lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100213135720.603e5f64@neptune.home>
Date:	Sat, 13 Feb 2010 13:57:20 +0100
From:	Bruno Prémont <bonbons@...ux-vserver.org>
To:	Alan Stern <stern@...land.harvard.edu>
Cc:	Jiri Kosina <jkosina@...e.cz>, Oliver Neukum <oliver@...kum.org>,
	Stephen Rothwell <sfr@...b.auug.org.au>,
	Marcel Holtmann <marcel@...tmann.org>,
	H Hartley Sweeten <hsweeten@...ionengravers.com>,
	<linux-usb@...r.kernel.org>, <linux-input@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>
Subject: Re: S2R resume crash in 2.6.33-rc7 - NULL pointer dereference in
 dev_get_drvdata() for usbhid

On Mon, 08 February 2010 Alan Stern <stern@...land.harvard.edu> wrote:
> Clearly something is setting usbhid->intf to NULL.  But I don't see
> any code that would do it.  You may have to resort to putting
> printk() statements at various strategic places to find out where it
> happens. You could start with the beginnings and ends of hid_suspend,
> hid_resume, and hid_reset_resume.  Maybe also usbhid_disconnect(),
> just in case.

I did add a few printk()s and WARN_ON()s to get a better idea of
why/when usbhid->intf is NULL and it is already since probe time of the
second interface anounced by the USB keyboard (hid.debug=1):

[    3.822393] usb 2-2.1: new full speed USB device using uhci_hcd and address 3
[    4.011388] usb 2-2.1: New USB device found, idVendor=058f, idProduct=9462
[    4.011502] usb 2-2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[    4.011639] usb 2-2.1: Product: Multimedia USB Keyboard
[    4.011733] usb 2-2.1: Manufacturer: Multimedia USB Keyboard
[    4.011826] usb 2-2.1: SerialNumber: Multimedia USB Keyboard
[    4.014514] /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c: HID probe called for ifnum 0
[    4.037712] /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c: submitting ctrl urb: Set_Report wValue=0x0200 wIndex=0x0000 wLength=1
[    4.038160] input: Multimedia USB Keyboard Multimedia USB Keyboard as /devices/pci0000:00/0000:00:10.0/usb2/2-2/2-2.1/2-2.1:1.0/input/input4
[    4.038523] generic-usb 0003:058F:9462.0001: input: USB HID v1.10 Keyboard [Multimedia USB Keyboard Multimedia USB Keyboard] on usb-0000:00:10.0-2.1/input0
[    4.038901] /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c: HID probe called for ifnum 1
[    4.066881] /usr/src/linux-2.6-git/drivers/hid/hid-core.c: usage index exceeded
[    4.066894] /usr/src/linux-2.6-git/drivers/hid/hid-core.c: hid_add_usage failed
[    4.066905] /usr/src/linux-2.6-git/drivers/hid/hid-core.c: item 0 2 2 2 parsing failed
[    4.066931] /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c: parsing report descriptor failed
  >>>> following WARNING comes from WARN_ON() I added to usbhid_parse
  >>>> to know what the call stack is up to the failing report parsing
[    4.066941] ------------[ cut here ]------------
[    4.067065] WARNING: at /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c:891 usbhid_parse+0x1db/0x340()
[    4.067226] Hardware name: CX700+W697HG
[    4.067316] Modules linked in:
[    4.067463] Pid: 228, comm: khubd Not tainted 2.6.33-rc7-venus #6
[    4.067560] Call Trace:
[    4.067662]  [<c1330cdd>] ? printk+0x18/0x1b
[    4.067763]  [<c12855db>] ? usbhid_parse+0x1db/0x340
[    4.067873]  [<c10251ec>] warn_slowpath_common+0x6c/0xc0
[    4.067976]  [<c12855db>] ? usbhid_parse+0x1db/0x340
[    4.068080]  [<c1025255>] warn_slowpath_null+0x15/0x20
[    4.068183]  [<c12855db>] usbhid_parse+0x1db/0x340
[    4.068293]  [<c127ac85>] hid_device_probe+0x155/0x170
[    4.068396]  [<c11ec838>] driver_probe_device+0x68/0x160
[    4.068500]  [<c127a2a8>] ? hid_bus_match+0x88/0x160
[    4.068605]  [<c11ec9f1>] __device_attach+0x41/0x50
[    4.068707]  [<c11ebe53>] bus_for_each_drv+0x53/0x80
[    4.068810]  [<c11eca9b>] device_attach+0x6b/0x70
[    4.068911]  [<c11ec9b0>] ? __device_attach+0x0/0x50
[    4.069014]  [<c11ebc4f>] bus_probe_device+0x1f/0x40
[    4.069117]  [<c11ea557>] device_add+0x357/0x570
[    4.069224]  [<c117a693>] ? kvasprintf+0x43/0x60
[    4.069326]  [<c1172c52>] ? kobject_set_name_vargs+0x62/0x70
[    4.069432]  [<c127a76e>] hid_add_device+0x14e/0x1d0
[    4.069579]  [<c1286012>] usbhid_probe+0x202/0x360
[    4.069685]  [<c1230e8f>] usb_probe_interface+0xaf/0x1c0
[    4.069791]  [<c11ec742>] ? driver_sysfs_add+0x52/0x70
[    4.069895]  [<c11ec838>] driver_probe_device+0x68/0x160
[    4.070000]  [<c122fd90>] ? usb_device_match+0x50/0xb0
[    4.070135]  [<c11ec9f1>] __device_attach+0x41/0x50
[    4.070234]  [<c11ebe53>] bus_for_each_drv+0x53/0x80
[    4.070338]  [<c11eca9b>] device_attach+0x6b/0x70
[    4.070434]  [<c11ec9b0>] ? __device_attach+0x0/0x50
[    4.070530]  [<c11ebc4f>] bus_probe_device+0x1f/0x40
[    4.070626]  [<c11ea557>] device_add+0x357/0x570
[    4.070722]  [<c1234ccc>] ? usb_create_ep_devs+0x7c/0xb0
[    4.070821]  [<c122db03>] ? create_intf_ep_devs+0x43/0x70
[    4.070919]  [<c122f7e7>] usb_set_configuration+0x4a7/0x640
[    4.071019]  [<c1237ff9>] generic_probe+0x39/0xb0
[    4.071120]  [<c10c4352>] ? sysfs_create_link+0x12/0x20
[    4.071218]  [<c122fb5f>] usb_probe_device+0x1f/0x30
[    4.071314]  [<c11ec838>] driver_probe_device+0x68/0x160
[    4.071412]  [<c11ec9f1>] __device_attach+0x41/0x50
[    4.071508]  [<c11ebe53>] bus_for_each_drv+0x53/0x80
[    4.071605]  [<c11eca9b>] device_attach+0x6b/0x70
[    4.071700]  [<c11ec9b0>] ? __device_attach+0x0/0x50
[    4.071797]  [<c11ebc4f>] bus_probe_device+0x1f/0x40
[    4.071892]  [<c11ea557>] device_add+0x357/0x570
[    4.071987]  [<c1330cdd>] ? printk+0x18/0x1b
[    4.072081]  [<c12266ab>] ? show_string+0x4b/0x50
[    4.072177]  [<c12292d6>] usb_new_device+0x116/0x180
[    4.072274]  [<c122aadf>] hub_thread+0xdbf/0x11d0
[    4.072372]  [<c1021377>] ? dequeue_task_fair+0x27/0x1d0
[    4.072470]  [<c102106e>] ? set_next_entity+0x2e/0x70
[    4.072567]  [<c1021ef1>] ? finish_task_switch+0x31/0x80
[    4.072669]  [<c10374b0>] ? autoremove_wake_function+0x0/0x50
[    4.072767]  [<c1229d20>] ? hub_thread+0x0/0x11d0
[    4.072863]  [<c10370ec>] kthread+0x6c/0x80
[    4.072958]  [<c1037080>] ? kthread+0x0/0x80
[    4.073053]  [<c10030f6>] kernel_thread_helper+0x6/0x10
[    4.073146] ---[ end trace 74d7f471f706deb5 ]---
[    4.073256] generic-usb: probe of 0003:058F:9462.0002 failed with error -22
   >>>> This is the WARN_ON(usbhid->intf ==NULL) I added just before
   >>>> return 0 to usbhid_probe() to confirm that intf is already NULL
   >>>> since the very beginning for this HID device
[    4.073378] ------------[ cut here ]------------
[    4.073470] WARNING: at /usr/src/linux-2.6-git/drivers/hid/usbhid/hid-core.c:1166 usbhid_probe+0x2d9/0x360()
[    4.073606] Hardware name: CX700+W697HG
[    4.073694] Modules linked in:
[    4.073828] Pid: 228, comm: khubd Tainted: G        W  2.6.33-rc7-venus #6
[    4.073923] Call Trace:
[    4.074013]  [<c1330cdd>] ? printk+0x18/0x1b
[    4.074106]  [<c12860e9>] ? usbhid_probe+0x2d9/0x360
[    4.074203]  [<c10251ec>] warn_slowpath_common+0x6c/0xc0
[    4.074299]  [<c12860e9>] ? usbhid_probe+0x2d9/0x360
[    4.074397]  [<c1025255>] warn_slowpath_null+0x15/0x20
[    4.074493]  [<c12860e9>] usbhid_probe+0x2d9/0x360
[    4.074590]  [<c1230e8f>] usb_probe_interface+0xaf/0x1c0
[    4.074688]  [<c11ec742>] ? driver_sysfs_add+0x52/0x70
[    4.074785]  [<c11ec838>] driver_probe_device+0x68/0x160
[    4.074881]  [<c122fd90>] ? usb_device_match+0x50/0xb0
[    4.074979]  [<c11ec9f1>] __device_attach+0x41/0x50
[    4.075074]  [<c11ebe53>] bus_for_each_drv+0x53/0x80
[    4.075171]  [<c11eca9b>] device_attach+0x6b/0x70
[    4.075266]  [<c11ec9b0>] ? __device_attach+0x0/0x50
[    4.075363]  [<c11ebc4f>] bus_probe_device+0x1f/0x40
[    4.075458]  [<c11ea557>] device_add+0x357/0x570
[    4.075553]  [<c1234ccc>] ? usb_create_ep_devs+0x7c/0xb0
[    4.075650]  [<c122db03>] ? create_intf_ep_devs+0x43/0x70
[    4.075749]  [<c122f7e7>] usb_set_configuration+0x4a7/0x640
[    4.075847]  [<c1237ff9>] generic_probe+0x39/0xb0
[    4.075944]  [<c10c4352>] ? sysfs_create_link+0x12/0x20
[    4.076041]  [<c122fb5f>] usb_probe_device+0x1f/0x30
[    4.076138]  [<c11ec838>] driver_probe_device+0x68/0x160
[    4.076235]  [<c11ec9f1>] __device_attach+0x41/0x50
[    4.076331]  [<c11ebe53>] bus_for_each_drv+0x53/0x80
[    4.076428]  [<c11eca9b>] device_attach+0x6b/0x70
[    4.076523]  [<c11ec9b0>] ? __device_attach+0x0/0x50
[    4.076619]  [<c11ebc4f>] bus_probe_device+0x1f/0x40
[    4.076714]  [<c11ea557>] device_add+0x357/0x570
[    4.076809]  [<c1330cdd>] ? printk+0x18/0x1b
[    4.076902]  [<c12266ab>] ? show_string+0x4b/0x50
[    4.076997]  [<c12292d6>] usb_new_device+0x116/0x180
[    4.077094]  [<c122aadf>] hub_thread+0xdbf/0x11d0
[    4.077191]  [<c1021377>] ? dequeue_task_fair+0x27/0x1d0
[    4.077288]  [<c102106e>] ? set_next_entity+0x2e/0x70
[    4.077384]  [<c1021ef1>] ? finish_task_switch+0x31/0x80
[    4.077482]  [<c10374b0>] ? autoremove_wake_function+0x0/0x50
[    4.077579]  [<c1229d20>] ? hub_thread+0x0/0x11d0
[    4.077674]  [<c10370ec>] kthread+0x6c/0x80
[    4.077768]  [<c1037080>] ? kthread+0x0/0x80
[    4.077861]  [<c10030f6>] kernel_thread_helper+0x6/0x10
[    4.077954] ---[ end trace 74d7f471f706deb6 ]---
[    5.401011] udev: starting version 146
[    5.672965] Linux agpgart interface v0.103
[    5.776141] sd 0:0:0:0: Attached scsi generic sg0 type 0
[    5.776327] sd 1:0:1:0: Attached scsi generic sg1 type 0
[    5.968845] VIA Graphics Intergration Chipset framebuffer 2.4 initializing
[    6.145620] agpgart: Detected VIA CX700 chipset
[    6.155095] agpgart-via 0000:00:00.0: AGP aperture is 128M @ 0xd0000000

This lets me guess that hid_add_device() is doing something wrong
here when report parsing fails... (as that one is the only one which
could be doing the initialization of usbhid which does work for the
first interface announced by my keyboard)

Bruno
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ