[Umap2][5/11][22b8:2d93] NULL pointer dereference

Binyamin Sharet <bsharet@xxxxxxxxx> · Tue, 16 Aug 2016 16:46:26 +0300

Kernel version: raspberrypi 4.4.6-v7+ #871
Driver source file: drivers/usb/class/cdc-acm.c
Umap2 command line: umap2vsscan -P <PHY> -s 22b8:2d93

After connecting such a device, NULL pointer dereference in the kernel
and USB stops responding.

Binyamin Sharet
Cisco, STARE-C

<< Attached:  22b8_2d93_dmesg.log >>
[   86.923158] usb 1-1.5: new high-speed USB device number 9 using dwc_otg
[   87.037425] usb 1-1.5: New USB device found, idVendor=0cf2, idProduct=6230
[   87.037452] usb 1-1.5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.037469] usb 1-1.5: Product: UMAP2. PID:0x6230
[   87.037484] usb 1-1.5: Manufacturer: UMAP2. VID:0x0cf2
[   87.037499] usb 1-1.5: SerialNumber: 123456
[   89.501681] usb 1-1.5: USB disconnect, device number 9
[   95.113212] usb 1-1.5: new high-speed USB device number 10 using dwc_otg
[   95.228033] usb 1-1.5: New USB device found, idVendor=22b8, idProduct=2d93
[   95.228061] usb 1-1.5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.228078] usb 1-1.5: Product: UMAP2. PID:0x2d93
[   95.228093] usb 1-1.5: Manufacturer: UMAP2. VID:0x22b8
[   95.228108] usb 1-1.5: SerialNumber: 123456
[   96.320953] Unable to handle kernel NULL pointer dereference at virtual address 00000004
[   96.329120] pgd = af938000
[   96.331833] [00000004] *pgd=00000000
[   96.32095[   96.335504] Internal error: Oops: 5 [#1] SMP ARM
3] Unable to handle kernel NULL pointer dereference at virtual address 00000004
[   96.329120] pgd = af938000
[   96.331833] [00000004] *pgd=00000000
[   96.335504] Internal error: Oops: 5 [#1] SMP ARM
[   96.366274] Modules linked in: cdc_acm(+) gspca_vc032x gspca_vicam gspca_sonixj gspca_ov534_9 gspca_main v4l2_common videodev media bnep bluetooth cfg80211 rfkill snd_bcm2835 snd_pcm snd_timer snd bcm2835_gpiomem bcm2835_wdt uio_pdrv_genirq uio i2c_dev fuse
[   96.389200] CPU: 2 PID: 794 Comm: systemd-udevd Not tainted 4.4.6-v7+ #871
[   96.396063] Hardware name: BCM2709
[   96.399461] task: b8056d40 ti: af936000 task.ti: af936000
[   96.404888] PC is at acm_probe+0x17c/0xd98 [cdc_acm]
[   96.409846] LR is at 0x1
[   96.412379] pc : [<7f20be28>]    lr : [<00000001>]    psr: 60000013
[   96.412379] sp : af937c30  ip : af937c30  fp : af937cac
[   96.423839] r10: b5fd8600  r9 : 00000000  r8 : b5fd8600
[   96.429056] r7 : 7f20e6dc  r6 : b8f4a000  r5 : 00000000  r4 : b8f4a000
[   96.435573] r3 : 00000010  r2 : b5fd9c00  r1 : 00000000  r0 : b5fd8600
[   96.442092] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[   96.449217] Control: 10c5387d  Table: 2f93806a  DAC: 00000055
[   96.454953] Process systemd-udevd (pid: 794, stack limit = 0xaf936210)
[   96.461468] Stack: (0xaf937c30 to 0xaf938000)
[   96.465816] 7c20:                                     af89aeb0 801c97f4 80000001 af89aeb0
[   96.473980] 7c40: af937c64 801cc13c 801c97f4 af90a370 af90a2d0 af89aeb0 af937c84 af90a2d0
[   96.482143] 7c60: af90a370 b8f4a068 af937c94 00000000 b5fd8600 b8f4a000 00000001 00000010
[   96.490306] 7c80: b5fd8600 b5fd8620 b8f4a068 b8f4a000 7f20e6dc b5fd8600 7f20db74 00000000
[   96.498470] 7ca0: af937cdc af937cb0 8040af88 7f20bcb8 8040aea0 8099d880 b5fd8620 00000000
[   96.506633] 7cc0: 7f20e6dc 00000010 7f20e740 00000000 af937d04 af937ce0 803a5e20 8040aeac
[   96.514796] 7ce0: 00000007 b5fd8620 7f20e6dc b5fd8654 00000000 7f20e560 af937d24 af937d08
[   96.522959] 7d00: 803a5fac 803a5c64 b958a45c 00000000 7f20e6dc 803a5f04 af937d4c af937d28
[   96.531122] 7d20: 803a3fec 803a5f10 b958a45c b5f79fb4 b958a470 7f20e6dc b5e76d80 808ec0b4
[   96.539285] 7d40: af937d5c af937d50 803a58e8 803a3f7c af937d84 af937d60 803a552c 803a58c8
[   96.547448] 7d60: 7f20e560 af937d70 7f20e6dc 00000000 808ec0b4 7f20e6dc af937d9c af937d88
[   96.555611] 7d80: 803a66e8 803a5384 7f20e6a8 00000000 af937dc4 af937da0 8040a8f4 803a666c
[   96.563774] 7da0: 00000000 7f20e940 00000cbd 0000000c 00000001 47caea1c af937de4 af937dc8
[   96.571937] 7dc0: 7f2100e0 8040a880 808a2398 808a2398 b8351700 7f210000 af937e64 af937de8
[   96.580100] 7de0: 80009764 7f21000c 3a72e000 00000000 af937e3c af937e00 80105288 00003ac9
[   96.588263] 7e00: 801394d8 b5fd4ac0 3a72e000 00000001 47caea1c 80147e40 af937e64 af937e28
[   96.596426] 7e20: 80147e40 805e93d4 00000001 801394d8 0000000b 00003ac9 bc110000 7f20e740
[   96.604589] 7e40: 00000001 b83516c0 7f20e740 00000001 47caea1c b8351608 af937e8c af937e68
[   96.612753] 7e60: 800fccc8 800096d0 af937e8c af937e78 801395d4 af937f44 00000001 b8351600
[   96.620916] 7e80: af937f3c af937e90 8009ec68 800fcc60 7f20e74c 00007fff 7f20e740 8009c34c
[   96.629079] 7ea0: 0000015e 00000000 7f20e74c 7f20e74c 7f20e960 7f20e924 7f20e858 7f20e788
[   96.637242] 7ec0: bc110000 0000a230 0004169a 00000000 0b300002 00000000 00000000 00000000
[   96.645404] 7ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   96.653567] 7f00: 00000000 00000000 00000000 00000000 00000058 00000000 00000007 76cd0004
[   96.661730] 7f20: 0000017b 8000fd08 af936000 00000000 af937fa4 af937f40 8009f44c 8009d2e8
[   96.669893] 7f40: 00000002 bc110000 0000a230 bc119c68 bc1163e7 bc117b3c 00003960 00003cf0
[   96.678056] 7f60: 00000000 00000000 00000000 00002920 00000023 00000024 0000001c 00000019
[   96.686218] 7f80: 00000015 00000000 00000000 54b7e04c 00000000 00020000 00000000 af937fa8
[   96.694381] 7fa0: 8000fb40 8009f3e4 54b7e04c 00000000 00000007 76cd0004 00000000 54ec7ea0
[   96.702544] 7fc0: 54b7e04c 00000000 00020000 0000017b 76cd0004 00020000 54ec7ea0 00000000
[   96.710708] 7fe0: 7e9b6200 7e9b61f0 76cc809c 76e24d40 60000010 00000007 aaaaaaaa aaaaaaaa
[   96.718913] [<7f20be28>] (acm_probe [cdc_acm]) from [<8040af88>] (usb_probe_interface+0xe8/0x1d4)
[   96.727780] [<8040af88>] (usb_probe_interface) from [<803a5e20>] (really_probe+0x1c8/0x2ac)
[   96.736122] [<803a5e20>] (really_probe) from [<803a5fac>] (__driver_attach+0xa8/0xac)
[   96.743942] [<803a5fac>] (__driver_attach) from [<803a3fec>] (bus_for_each_dev+0x7c/0xb0)
[   96.752109] [<803a3fec>] (bus_for_each_dev) from [<803a58e8>] (driver_attach+0x2c/0x30)
[   96.760102] [<803a58e8>] (driver_attach) from [<803a552c>] (bus_add_driver+0x1b4/0x22c)
[   96.768096] [<803a552c>] (bus_add_driver) from [<803a66e8>] (driver_register+0x88/0x108)
[   96.776176] [<803a66e8>] (driver_register) from [<8040a8f4>] (usb_register_driver+0x80/0x144)
[   96.784700] [<8040a8f4>] (usb_register_driver) from [<7f2100e0>] (acm_init+0xe0/0x124 [cdc_acm])
[   96.793488] [<7f2100e0>] (acm_init [cdc_acm]) from [<80009764>] (do_one_initcall+0xa0/0x1ec)
[   96.801917] [<80009764>] (do_one_initcall) from [<800fccc8>] (do_init_module+0x74/0x1d8)
[   96.809997] [<800fccc8>] (do_init_module) from [<8009ec68>] (load_module+0x198c/0x1fc8)
[   96.817990] [<8009ec68>] (load_module) from [<8009f44c>] (SyS_finit_module+0x74/0x84)
[   96.825810] [<8009f44c>] (SyS_finit_module) from [<8000fb40>] (ret_fast_syscall+0x0/0x1c)
[   96.833975] Code: 13590000 0a000204 e15a0009 0a0002af (e5993004) 
[   96.840121] ---[ end trace 28f33326394683ba ]---
[   96.366274] Modules linked in: cdc_acm(+) gspca_vc032x gspca_vicam gspca_sonixj gspca_ov534_9 gspca_main v4l2_common videodev media bnep bluetooth cfg80211 rfkill snd_bcm2835 snd_pcm snd_timer snd bcm2835_gpiomem bcm2835_wdt uio_pdrv_genirq uio i2c_dev fuse
[   96.389200] CPU: 2 PID: 794 Comm: systemd-udevd Not tainted 4.4.6-v7+ #871
[   96.396063] Hardware name: BCM2709
[   96.399461] task: b8056d40 ti: af936000 task.ti: af936000
[   96.404888] PC is at acm_probe+0x17c/0xd98 [cdc_acm]
[   96.409846] LR is at 0x1
[   96.412379] pc : [<7f20be28>]    lr : [<00000001>]    psr: 60000013
sp : af937c30  ip : af937c30  fp : af937cac
[   96.423839] r10: b5fd8600  r9 : 00000000  r8 : b5fd8600
[   96.429056] r7 : 7f20e6dc  r6 : b8f4a000  r5 : 00000000  r4 : b8f4a000
[   96.435573] r3 : 00000010  r2 : b5fd9c00  r1 : 00000000  r0 : b5fd8600
[   96.442092] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[   96.449217] Control: 10c5387d  Table: 2f93806a  DAC: 00000055
[   96.454953] Process systemd-udevd (pid: 794, stack limit = 0xaf936210)
[   96.461468] Stack: (0xaf937c30 to 0xaf938000)
[   96.465816] 7c20:                                     af89aeb0 801c97f4 80000001 af89aeb0
[   96.473980] 7c40: af937c64 801cc13c 801c97f4 af90a370 af90a2d0 af89aeb0 af937c84 af90a2d0
[   96.482143] 7c60: af90a370 b8f4a068 af937c94 00000000 b5fd8600 b8f4a000 00000001 00000010
[   96.490306] 7c80: b5fd8600 b5fd8620 b8f4a068 b8f4a000 7f20e6dc b5fd8600 7f20db74 00000000

Message from syslogd@raspberrypi at Jun 20 09:18:32 ...
 kernel:[   96.454953] Process systemd-udevd (pid: 794, stack limit = 0xaf936210)
[   96.498470] 7ca0: af937cdc af937cb0 8040af88 7f20bcb8 8040aea0 8099d880 b5fd8620 00000000
[   96.506633] 7cc0: 7f20e6dc 00000010 7f20e740 00000000 af937d04 af937ce0 803a5e20 8040aeac
[   96.514796] 7ce0: 00000007 b5fd8620 7f20e6dc b5fd8654 00000000 7f20e560 af937d24 af937d08
[   96.522959] 7d00: 803a5fac 803a5c64 b958a45c 00000000 7f20e6dc 803a5f04 af937d4c af937d28
[   96.531122] 7d20: 803a3fec 803a5f10 b958a45c b5f79fb4 b958a470 7f20e6dc b5e76d80 808ec0b4
[   96.539285] 7d40: af937d5c af937d50 803a58e8 803a3f7c af937d84 af937d60 803a552c 803a58c8
[   96.547448] 7d60: 7f20e560 af937d70 7f20e6dc 00000000 808ec0b4 7f20e6dc af937d9c af937d88
[   96.555611] 7d80: 803a66e8 803a5384 7f20e6a8 00000000 af937dc4 af937da0 8040a8f4 803a666c
[   96.563774] 7da0: 00000000 7f20e940 00000cbd 0000000c 00000001 47caea1c af937de4 af937dc8
[   96.571937] 7dc0: 7f2100e0 8040a880 808a2398 808a2398 b8351700 7f210000 af937e64 af937de8
[   96.580100] 7de0: 80009764 7f21000c 3a72e000 00000000 af937e3c af937e00 80105288 00003ac9
[   96.588263] 7e00: 801394d8 b5fd4ac0 3a72e000 00000001 47caea1c 80147e40 af937e64 af937e28
[   96.596426] 7e20: 80147e40 805e93d4 00000001 801394d8 0000000b 00003ac9 bc110000 7f20e740
[   96.604589] 7e40: 00000001 b83516c0 7f20e740 00000001 47caea1c b8351608 af937e8c af937e68
[   96.612753] 7e60: 800fccc8 800096d0 af937e8c af937e78 801395d4 af937f44 00000001 b8351600
[   96.620916] 7e80: af937f3c af937e90 8009ec68 800fcc60 7f20e74c 00007fff 7f20e740 8009c34c

Message from syslogd@raspberrypi at Jun 20 09:18:32 ...
 kernel:[   96.473980] 7c40: af937c64 801cc13c 801c97f4 af90a370 af90a2d0 af89aeb0 af937c84 af90a2d0
[   96.629079] 7ea0: 0000015e 00000000 7f20e74c 7f20e74c 7f20e960 7f20e924 7f20e858 7f20e788
[   96.637242] 7ec0: bc110000 0000a230 0004169a 00000000 0b300002 00000000 00000000 00000000
[   96.645404] 7ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   96.653567] 7f00: 00000000 00000000 00000000 00000000 00000058 00000000 00000007 76cd0004
[   96.661730] 7f20: 0000017b 8000fd08 af936000 00000000 af937fa4 af937f40 8009f44c 8009d2e8
[   96.669893] 7f40: 00000002 bc110000 0000a230 bc119c68 bc1163e7 bc117b3c 00003960 00003cf0
[   96.678056] 7f60: 00000000 00000000 00000000 00002920 00000023 00000024 0000001c 00000019
[   96.686218] 7f80: 00000015 00000000 00000000 54b7e04c 00000000 00020000 00000000 af937fa8
[   96.694381] 7fa0: 8000fb40 8009f3e4 54b7e04c 00000000 00000007 76cd0004 00000000 54ec7ea0
[   96.702544] 7fc0: 54b7e04c 00000000 00020000 0000017b 76cd0004 00020000 54ec7ea0 00000000
[   96.710708] 7fe0: 7e9b6200 7e9b61f0 76cc809c 76e24d40 60000010 00000007 aaaaaaaa aaaaaaaa
[   96.718913] [<7f20be28>] (acm_probe [cdc_acm]) from [<8040af88>] (usb_probe_interface+0xe8/0x1d4)
[   96.727780] [<8040af88>] (usb_probe_interface) from [<803a5e20>] (really_probe+0x1c8/0x2ac)
[   96.736122] [<803a5e20>] (really_probe) from [<803a5fac>] (__driver_attach+0xa8/0xac)
[   96.743942] [<803a5fac>] (__driver_attach) from [<803a3fec>] (bus_for_each_dev+0x7c/0xb0)
[   96.752109] [<803a3fec>] (bus_for_each_dev) from [<803a58e8>] (driver_attach+0x2c/0x30)
[   96.760102] [<803a58e8>] (driver_attach) from [<803a552c>] (bus_add_driver+0x1b4/0x22c)
[   96.768096] [<803a552c>] (bus_add_driver) from [<803a66e8>] (driver_register+0x88/0x108)
[   96.776176] [<803a66e8>] (driver_register) from [<8040a8f4>] (usb_register_driver+0x80/0x144)
[   96.784700] [<8040a8f4>] (usb_register_driver) from [<7f2100e0>] (acm_init+0xe0/0x124 [cdc_acm])
[   96.793488] [<7f2100e0>] (acm_init [cdc_acm]) from [<80009764>] (do_one_initcall+0xa0/0x1ec)
[   96.801917] [<80009764>] (do_one_initcall) from [<800fccc8>] (do_init_module+0x74/0x1d8)
[   96.809997] [<800fccc8>] (do_init_module) from [<8009ec68>] (load_module+0x198c/0x1fc8)
[   96.817990] [<8009ec68>] (load_module) from [<8009f44c>] (SyS_finit_module+0x74/0x84)
[   96.825810] [<8009f44c>] (SyS_finit_module) from [<8000fb40>] (ret_fast_syscall+0x0/0x1c)
[   96.833975] Code: 13590000 0a000204 e15a0009[   97.438689] usb 1-1.5: USB disconnect, device number 10
 0a0002af (e5993004) 
[   96.840121] ---[ end trace 28f33326394683ba ]---
[   97.438689] usb 1-1.5: USB disconnect, device number 10