Kernel version: raspberrypi 4.4.6-v7+ #871 Driver source file: drivers/net/usb/kaweth.c Umap2 command line: umap2vsscan -P <PHY> -s 0557:2002 After connecting such a device, NULL pointer dereference in the kernel and USB stops responding. This issue was reproduced with other VID/PIDs that use this driver. Binyamin Sharet Cisco, STARE-C << Attached: 0557_2002_dmesg.log >>
[ 266.644327] usb 1-1.5: new high-speed USB device number 35 using dwc_otg [ 266.758503] usb 1-1.5: New USB device found, idVendor=0557, idProduct=2002 [ 266.758530] usb 1-1.5: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.758548] usb 1-1.5: Product: UMAP2. PID:0x2002 [ 266.758564] usb 1-1.5: Manufacturer: UMAP2. VID:0x0557 [ 266.758579] usb 1-1.5: SerialNumber: 123456 [ 267.866048] Unable to handle kernel NULL pointer dereference at virtual address 00000070 [ 267.874134] pgd = afa20000 [ 267.876926] [00000070] *pgd=00000000 [ 267.865838] kaweth 1-1.5:1.0: Downloading firmware... [ 267.865994] usb 1-1.5: Direct firmware load for kaweth/new_code.bin failed with error -2 [ 267.866048] Unable to handle kernel NULL pointer dereference at virtual address 00000070 [ 267.874134] pgd = afa20000 [ 267.876926] [00000070] *pgd=00000000 [ 267.917546] Internal error: Oops: 5 [#1] SMP ARM [ 267.922166] Modules linked in: kaweth(+) ch341 ath3k btusb btrtl btintel gspca_stv0680 gspca_sonixb hso gspca_pac7302 ath6kl_usb ath6kl_core ttusbir rc_core stk1160 snd_ac97_codec ac97_bus zd1201 gl620a bpa10x hci_uart btbcm gspca_se401 joydev xpad ff_memless gspca_spca561 evdev pwc videobuf2_vmalloc[ 267.947756] usb 1-1.5: USB disconnect, device number 35 [ 267.953980] videobuf2_memops videobuf2_v4l2 videobuf2_core r8188eu(C) gspca_stk1135 gspca_finepix microtek usbtest cp210x usbserial gspca_ov519 gspca_main v4l2_common videodev media dm9601 bnep bluetooth cfg80211 rfkill snd_bcm2835 snd_pcm snd_timer bcm2835_wdt bcm2835_gpiomem snd uio_pdrv_genirq uio i2c_dev fuse [ 267.982162] CPU: 2 PID: 1302 Comm: systemd-udevd Tainted: G WC 4.4.6-v7+ #871 [ 267.990324] Hardware name: BCM2709 [ 267.993721] task: afa56d40 ti: afafe000 task.ti: afafe000 [ 267.999123] PC is at __dev_printk+0x28/0x98 [ 268.003303] LR is at dev_err+0x48/0x50 [ 268.007050] pc : [<803a2390>] lr : [<803a257c>] psr: 20000013 [ 268.007050] sp : afaffbe0 ip : 80717928 fp : afaffc04 [ 268.018510] r10: 808df344 r9 : 00000000 r8 : 00000002 [ 268.023723] r7 : 00000064 r6 : fffffffe r5 : afaffc10 r4 : b5fd6440 [ 268.030235] r3 : afaffc0c r2 : afaffc10 r1 : 00000020 r0 : 80717928 [ 268.036749] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 268.043868] Control: 10c5387d Table: 2fa2006a DAC: 00000055 [ 268.049601] Process systemd-udevd (pid: 1302, stack limit = 0xafafe210) [ 268.056200] Stack: (0xafaffbe0 to 0xafb00000) [ 268.060551] fbe0: afaffc4c 00000001 00400000 803ad7c8 b5fd6440 b5fd6440 afaffc28 afaffc08 [ 268.068715] fc00: 803a257c 803a2374 afaffc34 afaffc30 7f3daa84 afaffc0c 00000002 afaffc74 [ 268.076879] fc20: afaffc38 7f3d9b58 803a2544 7f3daa84 00000000 00000002 afaffc68 b5fd6000 [ 268.085042] fc40: b5fd6440 b5db9220 b5db9200 00000000 00000000 b5fd6000 b5fd6440 b5db9220 [ 268.093205] fc60: b5db9200 b7962c68 afaffcbc afaffc78 7f3d9fd4 7f3d9a88 afaffca4 afaffc88 [ 268.101368] fc80: 8040ad70 8040ac7c ffff0557 ffffffff b5db9200 b5db9220 b7962c68 b7962c00 [ 268.109531] fca0: 7f3dae64 b5db9200 7f3daf0c 00000000 afaffcec afaffcc0 8040af88 7f3d9b98 [ 268.117695] fcc0: 8040aea0 8099d880 b5db9220 00000000 7f3dae64 00000037 7f3db240 00000000 [ 268.125858] fce0: afaffd14 afaffcf0 803a5e20 8040aeac 00000007 b5db9220 7f3dae64 b5db9254 [ 268.134021] fd00: 00000000 7f3dadd0 afaffd34 afaffd18 803a5fac 803a5c64 b958a45c 00000000 [ 268.142185] fd20: 7f3dae64 803a5f04 afaffd5c afaffd38 803a3fec 803a5f10 b958a45c b5e0ff34 [ 268.150348] fd40: b958a470 7f3dae64 b5f1fe80 808ec0b4 afaffd6c afaffd60 803a58e8 803a3f7c [ 268.158512] fd60: afaffd94 afaffd70 803a552c 803a58c8 7f3da920 afaffd80 7f3dae64 00000000 [ 268.166675] fd80: 808ec0b4 7f3dae64 afaffdac afaffd98 803a66e8 803a5384 7f3dae30 00000000 [ 268.174839] fda0: afaffdd4 afaffdb0 8040a8f4 803a666c 808a2398 808a2398 afad5ac0 7f3dd000 [ 268.183002] fdc0: 00000001 5052a49c afaffde4 afaffdd8 7f3dd028 8040a880 afaffe64 afaffde8 [ 268.191165] fde0: 80009764 7f3dd00c 3a72e000 00000000 afaffe3c afaffe00 80105288 00011e0c [ 268.199329] fe00: 801394d8 af9864c0 3a72e000 00000001 5052a49c 80147e40 afaffe64 afaffe28 [ 268.207492] fe20: 80147e40 805e93d4 00000001 801394d8 00000007 00011e0c bc351000 7f3db240 [ 268.215655] fe40: 00000001 afad5d40 7f3db240 00000001 5052a49c afad5b88 afaffe8c afaffe68 [ 268.223818] fe60: 800fccc8 800096d0 afaffe8c afaffe78 801395d4 afafff44 00000001 afad5b80 [ 268.231982] fe80: afafff3c afaffe90 8009ec68 800fcc60 7f3db24c 00007fff 7f3db240 8009c34c [ 268.240146] fea0: 000000e9 00000000 7f3db24c 7f3db24c 7f3db440 7f3db424 7f3db358 7f3db288 [ 268.248309] fec0: bc351000 000067b8 000415cc 00000000 0b300002 00000000 00000000 00000000 [ 268.256471] fee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 268.264634] ff00: 00000000 00000000 00000000 00000000 00000038 00000000 00000007 76d6f004 [ 268.272798] ff20: 0000017b 8000fd08 afafe000 00000000 afafffa4 afafff40 8009f44c 8009d2e8 [ 268.280961] ff40: 00000002 bc351000 000067b8 bc3571f0 bc354c25 bc355c2c 00002440 00002610 [ 268.289124] ff60: 00000000 00000000 00000000 00001998 00000023 00000024 0000001c 00000019 [ 268.297288] ff80: 00000015 00000000 00000000 54b4b04c 00000000 00020000 00000000 afafffa8 [ 268.305451] ffa0: 8000fb40 8009f3e4 54b4b04c 00000000 00000007 76d6f004 00000000 5615ae58 [ 268.313614] ffc0: 54b4b04c 00000000 00020000 0000017b 76d6f004 00020000 5615ae58 00000000 [ 268.321778] ffe0: 7eaa2200 7eaa21f0 76d6709c 76ec3d40 60000010 00000007 3affa861 3affac61 [ 268.329957] [<803a2390>] (__dev_printk) from [<803a257c>] (dev_err+0x48/0x50) [ 268.337105] [<803a257c>] (dev_err) from [<7f3d9b58>] (kaweth_download_firmware+0xdc/0x110 [kaweth]) [ 268.346185] [<7f3d9b58>] (kaweth_download_firmware [kaweth]) from [<7f3d9fd4>] (kaweth_probe+0x448/0x618 [kaweth]) [ 268.356529] [<7f3d9fd4>] (kaweth_probe [kaweth]) from [<8040af88>] (usb_probe_interface+0xe8/0x1d4) [ 268.365566] [<8040af88>] (usb_probe_interface) from [<803a5e20>] (really_probe+0x1c8/0x2ac) [ 268.373907] [<803a5e20>] (really_probe) from [<803a5fac>] (__driver_attach+0xa8/0xac) [ 268.381727] [<803a5fac>] (__driver_attach) from [<803a3fec>] (bus_for_each_dev+0x7c/0xb0) [ 268.389894] [<803a3fec>] (bus_for_each_dev) from [<803a58e8>] (driver_attach+0x2c/0x30) [ 268.397887] [<803a58e8>] (driver_attach) from [<803a552c>] (bus_add_driver+0x1b4/0x22c) [ 268.405881] [<803a552c>] (bus_add_driver) from [<803a66e8>] (driver_register+0x88/0x108) [ 268.413961] [<803a66e8>] (driver_register) from [<8040a8f4>] (usb_register_driver+0x80/0x144) [ 268.422482] [<8040a8f4>] (usb_register_driver) from [<7f3dd028>] (kaweth_driver_init+0x28/0x2c [kaweth]) [ 268.431961] [<7f3dd028>] (kaweth_driver_init [kaweth]) from [<80009764>] (do_one_initcall+0xa0/0x1ec) [ 268.441170] [<80009764>] (do_one_initcall) from [<800fccc8>] (do_init_module+0x74/0x1d8) [ 268.449251] [<800fccc8>] (do_init_module) from [<8009ec68>] (load_module+0x198c/0x1fc8) [ 268.457244] [<8009ec68>] (load_module) from [<8009f44c>] (SyS_finit_module+0x74/0x84) [ 268.465064] [<8009f44c>] (SyS_finit_module) from [<8000fb40>] (ret_fast_syscall+0x0/0x1c) [ 268.473229] Code: e3510000 e1a0c000 e1a05002 0a000016 (e5913050) [ 268.479411] ---[ end trace 7ad49b358a44f414 ]--- [ 267.917546] Internal error: Oops: 5 [#1] SMP ARM Message from syslogd@raspberrypi at Jun 20 09:21:24 ... kernel:[ 267.917546] Internal error: Oops: 5 [#1] SMP ARM [ 267.922166] Modules linked in: kaweth(+) ch341 ath3k btusb btrtl btintel gspca_stv0680 gspca_sonixb hso gspca_pac7302 ath6kl_usb ath6kl_core ttusbir rc_core stk1160 snd_ac97_codec ac97_bus zd1201 gl620a bpa10x hci_uart btbcm gspca_se401 joydev xpad ff_memless gspca_spca561 evdev pwc videobuf2_vmalloc [ 267.947756] usb 1-1.5: USB disconnect, device number 35 [ 267.953980] videobuf2_memops [ 267.956945] videobuf2_v4l2 videobuf2_core r8188eu(C) gspca_stk1135 gspca_finepix microtek usbtest cp210x usbserial gspca_ov519 gspca_main v4l2_common videodev media dm9601 bnep bluetooth cfg80211 rfkill snd_bcm2835 snd_pcm snd_timer bcm2835_wdt bcm2835_gpiomem snd uio_pdrv_genirq uio i2c_dev fuse [ 267.982162] CPU: 2 PID: 1302 Comm: systemd-udevd Tainted: G WC 4.4.6-v7+ #871 [ 267.990324] Hardware name: BCM2709 [ 267.993721] task: afa56d40 ti: afafe000 task.ti: afafe000 [ 267.999123] PC is at __dev_printk+0x28/0x98 [ 268.003303] LR is at dev_err+0x48/0x50 [ 268.007050] pc : [<803a2390>] lr : [<803a257c>] psr: 20000013 sp : afaffbe0 ip : 80717928 fp : afaffc04 [ 268.018510] r10: 808df344 r9 : 00000000 r8 : 00000002 [ 268.023723] r7 : 00000064 r6 : fffffffe r5 : afaffc10 r4 : b5fd6440 Message from syslogd@raspberrypi at Jun 20 09:21:24 ... kernel:[ 268.049601] Process systemd-udevd (pid: 1302, stack limit = 0xafafe210) [ 268.030235] r3 : afaffc0c r2 : afaffc10 r1 : 00000020 r0 : 80717928 [ 268.036749] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 268.043868] Control: 10c5387d Table: 2fa2006a DAC: 00000055 [ 268.049601] Process systemd-udevd (pid: 1302, stack limit = 0xafafe210) [ 268.056200] Stack: (0xafaffbe0 to 0xafb00000) [ 268.060551] fbe0: afaffc4c 00000001 00400000 803ad7c8 b5fd6440 b5fd6440 afaffc28 afaffc08 [ 268.068715] fc00: 803a257c 803a2374 afaffc34 afaffc30 7f3daa84 afaffc0c 00000002 afaffc74 Message from syslogd@raspberrypi at Jun 20 09:21:24 ... kernel:[ 268.056200] Stack: (0xafaffbe0 to 0xafb00000) [ 268.076879] fc20: afaffc38 7f3d9b58 803a2544 7f3daa84 00000000 00000002 afaffc68 b5fd6000 [ 268.085042] fc40: b5fd6440 b5db9220 b5db9200 00000000 00000000 b5fd6000 b5fd6440 b5db9220 [ 268.093205] fc60: b5db9200 b7962c68 afaffcbc afaffc78 7f3d9fd4 7f3d9a88 afaffca4 afaffc88 [ 268.101368] fc80: 8040ad70 8040ac7c ffff0557 ffffffff b5db9200 b5db9220 b7962c68 b7962c00 [ 268.109531] fca0: 7f3dae64 b5db9200 7f3daf0c 00000000 afaffcec afaffcc0 8040af88 7f3d9b98 [ 268.117695] fcc0: 8040aea0 8099d880 b5db9220 00000000 7f3dae64 00000037 7f3db240 00000000 [ 268.125858] fce0: afaffd14 afaffcf0 803a5e20 8040aeac 00000007 b5db9220 7f3dae64 b5db9254 [ 268.134021] fd00: 00000000 7f3dadd0 afaffd34 afaffd18 803a5fac 803a5c64 b958a45c 00000000 [ 268.142185] fd20: 7f3dae64 803a5f04 afaffd5c afaffd38 803a3fec 803a5f10 b958a45c b5e0ff34 [ 268.150348] fd40: b958a470 7f3dae64 b5f1fe80 808ec0b4 afaffd6c afaffd60 803a58e8 803a3f7c [ 268.158512] fd60: afaffd94 afaffd70 803a552c 803a58c8 7f3da920 afaffd80 7f3dae64 00000000 Message from syslogd@raspberrypi at Jun 20 09:21:24 ... kernel:[ 268.068715] fc00: 803a257c 803a2374 afaffc34 afaffc30 7f3daa84 afaffc0c 00000002 afaffc74 [ 268.166675] fd80: 808ec0b4 7f3dae64 afaffdac afaffd98 803a66e8 803a5384 7f3dae30 00000000 [ 268.174839] fda0: afaffdd4 afaffdb0 8040a8f4 803a666c 808a2398 808a2398 afad5ac0 7f3dd000 [ 268.183002] fdc0: 00000001 5052a49c afaffde4 afaffdd8 7f3dd028 8040a880 afaffe64 afaffde8 [ 268.191165] fde0: 80009764 7f3dd00c 3a72e000 00000000 afaffe3c afaffe00 80105288 00011e0c [ 268.199329] fe00: 801394d8 af9864c0 3a72e000 00000001 5052a49c 80147e40 afaffe64 afaffe28 [ 268.207492] fe20: 80147e40 805e93d4 00000001 801394d8 00000007 00011e0c bc351000 7f3db240 [ 268.215655] fe40: 00000001 afad5d40 7f3db240 00000001 5052a49c afad5b88 afaffe8c afaffe68 [ 268.223818] fe60: 800fccc8 800096d0 afaffe8c afaffe78 801395d4 afafff44 00000001 afad5b80 [ 268.231982] fe80: afafff3c afaffe90 8009ec68 800fcc60 7f3db24c 00007fff 7f3db240 8009c34c [ 268.240146] fea0: 000000e9 00000000 7f3db24c 7f3db24c 7f3db440 7f3db424 7f3db358 7f3db288 [ 268.248309] fec0: bc351000 000067b8 000415cc 00000000 0b300002 00000000 00000000 00000000 [ 268.256471] fee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 268.264634] ff00: 00000000 00000000 00000000 00000000 00000038 00000000 00000007 76d6f004 [ 268.272798] ff20: 0000017b 8000fd08 afafe000 00000000 afafffa4 afafff40 8009f44c 8009d2e8 [ 268.280961] ff40: 00000002 bc351000 000067b8 bc3571f0 bc354c25 bc355c2c 00002440 00002610 [ 268.289124] ff60: 00000000 00000000 00000000 00001998 00000023 00000024 0000001c 00000019 [ 268.297288] ff80: 00000015 00000000 00000000 54b4b04c 00000000 00020000 00000000 afafffa8 [ 268.305451] ffa0: 8000fb40 8009f3e4 54b4b04c 00000000 00000007 76d6f004 00000000 5615ae58 [ 268.313614] ffc0: 54b4b04c 00000000 00020000 0000017b 76d6f004 00020000 5615ae58 00000000 [ 268.321778] ffe0: 7eaa2200 7eaa21f0 76d6709c 76ec3d40 60000010 00000007 3affa861 3affac61 [ 268.329957] [<803a2390>] (__dev_printk) from [<803a257c>] (dev_err+0x48/0x50) [ 268.337105] [<803a257c>] (dev_err) from [<7f3d9b58>] (kaweth_download_firmware+0xdc/0x110 [kaweth]) [ 268.346185] [<7f3d9b58>] (kaweth_download_firmware [kaweth]) from [<7f3d9fd4>] (kaweth_probe+0x448/0x618 [kaweth]) [ 268.356529] [<7f3d9fd4>] (kaweth_probe [kaweth]) from [<8040af88>] (usb_probe_interface+0xe8/0x1d4) [ 268.365566] [<8040af88>] (usb_probe_interface) from [<803a5e20>] (really_probe+0x1c8/0x2ac) [ 268.373907] [<803a5e20>] (really_probe) from [<803a5fac>] (__driver_attach+0xa8/0xac) [ 268.381727] [<803a5fac>] (__driver_attach) from [<803a3fec>] (bus_for_each_dev+0x7c/0xb0) [ 268.389894] [<803a3fec>] (bus_for_each_dev) from [<803a58e8>] (driver_attach+0x2c/0x30) [ 268.397887] [<803a58e8>] (driver_attach) from [<803a552c>] (bus_add_driver+0x1b4/0x22c) [ 268.405881] [<803a552c>] (bus_add_driver) from [<803a66e8>] (driver_register+0x88/0x108) [ 268.413961] [<803a66e8>] (driver_register) from [<8040a8f4>] (usb_register_driver+0x80/0x144) [ 268.422482] [<8040a8f4>] (usb_register_driver) from [<7f3dd028>] (kaweth_driver_init+0x28/0x2c [kaweth]) [ 268.431961] [<7f3dd028>] (kaweth_driver_init [kaweth]) from [<80009764>] (do_one_initcall+0xa0/0x1ec) [ 268.441170] [<80009764>] (do_one_initcall) from [<800fccc8>] (do_init_module+0x74/0x1d8) [ 268.449251] [<800fccc8>] (do_init_module) from [<8009ec68>] (load_module+0x198c/0x1fc8) [ 268.457244] [<8009ec68>] (load_module) from [<8009f44c>] (SyS_finit_module+0x74/0x84) [ 268.465064] [<8009f44c>] (SyS_finit_module) from [<8000fb40>] (ret_fast_syscall+0x0/0x1c) [ 268.473229] Code: e3510000 e1a0c000 e1a05002 0a000016 (e5913050) [ 268.479411] ---[ end trace 7ad49b358a44f414 ]---
