usb_wwan regression in 3.6 kernel (bisected to bulk-urb allocation)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I recently wanted to use my ZTE MF636 modem 19d2:0031 and got NULL
pointer dereference in usb_wwan_write few seconds after plugging it.
This is 100% reproducible.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
IP: [<ffffffffa07b9570>] usb_wwan_write+0xa0/0x2b0 [usb_wwan]

I've bisected between 3.4 and 3.14 kernels and it has appeared to be a
regression caused by:

commit 8e493ca1767d4951ed1322abaa74d6edbca29918
Author: Johan Hovold <jhovold@xxxxxxxxx>
Date: Fri Oct 26 18:44:20 2012 +0200

    USB: usb_wwan: fix bulk-urb allocation

    Make sure we do not allocate urbs if we do not have a bulk endpoint.

    Legacy code used incorrect assumption to test for bulk endpoints.

Reverting above patch from the 3.14 release fixes the NULL pointer
dereference for me.

Could you look into this, please? I can test any debug/fix patches you provide.

-- 
Rafał
[   75.242271] usb 2-1.2: new high-speed USB device number 4 using ehci-pci
[   75.330669] usb 2-1.2: New USB device found, idVendor=19d2, idProduct=0031
[   75.330674] usb 2-1.2: New USB device strings: Mfr=2, Product=1, SerialNumber=3
[   75.330676] usb 2-1.2: Product: ZTE CDMA Technologies MSM
[   75.330678] usb 2-1.2: Manufacturer: ZTE, Incorporated
[   75.330680] usb 2-1.2: SerialNumber: 1234567890ABCDEF
[   80.114138] usbcore: registered new interface driver usbserial
[   80.114154] usbcore: registered new interface driver usbserial_generic
[   80.114166] usbserial: USB Serial support registered for generic
[   80.118906] usb-storage 2-1.2:1.2: USB Mass Storage device detected
[   80.119020] scsi6 : usb-storage 2-1.2:1.2
[   80.119108] usbcore: registered new interface driver usb-storage
[   80.170725] usbcore: registered new interface driver option
[   80.170753] usbserial: USB Serial support registered for GSM modem (1-port)
[   80.170906] option 2-1.2:1.0: GSM modem (1-port) converter detected
[   80.170995] usb 2-1.2: GSM modem (1-port) converter now attached to ttyUSB0
[   80.171023] option 2-1.2:1.1: GSM modem (1-port) converter detected
[   80.171083] usb 2-1.2: GSM modem (1-port) converter now attached to ttyUSB1
[   80.171117] option 2-1.2:1.3: GSM modem (1-port) converter detected
[   80.171191] usb 2-1.2: GSM modem (1-port) converter now attached to ttyUSB2
[   80.190796] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.190802] option1 ttyUSB2: usb_wwan_write: endpoint 4 buf 0
[   80.190814] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.190818] option1 ttyUSB2: usb_wwan_write: endpoint 4 buf 1
[   80.190826] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190829] option1 ttyUSB2: usb_wwan_write: endpoint 4 buf 2
[   80.190838] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190843] option1 ttyUSB2: usb_wwan_write: endpoint 4 buf 3
[   80.190851] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190854] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190856] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190859] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190862] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190865] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190868] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190871] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190874] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190877] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190880] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190883] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190885] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190888] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190891] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190894] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190896] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190899] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.190902] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.190905] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.190908] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.190916] option1 ttyUSB2: usb_wwan_write: endpoint 4 buf 0
[   80.190924] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190927] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190930] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190933] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190935] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190938] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190941] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190944] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190947] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190950] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190952] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190955] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190958] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190961] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190963] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190966] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190969] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190972] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190975] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190978] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190981] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190983] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190986] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190989] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190991] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.190994] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.190997] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191000] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191003] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191006] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191009] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191012] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191014] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191017] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191020] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191023] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191025] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191028] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191031] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191034] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191037] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191039] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191042] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191045] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191048] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191051] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191054] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191056] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191059] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191062] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191064] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191067] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191070] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191073] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191076] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191079] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191082] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191084] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191087] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191090] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191093] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191095] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191099] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191101] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191104] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191107] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191109] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191112] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191115] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191118] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191121] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191124] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191127] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191129] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191132] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191135] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191137] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191140] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191143] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191146] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191149] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191151] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191154] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191157] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191165] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191168] option1 ttyUSB2: usb_wwan_write: endpoint 4 buf 1
[   80.191177] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191179] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191182] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191185] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191187] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191190] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191193] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191195] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191198] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191201] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191204] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191207] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191210] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191213] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191216] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191218] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191221] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191223] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191226] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191229] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191232] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191234] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191237] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191240] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191243] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191246] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191248] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191251] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191254] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191256] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191260] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191262] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191265] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191268] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191270] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191273] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191276] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191291] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191298] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191306] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191312] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191319] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191326] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191334] option1 ttyUSB2: usb_wwan_write: write (1 chars)
[   80.191342] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.191350] option1 ttyUSB2: usb_wwan_write: write (2 chars)
[   80.290888] option1 ttyUSB0: usb_wwan_write: write (1 chars)
[   80.290915] BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
[   80.290974] IP: [<ffffffffa07b9570>] usb_wwan_write+0xa0/0x2b0 [usb_wwan]
[   80.291007] PGD 26ebcb067 PUD 26e801067 PMD 0 
[   80.291031] Oops: 0000 [#1] PREEMPT SMP 
[   80.291054] Modules linked in: option usb_wwan usb_storage usbserial ctr ccm rfcomm xt_tcpudp xt_pkttype xt_LOG af_packet xt_limit ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_raw ipt_REJECT iptable_raw xt_CT iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_ipv4 nf_defrag_ipv4 ip_tables xt_conntrack nf_conntrack ip6table_filter bnep ip6_tables x_tables x86_pkg_temp_thermal coretemp kvm_intel kvm snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel snd_hda_codec arc4 iwldvm crc32c_intel mac80211 ghash_clmulni_intel snd_hwdep aesni_intel snd_pcm iwlwifi ablk_helper btusb cryptd lrw gf128mul bluetooth cfg80211 snd_seq glue_helper uvcvideo videobuf2_core videodev sr_mod cdrom sdhci_pci sdhci joydev serio_raw pcspkr i2c_i801 iTCO_wdt
[   80.291448]  snd_timer snd_seq_device snd videobuf2_vmalloc samsung_laptop videobuf2_memops mmc_core iTCO_vendor_support r8169 mii 6lowpan_iphc aes_x86_64 video rfkill soundcore lpc_ich shpchp battery mfd_core button ac sg dm_mod autofs4 radeon ttm drm_kms_helper drm xhci_hcd i2c_algo_bit thermal fan processor thermal_sys scsi_dh_rdac scsi_dh_emc scsi_dh_hp_sw scsi_dh_alua scsi_dh
[   80.291642] CPU: 0 PID: 710 Comm: ModemManager Not tainted 3.14.0-torvalds+ #57
[   80.291672] Hardware name: SAMSUNG ELECTRONICS CO., LTD. 700G7A/700G7A, BIOS 01FF.M002.20110818.SCY 08/18/2011
[   80.291713] task: ffff88026ebb8210 ti: ffff88026dec0000 task.ti: ffff88026dec0000
[   80.291743] RIP: 0010:[<ffffffffa07b9570>]  [<ffffffffa07b9570>] usb_wwan_write+0xa0/0x2b0 [usb_wwan]
[   80.291782] RSP: 0018:ffff88026dec1d60  EFLAGS: 00010282
[   80.291804] RAX: ffff88026e4056c0 RBX: 0000000000000000 RCX: 0000000000000000
[   80.291832] RDX: ffff88027f40f578 RSI: ffff88026e4056c0 RDI: ffff88027f40d908
[   80.291860] RBP: ffff88026dec1dd0 R08: 000000000000000a R09: 00000000000004c8
[   80.291888] R10: 0000000000000000 R11: ffff88026dec196e R12: 0000000000000001
[   80.291916] R13: ffff88026e405640 R14: ffff880273a8e000 R15: 0000000000000000
[   80.291944] FS:  00007fc45d53e800(0000) GS:ffff88027f400000(0000) knlGS:0000000000000000
[   80.291976] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   80.292000] CR2: 0000000000000058 CR3: 000000027389e000 CR4: 00000000000407f0
[   80.292027] Stack:
[   80.292037]  ffff88026d309000 00007fff560e0a80 ffff88026e4056d0 ffff88026e405640
[   80.292072]  ffff88026f91a400 ffff880272bf4f80 ffff880273a8e2f0 0000000100000019
[   80.292107]  ffff88026e4056c0 ffff88026d309000 ffff880273a8e000 0000000000000001
[   80.292143] Call Trace:
[   80.292158]  [<ffffffffa07ad918>] serial_write+0x48/0xb0 [usbserial]
[   80.292188]  [<ffffffff813abe56>] n_tty_write+0x166/0x4e0
[   80.292214]  [<ffffffff81086150>] ? wake_up_state+0x10/0x10
[   80.292238]  [<ffffffff813a8d08>] tty_write+0x148/0x2a0
[   80.292260]  [<ffffffff813abcf0>] ? process_echoes+0x70/0x70
[   80.292285]  [<ffffffff81194105>] vfs_write+0xb5/0x1e0
[   80.292308]  [<ffffffff81194c21>] SyS_write+0x41/0xb0
[   80.292331]  [<ffffffff811a8a90>] ? SyS_poll+0x60/0xf0
[   80.292356]  [<ffffffff815de666>] system_call_fastpath+0x1a/0x1f
[   80.292381] Code: 05 90 00 00 00 41 89 dc 89 5d cc 48 89 45 a0 4c 89 e8 48 89 75 d0 4d 89 fd 49 89 c7 49 8b 5d 40 48 8b 45 d0 f0 4c 0f ab 38 72 60 <8b> 4b 58 48 8b 7d c0 45 89 f8 48 c7 c2 64 b4 7b a0 48 c7 c6 c3 
[   80.292561] RIP  [<ffffffffa07b9570>] usb_wwan_write+0xa0/0x2b0 [usb_wwan]
[   80.292592]  RSP <ffff88026dec1d60>
[   80.292606] CR2: 0000000000000058
[   80.302499] ---[ end trace fab25c368f672142 ]---
[   81.120808] scsi 6:0:0:0: Direct-Access     ZTE      MMC Storage      322  PQ: 0 ANSI: 2
[   81.121047] sd 6:0:0:0: Attached scsi generic sg3 type 0
[   81.122526] sd 6:0:0:0: [sdc] Attached SCSI removable disk

[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux