2.6.20-rc4: null pointer deref in khubd

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pavel Machek <pavel@ucw.cz>
To: kernel list <linux-kernel@vger.kernel.org>,
	Andrew Morton <akpm@osdl.org>, Greg KH <greg@kroah.com>
Subject: 2.6.20-rc4: null pointer deref in khubd
Date: Wed, 10 Jan 2007 11:49:37 +0100	[thread overview]
Message-ID: <20070110104937.GA32112@elf.ucw.cz> (raw)

[-- Attachment #1: Type: text/plain, Size: 4401 bytes --]

Hi!

I have half broken usb device here, very useful at breaking linux usb
stack:

(Is it softlockup watchdog triggering in the middle of oops? Do we
take too long to oops or what?)
								Pavel
...
PM: Adding info for usb:2-1:1.0
usb0: register 'cdc_ether' at usb-0000:00:1d.0-1, CDC Ethernet Device, c2:3a:65:0e:e0:f7
PM: Adding info for No Bus:usbdev2.60_ep83
PM: Adding info for usb:2-1:1.1
PM: Adding info for No Bus:usbdev2.60_ep81
PM: Adding info for No Bus:usbdev2.60_ep02
PM: Adding info for mmc:mmc0:0001
mmcblk0: mmc0:0001 IFX128 125440KiB 
 mmcblk0: p1 p2 p3
EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
usb 2-1: USB disconnect, address 60
PM: Removing info for No Bus:usbdev2.60_ep83
usb0: unregister 'cdc_ether' usb-0000:00:1d.0-1, CDC Ethernet Device
PM: Removing info for usb:2-1:1.0
PM: Removing info for No Bus:usbdev2.60_ep81
PM: Removing info for No Bus:usbdev2.60_ep02
PM: Removing info for usb:2-1:1.1
PM: Removing info for No Bus:usbdev2.60_ep00
PM: Removing info for usb:2-1
usb 2-1: new full speed USB device using uhci_hcd and address 61
usb 2-1: device descriptor read/64, error -71
PM: Removing info for mmc:mmc0:0001
usb 2-1: new full speed USB device using uhci_hcd and address 62
usb 2-1: device descriptor read/64, error -71
usb 2-1: new full speed USB device using uhci_hcd and address 63
usb 2-1: new full speed USB device using uhci_hcd and address 64
usb 2-1: new full speed USB device using uhci_hcd and address 65
usb 2-1: new full speed USB device using uhci_hcd and address 66
usb 2-1: device descriptor read/all, error -71
usb 2-1: new full speed USB device using uhci_hcd and address 68
usb 2-1: USB disconnect, address 68
usb 2-1: unable to read config index 0 descriptor/start
usb 2-1: chopping to 0 config(s)
usb 2-1: string descriptor 0 read error: -19
usb 2-1: string descriptor 0 read error: -19
PM: Adding info for usb:2-1
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000010
 printing eip:
c0610784
*pde = 00000000
PM: Adding info for No Bus:usbdev2.68_ep00
usb 2-1: no configuration chosen from 0 choices
BUG: soft lockup detected on CPU#1!
 [<c014d4c9>] softlockup_tick+0xa9/0xd0
 [<c0131393>] update_process_times+0x33/0x80
 [<c011ab7b>] smp_apic_timer_interrupt+0x6b/0x80
 [<c0103aa4>] apic_timer_interrupt+0x28/0x30
 [<c02558b4>] delay_tsc+0x14/0x20
 [<c02558f6>] __delay+0x6/0x10
 [<c011fbbb>] do_page_fault+0x35b/0x600
 [<c011f860>] do_page_fault+0x0/0x600
 [<c061352c>] error_code+0x7c/0x84
 [<c0610784>] klist_del+0x14/0x50
 [<c0328edb>] device_del+0x1b/0x1c0
 [<c044c2a1>] usb_disconnect+0xb1/0x120
 [<c044ec4a>] hub_thread+0x3ca/0xe00
 [<c0120ab1>] __activate_task+0x21/0x40
 [<c01238af>] try_to_wake_up+0x3f/0x420
 [<c013c6c0>] autoremove_wake_function+0x0/0x50
 [<c044e880>] hub_thread+0x0/0xe00
 [<c013c60c>] kthread+0xec/0xf0
 [<c013c520>] kthread+0x0/0xf0
 [<c0103be7>] kernel_thread_helper+0x7/0x10
 =======================
Oops: 0000 [#1]
SMP 
Modules linked in: usbserial
CPU:    1
EIP:    0060:[<c0610784>]    Not tainted VLI
EFLAGS: 00010292   (2.6.20-rc4 #387)
EIP is at klist_del+0x14/0x50
eax: 00000000   ebx: 00000000   ecx: 0000000f   edx: 00000000
esi: 0000007c   edi: df17c4f4   ebp: df17c5c8   esp: c21b3ea4
ds: 007b   es: 007b   ss: 0068
Process khubd (pid: 304, ti=c21b2000 task=c2264030 task.ti=c21b2000)
Stack: df17c504 0000007c df17c4e0 c0328edb f79f76d0 df17c504 0000007c df17c488 
       df17c5c8 c044c2a1 c0735194 c0704518 df17c598 00000044 f79f78f8 df17c4e0 
       c21ffd1c c2251b50 f79f7678 c21ffd04 c044ec4a c21b3fb0 0000000a c21b3f10 
Call Trace:
 [<c0328edb>] device_del+0x1b/0x1c0
 [<c044c2a1>] usb_disconnect+0xb1/0x120
 [<c044ec4a>] hub_thread+0x3ca/0xe00
 [<c0120ab1>] __activate_task+0x21/0x40
 [<c01238af>] try_to_wake_up+0x3f/0x420
 [<c013c6c0>] autoremove_wake_function+0x0/0x50
 [<c044e880>] hub_thread+0x0/0xe00
 [<c013c60c>] kthread+0xec/0xf0
 [<c013c520>] kthread+0x0/0xf0
 [<c0103be7>] kernel_thread_helper+0x7/0x10
 =======================
Code: 04 89 46 04 89 4a 04 89 11 c6 03 01 8b 1c 24 8b 74 24 04 83 c4 08 c3 83 ec 0c 89 7c 24 08 89 c7 89 1c 24 89 74 24 04 8b 18 89 d8 <8b> 73 10 e8 f4 29 00 00 89 f8 e8 ad fe ff ff 85 c0 b8 00 00 00 
EIP: [<c0610784>] klist_del+0x14/0x50 SS:ESP 0068:c21b3ea4
 

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: delme.bz2 --]
[-- Type: application/octet-stream, Size: 18485 bytes --]

next             reply	other threads:[~2007-01-10 11:44 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-01-10 10:49 Pavel Machek [this message]
2007-01-10 15:49 ` 2.6.20-rc4: null pointer deref in khubd Oliver Neukum
2007-01-10 16:14   ` [linux-usb-devel] " Alan Stern
2007-01-10 17:01     ` Oliver Neukum
2007-01-10 17:31       ` Alan Stern
2007-01-10 19:54         ` Oliver Neukum
2007-01-10 22:35           ` Alan Stern
2007-01-10 22:56             ` Pavel Machek
2007-01-11  7:48             ` Oliver Neukum
2007-01-11 10:34               ` Pavel Machek
2007-01-11 13:08                 ` Oliver Neukum
2007-01-10 20:38   ` Pavel Machek
2007-01-11 13:21     ` [linux-usb-devel] " Oliver Neukum

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070110104937.GA32112@elf.ucw.cz \
    --to=pavel@ucw.cz \
    --cc=akpm@osdl.org \
    --cc=greg@kroah.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.