136087 – (sr_mod - usb(?)) kernel oops due to grip w/ cdparanoia

Bug 136087 - (sr_mod - usb(?)) kernel oops due to grip w/ cdparanoia

Summary: (sr_mod - usb(?)) kernel oops due to grip w/ cdparanoia

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	3
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Dave Jones
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-10-17 19:28 UTC by Dams
Modified:	2015-01-04 22:10 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2005-09-29 07:56:53 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dams 2004-10-17 19:28:30 UTC

Description of problem:
(Sorry if it's not a 100% fedora kernel. I've applied a small patch to
fix detection of my usb cd-rom device. See bug #131127)

Here is the proc/scsi/scsi entry for the cdrom device : 
Host: scsi1 Channel: 00 Id: 00 Lun: 00
  Vendor: PIONEER  Model: DVD-RW  DVR-107D Rev: 1.10
  Type:   CD-ROM                           ANSI SCSI revision: 02

It's plugged to an usb2 controller.

I'm pretty sure this happened when I killed grip. I was extracting an
audio cd, but it seemed the medium was "bad". Since grip was stuck in
the audio extraction, I had to kill it (sigterm, no sigkill). grip was
using cdparanoia. (I'm CCing pjones, since it's not the first I
encounter problems with cdparanoia and kernel).

Here is the kernel oops trace : 

usb 4-3: reset high speed USB device using address 2
SCSI error : <1 0 0 0> return code = 0x6000000
usb 4-3: reset high speed USB device using address 2
scsi: Device offlined - not ready after error recovery: host 1 channel
0 id 0 lun 0
SCSI error : <1 0 0 0> return code = 0x70000
scsi1 (0:0): rejecting I/O to offline device
scsi1 (0:0): rejecting I/O to offline device
Unable to handle kernel NULL pointer dereference at virtual address
00000008
 printing eip:
22aac6f5
*pde = 00004001
Oops: 0000 [#1]
SMP 
Modules linked in: pcspkr nfsd exportfs lockd autofs4 sunrpc ds
yenta_socket pcmcia_core nls_utf8 loop sr_mod joydev button battery ac
radeon md5 ipv6 usb_storage ehci_hcd ohci_hcd tuner bttv video_buf
i2c_algo_bit v4l2_common btcx_risc i2c_core videodev hw_random
snd_bt87x emu10k1_gp gameport snd_emu10k1 snd_rawmidi snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer snd_seq_device snd_ac97_codec
snd_page_alloc snd_util_mem snd_hwdep snd soundcore 3c59x ext3 jbd
raid1 dm_mod aic7xxx sd_mod scsi_mod
CPU:    0
EIP:    0060:[<22aac6f5>]    Not tainted VLI
EFLAGS: 00010287   (2.6.8-1.610.anvilsmp) 
EIP is at sr_block_ioctl+0x1f/0x4a [sr_mod]
eax: 036d23c0   ebx: 00002285   ecx: 099cb080   edx: 00000000
esi: 1c128c14   edi: 110f3740   ebp: 036d23c0   esp: 1bf27f58
ds: 007b   es: 007b   ss: 0068
Process grip (pid: 2384, threadinfo=1bf27000 task=1880f3a0)
Stack: 00002285 099cb080 22aaf160 022131d8 099cb080 110f3740 1c128c14
032d54e0 
       13411d20 0230d580 00002285 110f3740 1dc42e70 02159e77 099cb080
021626ea 
       099cb080 ffffffe7 00000001 f567e2e8 00000000 021234bf 1bf27fc4
1842e274 
Call Trace:
 [<022131d8>] blkdev_ioctl+0x34b/0x358
 [<02159e77>] block_ioctl+0x11/0x13
 [<021626ea>] sys_ioctl+0x211/0x253
 [<021234bf>] sys_gettimeofday+0x25/0x55
Code: <3>Debug: sleeping function called from invalid context at
include/linux/rwsem.h:43
in_atomic():0[expected: 0], irqs_disabled():1
 [<0211dbf3>] __might_sleep+0x7d/0x8a
 [<0214e011>] rw_vm+0xe5/0x28c
 [<22aac6ca>] sr_block_release+0x61/0x6d [sr_mod]
 [<22aac6ca>] sr_block_release+0x61/0x6d [sr_mod]
 [<0214e475>] get_user_size+0x30/0x57
 [<22aac6ca>] sr_block_release+0x61/0x6d [sr_mod]
 [<021061c4>] show_registers+0x115/0x16c
 [<0210635b>] die+0xdb/0x16b
 [<02120290>] vprintk+0x136/0x14a
 [<02119997>] do_page_fault+0x421/0x5e7
 [<22aac6f5>] sr_block_ioctl+0x1f/0x4a [sr_mod]
 [<02145747>] do_wp_page+0x2d9/0x2f2
 [<021462f4>] handle_mm_fault+0xbd/0x175
 [<02119734>] do_page_fault+0x1be/0x5e7
 [<02119576>] do_page_fault+0x0/0x5e7
 [<22aac6f5>] sr_block_ioctl+0x1f/0x4a [sr_mod]
 [<022131d8>] blkdev_ioctl+0x34b/0x358
 [<02159e77>] block_ioctl+0x11/0x13
 [<021626ea>] sys_ioctl+0x211/0x253
 [<021234bf>] sys_gettimeofday+0x25/0x55
 Bad EIP value.

Version-Release number of selected component:
kernel-smp-2.6.8-1.610.anvil - cdparanoia-alpha9.8-24

How reproducible: Didn't try

Comment 1 Peter Jones 2004-10-18 16:07:47 UTC

What version of cdparanoia is installed?  If you run "cdparanoia -v
-Q", what does it say after "Checking /dev/foo for cdrom..."?

Basically, I'm wondering if you're using sg, SG_IO, or the cooked
ioctls.  I suspect it's the cooked mode, since it's in block_ioctl and
not scsi_cmd_ioctl (like you'd see for SG_IO), but I'd like to be sure.

Comment 2 Dave Jones 2005-07-15 20:10:03 UTC

An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.