lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7c8215f8.87f8.198c6edb9f0.Coremail.00107082@163.com>
Date: Wed, 20 Aug 2025 18:02:05 +0800 (CST)
From: "David Wang" <00107082@....com>
To: "Bart Van Assche" <bvanassche@....org>, phil@...lpotter.co.uk
Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
	James.Bottomley@...senPartnership.com, martin.petersen@...cle.com
Subject: Re: [BUG] general protection fault when connecting an old mp3/usb
 device


>Phillip, is this behavior perhaps introduced by commit 5ec9d26b78c4
>("cdrom: Call cdrom_mrw_exit from cdrom_release function")? Please do

I manage to reproduce this, but It turns out this is not about my old mp3 device, but about my phone:
Just connect-umount-discnnect, and repeat, after several rounds, an error log would show up.
(I should pay attention to the USB Product  name in log......
It is just that I check the log only when I have trouble  connecting my mp3 device, and assuming the log is about my mp3 device.)

But I cannot reproduce the address pattern 0x2e2e2f2e2e2f2e2e, this time all I got is NULL:
[Tue Aug 26 00:15:00 2025] usb 1-5: USB disconnect, device number 94
[Tue Aug 26 00:15:01 2025] usb 1-5: new high-speed USB device number 95 using xhci_hcd
[Tue Aug 26 00:15:04 2025] usb 1-5: new high-speed USB device number 96 using xhci_hcd
[Tue Aug 26 00:15:04 2025] usb 1-5: New USB device found, idVendor=12d1, idProduct=1082, bcdDevice= 3.18
[Tue Aug 26 00:15:04 2025] usb 1-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[Tue Aug 26 00:15:04 2025] usb 1-5: Product: ATU-AL10
[Tue Aug 26 00:15:04 2025] usb 1-5: Manufacturer: HUAWEI
[Tue Aug 26 00:15:04 2025] usb 1-5: SerialNumber: TPE9X18915C02308
[Tue Aug 26 00:15:04 2025] usb-storage 1-5:1.1: USB Mass Storage device detected
[Tue Aug 26 00:15:04 2025] scsi host2: usb-storage 1-5:1.1
[Tue Aug 26 00:15:05 2025] scsi 2:0:0:0: CD-ROM            Linux    File-CD Gadget   0318 PQ: 0 ANSI: 2
[Tue Aug 26 00:15:05 2025] sr 2:0:0:0: Power-on or device reset occurred
[Tue Aug 26 00:15:05 2025] sr 2:0:0:0: [sr0] scsi3-mmc drive: 0x/0x caddy
[Tue Aug 26 00:15:05 2025] sr 2:0:0:0: Attached scsi CD-ROM sr0
[Tue Aug 26 00:15:05 2025] sr 2:0:0:0: Attached scsi generic sg0 type 5
[Tue Aug 26 00:15:05 2025] /dev/sr0: Can't open blockdev
[Tue Aug 26 00:15:05 2025] ISO 9660 Extensions: Microsoft Joliet Level 1
[Tue Aug 26 00:15:05 2025] ISOFS: changing to secondary root
[Tue Aug 26 00:15:06 2025] usb 1-5: USB disconnect, device number 96
[Tue Aug 26 00:15:06 2025] BUG: kernel NULL pointer dereference, address: 0000000000000260
[Tue Aug 26 00:15:06 2025] #PF: supervisor read access in kernel mode
[Tue Aug 26 00:15:06 2025] #PF: error_code(0x0000) - not-present page
[Tue Aug 26 00:15:06 2025] PGD 0 P4D 0 
[Tue Aug 26 00:15:06 2025] Oops: Oops: 0000 [#4] SMP NOPTI
[Tue Aug 26 00:15:06 2025] CPU: 0 UID: 0 PID: 886295 Comm: umount Tainted: G      D             6.16.0-linan-0 #50 PREEMPT(voluntary) 
[Tue Aug 26 00:15:06 2025] Tainted: [D]=DIE
[Tue Aug 26 00:15:06 2025] Hardware name: Acer S40-53/Lily_TL, BIOS V1.01 08/28/2020
[Tue Aug 26 00:15:06 2025] RIP: 0010:scsi_block_when_processing_errors+0x27/0xf0 [scsi_mod]
[Tue Aug 26 00:15:06 2025] Code: 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 53 48 83 ec 30 65 48 8b 1d 61 b1 13 f0 48 89 5c 24 28 48 89 fb e8 2c 73 cd ee 48 8b 13 <8b> 82 60 02 00 00 83 e8 05 83 f8 02 76 09 f6 82 20 02 00 00 10 74
[Tue Aug 26 00:15:06 2025] RSP: 0018:ffffaff309d47c70 EFLAGS: 00010246
[Tue Aug 26 00:15:06 2025] RAX: 0000000000000000 RBX: ffff920601613000 RCX: 0000000000000000
[Tue Aug 26 00:15:06 2025] RDX: 0000000000000000 RSI: ffffaff309d47d40 RDI: ffff920601613000
[Tue Aug 26 00:15:06 2025] RBP: ffff920601613000 R08: ffffaff309d47db4 R09: 0000000000000004
[Tue Aug 26 00:15:06 2025] R10: ffffaff309d47db4 R11: ffffffffb06dff80 R12: ffffaff309d47cc0
[Tue Aug 26 00:15:06 2025] R13: ffff92055577d400 R14: 0000000000000000 R15: ffffaff309d47d40
[Tue Aug 26 00:15:06 2025] FS:  00007f5fb1d2e840(0000) GS:ffff92092fb60000(0000) knlGS:0000000000000000
[Tue Aug 26 00:15:06 2025] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Tue Aug 26 00:15:06 2025] CR2: 0000000000000260 CR3: 000000015eb7c004 CR4: 0000000000f72ef0
[Tue Aug 26 00:15:06 2025] PKRU: 55555554
[Tue Aug 26 00:15:06 2025] Call Trace:
[Tue Aug 26 00:15:06 2025]  <TASK>
[Tue Aug 26 00:15:06 2025]  sr_do_ioctl+0x5b/0x1c0 [sr_mod]
[Tue Aug 26 00:15:06 2025]  sr_packet+0x2c/0x50 [sr_mod]
[Tue Aug 26 00:15:06 2025]  cdrom_get_disc_info+0x60/0xe0 [cdrom]
[Tue Aug 26 00:15:06 2025]  cdrom_mrw_exit+0x29/0xb0 [cdrom]
[Tue Aug 26 00:15:06 2025]  ? xa_destroy+0xaa/0x120
[Tue Aug 26 00:15:06 2025]  unregister_cdrom+0x76/0xc0 [cdrom]
[Tue Aug 26 00:15:06 2025]  sr_free_disk+0x44/0x50 [sr_mod]
[Tue Aug 26 00:15:06 2025]  disk_release+0xb0/0xe0
[Tue Aug 26 00:15:06 2025]  device_release+0x37/0x90
[Tue Aug 26 00:15:06 2025]  kobject_put+0x8e/0x1d0
[Tue Aug 26 00:15:06 2025]  blkdev_release+0x11/0x20
[Tue Aug 26 00:15:06 2025]  __fput+0xe3/0x2a0
[Tue Aug 26 00:15:06 2025]  task_work_run+0x59/0x90
[Tue Aug 26 00:15:06 2025]  exit_to_user_mode_loop+0xd6/0xe0
[Tue Aug 26 00:15:06 2025]  do_syscall_64+0x1c1/0x1e0
[Tue Aug 26 00:15:06 2025]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[Tue Aug 26 00:15:06 2025] RIP: 0033:0x7f5fb1f5ab37


And after I upgrade to 6.17-rc1, it could not be reproduced ( I managed to test 10+ rounds of connect/umount/disconnect cycle)
So I think commit 5ec9d26b78c4 does fix my problem.

Thanks
David

>Bart.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ