kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #56692
[Bug 1308537] Re: [usb_wwan] unable to handle kernel NULL pointer dereference
Moez, looks like you're hitting a bug that hasn't been fixed upstream
yet. I've took a look at the usb_wwan driver and it seems that function
usb_wwan_write() is missing a NULL check to 'this_urb' variable.
I've added this check (see patch attached) and compiled a test kernel .
Could you please give this kernel a try and report back after some good
amount of testing? I would like you to run this test for a while and
post the kernel logs -- if this patch actually solves the problem, you
should see something like 'usb_wwan_write: Invalid URB' in the logs.
Here's the link to the test kernel:
http://people.canonical.com/~henrix/lp1308537/v1/
** Patch added: "0001-USB-usb_wwan-fix-a-NULL-pointer-dereference.patch"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1308537/+attachment/4092961/+files/0001-USB-usb_wwan-fix-a-NULL-pointer-dereference.patch
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1308537
Title:
[usb_wwan] unable to handle kernel NULL pointer dereference
Status in “linux” package in Ubuntu:
Incomplete
Bug description:
the lastest linux kernel update 3.13.0-24.46-generic 3.13.9 (maybe the
previous one too) causes ModemManager to crash.
sometimes, when using my usb modem (Huawei E367), it disconnects, and it becomes no longer detected by networkManager
even lsusb command doesn't works (terminal waiting for command output) and shut-downing laptop doesn't complete
this happens rarely since last days (~6 days), i'm not sure if the 2
previous kernel update had the same problems.
note: some updates i did since last week:
usb-modeswitch to 2.1.1+repack0-1ubuntu1
usb-modemswitch-data to 20140327-1
network-manager to 0.9.8.8-0ubuntu7
modemmanager to 1.0.0-2ubuntu1
that's a part of dmesg:
[ 60.800205] usb 1-1.2: new high-speed USB device number 6 using ehci-pci
[ 60.894660] usb 1-1.2: New USB device found, idVendor=12d1, idProduct=1506
[ 60.894665] usb 1-1.2: New USB device strings: Mfr=4, Product=3, SerialNumber=0
[ 60.894667] usb 1-1.2: Product: HUAWEI Mobile
[ 60.894670] usb 1-1.2: Manufacturer: Huawei Technologies
[ 60.995115] usb-storage 1-1.2:1.5: USB Mass Storage device detected
[ 60.995253] scsi9 : usb-storage 1-1.2:1.5
[ 60.995376] usb-storage 1-1.2:1.6: USB Mass Storage device detected
[ 60.995546] scsi10 : usb-storage 1-1.2:1.6
[ 61.496860] init: plymouth-stop pre-start process (2937) terminated with status 1
[ 61.670486] usbcore: registered new interface driver usbserial
[ 61.670497] usbcore: registered new interface driver usbserial_generic
[ 61.670504] usbserial: USB Serial support registered for generic
[ 61.745311] usbcore: registered new interface driver option
[ 61.745343] usbserial: USB Serial support registered for GSM modem (1-port)
[ 61.745440] option 1-1.2:1.0: GSM modem (1-port) converter detected
[ 61.745647] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB0
[ 61.745708] option 1-1.2:1.3: GSM modem (1-port) converter detected
[ 61.745841] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB1
[ 61.745854] option 1-1.2:1.4: GSM modem (1-port) converter detected
[ 61.745915] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB2
[ 61.770270] usbcore: registered new interface driver cdc_wdm
[ 61.843039] qmi_wwan 1-1.2:1.1: cdc-wdm0: USB WDM device
[ 61.843302] qmi_wwan 1-1.2:1.1 wwan0: register 'qmi_wwan' at usb-0000:00:1a.0-1.2, WWAN/QMI device, ea:19:6a:61:bf:5c
[ 61.843444] usbcore: registered new interface driver qmi_wwan
[ 61.849565] init: Failed to spawn ufw pre-start process: unable to execute: No such file or directory
[ 61.851836] init: Failed to spawn ufw post-stop process: unable to execute: No such file or directory
[ 66.340565] audit_printk_skb: 225 callbacks suppressed
[ 66.340568] type=1400 audit(1397646973.192:87): apparmor="DENIED" operation="mkdir" profile="/usr/lib/telepathy/mission-control-5" name="/var/lib/gdm/.config/libaccounts-glib/" pid=3731 comm="mission-control" requested_mask="c" denied_mask="c" fsuid=124 ouid=124
[ 66.341982] type=1400 audit(1397646973.196:88): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/mission-control-5" name="/usr/share/dconf/profile/gdm" pid=3731 comm="mission-control" requested_mask="r" denied_mask="r" fsuid=124 ouid=0
[ 67.019714] scsi 9:0:0:0: CD-ROM HUAWEI Mass Storage 2.31 PQ: 0 ANSI: 2
[ 67.022204] scsi 10:0:0:0: Direct-Access HUAWEI TF CARD Storage PQ: 0 ANSI: 2
[ 67.024330] sr1: scsi-1 drive
[ 67.024458] sr 9:0:0:0: Attached scsi CD-ROM sr1
[ 67.024520] sr 9:0:0:0: Attached scsi generic sg2 type 5
[ 67.025063] sd 10:0:0:0: Attached scsi generic sg3 type 0
[ 67.028154] sd 10:0:0:0: [sdb] Attached SCSI removable disk
[ 76.842946] usb 1-1.2: USB disconnect, device number 6
[ 76.845200] option1 ttyUSB0: option_instat_callback: error -108
[ 76.845383] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[ 76.845400] option 1-1.2:1.0: device disconnected
[ 76.847619] qmi_wwan 1-1.2:1.1 wwan0: unregister 'qmi_wwan' usb-0000:00:1a.0-1.2, WWAN/QMI device
[ 76.866208] option1 ttyUSB1: GSM modem (1-port) converter now disconnected from ttyUSB1
[ 76.866237] option 1-1.2:1.3: device disconnected
[ 76.866391] option1 ttyUSB2: GSM modem (1-port) converter now disconnected from ttyUSB2
[ 76.866407] option 1-1.2:1.4: device disconnected
[ 80.171902] type=1400 audit(1397646987.012:89): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=3868 comm="apparmor_parser"
[ 80.171910] type=1400 audit(1397646987.012:90): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=3868 comm="apparmor_parser"
[ 80.172321] type=1400 audit(1397646987.012:91): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=3868 comm="apparmor_parser"
[ 80.396920] usb 1-1.2: new high-speed USB device number 7 using ehci-pci
[ 80.491907] usb 1-1.2: New USB device found, idVendor=12d1, idProduct=1446
[ 80.491911] usb 1-1.2: New USB device strings: Mfr=3, Product=2, SerialNumber=0
[ 80.491913] usb 1-1.2: Product: HUAWEI Mobile
[ 80.491915] usb 1-1.2: Manufacturer: Huawei Technologies
[ 80.591412] usb-storage 1-1.2:1.0: USB Mass Storage device detected
[ 80.591669] scsi11 : usb-storage 1-1.2:1.0
[ 80.591883] usb-storage 1-1.2:1.1: USB Mass Storage device detected
[ 80.592112] scsi12 : usb-storage 1-1.2:1.1
[ 82.223279] usb 1-1.2: USB disconnect, device number 7
[ 86.125760] usb 1-1.2: new high-speed USB device number 8 using ehci-pci
[ 86.220993] usb 1-1.2: New USB device found, idVendor=12d1, idProduct=1506
[ 86.220997] usb 1-1.2: New USB device strings: Mfr=4, Product=3, SerialNumber=0
[ 86.220999] usb 1-1.2: Product: HUAWEI Mobile
[ 86.221001] usb 1-1.2: Manufacturer: Huawei Technologies
[ 86.320666] option 1-1.2:1.0: GSM modem (1-port) converter detected
[ 86.320844] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB0
[ 86.321000] option 1-1.2:1.1: GSM modem (1-port) converter detected
[ 86.321184] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB1
[ 86.321311] option 1-1.2:1.2: GSM modem (1-port) converter detected
[ 86.321395] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB2
[ 86.321453] option 1-1.2:1.3: GSM modem (1-port) converter detected
[ 86.321493] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB3
[ 86.321547] option 1-1.2:1.4: GSM modem (1-port) converter detected
[ 86.321609] usb 1-1.2: GSM modem (1-port) converter now attached to ttyUSB4
[ 86.321663] usb-storage 1-1.2:1.5: USB Mass Storage device detected
[ 86.321732] scsi13 : usb-storage 1-1.2:1.5
[ 86.321848] usb-storage 1-1.2:1.6: USB Mass Storage device detected
[ 86.321886] scsi14 : usb-storage 1-1.2:1.6
[ 90.204704] BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
[ 90.204767] IP: [<ffffffffa099762f>] usb_wwan_write+0x12f/0x2e0 [usb_wwan]
[ 90.204796] PGD 23f48b067 PUD 21c653067 PMD 0
[ 90.204815] Oops: 0000 [#1] SMP
[ 90.204830] Modules linked in: qmi_wwan cdc_wdm option usbnet usb_wwan usbserial ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT xt_CHECKSUM iptable_mangle xt_tcpudp bridge stp llc acpi_call(OF) nvram ip6table_filter ip6_tables iptable_filter ip_tables ebtable_nat ebtables x_tables pci_stub vboxpci(OF) vboxnetadp(OF) vboxnetflt(OF) vboxdrv(OF) uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core videodev ath3k btusb rfcomm bnep bluetooth binfmt_misc joydev snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_page_alloc arc4 intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp snd_seq_midi ath9k kvm_intel snd_seq_midi_event ath9k_common kvm ath9k_hw snd_rawmidi ath nls_iso8859_1 mac80211 snd_seq psmouse serio_raw snd_seq_device lpc_ich snd_timer cfg80211 mei_me snd mei soundcore sparse_keymap toshiba_bluetooth mac_hid parport_pc ppdev lp parport btrfs xor raid6_pq libcrc32c dm_crypt ums_realtek usb_storage radeon crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper i2c_algo_bit ablk_helper ttm cryptd drm_kms_helper drm ahci r8169 libahci mii wmi video
[ 90.205325] CPU: 4 PID: 1066 Comm: ModemManager Tainted: GF O 3.13.0-24-generic #46-Ubuntu
[ 90.205358] Hardware name: TOSHIBA SATELLITE L870-18Z/PLCSF8, BIOS 6.60 4/03/2013
[ 90.205385] task: ffff88021c6b8000 ti: ffff88023e616000 task.ti: ffff88023e616000
[ 90.205411] RIP: 0010:[<ffffffffa099762f>] [<ffffffffa099762f>] usb_wwan_write+0x12f/0x2e0 [usb_wwan]
[ 90.205446] RSP: 0018:ffff88023e617d58 EFLAGS: 00010283
[ 90.205471] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001
[ 90.205500] RDX: 0000000000000000 RSI: 0000000000220020 RDI: 0000000000000202
[ 90.205524] RBP: ffff88023e617dd0 R08: 0000000000000000 R09: 0000000000000000
[ 90.205549] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000001000
[ 90.205574] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8802189f0500
[ 90.205599] FS: 00007f2d2968a840(0000) GS:ffff88024ed00000(0000) knlGS:0000000000000000
[ 90.205627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 90.205647] CR2: 0000000000000068 CR3: 000000023e2f6000 CR4: 00000000001407e0
[ 90.205672] Stack:
[ 90.205680] ffff88023f6182e8 ffff8802189f0500 00000001814498d9 ffff8802189f0590
[ 90.205709] dead000000100100 ffff88023f618000 00001c04ad65de28 ffff88023e743000
[ 90.205737] ffff8802189f0580 ffff880241e478e0 ffff8800ad65d000 ffff88023f618000
[ 90.205765] Call Trace:
[ 90.205779] [<ffffffffa095796d>] serial_write+0x4d/0xb0 [usbserial]
[ 90.205804] [<ffffffff814453a6>] n_tty_write+0x166/0x4e0
[ 90.205827] [<ffffffff8109a790>] ? wake_up_state+0x20/0x20
[ 90.205848] [<ffffffff81441ef8>] tty_write+0x148/0x2a0
[ 90.205868] [<ffffffff81445240>] ? process_echoes+0x70/0x70
[ 90.205891] [<ffffffff811b9534>] vfs_write+0xb4/0x1f0
[ 90.205910] [<ffffffff811b9f69>] SyS_write+0x49/0xa0
[ 90.205931] [<ffffffff8172663f>] tracesys+0xe1/0xe6
[ 90.205948] Code: 04 0f 85 28 01 00 00 48 8b 45 b0 48 8b 00 48 8b 78 10 e8 95 a0 ba e0 85 c0 0f 88 bd 00 00 00 81 fb 00 10 00 00 41 bc 00 10 00 00 <49> 8b 7d 68 44 0f 4e e3 48 8b 75 c0 49 63 c4 48 89 c2 48 89 45
[ 90.206064] RIP [<ffffffffa099762f>] usb_wwan_write+0x12f/0x2e0 [usb_wwan]
[ 90.206099] RSP <ffff88023e617d58>
[ 90.206108] CR2: 0000000000000068
[ 90.212715] ---[ end trace d5049c6feb598e80 ]---
[ 92.336441] scsi 13:0:0:0: CD-ROM HUAWEI Mass Storage 2.31 PQ: 0 ANSI: 2
[ 92.336968] scsi 14:0:0:0: Direct-Access HUAWEI TF CARD Storage PQ: 0 ANSI: 2
[ 92.339241] sr1: scsi-1 drive
[ 92.339379] sr 13:0:0:0: Attached scsi CD-ROM sr1
[ 92.339437] sr 13:0:0:0: Attached scsi generic sg2 type 5
[ 92.339616] sd 14:0:0:0: Attached scsi generic sg3 type 0
[ 92.346739] sd 14:0:0:0: [sdb] Attached SCSI removable disk
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-24-generic 3.13.0-24.46
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu2
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: lejenome 4177 F.... pulseaudio
/dev/snd/controlC0: lejenome 4177 F.... pulseaudio
/dev/snd/pcmC0D0p: lejenome 4177 F...m pulseaudio
CurrentDesktop: GNOME
Date: Wed Apr 16 13:42:00 2014
HibernationDevice: RESUME=UUID=f727c496-92fb-4b5c-9727-c977b063862a
InstallationDate: Installed on 2013-10-23 (174 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
MachineType: TOSHIBA SATELLITE L870-18Z
ProcFB: 0 radeondrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-24-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro quiet splash intel_pstate=enable vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-3.13.0-24-generic N/A
linux-backports-modules-3.13.0-24-generic N/A
linux-firmware 1.127
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 4/03/2013
dmi.bios.vendor: Insyde Corp.
dmi.bios.version: 6.60
dmi.board.asset.tag: Type2 - Board Asset Tag
dmi.board.name: PLCSF8
dmi.board.vendor: Intel
dmi.board.version: Type2 - Board Version
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: OEM Chassis Manufacturer
dmi.chassis.version: OEM Chassis Version
dmi.modalias: dmi:bvnInsydeCorp.:bvr6.60:bd4/03/2013:svnTOSHIBA:pnSATELLITEL870-18Z:pvrPSKFNE-00Q03QG4:rvnIntel:rnPLCSF8:rvrType2-BoardVersion:cvnOEMChassisManufacturer:ct10:cvrOEMChassisVersion:
dmi.product.name: SATELLITE L870-18Z
dmi.product.version: PSKFNE-00Q03QG4
dmi.sys.vendor: TOSHIBA
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1308537/+subscriptions
References