lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 18 Sep 2010 21:24:52 +0200
From:	Mat <jackdachef@...il.com>
To:	Jiri Kosina <jkosina@...e.cz>
Cc:	raa.lkml@...il.com, Arnd Bergmann <arnd@...db.de>,
	linux-usb@...r.kernel.org, linux-input@...r.kernel.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Guillaume Chazarain <guichaz@...il.com>
Subject: Re: OOPS in hiddev_open on connecting "Logitech MX620 Laser Cordless Mouse"

On Sat, Sep 18, 2010 at 8:09 PM, Jiri Kosina <jkosina@...e.cz> wrote:
> On Sat, 18 Sep 2010, Mat wrote:
>
>> Hi everybody,
>>
>> I've been noticing this also since a few days and have the same mouse
>> model. For me it's getting triggered when hald (which seemingly still
>> is needed by KDE4) is started:
>>
>>    50.778558] BUG: unable to handle kernel NULL pointer dereference at (null)
>> [   50.779448] IP: [<ffffffff8159c4b3>] hiddev_open+0xa3/0x1b0
>> [   50.780371] PGD 0
>> [   50.781480] Oops: 0000 [#1] PREEMPT SMP
>> [   50.782671] last sysfs file:
>> /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdd/size
>> [   50.783649] CPU 7
>> [   50.783659] Modules linked in: fglrx(P) firewire_ohci i2c_i801
>> firewire_core e1000e wmi shpchp tg3 libphy e1000 scsi_wait_scan
>> sl811_hcd ohci_hcd ssb usb_storage ehci_hcd
>> [   50.785661]
>> [   50.786647] Pid: 5576, comm: hald-probe-hidd Tainted: P
>> 2.6.36-rc4_plus_v2+ #2 FMP55/ipower G3710
>> [   50.787712] RIP: 0010:[<ffffffff8159c4b3>]  [<ffffffff8159c4b3>]
>> hiddev_open+0xa3/0x1b0
>> [   50.788784] RSP: 0018:ffff8801bafe9ca8  EFLAGS: 00010296
>> [   50.789889] RAX: 0000000000000000 RBX: ffff8801bb155400 RCX: 0000000000000004
>> [   50.790998] RDX: ffffffff81de4008 RSI: ffffffff81a03638 RDI: ffff8801bb1fc030
>> [   50.792105] RBP: ffff8801bb1f0000 R08: ffffea00060eec88 R09: 0000000000000000
>> [   50.793266] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000
>> [   50.794478] R13: 00000000ffffffed R14: ffffffff818f24e0 R15: ffff8801bfa8abd0
>> [   50.795639] FS:  00007f17699ba700(0000) GS:ffff8800023c0000(0000)
>> knlGS:0000000000000000
>> [   50.796810] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [   50.798021] CR2: 0000000000000000 CR3: 00000001bc3e5000 CR4: 00000000000006e0
>> [   50.799250] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> [   50.800541] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
>> [   50.801786] Process hald-probe-hidd (pid: 5576, threadinfo
>> ffff8801bafe8000, task ffff8801bc3c5dc0)
>> [   50.803057] Stack:
>> [   50.804341]  ffff8801bafe9d24 0000000000000000 ffff8801bb155400
>> ffffffff818e2b00
>> [   50.804378] <0> ffff8801bb0fb850 ffffffff814d9a74 ffff8801bb0fb850
>> ffff8801bb155400
>> [   50.805709] <0> ffff8801bfdd4900 0000000000000000 ffffffff810daf10
>> ffffffff810db035
>> [   50.808363] Call Trace:
>> [   50.809664]  [<ffffffff814d9a74>] ? usb_open+0xf4/0x1d0
>> [   50.811008]  [<ffffffff810daf10>] ? chrdev_open+0x0/0x210
>> [   50.812387]  [<ffffffff810db035>] ? chrdev_open+0x125/0x210
>> [   50.813721]  [<ffffffff810d5730>] ? __dentry_open.clone.16+0x100/0x320
>> [   50.815010]  [<ffffffff810e3ed0>] ? do_last.clone.45+0x3f0/0x690
>> [   50.816367]  [<ffffffff810e4363>] ? do_filp_open+0x1f3/0x5f0
>> [   50.817662]  [<ffffffff816b90a5>] ? unix_getname+0x65/0xe0
>> [   50.818947]  [<ffffffff81742609>] ? _raw_spin_unlock+0x9/0x40
>> [   50.820280]  [<ffffffff810ef5f4>] ? alloc_fd+0xe4/0x140
>> [   50.821639]  [<ffffffff810d6896>] ? do_sys_open+0x66/0x130
>> [   50.822931]  [<ffffffff810026ab>] ? system_call_fastpath+0x16/0x1b
>> [   50.824283] Code: c0 00 00 48 c7 c2 08 40 de 81 48 c7 c6 38 36 a0
>> 81 e8 d2 8a ac ff 4c 89 a5 18 c0 00 00 48 89 ab c0 00 00 00 48 8b 85
>> 18 c0 00 00 <44> 8b 00 45 85 c0 0f 84 e1 00 00 00 8b 50 04 8d 4a 01 85
>> d2 89
>> [   50.827599] RIP  [<ffffffff8159c4b3>] hiddev_open+0xa3/0x1b0
>> [   50.829040]  RSP <ffff8801bafe9ca8>
>> [   50.830557] CR2: 0000000000000000
>> [   50.831998] ---[ end trace e966fc680b209e8f ]---
>>
>> the first significant related change that catches my eye is:
>>
>> http://git.eu.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8fe294caf8c868edd9046251824a0af91991bf43
>> HID: fix hiddev's use of usb_find_interface
>>
>> Could this be the cause ?
>>
>> @Alex Riesen:
>>
>> maybe you could try to revert that commit
>> (http://git.eu.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=patch;h=8fe294caf8c868edd9046251824a0af91991bf43)
>> and see whether that fixes it, I'll do the same in my free time
>
> Yeah, please let me know whether reverting that commit fixes the problem
> you are seeing. It would mean that intfdata is NULL, which'd be a little
> bit strange, as it is set in usbhid_probe() already.
>
> Thanks,
>
> --
> Jiri Kosina
> SUSE Labs, Novell Inc.
>

Hi Jiri,

sorry for the delay :(

yeah, it definitely fixes it for me: grepping for BUG or hiddev
doesn't show up anything anymore (I rebooted into a kernel without the
fglrx so that results wouldn't get falsified)

it now only shows:

dmesg | grep hiddev[    2.560945] usbcore: registered new interface
driver hiddev
[    8.449492] generic-usb 0003:046D:C521.0002: input,hiddev0,hidraw1:
USB HID v1.11 Device [Logitech USB Receiver] on
usb-0000:00:1a.0-1.3/input1


FWIW:

I removed the transmitter of the mouse (it's a wireless mouse) and
during insert (after the boot was finished) it showed a different
error message - perhaps it's useful in tracking down the culprit [I
hope that the fglrx-module was loaded doesn't make any change in its
usefulness]:

[  130.065747] hub 1-1:1.0: state 7 ports 6 chg 0000 evt 0008
[  130.066025] hub 1-1:1.0: port 3, status 0101, change 0001, 12 Mb/s
[  130.170281] hub 1-1:1.0: debounce: port 3: total 100ms stable 100ms
status 0x101
[  130.181259] hub 1-1:1.0: port 3 not reset yet, waiting 10ms
[  130.243163] usb 1-1.3: new low speed USB device using ehci_hcd and address 4
[  130.254993] hub 1-1:1.0: port 3 not reset yet, waiting 10ms
[  130.332878] usb 1-1.3: skipped 1 descriptor after interface
[  130.332884] usb 1-1.3: skipped 1 descriptor after interface
[  130.333438] usb 1-1.3: default language 0x0409
[  130.335534] usb 1-1.3: udev 4, busnum 1, minor = 3
[  130.335540] usb 1-1.3: New USB device found, idVendor=046d, idProduct=c521
[  130.335545] usb 1-1.3: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
[  130.335550] usb 1-1.3: Product: USB Receiver
[  130.335554] usb 1-1.3: Manufacturer: Logitech
[  130.335709] usb 1-1.3: usb_probe_device
[  130.335716] usb 1-1.3: configuration #1 chosen from 1 choice
[  130.337653] usb 1-1.3: adding 1-1.3:1.0 (config #1, interface 0)
[  130.337761] usbhid 1-1.3:1.0: usb_probe_interface
[  130.337765] usbhid 1-1.3:1.0: usb_probe_interface - got id
[  130.341047] input: Logitech USB Receiver as
/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.3/1-1.3:1.0/input/input4
[  130.341148] usb 1-1.3: link qh8-0e01/ffff8801bf421580 start 4 [1/2 us]
[  130.341261] generic-usb 0003:046D:C521.0004: input,hidraw2: USB HID
v1.11 Mouse [Logitech USB Receiver] on usb-0000:00:1a.0-1.3/input0
[  130.341303] usb 1-1.3: adding 1-1.3:1.1 (config #1, interface 1)
[  130.341373] usbhid 1-1.3:1.1: usb_probe_interface
[  130.341378] usbhid 1-1.3:1.1: usb_probe_interface - got id
[  130.347635] input: Logitech USB Receiver as
/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.3/1-1.3:1.1/input/input5
[  130.347664] usb 1-1.3: link qh8-0e01/ffff8801bf421900 start 5 [1/2 us]
[  130.347698] drivers/usb/core/file.c: looking for a minor, starting at 0
[  130.347758] generic-usb 0003:046D:C521.0005: input,hiddev0,hidraw3:
USB HID v1.11 Device [Logitech USB Receiver] on
usb-0000:00:1a.0-1.3/input1
[  130.347805] drivers/usb/core/inode.c: creating file '004'
[  130.368286] BUG: unable to handle kernel NULL pointer dereference at (null)
[  130.368288] IP: [<ffffffff8159c4b3>] hiddev_open+0xa3/0x1b0
[  130.368293] PGD 0
[  130.368294] Oops: 0000 [#1] PREEMPT SMP
[  130.368295] last sysfs file:
/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.3/1-1.3:1.0/input/input4/capabilities/sw
[  130.368297] CPU 4
[  130.368298] Modules linked in: it87 hwmon_vid hwmon fglrx(P)
i2c_i801 firewire_ohci firewire_core e1000e wmi shpchp tg3 libphy
e1000 scsi_wait_scan sl811_hcd ohci_hcd ssb usb_storage ehci_hcd
[  130.368304]
[  130.368306] Pid: 5776, comm: hald-probe-hidd Tainted: P
2.6.36-rc4_plus_v2+ #2 FMP55/ipower G3710
[  130.368307] RIP: 0010:[<ffffffff8159c4b3>]  [<ffffffff8159c4b3>]
hiddev_open+0xa3/0x1b0
[  130.368310] RSP: 0018:ffff8801bb06fca8  EFLAGS: 00010296
[  130.368311] RAX: 0000000000000000 RBX: ffff8801baf27400 RCX: 0000000000000004
[  130.368312] RDX: ffffffff81de4008 RSI: ffffffff81a03638 RDI: ffff8801bb28c030
[  130.368313] RBP: ffff8801bb280000 R08: ffffea00060f0c08 R09: 0000000000000000
[  130.368314] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000
[  130.368315] R13: 00000000ffffffed R14: ffffffff818f24e0 R15: ffff8801bd1ba1b0
[  130.368316] FS:  00007f9ba9f78700(0000) GS:ffff880002300000(0000)
knlGS:0000000000000000
[  130.368317] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  130.368318] CR2: 0000000000000000 CR3: 00000001bad83000 CR4: 00000000000006e0
[  130.368319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  130.368320] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  130.368322] Process hald-probe-hidd (pid: 5776, threadinfo
ffff8801bb06e000, task ffff8801bafb9770)
[  130.368323] Stack:
[  130.368323]  ffff8801bb06fd24 0000000000000000 ffff8801baf27400
ffffffff818e2b00
[  130.368325] <0> ffff8801bc8e87c0 ffffffff814d9a74 ffff8801bc8e87c0
ffff8801baf27400
[  130.368327] <0> ffff8801bfdd4900 0000000000000000 ffffffff810daf10
ffffffff810db035
[  130.368329] Call Trace:
[  130.368332]  [<ffffffff814d9a74>] ? usb_open+0xf4/0x1d0
[  130.368335]  [<ffffffff810daf10>] ? chrdev_open+0x0/0x210
[  130.368336]  [<ffffffff810db035>] ? chrdev_open+0x125/0x210
[  130.368339]  [<ffffffff810d5730>] ? __dentry_open.clone.16+0x100/0x320
[  130.368341]  [<ffffffff810e3ed0>] ? do_last.clone.45+0x3f0/0x690
[  130.368342]  [<ffffffff810e4363>] ? do_filp_open+0x1f3/0x5f0
[  130.368346]  [<ffffffff816b90a5>] ? unix_getname+0x65/0xe0
[  130.368349]  [<ffffffff81742609>] ? _raw_spin_unlock+0x9/0x40
[  130.368352]  [<ffffffff810ef5f4>] ? alloc_fd+0xe4/0x140
[  130.368354]  [<ffffffff810d6896>] ? do_sys_open+0x66/0x130
[  130.368356]  [<ffffffff810026ab>] ? system_call_fastpath+0x16/0x1b
[  130.368357] Code: c0 00 00 48 c7 c2 08 40 de 81 48 c7 c6 38 36 a0
81 e8 d2 8a ac ff 4c 89 a5 18 c0 00 00 48 89 ab c0 00 00 00 48 8b 85
18 c0 00 00 <44> 8b 00 45 85 c0 0f 84 e1 00 00 00 8b 50 04 8d 4a 01 85
d2 89
[  130.368368] RIP  [<ffffffff8159c4b3>] hiddev_open+0xa3/0x1b0
[  130.368370]  RSP <ffff8801bb06fca8>
[  130.368370] CR2: 0000000000000000
[  130.368372] ---[ end trace 56b8e483c48eb892 ]---

Regards & Thanks !

Mat
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists