| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Feb 2010 13:57:20 +0100 From: Bruno Prémont <bonbons@...ux-vserver.org> To: Alan Stern <stern@...land.harvard.edu> Cc: Jiri Kosina <jkosina@...e.cz>, Oliver Neukum <oliver@...kum.org>, Stephen Rothwell <sfr@...b.auug.org.au>, Marcel Holtmann <marcel@...tmann.org>, H Hartley Sweeten <hsweeten@...ionengravers.com>, <linux-usb@...r.kernel.org>, <linux-input@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: Re: S2R resume crash in 2.6.33-rc7 - NULL pointer dereference in dev_get_drvdata() for usbhid On Mon, 08 February 2010 Alan Stern <stern@...land.harvard.edu> wrote: > Clearly something is setting usbhid->intf to NULL. But I don't see > any code that would do it. You may have to resort to putting > printk() statements at various strategic places to find out where it > happens. You could start with the beginnings and ends of hid_suspend, > hid_resume, and hid_reset_resume. Maybe also usbhid_disconnect(), > just in case. I did add a few printk()s and WARN_ON()s to get a better idea of why/when usbhid->intf is NULL and it is already since probe time of the second interface anounced by the USB keyboard (hid.debug=1): [ 3.822393] usb 2-2.1: new full speed USB device using uhci_hcd and address 3 [ 4.011388] usb 2-2.1: New USB device found, idVendor=058f, idProduct=9462 [ 4.011502] usb 2-2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4.011639] usb 2-2.1: Product: Multimedia USB Keyboard [ 4.011733] usb 2-2.1: Manufacturer: Multimedia USB Keyboard [ 4.011826] usb 2-2.1: SerialNumber: Multimedia USB Keyboard [ 4.014514] /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c: HID probe called for ifnum 0 [ 4.037712] /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c: submitting ctrl urb: Set_Report wValue=0x0200 wIndex=0x0000 wLength=1 [ 4.038160] input: Multimedia USB Keyboard Multimedia USB Keyboard as /devices/pci0000:00/0000:00:10.0/usb2/2-2/2-2.1/2-2.1:1.0/input/input4 [ 4.038523] generic-usb 0003:058F:9462.0001: input: USB HID v1.10 Keyboard [Multimedia USB Keyboard Multimedia USB Keyboard] on usb-0000:00:10.0-2.1/input0 [ 4.038901] /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c: HID probe called for ifnum 1 [ 4.066881] /usr/src/linux-2.6-git/drivers/hid/hid-core.c: usage index exceeded [ 4.066894] /usr/src/linux-2.6-git/drivers/hid/hid-core.c: hid_add_usage failed [ 4.066905] /usr/src/linux-2.6-git/drivers/hid/hid-core.c: item 0 2 2 2 parsing failed [ 4.066931] /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c: parsing report descriptor failed >>>> following WARNING comes from WARN_ON() I added to usbhid_parse >>>> to know what the call stack is up to the failing report parsing [ 4.066941] ------------[ cut here ]------------ [ 4.067065] WARNING: at /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c:891 usbhid_parse+0x1db/0x340() [ 4.067226] Hardware name: CX700+W697HG [ 4.067316] Modules linked in: [ 4.067463] Pid: 228, comm: khubd Not tainted 2.6.33-rc7-venus #6 [ 4.067560] Call Trace: [ 4.067662] [<c1330cdd>] ? printk+0x18/0x1b [ 4.067763] [<c12855db>] ? usbhid_parse+0x1db/0x340 [ 4.067873] [<c10251ec>] warn_slowpath_common+0x6c/0xc0 [ 4.067976] [<c12855db>] ? usbhid_parse+0x1db/0x340 [ 4.068080] [<c1025255>] warn_slowpath_null+0x15/0x20 [ 4.068183] [<c12855db>] usbhid_parse+0x1db/0x340 [ 4.068293] [<c127ac85>] hid_device_probe+0x155/0x170 [ 4.068396] [<c11ec838>] driver_probe_device+0x68/0x160 [ 4.068500] [<c127a2a8>] ? hid_bus_match+0x88/0x160 [ 4.068605] [<c11ec9f1>] __device_attach+0x41/0x50 [ 4.068707] [<c11ebe53>] bus_for_each_drv+0x53/0x80 [ 4.068810] [<c11eca9b>] device_attach+0x6b/0x70 [ 4.068911] [<c11ec9b0>] ? __device_attach+0x0/0x50 [ 4.069014] [<c11ebc4f>] bus_probe_device+0x1f/0x40 [ 4.069117] [<c11ea557>] device_add+0x357/0x570 [ 4.069224] [<c117a693>] ? kvasprintf+0x43/0x60 [ 4.069326] [<c1172c52>] ? kobject_set_name_vargs+0x62/0x70 [ 4.069432] [<c127a76e>] hid_add_device+0x14e/0x1d0 [ 4.069579] [<c1286012>] usbhid_probe+0x202/0x360 [ 4.069685] [<c1230e8f>] usb_probe_interface+0xaf/0x1c0 [ 4.069791] [<c11ec742>] ? driver_sysfs_add+0x52/0x70 [ 4.069895] [<c11ec838>] driver_probe_device+0x68/0x160 [ 4.070000] [<c122fd90>] ? usb_device_match+0x50/0xb0 [ 4.070135] [<c11ec9f1>] __device_attach+0x41/0x50 [ 4.070234] [<c11ebe53>] bus_for_each_drv+0x53/0x80 [ 4.070338] [<c11eca9b>] device_attach+0x6b/0x70 [ 4.070434] [<c11ec9b0>] ? __device_attach+0x0/0x50 [ 4.070530] [<c11ebc4f>] bus_probe_device+0x1f/0x40 [ 4.070626] [<c11ea557>] device_add+0x357/0x570 [ 4.070722] [<c1234ccc>] ? usb_create_ep_devs+0x7c/0xb0 [ 4.070821] [<c122db03>] ? create_intf_ep_devs+0x43/0x70 [ 4.070919] [<c122f7e7>] usb_set_configuration+0x4a7/0x640 [ 4.071019] [<c1237ff9>] generic_probe+0x39/0xb0 [ 4.071120] [<c10c4352>] ? sysfs_create_link+0x12/0x20 [ 4.071218] [<c122fb5f>] usb_probe_device+0x1f/0x30 [ 4.071314] [<c11ec838>] driver_probe_device+0x68/0x160 [ 4.071412] [<c11ec9f1>] __device_attach+0x41/0x50 [ 4.071508] [<c11ebe53>] bus_for_each_drv+0x53/0x80 [ 4.071605] [<c11eca9b>] device_attach+0x6b/0x70 [ 4.071700] [<c11ec9b0>] ? __device_attach+0x0/0x50 [ 4.071797] [<c11ebc4f>] bus_probe_device+0x1f/0x40 [ 4.071892] [<c11ea557>] device_add+0x357/0x570 [ 4.071987] [<c1330cdd>] ? printk+0x18/0x1b [ 4.072081] [<c12266ab>] ? show_string+0x4b/0x50 [ 4.072177] [<c12292d6>] usb_new_device+0x116/0x180 [ 4.072274] [<c122aadf>] hub_thread+0xdbf/0x11d0 [ 4.072372] [<c1021377>] ? dequeue_task_fair+0x27/0x1d0 [ 4.072470] [<c102106e>] ? set_next_entity+0x2e/0x70 [ 4.072567] [<c1021ef1>] ? finish_task_switch+0x31/0x80 [ 4.072669] [<c10374b0>] ? autoremove_wake_function+0x0/0x50 [ 4.072767] [<c1229d20>] ? hub_thread+0x0/0x11d0 [ 4.072863] [<c10370ec>] kthread+0x6c/0x80 [ 4.072958] [<c1037080>] ? kthread+0x0/0x80 [ 4.073053] [<c10030f6>] kernel_thread_helper+0x6/0x10 [ 4.073146] ---[ end trace 74d7f471f706deb5 ]--- [ 4.073256] generic-usb: probe of 0003:058F:9462.0002 failed with error -22 >>>> This is the WARN_ON(usbhid->intf ==NULL) I added just before >>>> return 0 to usbhid_probe() to confirm that intf is already NULL >>>> since the very beginning for this HID device [ 4.073378] ------------[ cut here ]------------ [ 4.073470] WARNING: at /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c:1166 usbhid_probe+0x2d9/0x360() [ 4.073606] Hardware name: CX700+W697HG [ 4.073694] Modules linked in: [ 4.073828] Pid: 228, comm: khubd Tainted: G W 2.6.33-rc7-venus #6 [ 4.073923] Call Trace: [ 4.074013] [<c1330cdd>] ? printk+0x18/0x1b [ 4.074106] [<c12860e9>] ? usbhid_probe+0x2d9/0x360 [ 4.074203] [<c10251ec>] warn_slowpath_common+0x6c/0xc0 [ 4.074299] [<c12860e9>] ? usbhid_probe+0x2d9/0x360 [ 4.074397] [<c1025255>] warn_slowpath_null+0x15/0x20 [ 4.074493] [<c12860e9>] usbhid_probe+0x2d9/0x360 [ 4.074590] [<c1230e8f>] usb_probe_interface+0xaf/0x1c0 [ 4.074688] [<c11ec742>] ? driver_sysfs_add+0x52/0x70 [ 4.074785] [<c11ec838>] driver_probe_device+0x68/0x160 [ 4.074881] [<c122fd90>] ? usb_device_match+0x50/0xb0 [ 4.074979] [<c11ec9f1>] __device_attach+0x41/0x50 [ 4.075074] [<c11ebe53>] bus_for_each_drv+0x53/0x80 [ 4.075171] [<c11eca9b>] device_attach+0x6b/0x70 [ 4.075266] [<c11ec9b0>] ? __device_attach+0x0/0x50 [ 4.075363] [<c11ebc4f>] bus_probe_device+0x1f/0x40 [ 4.075458] [<c11ea557>] device_add+0x357/0x570 [ 4.075553] [<c1234ccc>] ? usb_create_ep_devs+0x7c/0xb0 [ 4.075650] [<c122db03>] ? create_intf_ep_devs+0x43/0x70 [ 4.075749] [<c122f7e7>] usb_set_configuration+0x4a7/0x640 [ 4.075847] [<c1237ff9>] generic_probe+0x39/0xb0 [ 4.075944] [<c10c4352>] ? sysfs_create_link+0x12/0x20 [ 4.076041] [<c122fb5f>] usb_probe_device+0x1f/0x30 [ 4.076138] [<c11ec838>] driver_probe_device+0x68/0x160 [ 4.076235] [<c11ec9f1>] __device_attach+0x41/0x50 [ 4.076331] [<c11ebe53>] bus_for_each_drv+0x53/0x80 [ 4.076428] [<c11eca9b>] device_attach+0x6b/0x70 [ 4.076523] [<c11ec9b0>] ? __device_attach+0x0/0x50 [ 4.076619] [<c11ebc4f>] bus_probe_device+0x1f/0x40 [ 4.076714] [<c11ea557>] device_add+0x357/0x570 [ 4.076809] [<c1330cdd>] ? printk+0x18/0x1b [ 4.076902] [<c12266ab>] ? show_string+0x4b/0x50 [ 4.076997] [<c12292d6>] usb_new_device+0x116/0x180 [ 4.077094] [<c122aadf>] hub_thread+0xdbf/0x11d0 [ 4.077191] [<c1021377>] ? dequeue_task_fair+0x27/0x1d0 [ 4.077288] [<c102106e>] ? set_next_entity+0x2e/0x70 [ 4.077384] [<c1021ef1>] ? finish_task_switch+0x31/0x80 [ 4.077482] [<c10374b0>] ? autoremove_wake_function+0x0/0x50 [ 4.077579] [<c1229d20>] ? hub_thread+0x0/0x11d0 [ 4.077674] [<c10370ec>] kthread+0x6c/0x80 [ 4.077768] [<c1037080>] ? kthread+0x0/0x80 [ 4.077861] [<c10030f6>] kernel_thread_helper+0x6/0x10 [ 4.077954] ---[ end trace 74d7f471f706deb6 ]--- [ 5.401011] udev: starting version 146 [ 5.672965] Linux agpgart interface v0.103 [ 5.776141] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 5.776327] sd 1:0:1:0: Attached scsi generic sg1 type 0 [ 5.968845] VIA Graphics Intergration Chipset framebuffer 2.4 initializing [ 6.145620] agpgart: Detected VIA CX700 chipset [ 6.155095] agpgart-via 0000:00:00.0: AGP aperture is 128M @ 0xd0000000 This lets me guess that hid_add_device() is doing something wrong here when report parsing fails... (as that one is the only one which could be doing the initialization of usbhid which does work for the first interface announced by my keyboard) Bruno -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists