[CCing Dan Carpenter as I believe he has reported the NULL pointer dereference on serial device unplug before] Bjørn Mork <bjorn@xxxxxxx> writes: > "Thomas Schäfer" <tschaefer@xxxxxxxxxxx> wrote: > >>This happens with the Huawei E398 (supported since 3.4) >> >> >>dmesg >>[ 133.764128] usb 1-4: new high-speed USB device number 3 using >>ehci_hcd >>[ 133.899087] usb 1-4: New USB device found, idVendor=12d1, >>idProduct=1505 >>[ 133.899102] usb 1-4: New USB device strings: Mfr=3, Product=2, >>SerialNumber=0 >>[ 133.899111] usb 1-4: Product: HUAWEI Mobile >>[ 133.899120] usb 1-4: Manufacturer: Huawei Technologies >>[ 133.959452] usbcore: registered new interface driver uas >>[ 133.969406] Initializing USB Mass Storage driver... >>[ 133.970572] scsi4 : usb-storage 1-4:1.0 >>[ 133.970960] usbcore: registered new interface driver usb-storage >>[ 133.970967] USB Mass Storage support registered. >>[ 134.716146] usb 1-4: USB disconnect, device number 3 >>[ 144.604138] usb 1-4: new high-speed USB device number 4 using >>ehci_hcd >>[ 144.739362] usb 1-4: New USB device found, idVendor=12d1, >>idProduct=1506 >>[ 144.739377] usb 1-4: New USB device strings: Mfr=4, Product=3, >>SerialNumber=0 >>[ 144.739387] usb 1-4: Product: HUAWEI Mobile >>[ 144.739395] usb 1-4: Manufacturer: Huawei Technologies >>[ 144.744396] scsi5 : usb-storage 1-4:1.5 >>[ 144.745587] scsi6 : usb-storage 1-4:1.6 >>[ 144.800200] usbcore: registered new interface driver usbserial >>[ 144.800264] usbcore: registered new interface driver >>usbserial_generic >>[ 144.800309] USB Serial support registered for generic >>[ 144.800325] usbserial: USB Serial Driver core >>[ 144.812227] usbcore: registered new interface driver cdc_wdm >>[ 144.816522] usbcore: registered new interface driver option >>[ 144.816580] USB Serial support registered for GSM modem (1-port) >>[ 144.816821] option 1-4:1.0: GSM modem (1-port) converter detected >>[ 144.817153] usb 1-4: GSM modem (1-port) converter now attached to >>ttyUSB0 >>[ 144.817223] option 1-4:1.1: GSM modem (1-port) converter detected >>[ 144.822070] usb 1-4: GSM modem (1-port) converter now attached to >>ttyUSB1 >>[ 144.822163] option 1-4:1.2: GSM modem (1-port) converter detected >>[ 144.822628] usb 1-4: GSM modem (1-port) converter now attached to >>ttyUSB2 >>[ 144.843517] qmi_wwan 1-4:1.3: cdc-wdm0: USB WDM device >>[ 144.844156] qmi_wwan 1-4:1.3: wwan0: register 'qmi_wwan' at >>usb-0000:00:1d.7-4, WWAN/QMI device, 00:a0:c6:00:00:00 >>[ 144.844266] usbcore: registered new interface driver qmi_wwan >>[ 145.745563] scsi 5:0:0:0: CD-ROM HUAWEI Mass Storage >> 2.31 PQ: 0 ANSI: 0 >>[ 145.746478] scsi 5:0:0:0: Attached scsi generic sg1 type 5 >>[ 145.749398] scsi 6:0:0:0: Direct-Access HUAWEI SD Storage >> 2.31 PQ: 0 ANSI: 2 >>[ 145.750483] sd 6:0:0:0: Attached scsi generic sg2 type 0 >>[ 145.751473] sd 6:0:0:0: [sdb] 31116288 512-byte logical blocks: >>(15.9 GB/14.8 GiB) >>[ 145.752841] sd 6:0:0:0: [sdb] Write Protect is off >>[ 145.752862] sd 6:0:0:0: [sdb] Mode Sense: 0f 0e 00 00 >>[ 145.753848] sd 6:0:0:0: [sdb] Write cache: enabled, read cache: >>enabled, doesn't support DPO or FUA >>[ 145.762461] sdb: sdb1 >>[ 145.766371] sd 6:0:0:0: [sdb] Attached SCSI removable disk >>[ 145.787558] sr0: scsi-1 drive >>[ 145.787572] cdrom: Uniform CD-ROM driver Revision: 3.20 >>[ 145.789625] sr 5:0:0:0: Attached scsi CD-ROM sr0 >>[ 243.145559] usb 1-4: USB disconnect, device number 4 >>[ 243.147961] option1 ttyUSB0: option_instat_callback: error -108 >>[ 243.148375] option1 ttyUSB0: GSM modem (1-port) converter now >>disconnected from ttyUSB0 >>[ 243.148471] BUG: unable to handle kernel NULL pointer dereference at >> (null) >>[ 243.148508] IP: [<ffffffffa0468527>] stop_read_write_urbs+0x37/0x80 >>[usb_wwan] >>[ 243.148556] PGD 79d60067 PUD 79d61067 PMD 0 >>[ 243.148590] Oops: 0000 [#1] SMP >>[ 243.148617] Modules linked in: sr_mod cdrom qmi_wwan usbnet option >>cdc_wdm usb_wwan usbserial usb_storage uas fuse af_packet >>ip6table_filter ip6_tables iptable_filter ip_tables x_tables tun edd >>cpufreq_conservative cpufreq_userspace cpufreq_powersave snd_pcm_oss >>snd_mixer_oss acpi_cpufreq snd_seq mperf snd_seq_device coretemp arc4 >>sg hp_wmi sparse_keymap uvcvideo videobuf2_core >>videodev videobuf2_vmalloc videobuf2_memops rtl8192ce rtl8192c_common >>rtlwifi joydev pcspkr microcode mac80211 i2c_i801 lpc_ich r8169 >>snd_hda_codec_idt cfg80211 snd_hda_intel snd_hda_codec rfkill >>snd_hwdep snd_pcm wmi snd_timer ac snd soundcore snd_page_alloc battery >>uhci_hcd i915 drm_kms_helper drm i2c_algo_bit ehci_hcd thermal usbcore >>video usb_common button processor thermal_sys >>[ 243.149007] CPU 1 >>[ 243.149027] Pid: 135, comm: khubd Not tainted >>3.5.0-rc7-next-20120720-1-vanilla #1 Hewlett-Packard HP Mini 110-3700 >> /1584 >>[ 243.149072] RIP: 0010:[<ffffffffa0468527>] [<ffffffffa0468527>] >>stop_read_write_urbs+0x37/0x80 [usb_wwan] >>[ 243.149118] RSP: 0018:ffff880037e75b30 EFLAGS: 00010286 >>[ 243.149133] RAX: 0000000000000000 RBX: 0000000000000000 RCX: >>ffff88005912aa28 >>[ 243.149150] RDX: ffff88005e95f028 RSI: 0000000000000000 RDI: >>ffff88005f7c1a10 >>[ 243.149166] RBP: ffff880037e75b60 R08: 0000000000000000 R09: >>ffffffff812cea90 >>[ 243.149182] R10: 0000000000000000 R11: 0000000000000001 R12: >>ffff88006539b440 >>[ 243.149198] R13: ffff88006539b440 R14: 0000000000000000 R15: >>0000000000000000 >>[ 243.149216] FS: 0000000000000000(0000) GS:ffff88007ee80000(0000) >>knlGS:0000000000000000 >>[ 243.149233] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b >>[ 243.149248] CR2: 0000000000000000 CR3: 0000000079fe0000 CR4: >>00000000000007e0 >>[ 243.149264] DR0: 0000000000000000 DR1: 0000000000000000 DR2: >>0000000000000000 >>[ 243.149280] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: >>0000000000000400 >>[ 243.149298] Process khubd (pid: 135, threadinfo ffff880037e74000, >>task ffff880037d40600) >>[ 243.149313] Stack: >>[ 243.149323] ffff880037e75b40 ffff88006539b440 ffff8800799bc830 >>ffff88005f7c1800 >>[ 243.149348] 0000000000000001 ffff88006539b448 ffff880037e75b70 >>ffffffffa04685e9 >>[ 243.149371] ffff880037e75bc0 ffffffffa0473765 ffff880037354988 >>ffff88007b594800 >>[ 243.149395] Call Trace: >>[ 243.149419] [<ffffffffa04685e9>] usb_wwan_disconnect+0x9/0x10 >>[usb_wwan] >>[ 243.149447] [<ffffffffa0473765>] usb_serial_disconnect+0xd5/0x120 >>[usbserial] >>[ 243.149511] [<ffffffffa0046b48>] usb_unbind_interface+0x58/0x1a0 >>[usbcore] >>[ 243.149545] [<ffffffff8139ebd7>] __device_release_driver+0x77/0xe0 >>[ 243.149567] [<ffffffff8139ec67>] device_release_driver+0x27/0x40 >>[ 243.149587] [<ffffffff8139e5cf>] bus_remove_device+0xdf/0x150 >>[ 243.149608] [<ffffffff8139bc78>] device_del+0x118/0x1a0 >>[ 243.149661] [<ffffffffa0044590>] usb_disable_device+0xb0/0x280 >>[usbcore] >>[ 243.149718] [<ffffffffa003c6fd>] usb_disconnect+0x9d/0x140 >>[usbcore] >>[ 243.149770] [<ffffffffa003da7d>] hub_port_connect_change+0xad/0x8a0 >>[usbcore] >>[ 243.149825] [<ffffffffa0043bf5>] ? usb_control_msg+0xe5/0x110 >>[usbcore] >>[ 243.149878] [<ffffffffa003e6e3>] hub_events+0x473/0x760 [usbcore] >>[ 243.149931] [<ffffffffa003ea05>] hub_thread+0x35/0x1d0 [usbcore] >>[ 243.149955] [<ffffffff81061960>] ? add_wait_queue+0x60/0x60 >>[ 243.150004] [<ffffffffa003e9d0>] ? hub_events+0x760/0x760 [usbcore] >>[ 243.150026] [<ffffffff8106133e>] kthread+0x8e/0xa0 >>[ 243.150047] [<ffffffff8157ec04>] kernel_thread_helper+0x4/0x10 >>[ 243.150068] [<ffffffff810612b0>] ? flush_kthread_work+0x120/0x120 >>[ 243.150088] [<ffffffff8157ec00>] ? gs_change+0xb/0xb >>[ 243.150101] Code: fd 41 54 53 48 83 ec 08 80 7f 1a 00 74 57 49 89 fc >>31 db 90 49 8b 7c 24 20 45 31 f6 48 81 c7 10 02 00 00 e8 bc 64 f3 e0 49 >>89 c7 <4b> 8b 3c 37 49 83 c6 08 e8 4c a5 bd ff 49 83 fe 20 >>75 ed 45 30 >>[ 243.150257] RIP [<ffffffffa0468527>] stop_read_write_urbs+0x37/0x80 >>[usb_wwan] >>[ 243.150282] RSP <ffff880037e75b30> >>[ 243.150294] CR2: 0000000000000000 >>[ 243.177170] ---[ end trace fba433d9015ffb8c ]--- >> > > Hmm, this look like a serial driver problem. Which of course is just > as serious, but relieving for me as I had no idea where to start > looking in qmi_wwan or cdc_wdm. > > Could you do a quick verification: please test if the problem > disappear if you blacklist your serial driver (option?). If so, > then I hope someone else can look into it. I seem to vaguely > remember a similar report, but cannot find it right now. I'm temporarily back at my keyboard and found the report from Dan Carpenter as early as July 4th: http://www.spinics.net/lists/linux-usb/msg66724.html I don't think that ever got any fix or any followup at all? >>With 3.5rc6 + the patches for the ZTE MF821D, >>all three LTE-devices (Huawei 398, Vodafone K5005, ZTE MF821D) worked. >> >>This was at 12.July 2012. (compiled by me) > > OK, that is good. There cannot be that many changes after > that. > > >>After the confirmations about the applied patches for the ZTE MF821D >>qmi_wwan by davem net-next and option by gregkh >>I thought, this could be the right time to try a kernel the easy way - >>from a repository of my distribution. >> >>Here are the infos about the kernel: >> >> >>rpm -qi kernel-vanilla >>Name : kernel-vanilla >> >>Version : 3.5.rc7.next.20120720 >>Release : 1.1 >> >>Architecture: x86_64 >>Install Date: So 22 Jul 2012 00:21:19 CEST >> >>Group : System/Kernel >> >>Size : 149684229 >> >>License : GPL-2.0 >> >>Signature : DSA/SHA1, Sa 21 Jul 2012 08:17:28 CEST, Key ID >>dcbb9d72a29f6635 >>Source RPM : kernel-vanilla-3.5.rc7.next.20120720-1.1.nosrc.rpm >> >>Build Date : Sa 21 Jul 2012 08:13:31 CEST >> >>Build Host : build09 >> >>Relocations : (not relocatable) >>Vendor : obs://build.opensuse.org/Kernel >> >>URL : http://www.kernel.org/ >> >>Summary : The Standard Kernel - without any SUSE patches >> >>Description : >>The standard kernel - without any SUSE patches >> >> >> >>Source Timestamp: 2012-07-20 08:02:11 +0200 >>GIT Revision: 41e65a27f08db17978346a46c8fda9bcfd1ee0cc >> >>GIT Branch: linux-next >>Distribution: Kernel:linux-ne > > Thanks. That is useful to know. Eh, did't quite catch that at first glance. So this is linux-next? I.e. not 3.5, but 3.6-to-be? That's consistent with the report from Dan, and a whole other game with plenty of major changes since your last working 3.5rc6. I can't find the referenced commit anywhere, but if this is the next-20120720 from linux-next repo with no other changes then that should be precise enough. Bjørn -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
