Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1462175
Summary: | null pointer dereference when a USB device detached at rmi bus | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robin Lee <robinlee.sysu> |
Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 26 | CC: | gansalmon, ichavero, itamar, jcline, jonathan, kernel-maint, labbott, madhu.chinakonda, mchehab |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | kernel-4.13.16-302.fc27 kernel-4.13.16-202.fc26 kernel-4.14.6-300.fc27 kernel-4.14.6-200.fc26 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-18 18:51:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Robin Lee
2017-06-16 11:37:51 UTC
Also occur with current rawhide kernel: kernel-4.12.0-0.rc5.git2.1.fc27.x86_64 dmesg: Jun 19 11:33:42 cheese-X1tablet kernel: usb 1-7: USB disconnect, device number 2 Jun 19 11:33:42 cheese-X1tablet kernel: BUG: unable to handle kernel NULL pointer dereference at (null) Jun 19 11:33:42 cheese-X1tablet kernel: IP: device_del+0x17/0x360 Jun 19 11:33:42 cheese-X1tablet kernel: PGD 0 Jun 19 11:33:42 cheese-X1tablet kernel: P4D 0 Jun 19 11:33:42 cheese-X1tablet kernel: Jun 19 11:33:42 cheese-X1tablet kernel: Oops: 0000 [#1] SMP Jun 19 11:33:42 cheese-X1tablet kernel: Modules linked in: fuse ccm xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables bnep vfat fat wacom iTCO_wdt iTCO_vendor_support mei_wdt spi_pxa2xx_platform intel_rapl x86_pkg_temp_thermal i2c_designware_platform intel_powerclamp i2c_designware_core coretemp snd_soc_skl kvm_intel snd_soc_skl_ipc snd_soc_sst_ipc snd_soc_sst_dsp snd_hda_ext_core Jun 19 11:33:42 cheese-X1tablet kernel: arc4 snd_soc_sst_match snd_soc_core kvm snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_compress iwlmvm snd_pcm_dmaengine ac97_bus snd_hda_intel snd_hda_codec mac80211 irqbypass snd_hda_core crct10dif_pclmul crc32_pclmul snd_hwdep snd_seq ghash_clmulni_intel intel_cstate snd_seq_device intel_uncore snd_pcm intel_rapl_perf iwlwifi cfg80211 rtsx_pci_ms snd_timer i2c_i801 memstick btusb btrtl btbcm btintel joydev bluetooth mei_me mei ecdh_generic 8250_pci shpchp hid_sensor_als hid_sensor_accel_3d hid_sensor_magn_3d hid_sensor_gyro_3d hid_sensor_trigger hid_sensor_iio_common industrialio_triggered_buffer kfifo_buf industrialio idma64 processor_thermal_device thinkpad_acpi intel_lpss_pci intel_soc_dts_iosf wmi snd soc_button_array soundcore int3403_thermal rfkill intel_vbtn Jun 19 11:33:42 cheese-X1tablet kernel: pinctrl_sunrisepoint pinctrl_intel intel_lpss_acpi int3400_thermal intel_hid int3402_thermal acpi_thermal_rel intel_lpss sparse_keymap int340x_thermal_zone tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc mmc_block hid_sensor_hub intel_ishtp_hid i915 rtsx_pci_sdmmc mmc_core crc32c_intel i2c_algo_bit drm_kms_helper serio_raw drm rtsx_pci intel_ish_ipc intel_ishtp i2c_hid video hid_rmi rmi_core Jun 19 11:33:42 cheese-X1tablet kernel: CPU: 2 PID: 43 Comm: kworker/2:1 Not tainted 4.12.0-0.rc5.git2.1.fc27.x86_64 #1 Jun 19 11:33:42 cheese-X1tablet kernel: Hardware name: LENOVO 20GGA00L00/20GGA00L00, BIOS N1LET37W (1.19 ) 05/19/2016 Jun 19 11:33:42 cheese-X1tablet kernel: Workqueue: usb_hub_wq hub_event Jun 19 11:33:42 cheese-X1tablet kernel: task: ffff9ef59667b2c0 task.stack: ffffbd7d40df4000 Jun 19 11:33:42 cheese-X1tablet kernel: RIP: 0010:device_del+0x17/0x360 Jun 19 11:33:42 cheese-X1tablet kernel: RSP: 0018:ffffbd7d40df7a00 EFLAGS: 00010286 Jun 19 11:33:42 cheese-X1tablet kernel: RAX: ffffffffb6e5b300 RBX: 0000000000000000 RCX: 0000000000000000 Jun 19 11:33:42 cheese-X1tablet kernel: RDX: 0000001fffffffc0 RSI: ffff9ef59667c068 RDI: 0000000000000000 Jun 19 11:33:42 cheese-X1tablet kernel: RBP: ffffbd7d40df7a38 R08: 0000000000000001 R09: 0000000000000000 Jun 19 11:33:42 cheese-X1tablet kernel: R10: 0000000000000000 R11: 0000000000000000 R12: ffff9ef590bcc000 Jun 19 11:33:42 cheese-X1tablet kernel: R13: 0000000000000000 R14: ffff9ef590bcd8e8 R15: ffff9ef590bcd948 Jun 19 11:33:42 cheese-X1tablet kernel: FS: 0000000000000000(0000) GS:ffff9ef598a00000(0000) knlGS:0000000000000000 Jun 19 11:33:42 cheese-X1tablet kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 19 11:33:42 cheese-X1tablet kernel: CR2: 0000000000000000 CR3: 0000000025e11000 CR4: 00000000003406e0 Jun 19 11:33:42 cheese-X1tablet kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jun 19 11:33:42 cheese-X1tablet kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Jun 19 11:33:42 cheese-X1tablet kernel: Call Trace: Jun 19 11:33:42 cheese-X1tablet kernel: ? trace_hardirqs_on_caller+0xf4/0x190 Jun 19 11:33:42 cheese-X1tablet kernel: rmi_unregister_transport_device+0x16/0x30 [rmi_core] Jun 19 11:33:42 cheese-X1tablet kernel: rmi_remove+0x36/0x60 [hid_rmi] Jun 19 11:33:42 cheese-X1tablet kernel: hid_device_remove+0x68/0xd0 Jun 19 11:33:42 cheese-X1tablet kernel: device_release_driver_internal+0x160/0x210 Jun 19 11:33:42 cheese-X1tablet kernel: device_release_driver+0x12/0x20 Jun 19 11:33:42 cheese-X1tablet kernel: bus_remove_device+0x11b/0x190 Jun 19 11:33:42 cheese-X1tablet kernel: device_del+0x1e7/0x360 Jun 19 11:33:42 cheese-X1tablet kernel: hid_destroy_device+0x27/0x60 Jun 19 11:33:42 cheese-X1tablet kernel: usbhid_disconnect+0x49/0x70 Jun 19 11:33:42 cheese-X1tablet kernel: usb_unbind_interface+0x75/0x290 Jun 19 11:33:42 cheese-X1tablet kernel: device_release_driver_internal+0x160/0x210 Jun 19 11:33:42 cheese-X1tablet kernel: device_release_driver+0x12/0x20 Jun 19 11:33:42 cheese-X1tablet kernel: bus_remove_device+0x11b/0x190 Jun 19 11:33:42 cheese-X1tablet kernel: device_del+0x1e7/0x360 Jun 19 11:33:42 cheese-X1tablet kernel: usb_disable_device+0x9f/0x270 Jun 19 11:33:42 cheese-X1tablet kernel: usb_disconnect+0xc8/0x2b0 Jun 19 11:33:42 cheese-X1tablet kernel: hub_event+0x598/0x15e0 Jun 19 11:33:42 cheese-X1tablet kernel: process_one_work+0x253/0x6a0 Jun 19 11:33:42 cheese-X1tablet kernel: worker_thread+0x4d/0x3b0 Jun 19 11:33:42 cheese-X1tablet kernel: kthread+0x133/0x150 Jun 19 11:33:42 cheese-X1tablet kernel: ? process_one_work+0x6a0/0x6a0 Jun 19 11:33:42 cheese-X1tablet kernel: ? kthread_create_on_node+0x70/0x70 Jun 19 11:33:42 cheese-X1tablet kernel: ret_from_fork+0x2a/0x40 Jun 19 11:33:42 cheese-X1tablet kernel: Code: 00 00 00 00 00 41 5c 41 5d 5d c3 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 56 41 55 41 54 53 48 89 fb 48 83 ec 18 <4c> 8b 2f 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 48 8b 87 Jun 19 11:33:42 cheese-X1tablet kernel: RIP: device_del+0x17/0x360 RSP: ffffbd7d40df7a00 Jun 19 11:33:42 cheese-X1tablet kernel: CR2: 0000000000000000 Jun 19 11:33:42 cheese-X1tablet kernel: ---[ end trace a6f1a7b4d9a49be5 ]--- Jun 19 11:33:42 cheese-X1tablet kernel: BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:33 Jun 19 11:33:42 cheese-X1tablet kernel: in_atomic(): 0, irqs_disabled(): 1, pid: 43, name: kworker/2:1 Jun 19 11:33:42 cheese-X1tablet kernel: INFO: lockdep is turned off. Jun 19 11:33:42 cheese-X1tablet kernel: irq event stamp: 980444 Jun 19 11:33:42 cheese-X1tablet kernel: hardirqs last enabled at (980443): [<ffffffffb60cee10>] flush_work+0x2b0/0x320 Jun 19 11:33:42 cheese-X1tablet kernel: hardirqs last disabled at (980444): [<ffffffffb698488c>] error_entry+0x7c/0xd0 Jun 19 11:33:42 cheese-X1tablet kernel: softirqs last enabled at (980426): [<ffffffffb6988012>] __do_softirq+0x382/0x4ed Jun 19 11:33:42 cheese-X1tablet kernel: softirqs last disabled at (980411): [<ffffffffb60b8faf>] irq_exit+0x10f/0x120 Jun 19 11:33:42 cheese-X1tablet kernel: CPU: 2 PID: 43 Comm: kworker/2:1 Tainted: G D 4.12.0-0.rc5.git2.1.fc27.x86_64 #1 Jun 19 11:33:42 cheese-X1tablet kernel: Hardware name: LENOVO 20GGA00L00/20GGA00L00, BIOS N1LET37W (1.19 ) 05/19/2016 Jun 19 11:33:42 cheese-X1tablet kernel: Workqueue: usb_hub_wq hub_event Jun 19 11:33:42 cheese-X1tablet kernel: Call Trace: Jun 19 11:33:42 cheese-X1tablet kernel: dump_stack+0x8e/0xcd Jun 19 11:33:42 cheese-X1tablet kernel: ___might_sleep+0x144/0x260 Jun 19 11:33:42 cheese-X1tablet kernel: __might_sleep+0x4a/0x80 Jun 19 11:33:42 cheese-X1tablet kernel: exit_signals+0x33/0x240 Jun 19 11:33:42 cheese-X1tablet kernel: do_exit+0xb4/0xd30 Jun 19 11:33:42 cheese-X1tablet kernel: ? kthread+0x133/0x150 Jun 19 11:33:42 cheese-X1tablet kernel: rewind_stack_do_exit+0x17/0x20 Jun 19 11:33:42 cheese-X1tablet kernel: intel-vbtn INT33D6:00: unknown event index 0xcc Jun 19 11:33:42 cheese-X1tablet kernel: intel-vbtn INT33D6:00: unknown event index 0xcb Jun 19 11:33:43 cheese-X1tablet kernel: thinkpad_acpi: unhandled HKEY event 0x4013 Jun 19 11:33:43 cheese-X1tablet kernel: thinkpad_acpi: please report the conditions when this event happened to ibm-acpi-devel.net Jun 19 11:33:43 cheese-X1tablet kernel: int3403 thermal INT3403:01: Unsupported event [0x91] Jun 19 11:33:43 cheese-X1tablet kernel: int3403 thermal INT3403:00: Unsupported event [0x91] Jun 19 11:33:43 cheese-X1tablet kernel: intel-vbtn INT33D6:00: unknown event index 0xcc Jun 19 11:33:43 cheese-X1tablet kernel: intel-vbtn INT33D6:00: unknown event index 0xcb Can you share the output of lsusb -vvv for the problematic device? This bug will probably need to go to the upstream maintainers (In reply to Laura Abbott from comment #2) > Can you share the output of lsusb -vvv for the problematic device? This bug > will probably need to go to the upstream maintainers I reported upstream https://bugzilla.kernel.org/show_bug.cgi 'lsusb -vvv' output is also posted there. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef14a4bf0910d06c7e202552914028d4956809cb This commit in current master fixed this issue. And the commit can be applied to 4.13 branch cleanly. kernel-4.13.16-302.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0c1f44130 kernel-4.13.16-202.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ea11e444d kernel-4.13.16-302.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0c1f44130 kernel-4.13.16-202.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ea11e444d kernel-4.13.16-302.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.13.16-202.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.14.3-300.fc27 does not include the patch. Sorry about that! I've added it back and it should show up in the next build (after 4.14.5). kernel-4.14.6-300.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-129969aa8a kernel-4.14.6-300.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-129969aa8a kernel-4.14.6-200.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba6b6e71f7 kernel-4.14.6-200.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ba6b6e71f7 kernel-4.14.6-300.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.14.6-200.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. |