rm *rc1*dmesgAfter switching from 4.3 to 4.4rc-s plugging device ID 1076:8002 GCT Semiconductor, Inc. LU150 LTE Modem [Yota LU150] causes kernel Oops. The Oops is always reproducible when this device is plugged or system is booted with it. Oops reproduced with debian's 4.4.rc6 and vanilla 4.4rcs (http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.4-rc1+cod1-wily/, tryied without nvidia blob) After the oops system is semioperable - for example lsusb and rebooting hangs. With debian's 4.3.0 and vanilla 4.3.3 (http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.3.3-wily/) all works neraly fine - device never causes Oops but rarely silently doesn't work showing that cdc_ether driver is in use instead of typical rndis_host. Here is the most interesting parts of Oops, full in attahced dmesg [ 7.321232] BUG: unable to handle kernel NULL pointer dereference at 0000000000000003 [ 7.321340] IP: [<ffffffffa0316276>] usbnet_generic_cdc_bind+0x156/0x6e0 [cdc_ether] [ 7.323831] CPU: 2 PID: 374 Comm: systemd-udevd Tainted: P O 4.4.0-rc6-amd64 #1 Debian 4.4~rc6-1~exp1 [ 7.324050] RIP: 0010:[<ffffffffa0316276>] [<ffffffffa0316276>] usbnet_generic_cdc_bind+0x156/0x6e0 [cdc_ether] [ 7.324157] RSP: 0018:ffff8802362939f8 EFLAGS: 00010286 [ 7.324210] RAX: 0000000000000000 RBX: ffff880232cf5840 RCX: 0000000000000003 [ 7.325282] Call Trace: [ 7.325336] [<ffffffff81183ec0>] ? pcpu_alloc_area+0x220/0x3e0 [ 7.325395] [<ffffffffa0d9d8b0>] ? generic_rndis_bind+0x60/0x510 [rndis_host] [ 7.325469] [<ffffffffa0e2d2dc>] ? usbnet_probe+0x31c/0x8d0 [usbnet] [ 7.325527] [<ffffffff8140ca55>] ? __pm_runtime_set_status+0x185/0x230 [ 7.325597] [<ffffffffa003abc3>] ? usb_probe_interface+0x1b3/0x300 [usbcore] [ 7.325655] [<ffffffff814027b2>] ? driver_probe_device+0x212/0x480 [ 7.325711] [<ffffffff81402a9b>] ? __driver_attach+0x7b/0x80 [ 7.325766] [<ffffffff81402a20>] ? driver_probe_device+0x480/0x480 [ 7.325822] [<ffffffff814003e7>] ? bus_for_each_dev+0x67/0xb0 [ 7.325877] [<ffffffff81401b1f>] ? bus_add_driver+0x1df/0x270 [ 7.325932] [<ffffffff81403257>] ? driver_register+0x57/0xc0 [ 7.325997] [<ffffffffa003959d>] ? usb_register_driver+0x7d/0x130 [usbcore] [ 7.326053] [<ffffffffa0dd7000>] ? 0xffffffffa0dd7000 [ 7.326108] [<ffffffff81002122>] ? do_one_initcall+0xb2/0x200 [ 7.326164] [<ffffffff81161ffb>] ? do_init_module+0x5b/0x1dc [ 7.326220] [<ffffffff810f31c3>] ? load_module+0x2173/0x2780 [ 7.326275] [<ffffffff810ef970>] ? __symbol_put+0x60/0x60 [ 7.326330] [<ffffffff811d790b>] ? kernel_read+0x4b/0x70 [ 7.326386] [<ffffffff810f39fe>] ? SyS_finit_module+0xae/0xe0 [ 7.326442] [<ffffffff81589f32>] ? system_call_fast_compare_end+0xc/0x67 Since lsusb is not working on problemtic kernels with plugged device attaching lsusb -v output from 4.3 kernel and lsusb -v output from 4.4 kernel with unplugged device. Also attaching dmesg of good boot with 4.3 and disassembly with debug symbols of cdc_ether module corresponding to Oops trace. According to disassembly symbols kernel oopses while trying to read adress 0x3 while executing drivers/net/usb/cdc_ether.c line 167-168: info->control = usb_ifnum_to_if(dev->udev, info->u->bMasterInterface0); with info->u=%rax somehow appears to be NULL (and bMasterInterface0 is offset 3). This code was changed last time in b0f85fa11aefc4f3e03306b4cd47f113bd57dcba and merged into mainline with b0f85fa11aefc4f3e03306b4cd47f113bd57dcba at 2015-11-04 Attachments in archive: 44rndis_oops/4.3.0-debian.dmesg 44rndis_oops/4.3.0-debian.lsusb-v 44rndis_oops/4.4rc1-vanilla-without-device.lsusb-t 44rndis_oops/4.3.0-debian.lsusb-t 44rndis_oops/4.4rc6-debian.dmesg 44rndis_oops/4.4rc6-debian.cdc_ether.objdump 44rndis_oops/4.4rc1-vanilla-without-device.lsusb-v
Attachment:
44rndis_oops.tar.gz
Description: GNU Zip compressed data
