On Fri, Jan 28, 2005 at 06:42:44PM +0100, Oliver Neukum wrote: > I got this oops unmounting by "eject" a defect DVD on a genuine > SCSI drive.
Looks like failing IO + close afterwards - umount is irrelevant here. And oops itself looks like cdrom_release((void *)0x18, whatever), called from sr_block_release(). Which is static int sr_block_release(struct inode *inode, struct file *file) { int ret; struct scsi_cd *cd = scsi_cd(inode->i_bdev->bd_disk); ret = cdrom_release(&cd->cdi, file); and since cdi is at offset 0x18 on i386, we have scsi_cd(inode->i_bdev->bd_disk) == NULL IOW, inode->i_bdev->bd_disk->private_data == NULL at the time of sr_block_release(). Which would be a problem, indeed. AFAICS, the only place that could cause that crap is static void sr_kref_release(struct kref *kref) { struct scsi_cd *cd = container_of(kref, struct scsi_cd, kref); struct gendisk *disk = cd->disk; spin_lock(&sr_index_lock); clear_bit(disk->first_minor, sr_index_bits); spin_unlock(&sr_index_lock); unregister_cdrom(&cd->cdi); disk->private_data = NULL; put_disk(disk); kfree(cd); } so we have scsi_cd refcount reaching zero (and scsi_cd being freed) before the final close of /dev/sr<whatever>... - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/