Ubuntu
linux package

connecting gigaset USB device causes null pointer error

Bug #417732 reported by darthvader
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Unassigned
Jaunty
Fix Released
Medium
Stefan Bader

Bug Description

SRU justification:

Impact: One of the updates from 2.6.28.10 for unknown reasons messed up the backport of the patch from upstream, placing some code at the wrong place which causes an Oops as soon as the module is loaded and the hardware gets probed.

Fix: Move the code section to the same place the upstream patch had intended the code to go.

Testcase: Plugging in the Gigaset ISDN hardware, which causes the module to be loaded and the hardware to be probed (fix verified by reporter).

---

Binary package hint: linux-image-2.6.28-15-generic

Ubuntu: 9.04 64bit

Since upgrading to the regular 2.6.28-15 kernel, there's an error when connecting a gigaset ISDN phone via USB:
snippet from /var/log/kern.log:

Aug 23 01:12:33 sith kernel: [10943.104011] usb 7-2: new full speed USB device using uhci_hcd and address 2
Aug 23 01:12:33 sith kernel: [10943.309106] usb 7-2: configuration #1 chosen from 1 choice
Aug 23 01:12:33 sith kernel: [10943.382989] ISDN subsystem Rev: 1.1.2.3/1.1.2.3/1.1.2.2/1.1.2.3/1.1.2.2/1.1.2.2 loaded
Aug 23 01:12:33 sith kernel: [10943.393660] gigaset: Hansjoerg Lipp <email address hidden>, Tilman Schmidt <email address hidden>, Stefan Eilers
Aug 23 01:12:33 sith kernel: [10943.393663] gigaset: Driver for Gigaset 307x
Aug 23 01:12:33 sith kernel: [10943.406219] BUG: unable to handle kernel NULL pointer dereference at 0000000000000158
Aug 23 01:12:33 sith kernel: [10943.406223] IP: [<ffffffffa0c83d1b>] gigaset_probe+0x6b/0x4d0 [bas_gigaset]
Aug 23 01:12:33 sith kernel: [10943.406229] PGD 15dc6f067 PUD 16c840067 PMD 0
Aug 23 01:12:33 sith kernel: [10943.406233] Oops: 0002 [#1] SMP
Aug 23 01:12:33 sith kernel: [10943.406235] last sysfs file: /sys/devices/pci0000:00/0000:00:1d.1/usb7/7-2/usb_endpoint/usbdev7.2_ep00/dev
Aug 23 01:12:33 sith kernel: [10943.406239] Dumping ftrace buffer:
Aug 23 01:12:33 sith kernel: [10943.406241] (ftrace buffer empty)
Aug 23 01:12:33 sith kernel: [10943.406243] CPU 1
Aug 23 01:12:33 sith kernel: [10943.406244] Modules linked in: bas_gigaset(+) gigaset isdn crc_ccitt bridge stp bnep binfmt_misc vmnet ppdev parport_pc vmblock vmci vmmon video output input_polldev deflate zlib_deflate ctr twofish twofish_common camellia serpent blowfish des_generic cbc aes_x86_64 aes_generic xcbc rmd160 sha256_generic sha1_generic crypto_null af_key dm_crypt coretemp lp parport tuner_simple snd_hda_intel tuner_types snd_pcm_oss snd_mixer_oss tuner tvaudio snd_bt87x msp3400 snd_pcm snd_seq_dummy bttv snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event ir_common snd_seq compat_ioctl32 videodev v4l1_compat snd_timer snd_seq_device i2c_algo_bit psmouse v4l2_common snd videobuf_dma_sg videobuf_core btcx_risc soundcore serio_raw snd_page_alloc tveeprom intel_agp iTCO_wdt iTCO_vendor_support nvidia(P) pcspkr joydev usbhid r8169 mii floppy raid10 raid456 async_xor async_memcpy async_tx xor raid1 raid0 multipath linear fbcon tileblit font bitblit softcursor
Aug 23 01:12:33 sith kernel: [10943.406303] Pid: 11815, comm: modprobe Tainted: P 2.6.28-15-generic #49-Ubuntu
Aug 23 01:12:33 sith kernel: [10943.406305] RIP: 0010:[<ffffffffa0c83d1b>] [<ffffffffa0c83d1b>] gigaset_probe+0x6b/0x4d0 [bas_gigaset]
Aug 23 01:12:33 sith kernel: [10943.406310] RSP: 0018:ffff880194de3ba8 EFLAGS: 00010282
Aug 23 01:12:33 sith kernel: [10943.406312] RAX: ffff8801acc13880 RBX: ffff8801818b1430 RCX: 0000000000000002
Aug 23 01:12:33 sith kernel: [10943.406314] RDX: ffff88002804efe0 RSI: 00000000000000d0 RDI: 0000000000000282
Aug 23 01:12:33 sith kernel: [10943.406315] RBP: ffff880194de3bf8 R08: 0000000000000001 R09: ffff880194de3908
Aug 23 01:12:33 sith kernel: [10943.406317] R10: 0000000000000001 R11: ffff880194de3ac8 R12: ffff8801a3c9d088
Aug 23 01:12:33 sith kernel: [10943.406319] R13: ffff880196856398 R14: ffff8801a3c9d000 R15: ffff8801818b1400
Aug 23 01:12:33 sith kernel: [10943.406321] FS: 00007f1ff45376f0(0000) GS:ffff8801af802b80(0000) knlGS:0000000000000000
Aug 23 01:12:33 sith kernel: [10943.406323] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Aug 23 01:12:33 sith kernel: [10943.406325] CR2: 0000000000000158 CR3: 000000017b0a0000 CR4: 00000000000006a0
Aug 23 01:12:33 sith kernel: [10943.406327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Aug 23 01:12:33 sith kernel: [10943.406329] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Aug 23 01:12:33 sith kernel: [10943.406331] Process modprobe (pid: 11815, threadinfo ffff880194de2000, task ffff8801845bc320)
Aug 23 01:12:33 sith kernel: [10943.406333] Stack:
Aug 23 01:12:33 sith kernel: [10943.406334] ffffffff80532438 ffff8801a3c9d000 ffff880194de3be8 ffffffff80532b80
Aug 23 01:12:33 sith kernel: [10943.406337] ffff8801818b1430 ffff8801818b1430 0000000000000000 ffff8801818b1400
Aug 23 01:12:33 sith kernel: [10943.406341] ffffffffa0c89ac8 ffffffffa0c8d628 ffff880194de3c48 ffffffff80533293
Aug 23 01:12:33 sith kernel: [10943.406345] Call Trace:
Aug 23 01:12:33 sith kernel: [10943.406346] [<ffffffff80532438>] ? usb_match_one_id+0x38/0xd0
Aug 23 01:12:33 sith kernel: [10943.406352] [<ffffffff80532b80>] ? usb_autopm_do_device+0xc0/0x110
Aug 23 01:12:33 sith kernel: [10943.406357] [<ffffffff80533293>] usb_probe_interface+0xc3/0x180
Aug 23 01:12:33 sith kernel: [10943.406363] [<ffffffff804ba67d>] really_probe+0x6d/0x1a0
Aug 23 01:12:33 sith kernel: [10943.406368] [<ffffffff804ba7fb>] driver_probe_device+0x4b/0x60
Aug 23 01:12:33 sith kernel: [10943.406371] [<ffffffff804ba8ab>] __driver_attach+0x9b/0xa0
Aug 23 01:12:33 sith kernel: [10943.406373] [<ffffffff804ba810>] ? __driver_attach+0x0/0xa0
Aug 23 01:12:33 sith kernel: [10943.406376] [<ffffffff804b9e6b>] bus_for_each_dev+0x6b/0xa0
Aug 23 01:12:33 sith kernel: [10943.406380] [<ffffffff804ba4fc>] driver_attach+0x1c/0x20
Aug 23 01:12:33 sith kernel: [10943.406382] [<ffffffff804b965d>] bus_add_driver+0x14d/0x250
Aug 23 01:12:33 sith kernel: [10943.406387] [<ffffffff804baa9c>] driver_register+0x6c/0x150
Aug 23 01:12:33 sith kernel: [10943.406391] [<ffffffff805335f9>] usb_register_driver+0xa9/0x120
Aug 23 01:12:33 sith kernel: [10943.406395] [<ffffffffa003f000>] ? bas_gigaset_init+0x0/0xae [bas_gigaset]
Aug 23 01:12:33 sith kernel: [10943.406399] [<ffffffffa003f055>] bas_gigaset_init+0x55/0xae [bas_gigaset]
Aug 23 01:12:33 sith kernel: [10943.406403] [<ffffffff8020a03b>] do_one_initcall+0x3b/0x170
Aug 23 01:12:33 sith kernel: [10943.406406] [<ffffffff802d0555>] ? __vunmap+0xc5/0x110
Aug 23 01:12:33 sith kernel: [10943.406411] [<ffffffff802d05f5>] ? vfree+0x25/0x30
Aug 23 01:12:33 sith kernel: [10943.406414] [<ffffffff8027f1dc>] ? load_module+0x11dc/0x11f0
Aug 23 01:12:33 sith kernel: [10943.406421] [<ffffffff8027f29d>] sys_init_module+0xad/0x1e0
Aug 23 01:12:33 sith kernel: [10943.406424] [<ffffffff8021253a>] system_call_fastpath+0x16/0x1b
Aug 23 01:12:33 sith kernel: [10943.406428] Code: 00 00 00 4c 89 f7 e8 e5 d6 8a df 85 c0 0f 88 b7 03 00 00 4d 8b 6f 08 be d0 00 00 00 48 c7 c7 b8 bc 9a 80 e8 28 e9 65 df 48 85 c0 <48> 89 04 25 58 01 00 00 74 56 41 0f b6 5d 05 80 fb ff 74 65 49
Aug 23 01:12:33 sith kernel: [10943.406456] RIP [<ffffffffa0c83d1b>] gigaset_probe+0x6b/0x4d0 [bas_gigaset]
Aug 23 01:12:33 sith kernel: [10943.406461] RSP <ffff880194de3ba8>
Aug 23 01:12:33 sith kernel: [10943.406462] CR2: 0000000000000158
Aug 23 01:12:33 sith kernel: [10943.406464] ---[ end trace c50f091eb174654e ]---

This prevents the system from shutting down, hibernating or going to standby properly. If a type "lsusb" the shell hangs forever.
Up to the previous kernel (linux-image-2.6.28-15-generic), everything worked fine. When plugging the usb phone connection, there was:
Aug 23 11:29:35 sith kernel: [ 158.416016] usb 7-2: new full speed USB device using uhci_hcd and address 2
Aug 23 11:29:35 sith kernel: [ 158.617889] usb 7-2: configuration #1 chosen from 1 choice
Aug 23 11:29:35 sith kernel: [ 158.697746] ISDN subsystem Rev: 1.1.2.3/1.1.2.3/1.1.2.2/1.1.2.3/1.1.2.2/1.1.2.2 loaded
Aug 23 11:29:35 sith kernel: [ 158.707560] gigaset: Hansjoerg Lipp <email address hidden>, Tilman Schmidt <email address hidden>, Stefan Eilers
Aug 23 11:29:35 sith kernel: [ 158.707563] gigaset: Driver for Gigaset 307x
Aug 23 11:29:35 sith kernel: [ 158.718944] usb 7-2: gigaset_probe: Device matched (Vendor: 0x681, Product: 0x22)
Aug 23 11:29:35 sith kernel: [ 158.719024] usbcore: registered new interface driver bas_gigaset
Aug 23 11:29:35 sith kernel: [ 158.719027] bas_gigaset: Tilman Schmidt <email address hidden>, Hansjoerg Lipp <email address hidden>, Stefan Eilers
Aug 23 11:29:35 sith kernel: [ 158.719029] bas_gigaset: USB Driver for Gigaset 307x

In linux-image-2.6.28-14-generic, "lsusb" gives:
$ lsusb
Bus 002 Device 002: ID 04e8:2004 Samsung Electronics Co., Ltd
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 008 Device 002: ID 046d:c529 Logitech, Inc.
Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 002: ID 0681:0022 Siemens Information and Communication Products Gigaset SX353 ISDN
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

See original description
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Hi darthvader,

And just to completely confirm, this was not an issue with 2.6.28-14 (ie this is a regression). Thanks.

Changed in linux (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
darthvader (sarmbruster) wrote :

Exactly, with 2.6.28-14 it works like a charm.

Leann Ogasawara (leannogasawara)
tags: added: regression-update
Revision history for this message
Stefan Bader (smb) wrote :

A quick look at the code showed that the 2.6.28.10 stable tree from which patches were pulled, contains a broken commit for the bas_gigaset file. The hunk of code that allocates memory is at a different place than in the upstream patch. This causes a pointer to be accessed at the wrong time. I created a patch and some test kernels which can be found at http://people.canonical.com/~smb/bug417732. Could you try this and report back whether that fixes your problem? Thanks

Changed in linux (Ubuntu):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
status: Triaged → In Progress
Revision history for this message
darthvader (sarmbruster) wrote :

With the patched kernel provided in comment #3, the issue is resolved. Pluging and unplugging the gigaset works fine, as well as lsusb, as well as hibernate/supsend. Thank you very much for your ultrafast helpful feedback.

Stefan Bader (smb)
description: updated
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Jaunty):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → Fix Committed
Changed in linux (Ubuntu):
assignee: Stefan Bader (stefan-bader-canonical) → nobody
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted linux into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Revision history for this message
darthvader (sarmbruster) wrote :

Just installed https://launchpad.net/ubuntu/+source/linux/2.6.28-15.51/+build/1198055/+files/linux-image-2.6.28-15-generic_2.6.28-15.51_amd64.deb. Works fine with the Gigaset ISDN USB device. Thanks.

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.28-15.52

---------------
linux (2.6.28-15.52) jaunty-proposed; urgency=low

  [ Stefan Bader ]

  * Revert "SAUCE: ACPI: Populate DIDL before registering ACPI video device
    on Intel"
    - LP: #423296
  * SAUCE: Allow less restrictive acpi video detection
    - LP: #333386

  [ Upstream Kernel Changes ]

  * include drivers/pci/hotplug/* in -virtual package
    - LP: #364916
  * ext4: don't call jbd2_journal_force_commit_nested without journal
    - LP: #418197
  * ext4: fix ext4_free_inode() vs. ext4_claim_inode() race
    - LP: #418197
  * ext4: fix bogus BUG_ONs in in mballoc code
    - LP: #418197
  * ext4: fix typo which causes a memory leak on error path
    - LP: #418197
  * ext4: Fix softlockup caused by illegal i_file_acl value in on-disk
    inode
    - LP: #418197
  * ext4: Fix sub-block zeroing for writes into preallocated extents
    - LP: #418197
  * jbd2: Call journal commit callback without holding j_list_lock
    - LP: #418197
  * ext4: Print the find_group_flex() warning only once
    - LP: #367065
  * ext4: really print the find_group_flex fallback warning only once
    - LP: #367065

linux (2.6.28-15.51) jaunty-proposed; urgency=low

  [ Colin Ian King ]

  * SAUCE: wireless: hostap, fix oops due to early probing interrupt
    - LP: #254837

  [ Leann Ogasawara ]

  * Add the atl1c driver to support Atheros AR8132
    - LP: #415358
  * Updating configs to enable the atl1c driver
    - LP: #415358

  [ Stefan Bader ]

  * Revert "SAUCE: input: Blacklist digitizers from joydev.c"
    - LP: #300143
  * SAUCE: Fix the exported name for e1000e-next
    - LP: #402890
  * SAUCE: Fix incorrect stable backport to bas_gigaset
    - LP: #417732
  * SAUCE: Remove the atl2 driver from the ubuntu subdirectory
    - LP: #419438

linux (2.6.28-15.50) jaunty-proposed; urgency=low

  [ Colin Ian King ]

  * SAUCE: radio-maestro: fix panics on probe failure
    - LP: #357724
  * SAUCE: HDA Intel, sigmatel: Enable speakers on HP Mini 1000
    - LP: #318942

  [ Jerone Young ]

  * SAUCE: Fix Soltech TA12 volume hotkeys not sending key release in
    Jaunty
    - LP: #397499

  [ John Johansen ]

  * SAUCE: remove AppArmor debug check for calls from interrupt context
    - LP: #350789

  [ Manoj Iyer ]

  * SAUCE: Fix kernel panic when SELinux is enabled.
    - LP: #395219

  [ Matthew Garrett ]

  * SAUCE: ACPI: Populate DIDL before registering ACPI video device on
    Intel

  [ Michael Frey (Senior Manager, MID ]

  * SAUCE: Fix for internal microphone for Dell Mini10V
    - LP: #394793

  [ Tim Gardner ]

  * SAUCE: Added e1000e from sourceforge.
    - LP: #402890

  [ Upstream Kernel Changes ]

  * Input: synaptics - report multi-taps only if supported by the device
    - LP: #399787
  * ftdi_sio: fix kref leak
    - LP: #396930, #376128
  * IPv6: add "disable" module parameter support to ipv6.ko
    - LP: #351656

 -- Stefan Bader <email address hidden> Thu, 27 Aug 2009 15:09:06 +0200

Changed in linux (Ubuntu Jaunty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.