Mailinglist Archive: opensuse-bugs (3112 mails)

< Previous Next >
[Bug 703625] New: kernel segfault when accessing external DVD-R drive (NULL dereference in CDROM/SCSI/block/elevator.c)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sun, 3 Jul 2011 21:54:30 +0000
  • Message-id: <bug-703625-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=703625

https://bugzilla.novell.com/show_bug.cgi?id=703625#c0


Summary: kernel segfault when accessing external DVD-R drive
(NULL dereference in CDROM/SCSI/block/elevator.c)
Classification: openSUSE
Product: openSUSE 11.4
Version: Factory
Platform: x86-64
OS/Version: openSUSE 11.4
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Kernel
AssignedTo: kernel-maintainers@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: tamas.visegrady@xxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101
Firefox/5.0

wodim startup triggered oops accessing block/elevator struct (elv_may_queue(),
see below), using NULL request_queue->elevator(->ops), started by SCSI.

------------------
BUG: unable to handle kernel NULL pointer dereference at 0000000000000070
..
IP: ... elv_may_queue+0x7/0x20
------------------
int elv_may_queue(struct request_queue *q, int rw)
{
struct elevator_queue *e = q->elevator;

if (e->ops->elevator_may_queue_fn)
return e->ops->elevator_may_queue_fn(q, rw);
..
roughly:
48 8b 47 18 mov 0x18(%rdi),%rax
48 8b 00 mov (%rax),%rax
48 8b 50 70 mov 0x70(%rax),%rdx
------------------

See also:
https://patchwork.kernel.org/patch/845752/
for related discussion, also
http://marc.info/?l=linux-scsi&m=130348673628282
(note: e->ops is set to NULL by elevator_exit())

Reproducible: Didn't try

Steps to Reproduce:
N/A



wodim[2293]: segfault at 7fff537d5ef8 ip 00007f9f03f29735 sp 00007fff537d5f00
er
BUG: unable to handle kernel NULL pointer dereference at 0000000000000070
IP: [<ffffffff812654b7>] elv_may_queue+0x7/0x20
PGD 77b87067 PUD 3c74067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1a.7/class
CPU 1
Modules linked in: ses enclosure af_packet microcode coretemp
cpufreq_conservative cpufreq_userspace snd_pcm_oss snd_mixer_oss
cpufreq_powersave acpi_cpufreq mperf snd_seq snd_seq_device nls_iso8859_1
nls_cp437 vfat fat dm_mod arc4 ecb snd_hda_codec_analog usb_storage
uas snd_hda_intel snd_hda_codec iwl4965 iwl_legacy snd_hwdep snd_pcm
pcmcia sr_mod thinkpad_acpi snd_timer mac80211 cfg80211 mmc_block cdrom
yenta_socket pcmcia_rsrc r592 snd rfkill r852 e1000e sg pcmcia_core wmi
sm_common nand nand_ids sdhci_pci nand_bch bch sdhci nand_ecc mmc_core
mtd memstick soundcore snd_page_alloc tpm_tis tpm tpm_bios iTCO_wdt ac
iTCO_vendor_support pcspkr i2c_i801 joydev battery usbhid uhci_hcd i915
ehci_hcd drm_kms_helper drm i2c_algo_bit button video usbcore edd fan
processor ata_generic thermal thermal_sys

Pid: 2293, comm: wodim Not tainted 2.6.39-2-default #1 LENOVO 7659AB7/7659AB7
RIP: 0010:[<ffffffff812654b7>] [<ffffffff812654b7>] elv_may_queue+0x7/0x20
RSP: 0018:ffff8800645d19d0 EFLAGS: 00010012
RAX: 0000000000000000 RBX: ffff880077b56700 RCX: 0000000000000010
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880077b56700
RBP: 0000000000000000 R08: 0000000000000000 R09: ffff880003fa6740
R10: ffff880037f35000 R11: ffff8800645f5800 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
FS: 00007f9f04661700(0000) GS:ffff88007d500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000070 CR3: 0000000070660000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process wodim (pid: 2293, threadinfo ffff8800645d0000, task ffff880003db6280)
Stack:
ffffffff8126b449 ffff8800645d1a08 ffffea00003c42e8 0000000000000003
0000000000000010 ffff8800645d1b18 ffff880077b56700 0000000000000000
0000000000000000 ffff8800645d1bd8 ffff880003fa6740 0000000000000000
Call Trace:
[<ffffffff8126b449>] get_request+0x49/0x440
[<ffffffff8126b862>] get_request_wait+0x22/0x1b0
[<ffffffff81366d88>] scsi_execute+0x48/0x170
[<ffffffff8136821a>] scsi_execute_req+0xaa/0x130
[<ffffffff81361f2c>] ioctl_internal_command.constprop.4+0x5c/0x1b0
[<ffffffff813620e2>] scsi_set_medium_removal+0x62/0xa0
[<ffffffffa03105eb>] cdrom_release+0xdb/0x140 [cdrom]
[<ffffffffa02cb82e>] sr_block_release+0x2e/0x60 [sr_mod]
[<ffffffff81177b64>] __blkdev_put+0x1b4/0x200
[<ffffffff8114730a>] __fput+0xaa/0x200
[<ffffffff81143ccf>] filp_close+0x5f/0x90
[<ffffffff8105610e>] put_files_struct.part.14+0x6e/0xd0
[<ffffffff81058047>] do_exit+0x187/0x420
[<ffffffff81058471>] do_group_exit+0x41/0xb0
[<ffffffff81068484>] get_signal_to_deliver+0x274/0x3c0
[<ffffffff810026ec>] do_signal+0x4c/0x170
[<ffffffff810029c5>] do_notify_resume+0x65/0x90
[<ffffffff8150aadc>] retint_signal+0x48/0x8c
[<00007f9f03f29735>] 0x7f9f03f29734
Code: 00 00 00 00 48 8b 47 18 48 8b 00 48 8b 40 68 48 85 c0 74 08 48 89
f7 ff e0 0f 1f 00 f3 c3 66 0f 1f 44 00 00 48 8b 47 18 48 8b 00
..
RIP [<ffffffff812654b7>] elv_may_queue+0x7/0x20
RSP <ffff8800645d19d0>
CR2: 0000000000000070

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
This Thread
  • No further messages