2.6.20-rc4: null pointer deref in khubd

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Pavel Machek <pavel@ucw.cz>
To: kernel list <linux-kernel@vger.kernel.org>,
	Andrew Morton <akpm@osdl.org>, Greg KH <greg@kroah.com>
Subject: 2.6.20-rc4: null pointer deref in khubd
Date: Wed, 10 Jan 2007 11:49:37 +0100	[thread overview]
Message-ID: <20070110104937.GA32112@elf.ucw.cz> (raw)

[-- Attachment #1: Type: text/plain, Size: 4401 bytes --]

Hi!

I have half broken usb device here, very useful at breaking linux usb
stack:

(Is it softlockup watchdog triggering in the middle of oops? Do we
take too long to oops or what?)
								Pavel
...
PM: Adding info for usb:2-1:1.0
usb0: register 'cdc_ether' at usb-0000:00:1d.0-1, CDC Ethernet Device, c2:3a:65:0e:e0:f7
PM: Adding info for No Bus:usbdev2.60_ep83
PM: Adding info for usb:2-1:1.1
PM: Adding info for No Bus:usbdev2.60_ep81
PM: Adding info for No Bus:usbdev2.60_ep02
PM: Adding info for mmc:mmc0:0001
mmcblk0: mmc0:0001 IFX128 125440KiB 
 mmcblk0: p1 p2 p3
EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
usb 2-1: USB disconnect, address 60
PM: Removing info for No Bus:usbdev2.60_ep83
usb0: unregister 'cdc_ether' usb-0000:00:1d.0-1, CDC Ethernet Device
PM: Removing info for usb:2-1:1.0
PM: Removing info for No Bus:usbdev2.60_ep81
PM: Removing info for No Bus:usbdev2.60_ep02
PM: Removing info for usb:2-1:1.1
PM: Removing info for No Bus:usbdev2.60_ep00
PM: Removing info for usb:2-1
usb 2-1: new full speed USB device using uhci_hcd and address 61
usb 2-1: device descriptor read/64, error -71
PM: Removing info for mmc:mmc0:0001
usb 2-1: new full speed USB device using uhci_hcd and address 62
usb 2-1: device descriptor read/64, error -71
usb 2-1: new full speed USB device using uhci_hcd and address 63
usb 2-1: new full speed USB device using uhci_hcd and address 64
usb 2-1: new full speed USB device using uhci_hcd and address 65
usb 2-1: new full speed USB device using uhci_hcd and address 66
usb 2-1: device descriptor read/all, error -71
usb 2-1: new full speed USB device using uhci_hcd and address 68
usb 2-1: USB disconnect, address 68
usb 2-1: unable to read config index 0 descriptor/start
usb 2-1: chopping to 0 config(s)
usb 2-1: string descriptor 0 read error: -19
usb 2-1: string descriptor 0 read error: -19
PM: Adding info for usb:2-1
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000010
 printing eip:
c0610784
*pde = 00000000
PM: Adding info for No Bus:usbdev2.68_ep00
usb 2-1: no configuration chosen from 0 choices
BUG: soft lockup detected on CPU#1!
 [<c014d4c9>] softlockup_tick+0xa9/0xd0
 [<c0131393>] update_process_times+0x33/0x80
 [<c011ab7b>] smp_apic_timer_interrupt+0x6b/0x80
 [<c0103aa4>] apic_timer_interrupt+0x28/0x30
 [<c02558b4>] delay_tsc+0x14/0x20
 [<c02558f6>] __delay+0x6/0x10
 [<c011fbbb>] do_page_fault+0x35b/0x600
 [<c011f860>] do_page_fault+0x0/0x600
 [<c061352c>] error_code+0x7c/0x84
 [<c0610784>] klist_del+0x14/0x50
 [<c0328edb>] device_del+0x1b/0x1c0
 [<c044c2a1>] usb_disconnect+0xb1/0x120
 [<c044ec4a>] hub_thread+0x3ca/0xe00
 [<c0120ab1>] __activate_task+0x21/0x40
 [<c01238af>] try_to_wake_up+0x3f/0x420
 [<c013c6c0>] autoremove_wake_function+0x0/0x50
 [<c044e880>] hub_thread+0x0/0xe00
 [<c013c60c>] kthread+0xec/0xf0
 [<c013c520>] kthread+0x0/0xf0
 [<c0103be7>] kernel_thread_helper+0x7/0x10
 =======================
Oops: 0000 [#1]
SMP 
Modules linked in: usbserial
CPU:    1
EIP:    0060:[<c0610784>]    Not tainted VLI
EFLAGS: 00010292   (2.6.20-rc4 #387)
EIP is at klist_del+0x14/0x50
eax: 00000000   ebx: 00000000   ecx: 0000000f   edx: 00000000
esi: 0000007c   edi: df17c4f4   ebp: df17c5c8   esp: c21b3ea4
ds: 007b   es: 007b   ss: 0068
Process khubd (pid: 304, ti=c21b2000 task=c2264030 task.ti=c21b2000)
Stack: df17c504 0000007c df17c4e0 c0328edb f79f76d0 df17c504 0000007c df17c488 
       df17c5c8 c044c2a1 c0735194 c0704518 df17c598 00000044 f79f78f8 df17c4e0 
       c21ffd1c c2251b50 f79f7678 c21ffd04 c044ec4a c21b3fb0 0000000a c21b3f10 
Call Trace:
 [<c0328edb>] device_del+0x1b/0x1c0
 [<c044c2a1>] usb_disconnect+0xb1/0x120
 [<c044ec4a>] hub_thread+0x3ca/0xe00
 [<c0120ab1>] __activate_task+0x21/0x40
 [<c01238af>] try_to_wake_up+0x3f/0x420
 [<c013c6c0>] autoremove_wake_function+0x0/0x50
 [<c044e880>] hub_thread+0x0/0xe00
 [<c013c60c>] kthread+0xec/0xf0
 [<c013c520>] kthread+0x0/0xf0
 [<c0103be7>] kernel_thread_helper+0x7/0x10
 =======================
Code: 04 89 46 04 89 4a 04 89 11 c6 03 01 8b 1c 24 8b 74 24 04 83 c4 08 c3 83 ec 0c 89 7c 24 08 89 c7 89 1c 24 89 74 24 04 8b 18 89 d8 <8b> 73 10 e8 f4 29 00 00 89 f8 e8 ad fe ff ff 85 c0 b8 00 00 00 
EIP: [<c0610784>] klist_del+0x14/0x50 SS:ESP 0068:c21b3ea4
 

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: delme.bz2 --]
[-- Type: application/octet-stream, Size: 18485 bytes --]

next             reply	other threads:[~2007-01-10 11:44 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-01-10 10:49 Pavel Machek [this message]
2007-01-10 15:49 ` 2.6.20-rc4: null pointer deref in khubd Oliver Neukum
2007-01-10 16:14   ` [linux-usb-devel] " Alan Stern
2007-01-10 17:01     ` Oliver Neukum
2007-01-10 17:31       ` Alan Stern
2007-01-10 19:54         ` Oliver Neukum
2007-01-10 22:35           ` Alan Stern
2007-01-10 22:56             ` Pavel Machek
2007-01-11  7:48             ` Oliver Neukum
2007-01-11 10:34               ` Pavel Machek
2007-01-11 13:08                 ` Oliver Neukum
2007-01-10 20:38   ` Pavel Machek
2007-01-11 13:21     ` [linux-usb-devel] " Oliver Neukum

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070110104937.GA32112@elf.ucw.cz \
    --to=pavel@ucw.cz \
    --cc=akpm@osdl.org \
    --cc=greg@kroah.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox