Distribution: Gentoo Linux 1.4 Hardware Environment: Athlon-xp 2500+, M/B based NForce2 chipset, LG 52x ATA CD-ROM with usb case. Software Environment: Problem Description: I opened cdrom device file with python, and disconnect cdrom. then close device file, kernel oops happened. i think cdo reference invalid pointer(not NULL) in cdrom_release() this is kernel dmesg with enable cdrom debug option and print cdi, cdo pointer cdrom: entering register_cdrom cdrom: drive "/dev/sr1" registered cdrom: entering cdrom_open cdrom: entering open_for_data cdrom: drive_status=4 cdrom: entering cdrom_count_tracks cdrom: track 1: format=2, ctrl=4 cdrom: disc has 1 tracks: 0=audio 1=data 0=Cd-I 0=XA cdrom: all seems well, opening the device. cdrom: opening the device gave me 0. cdrom: device opened successfully. cdrom: Use count for "/dev/sr1" now 1 cdrom: entering unregister_cdrom cdrom: drive "/dev/sr1" unregistered cdrom: entering cdrom_release cdi = cd6ba898 cdo = ffffffff cdrom: Use count for "/dev/" now zero and this is oops message. Unable to handle kernel NULL pointer dereference at virtual address 00000033 printing eip: f8d42302 *pde = 00000000 Oops: 0000 [#1] PREEMPT CPU: 0 EIP: 0060:[<f8d42302>] Tainted: PF EFLAGS: 00010246 (2.6.5-rc3) EIP is at cdrom_release+0x62/0x140 [cdrom] eax: 00000029 ebx: cd6ba898 ecx: 00000001 edx: 00000000 esi: 00000000 edi: df267800 ebp: ffffffff esp: ce6b1f38 ds: 007b es: 007b ss: 0068 Process python (pid: 25490, threadinfo=ce6b0000 task=cf992280) Stack: f8d47368 cd6ba8bc c015d3fc f73b3780 f73b37d0 df267800 f73b378c c015e5dc cd6ba898 00000000 00000000 ed318780 c015e610 f7ff4ec0 f7765080 c0156735 f73b3780 ed318780 f7764b80 ed318780 00000000 e68df680 ce6b0000 c0154cf9 Call Trace: [<c015d3fc>] kill_bdev+0x3c/0x50 [<c015e5dc>] blkdev_put+0x17c/0x1b0 [<c015e610>] blkdev_close+0x0/0x40 [<c0156735>] __fput+0x115/0x130 [<c0154cf9>] filp_close+0x59/0x90 [<c0154d91>] sys_close+0x61/0xa0 [<c01089f5>] sysenter_past_esp+0x52/0x71 Code: f6 45 34 04 74 28 a1 88 9f d4 f8 85 c0 75 1f 83 3d 84 9f d4 Steps to reproduce: 1. connect usb cdrom device with some media 2. run python interpreter 3. python> fp = open('/dev/sr1') 4. disconnect usb cdrom 5. python> fp.close() 6. kernel oops happen.
Created attachment 2485 [details] Patch to fix problem Please try this, it should fix the problem
after apply patch and boot, this oops happened. ---- Unable to handle kernel paging request at virtual address 7366767c printing eip: f8c85085 *pde = 00000000 Oops: 0000 [#1] PREEMPT CPU: 0 EIP: 0060:[<f8c85085>] Not tainted VLI EFLAGS: 00010296 (2.6.5-mm1) EIP is at sr_cd_check+0xf5/0x470 [sr_mod] eax: 73667630 ebx: f73ede34 ecx: 00000000 edx: 00000001 esi: f70f9b00 edi: c0416000 ebp: f70f9b18 esp: f73ede1c ds: 007b es: 007b ss: 0068 Process hald (pid: 9201, threadinfo=f73ec000 task=f7c28eb0) Stack: f70f9b00 f73ede34 0000002c 00000000 ffffff85 00000000 00000043 00000000 0000400c c0416000 0000000c ffffff85 00000000 00000002 00000001 00007530 00000000 00000000 00000001 f70f9b00 f70f9b18 f8c86780 f8c83089 f70f9b18 Call Trace: [<f8c83089>] sr_media_change+0x89/0xa0 [sr_mod] [<f8ceb810>] media_changed+0x60/0x90 [cdrom] [<f8ceb876>] cdrom_media_changed+0x36/0x40 [cdrom] [<c015aa86>] check_disk_change+0x36/0x90 [<f8cead34>] cdrom_open+0x84/0xe0 [cdrom] [<f8c8357a>] sr_block_open+0x2a/0x30 [sr_mod] [<c015aca4>] do_open+0x144/0x410 [<c015a5f0>] bdev_test+0x0/0x20 [<c015a610>] bdev_set+0x0/0x10 [<c015b024>] blkdev_open+0x34/0x70 [<c01513f7>] dentry_open+0x147/0x210 [<c01512a2>] filp_open+0x62/0x70 [<c015173b>] sys_open+0x5b/0x90 [<c0105a35>] sysenter_past_esp+0x52/0x71 Code: 0c 01 00 00 00 8b 44 24 14 80 66 14 fb 89 46 10 89 2c 24 e8 ae f5 ff ff 83 f8 64 74 0b 89 34 24 e8 d1 fb ff ff 48 74 39 8b 46 08 <81> 78 4c 00 08 00 00 74 10 c7 44 24 04 00 08 00 00 89 34 24 e8
Is this issue still present in recent 2.6 kernels?
I'm assuming this issue is already fixed in recent 2.6 kernels. Please reopen this bug if it's still present in kernel 2.6.16.