https://bugzilla.kernel.org/show_bug.cgi?id=217862 --- Comment #5 from pawlick3r@xxxxxxxxx --- (In reply to Alan Stern from comment #4) > Created attachment 305027 [details] > Fix IO buffer on stack in alauda subdriver > > Try the attached patch. It should fix all the other instances of I/O done > to a buffer on the stack in the alauda driver. It fixes that error, but not the deference error: [ 63.134053] usb 1-1.2: new full-speed USB device number 6 using ehci-pci [ 63.260694] usb 1-1.2: New USB device found, idVendor=0584, idProduct=0008, bcdDevice= 1.02 [ 63.260715] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 63.260721] usb 1-1.2: Product: USB SmartMedia Adapter [ 63.260726] usb 1-1.2: Manufacturer: YAMAICHI ELECTRONICS Co.,Ltd. [ 63.341974] usbcore: registered new interface driver usb-storage [ 63.348722] ums-alauda 1-1.2:1.0: USB Mass Storage device detected [ 63.348926] scsi host6: usb-storage 1-1.2:1.0 [ 63.349032] usbcore: registered new interface driver ums-alauda [ 64.355307] scsi 6:0:0:0: Direct-Access Fujifilm DPC-R1 (Alauda) 0102 PQ: 0 ANSI: 0 CCS [ 64.355494] scsi 6:0:0:1: Direct-Access Fujifilm DPC-R1 (Alauda) 0102 PQ: 0 ANSI: 0 CCS [ 64.356335] sd 6:0:0:0: Attached scsi generic sg1 type 0 [ 64.356814] sd 6:0:0:0: [sdb] Media removed, stopped polling [ 64.356970] sd 6:0:0:1: Attached scsi generic sg2 type 0 [ 64.357651] sd 6:0:0:0: [sdb] Attached SCSI removable disk [ 95.571120] usb 1-1.2: reset full-speed USB device number 6 using ehci-pci [ 95.686034] sd 6:0:0:1: [sdc] 16000 512-byte logical blocks: (8.19 MB/7.81 MiB) [ 95.686147] sd 6:0:0:1: [sdc] Test WP failed, assume Write Enabled [ 95.686243] sd 6:0:0:1: [sdc] Asking for cache data failed [ 95.686260] sd 6:0:0:1: [sdc] Assuming drive cache: write through [ 126.209261] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 126.209295] #PF: supervisor read access in kernel mode [ 126.209306] #PF: error_code(0x0000) - not-present page [ 126.209453] PGD 0 P4D 0 [ 126.209474] Oops: 0000 [#1] PREEMPT SMP PTI [ 126.209491] CPU: 3 PID: 2777 Comm: usb-storage Not tainted 6.5.1-custom #3 [ 126.209507] Hardware name: LENOVO 42872VU/42872VU, BIOS 8DET54WW (1.24 ) 10/18/2011 [ 126.209513] RIP: 0010:alauda_transport+0x4e6/0x12e2 [ums_alauda] [ 126.209538] Code: 0f 4c 8b b1 98 00 00 00 49 83 fe 01 0f 87 6f 0a 00 00 4b 8d 0c 76 44 89 e8 44 8b 6d a8 48 c1 e1 04 48 8b 4c 0b 20 48 8b 04 c1 <42> 0f b7 04 68 66 83 f8 ff 0f 84 18 ff ff ff 44 0f b7 f8 49 83 fe [ 126.209546] RSP: 0018:ffffa17ac0bb3cd0 EFLAGS: 00010206 [ 126.209555] RAX: 0000000000000000 RBX: ffff8ab097457a80 RCX: ffff8ab1913c6ac8 [ 126.209561] RDX: 00000000019c2003 RSI: ffffd88bc0000000 RDI: 0000000000000000 [ 126.209567] RBP: ffffa17ac0bb3db0 R08: 0000000000000000 R09: 0000000000000000 [ 126.209573] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8ab08121c000 [ 126.209578] R13: 0000000000000000 R14: 0000000000000001 R15: ffff8ab081915138 [ 126.209584] FS: 0000000000000000(0000) GS:ffff8ab19a2c0000(0000) knlGS:0000000000000000 [ 126.209591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.209597] CR2: 0000000000000000 CR3: 000000008e03c006 CR4: 00000000000606e0 [ 126.209604] Call Trace: [ 126.209610] <TASK> [ 126.209618] ? show_regs+0x6e/0x80 [ 126.209632] ? __die+0x29/0x70 [ 126.209641] ? page_fault_oops+0x154/0x4a0 [ 126.209654] ? alauda_transport+0x4e6/0x12e2 [ums_alauda] [ 126.209671] ? search_exception_tables+0x65/0x70 [ 126.209686] ? kernelmode_fixup_or_oops+0xa2/0x120 [ 126.209697] ? __bad_area_nosemaphore+0x179/0x280 [ 126.209712] ? bad_area_nosemaphore+0x16/0x20 [ 126.209725] ? do_user_addr_fault+0x2ce/0x6b0 [ 126.209741] ? exc_page_fault+0x7d/0x190 [ 126.209755] ? asm_exc_page_fault+0x2b/0x30 [ 126.209774] ? alauda_transport+0x4e6/0x12e2 [ums_alauda] [ 126.209799] ? __schedule+0x3cb/0x15d0 [ 126.209825] usb_stor_invoke_transport+0x45/0x520 [usb_storage] [ 126.209856] ? __wait_for_common+0x15b/0x190 [ 126.209868] ? __pfx_schedule_timeout+0x10/0x10 [ 126.209881] usb_stor_transparent_scsi_command+0x12/0x20 [usb_storage] [ 126.209905] usb_stor_control_thread+0x20b/0x2d0 [usb_storage] [ 126.209931] ? __pfx_usb_stor_control_thread+0x10/0x10 [usb_storage] [ 126.209955] kthread+0xfb/0x130 [ 126.209967] ? __pfx_kthread+0x10/0x10 [ 126.209978] ret_from_fork+0x40/0x60 [ 126.209988] ? __pfx_kthread+0x10/0x10 [ 126.209998] ret_from_fork_asm+0x1b/0x30 [ 126.210016] </TASK> [ 126.210020] Modules linked in: ums_alauda usb_storage rfcomm ccm bnep intel_rapl_msr mei_hdcp snd_hda_codec_hdmi snd_ctl_led snd_hda_codec_conexant snd_hda_codec_generic uvcvideo videobuf2_vmalloc uvc snd_hda_intel btusb snd_intel_dspcfg btrtl snd_intel_sdw_acpi videobuf2_memops btbcm btintel btmtk videobuf2_v4l2 bluetooth snd_hda_codec videodev videobuf2_common mc ecdh_generic intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp binfmt_misc snd_hda_core rapl snd_hwdep intel_cstate iwldvm snd_pcm nls_iso8859_1 think_lmi input_leds joydev mac80211 at24 serio_raw firmware_attributes_class wmi_bmof libarc4 snd_seq_midi snd_seq_midi_event iwlwifi snd_rawmidi thinkpad_acpi snd_seq snd_seq_device nvram snd_timer ledtrig_audio mei_me platform_profile cfg80211 snd mei soundcore mac_hid sch_fq_codel msr parport_pc ppdev lp pstore_blk parport ramoops pstore_zone reed_solomon efi_pstore ip_tables x_tables autofs4 i915 drm_buddy i2c_algo_bit ttm crct10dif_pclmul drm_display_helper crc32_pclmul ghash_clmulni_intel cec [ 126.210212] sha512_ssse3 rc_core aesni_intel sdhci_pci crypto_simd drm_kms_helper ahci cryptd cqhci psmouse i2c_i801 libahci drm i2c_smbus lpc_ich e1000e sdhci video wmi [ 126.210262] CR2: 0000000000000000 [ 126.210270] ---[ end trace 0000000000000000 ]--- [ 126.974625] RIP: 0010:alauda_transport+0x4e6/0x12e2 [ums_alauda] [ 126.974660] Code: 0f 4c 8b b1 98 00 00 00 49 83 fe 01 0f 87 6f 0a 00 00 4b 8d 0c 76 44 89 e8 44 8b 6d a8 48 c1 e1 04 48 8b 4c 0b 20 48 8b 04 c1 <42> 0f b7 04 68 66 83 f8 ff 0f 84 18 ff ff ff 44 0f b7 f8 49 83 fe [ 126.974670] RSP: 0018:ffffa17ac0bb3cd0 EFLAGS: 00010206 [ 126.974680] RAX: 0000000000000000 RBX: ffff8ab097457a80 RCX: ffff8ab1913c6ac8 [ 126.974687] RDX: 00000000019c2003 RSI: ffffd88bc0000000 RDI: 0000000000000000 [ 126.974693] RBP: ffffa17ac0bb3db0 R08: 0000000000000000 R09: 0000000000000000 [ 126.974698] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8ab08121c000 [ 126.974703] R13: 0000000000000000 R14: 0000000000000001 R15: ffff8ab081915138 [ 126.974709] FS: 0000000000000000(0000) GS:ffff8ab19a2c0000(0000) knlGS:0000000000000000 [ 126.974716] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.974722] CR2: 0000000000000000 CR3: 0000000113a8a005 CR4: 00000000000606e0 [ 126.974729] note: usb-storage[2777] exited with irqs disabled -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
