lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 30 May 2016 15:57:07 -0400 (EDT)
From:	Alan Stern <stern@...land.harvard.edu>
To:	Pierre Sauter <pierre.sauter@...m.de>
cc:	linux-kernel@...r.kernel.org, <linux-usb@...r.kernel.org>
Subject: Re: PROBLEM: Kernel Bug on USB unplugging (Elo TouchSystems CarrollTouch
 4500U)

On Mon, 30 May 2016, Pierre Sauter wrote:

> On unplugging this USB Touchscreen, everytime I get either:
> 
> [  161.596055] BUG: unable to handle kernel NULL pointer dereference at 00000015
> [  161.596093] IP: [<c10c92b0>] get_next_timer_interrupt+0x80/0x270
> or
> [  155.892061] BUG: unable to handle kernel paging request at 30303046
> [  155.892101] IP: [<c10d13da>] get_next_timer_interrupt+0x8a/0x290
> 
> and then panic and the system is unresponsive.
> 
> Tried several kernels, without change.
> 
> The 4.4.11 tested is Vanilla with Debian config, the 4.5 is a Debian Kernel with their patches.
> 
> Output of oops on 4.4.11:
> [   50.484019] usb 2-2: new full-speed USB device number 3 using uhci_hcd
> [   50.672035] usb 2-2: New USB device found, idVendor=04e7, idProduct=0030
> [   50.672056] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
> [   50.672073] usb 2-2: Product: Elo TouchSystems CarrollTouch 4500U
> [   50.672092] usb 2-2: Manufacturer: Elo TouchSystems, Inc.
> [   50.672107] usb 2-2: SerialNumber: 08A58015
> [   50.726177] input: Elo TouchSystems, Inc. Elo TouchSystems CarrollTouch 4500U as /devices/pci0000:00/0000:00:1d.1/usb2/2-2/2-2:1.0/0003:04E7:0030.0002/input/input20
> [   50.780198] elo 0003:04E7:0030.0002: input,hidraw1: USB HID v1.00 Pointer [Elo TouchSystems, Inc. Elo TouchSystems CarrollTouch 4500U] on usb-0000:00:1d.1-2/input0
> [   50.780234] elo 0003:04E7:0030.0002: broken firmware found, installing workaround
> [  161.348076] usb 2-2: USB disconnect, device number 3
> [  161.596055] BUG: unable to handle kernel NULL pointer dereference at 00000015
> [  161.596093] IP: [<c10c92b0>] get_next_timer_interrupt+0x80/0x270
> [  161.596119] *pdpt = 00000000376e6001 *pde = 0000000000000000 
> [  161.596142] Oops: 0000 [#1] SMP 
> [  161.596162] Modules linked in: joydev hid_elo elo binfmt_misc ftdi_sio usbserial iTCO_wdt snd_hda_codec_hdmi iTCO_vendor_support nouveau mxm_wmi wmi video coretemp ttm drm_kms_helper kvm_intel drm evdev kvm irqbypass snd_hda_codec_realtek nvidiafb vgastate serio_raw fb_ddc i2c_algo_bit i2c_i801 snd_hda_codec_generic lpc_ich snd_hda_intel mfd_core snd_hda_codec 8250_fintek acpi_cpufreq snd_hda_core snd_hwdep shpchp tpm_tis button ite_cir rc_core tpm processor usbtouchscreen snd_pcsp snd_pcm snd_timer snd soundcore ppdev lp parport_pc parport autofs4 ext4 crc16 mbcache jbd2 netconsole configfs hid_generic usbhid hid sg sr_mod cdrom sd_mod ata_generic psmouse ata_piix libata scsi_mod ehci_pci r8169 mii thermal uhci_hcd ehci_hcd usbcore usb_common
> [  161.596719] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G        W       4.4.11-debian32.686pae+1.1 #1
> [  161.596799] Hardware name: ACER Extensa E270/EG31M, BIOS P01-A0L 09/24/2009
> [  161.596814] task: f3916800 ti: f3976000 task.ti: f3976000
> [  161.596827] EIP: 0060:[<c10c92b0>] EFLAGS: 00210086 CPU: 1
> [  161.596842] EIP is at get_next_timer_interrupt+0x80/0x270
> [  161.596854] EAX: ffffffff EBX: 000000e6 ECX: 000000d9 EDX: ffff78d9
> [  161.596868] ESI: ffffffff EDI: 7fffffff EBP: f3977f20 ESP: f3977ee8
> [  161.596881]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
> [  161.596894] CR0: 8005003b CR2: 00000015 CR3: 32d88260 CR4: 000406f0
> [  161.596907] Stack:
> [  161.596916]  f3977f20 ffff78d8 db43c556 9fdf4700 00000025 f3e4a980 00000069 80a65164
> [  161.596967]  00000025 9fdfc4ec 00000025 f3e4b440 9fdf4700 00000025 f3977f68 c10d9319
> [  161.597018]  f3916800 c15139c6 00000000 f3e4a580 00000002 f3e51080 ffff78d8 00000025
> [  161.597068] Call Trace:
> [  161.597083]  [<c10d9319>] ? __tick_nohz_idle_enter+0x2f9/0x4c0
> [  161.597099]  [<c15139c6>] ? __schedule+0x226/0x8f0
> [  161.597113]  [<c10d9c46>] ? tick_nohz_idle_enter+0x36/0x70
> [  161.597128]  [<c10a3b95>] ? cpu_startup_entry+0x35/0x300
> [  161.597144]  [<c1048052>] ? start_secondary+0x112/0x150
> [  161.597156] Code: 00 8b 4b 10 85 c9 0f 84 87 00 00 00 8b 44 24 14 8b 50 08 8b 40 0c 39 c2 78 53 0f b6 ca 89 cb 8b 44 24 14 8b 44 98 20 85 c0 74 0c <f6> 40 16 10 74 22 8b 00 85 c0 75 f4 83 c3 01 0f b6 db 39 d9 75
> [  161.597618] EIP: [<c10c92b0>] get_next_timer_interrupt+0x80/0x270 SS:ESP 0068:f3977ee8
> [  161.597645] CR2: 0000000000000015
> [  161.598185] ---[ end trace 43f94ff33c064faa ]---
> [  161.598701] Kernel panic - not syncing: Attempted to kill the idle task!
> [  161.599219] Kernel Offset: disabled
> [  161.599778] ---[ end Kernel panic - not syncing: Attempted to kill the idle task!

What happens if you do (as root):

	echo 2-2:1.0 >/sys/bus/usb/drivers/usbhid/unbind

before unplugging the device?

Alan Stern

Powered by blists - more mailing lists