rndis/cdc_ether usb device causing Oops in 4.4rc1+ with NULL dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



rm *rc1*dmesgAfter switching from 4.3 to 4.4rc-s plugging device ID 1076:8002 GCT Semiconductor, Inc. LU150 LTE Modem [Yota LU150] causes kernel Oops.

The Oops is always reproducible when this device is plugged or system is booted with it.
Oops reproduced with debian's 4.4.rc6 and vanilla 4.4rcs (http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.4-rc1+cod1-wily/, tryied without nvidia blob)
After the oops system is semioperable - for example lsusb and rebooting hangs.

With debian's 4.3.0 and vanilla 4.3.3 (http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.3.3-wily/) all works neraly fine - device never causes Oops but rarely silently doesn't work showing that cdc_ether driver is in use instead of typical rndis_host.

Here is the most interesting parts of Oops, full in attahced dmesg

[ 7.321232] BUG: unable to handle kernel NULL pointer dereference at 0000000000000003
[ 7.321340] IP: [<ffffffffa0316276>] usbnet_generic_cdc_bind+0x156/0x6e0 [cdc_ether]
[ 7.323831] CPU: 2 PID: 374 Comm: systemd-udevd Tainted: P O 4.4.0-rc6-amd64 #1 Debian 4.4~rc6-1~exp1
[ 7.324050] RIP: 0010:[<ffffffffa0316276>] [<ffffffffa0316276>] usbnet_generic_cdc_bind+0x156/0x6e0 [cdc_ether]
[ 7.324157] RSP: 0018:ffff8802362939f8 EFLAGS: 00010286
[ 7.324210] RAX: 0000000000000000 RBX: ffff880232cf5840 RCX: 0000000000000003
[ 7.325282] Call Trace:
[ 7.325336] [<ffffffff81183ec0>] ? pcpu_alloc_area+0x220/0x3e0
[ 7.325395] [<ffffffffa0d9d8b0>] ? generic_rndis_bind+0x60/0x510 [rndis_host]
[ 7.325469] [<ffffffffa0e2d2dc>] ? usbnet_probe+0x31c/0x8d0 [usbnet]
[ 7.325527] [<ffffffff8140ca55>] ? __pm_runtime_set_status+0x185/0x230
[ 7.325597] [<ffffffffa003abc3>] ? usb_probe_interface+0x1b3/0x300 [usbcore]
[ 7.325655] [<ffffffff814027b2>] ? driver_probe_device+0x212/0x480
[ 7.325711] [<ffffffff81402a9b>] ? __driver_attach+0x7b/0x80
[ 7.325766] [<ffffffff81402a20>] ? driver_probe_device+0x480/0x480
[ 7.325822] [<ffffffff814003e7>] ? bus_for_each_dev+0x67/0xb0
[ 7.325877] [<ffffffff81401b1f>] ? bus_add_driver+0x1df/0x270
[ 7.325932] [<ffffffff81403257>] ? driver_register+0x57/0xc0
[ 7.325997] [<ffffffffa003959d>] ? usb_register_driver+0x7d/0x130 [usbcore]
[ 7.326053] [<ffffffffa0dd7000>] ? 0xffffffffa0dd7000
[ 7.326108] [<ffffffff81002122>] ? do_one_initcall+0xb2/0x200
[ 7.326164] [<ffffffff81161ffb>] ? do_init_module+0x5b/0x1dc
[ 7.326220] [<ffffffff810f31c3>] ? load_module+0x2173/0x2780
[ 7.326275] [<ffffffff810ef970>] ? __symbol_put+0x60/0x60
[ 7.326330] [<ffffffff811d790b>] ? kernel_read+0x4b/0x70
[ 7.326386] [<ffffffff810f39fe>] ? SyS_finit_module+0xae/0xe0
[ 7.326442] [<ffffffff81589f32>] ? system_call_fast_compare_end+0xc/0x67

Since lsusb is not working on problemtic kernels with plugged device attaching lsusb -v output from 4.3 kernel and lsusb -v output from 4.4 kernel with unplugged device.

Also attaching dmesg of good boot with 4.3 and disassembly with debug symbols of cdc_ether module corresponding to Oops trace.

According to disassembly symbols kernel oopses while trying to read adress 0x3 while executing drivers/net/usb/cdc_ether.c line 167-168:
info->control = usb_ifnum_to_if(dev->udev,
info->u->bMasterInterface0);
with info->u=%rax somehow appears to be NULL (and bMasterInterface0 is offset 3).

This code was changed last time in b0f85fa11aefc4f3e03306b4cd47f113bd57dcba and merged into mainline with b0f85fa11aefc4f3e03306b4cd47f113bd57dcba at 2015-11-04
Attachments in archive:
44rndis_oops/4.3.0-debian.dmesg
44rndis_oops/4.3.0-debian.lsusb-v
44rndis_oops/4.4rc1-vanilla-without-device.lsusb-t
44rndis_oops/4.3.0-debian.lsusb-t
44rndis_oops/4.4rc6-debian.dmesg
44rndis_oops/4.4rc6-debian.cdc_ether.objdump
44rndis_oops/4.4rc1-vanilla-without-device.lsusb-v

Attachment: 44rndis_oops.tar.gz
Description: GNU Zip compressed data


[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux