 1395.583602] Modules linked in: nfsd bridge stp llc nct6775 hwmon_vid coretemp configfs nbd openvswitch vxlan gre ip_tunnel sg uinput snd_aloop snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_seq_device sctp vhost_net vhost macvtap macvlan tun st(-) snd_hda_codec_hdmi iTCO_wdt mxm_wmi x86_pkg_temp_thermal kvm_intel usbhid kvm radeon i2c_algo_bit snd_hda_codec_realtek drm_kms_helper lpc_ich ttm i2c_i801 acpi_cpufreq mfd_core firewire_ohci drm firewire_core i2c_core snd_hda_intel agpgart mpt2sas snd_hda_codec raid_class snd_pcm scsi_transport_sas snd_page_alloc snd_timer snd rtc_cmos soundcore processor wmi thermal_sys button uhci_hcd ehci_pci ehci_hcd xhci_hcd usb_storage usbcore usb_common
[ 1395.584423] CPU: 8 PID: 7334 Comm: rmmod Not tainted 3.13.1-nero #2
[ 1395.584480] Hardware name: System manufacturer System Product Name/SABERTOOTH X79, BIOS 3305 12/25/2012
[ 1395.584506] task: ffff880ffa1295c0 ti: ffff880fc1584000 task.ti: ffff880fc1584000
[ 1395.584506] RIP: 0010:[<ffffffff8135e405>]  [<ffffffff8135e405>] device_del+0x16/0x16a
[ 1395.584506] RSP: 0018:ffff880fc1585e38  EFLAGS: 00010206
[ 1395.584506] RAX: 4854415056454400 RBX: ffff880ff88d0800 RCX: ffff880ff881ee38
[ 1395.584506] RDX: 000000000000000f RSI: ffff880ff48bc350 RDI: ffff880ff88d0800
[ 1395.584506] RBP: ffff880ff8b17ec0 R08: ffff880ff881ee38 R09: ffff880ff881ee38
[ 1395.584506] R10: ffff880feb7e1000 R11: ffff880fc1585dd8 R12: 2f4065766f6d6572
[ 1395.584506] R13: 0000000000000000 R14: 0000000000e41090 R15: 0000000000e41010
[ 1395.584506] FS:  00007f255276f700(0000) GS:ffff88103fd00000(0000) knlGS:0000000000000000
[ 1395.584506] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1395.584506] CR2: 00007f2552154ec8 CR3: 0000000fc1454000 CR4: 00000000000427e0
[ 1395.584506] Stack:
[ 1395.584506]  ffff880ff88d0800 ffff880ff8b17ec0 ffff880ff8b17e00 ffffffff8135e562
[ 1395.584506]  0000000000000001 ffffffffa0c7029e ffff880ff8b17e00 ffff880ff41d6148
[ 1395.584506]  0000000000000000 ffffffffa0c703c1 ffff880ff41d6148 ffffffffa0c761b8
[ 1395.584506] Call Trace:
[ 1395.584506]  [<ffffffff8135e562>] ? device_unregister+0x9/0x12
[ 1395.584506]  [<ffffffffa0c7029e>] ? remove_cdevs+0x4b/0x73 [st]
[ 1395.584506]  [<ffffffffa0c703c1>] ? st_remove+0x27/0x80 [st]
[ 1395.584506]  [<ffffffff81360ace>] ? __device_release_driver+0x82/0xdb
[ 1395.584506]  [<ffffffff813611a5>] ? driver_detach+0x6e/0x99
[ 1395.584506]  [<ffffffff81360934>] ? bus_remove_driver+0x60/0x7d
[ 1395.584506]  [<ffffffffa0c756e6>] ? exit_st+0x59/0x84 [st]
[ 1395.584506]  [<ffffffff810d2e0a>] ? SyS_delete_module+0x123/0x199
[ 1395.584506]  [<ffffffff81144b6c>] ? fput+0x40/0x80
[ 1395.584506]  [<ffffffff814faf68>] ? int_signal+0x12/0x17
[ 1395.584506]  [<ffffffff814fad62>] ? system_call_fastpath+0x16/0x1b
[ 1395.584506] Code: 48 89 df 5b 48 8b 75 18 5d 41 5c e9 a3 ff ff ff 5b 5d 41 5c c3 41 54 55 53 48 89 fb 48 8b 87 88 00 00 00 4c 8b 27 48 85 c0 74 1b <48> 8b b8 90 00 00 00 48 89 da be 02 00 00 00 48 81 c7 f8 00 00 
[ 1395.584506] RIP  [<ffffffff8135e405>] device_del+0x16/0x16a
[ 1395.584506]  RSP <ffff880fc1585e38>
[ 1395.611887] ---[ end trace 6930a5f575a238b5 ]---
nero ~ # lsscsi    
[0:0:0:0]    disk    ATA      SAMSUNG SSD 830  CXM0  /dev/sda 
[1:0:0:0]    disk    ATA      SAMSUNG SSD 830  CXM0  /dev/sdb 
[2:0:0:0]    disk    ATA      ST3000DM001-1CH1 CC43  /dev/sdc 
[3:0:0:0]    disk    ATA      ST3000DM001-1CH1 CC43  /dev/sdd 
[4:0:0:0]    disk    ATA      ST3000DM001-1CH1 CC43  /dev/sde 
[5:0:0:0]    disk    ATA      ST3000DM001-1CH1 CC43  /dev/sdf 
[7:0:0:0]    disk    ATA      SAMSUNG SSD 830  CXM0  /dev/sdg 
[11:0:0:0]   disk    ATA      SAMSUNG SSD 830  CXM0  /dev/sdh 
[12:0:0:0]   disk    Generic- USB3.0 CRW-CF/MD 1.00  /dev/sdi 
[12:0:0:1]   disk    Generic- USB3.0 CRW-SM/xD 1.00  /dev/sdj 
[12:0:0:2]   disk    Generic- USB3.0 CRW-SD    1.00  /dev/sdk 
[12:0:0:3]   disk    Generic- USB3.0 CRW-MS    1.00  /dev/sdl 
[12:0:0:4]   disk    Generic- USB3.0 CRW-SD/MS 1.00  /dev/sdm 
[13:0:0:0]   disk    Kingston DT Micro         PMAP  /dev/sdn 
[14:0:0:0]   cd/dvd  Optiarc  DVD RW AD-7800H  1.00  /dev/sr0 
[15:0:0:0]   tape    TANDBERG LTO-5 HH         Z519  -        

System now gets stuck in D states, reboot is not possible, only the hardware reset button helps.
Comment 1 Maurizio Lombardi 2014-02-11 21:28:39 UTC 
I sent a patch to the linux-scsi mailing list that fixes the problem for me.
Can someone test and review it?

http://marc.info/?l=linux-scsi&m=139215379402532&w=2
Comment 2 Andreas Steinmetz 2014-02-16 03:30:06 UTC 
Verified the patch. Fixes the Oops. Thanks a lot.