[Bug 217862] [BUG] Alauda driver causes oops when inserted with card in with transfer buffer is on stack, throws errors if card is inserted afterwards.

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: bugzilla-daemon@kernel.org
To: linux-usb@vger.kernel.org
Subject: [Bug 217862] [BUG] Alauda driver causes oops when inserted with card in with transfer buffer is on stack, throws errors if card is inserted afterwards.
Date: Mon, 04 Sep 2023 19:41:36 +0000	[thread overview]
Message-ID: <bug-217862-208809-0MUfEtFBKM@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-217862-208809@https.bugzilla.kernel.org/>

https://bugzilla.kernel.org/show_bug.cgi?id=217862

--- Comment #5 from pawlick3r@proton.me ---
(In reply to Alan Stern from comment #4)
> Created attachment 305027 [details]
> Fix IO buffer on stack in alauda subdriver
> 
> Try the attached patch.  It should fix all the other instances of I/O done
> to a buffer on the stack in the alauda driver.

It fixes that error, but not the deference error:

[   63.134053] usb 1-1.2: new full-speed USB device number 6 using ehci-pci
[   63.260694] usb 1-1.2: New USB device found, idVendor=0584, idProduct=0008,
bcdDevice= 1.02
[   63.260715] usb 1-1.2: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
[   63.260721] usb 1-1.2: Product: USB SmartMedia Adapter
[   63.260726] usb 1-1.2: Manufacturer: YAMAICHI ELECTRONICS Co.,Ltd.
[   63.341974] usbcore: registered new interface driver usb-storage
[   63.348722] ums-alauda 1-1.2:1.0: USB Mass Storage device detected
[   63.348926] scsi host6: usb-storage 1-1.2:1.0
[   63.349032] usbcore: registered new interface driver ums-alauda
[   64.355307] scsi 6:0:0:0: Direct-Access     Fujifilm DPC-R1 (Alauda)  0102
PQ: 0 ANSI: 0 CCS
[   64.355494] scsi 6:0:0:1: Direct-Access     Fujifilm DPC-R1 (Alauda)  0102
PQ: 0 ANSI: 0 CCS
[   64.356335] sd 6:0:0:0: Attached scsi generic sg1 type 0
[   64.356814] sd 6:0:0:0: [sdb] Media removed, stopped polling
[   64.356970] sd 6:0:0:1: Attached scsi generic sg2 type 0
[   64.357651] sd 6:0:0:0: [sdb] Attached SCSI removable disk
[   95.571120] usb 1-1.2: reset full-speed USB device number 6 using ehci-pci
[   95.686034] sd 6:0:0:1: [sdc] 16000 512-byte logical blocks: (8.19 MB/7.81
MiB)
[   95.686147] sd 6:0:0:1: [sdc] Test WP failed, assume Write Enabled
[   95.686243] sd 6:0:0:1: [sdc] Asking for cache data failed
[   95.686260] sd 6:0:0:1: [sdc] Assuming drive cache: write through
[  126.209261] BUG: kernel NULL pointer dereference, address: 0000000000000000
[  126.209295] #PF: supervisor read access in kernel mode
[  126.209306] #PF: error_code(0x0000) - not-present page
[  126.209453] PGD 0 P4D 0 
[  126.209474] Oops: 0000 [#1] PREEMPT SMP PTI
[  126.209491] CPU: 3 PID: 2777 Comm: usb-storage Not tainted 6.5.1-custom #3
[  126.209507] Hardware name: LENOVO 42872VU/42872VU, BIOS 8DET54WW (1.24 )
10/18/2011
[  126.209513] RIP: 0010:alauda_transport+0x4e6/0x12e2 [ums_alauda]
[  126.209538] Code: 0f 4c 8b b1 98 00 00 00 49 83 fe 01 0f 87 6f 0a 00 00 4b
8d 0c 76 44 89 e8 44 8b 6d a8 48 c1 e1 04 48 8b 4c 0b 20 48 8b 04 c1 <42> 0f b7
04 68 66 83 f8 ff 0f 84 18 ff ff ff 44 0f b7 f8 49 83 fe
[  126.209546] RSP: 0018:ffffa17ac0bb3cd0 EFLAGS: 00010206
[  126.209555] RAX: 0000000000000000 RBX: ffff8ab097457a80 RCX:
ffff8ab1913c6ac8
[  126.209561] RDX: 00000000019c2003 RSI: ffffd88bc0000000 RDI:
0000000000000000
[  126.209567] RBP: ffffa17ac0bb3db0 R08: 0000000000000000 R09:
0000000000000000
[  126.209573] R10: 0000000000000001 R11: 0000000000000000 R12:
ffff8ab08121c000
[  126.209578] R13: 0000000000000000 R14: 0000000000000001 R15:
ffff8ab081915138
[  126.209584] FS:  0000000000000000(0000) GS:ffff8ab19a2c0000(0000)
knlGS:0000000000000000
[  126.209591] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  126.209597] CR2: 0000000000000000 CR3: 000000008e03c006 CR4:
00000000000606e0
[  126.209604] Call Trace:
[  126.209610]  <TASK>
[  126.209618]  ? show_regs+0x6e/0x80
[  126.209632]  ? __die+0x29/0x70
[  126.209641]  ? page_fault_oops+0x154/0x4a0
[  126.209654]  ? alauda_transport+0x4e6/0x12e2 [ums_alauda]
[  126.209671]  ? search_exception_tables+0x65/0x70
[  126.209686]  ? kernelmode_fixup_or_oops+0xa2/0x120
[  126.209697]  ? __bad_area_nosemaphore+0x179/0x280
[  126.209712]  ? bad_area_nosemaphore+0x16/0x20
[  126.209725]  ? do_user_addr_fault+0x2ce/0x6b0
[  126.209741]  ? exc_page_fault+0x7d/0x190
[  126.209755]  ? asm_exc_page_fault+0x2b/0x30
[  126.209774]  ? alauda_transport+0x4e6/0x12e2 [ums_alauda]
[  126.209799]  ? __schedule+0x3cb/0x15d0
[  126.209825]  usb_stor_invoke_transport+0x45/0x520 [usb_storage]
[  126.209856]  ? __wait_for_common+0x15b/0x190
[  126.209868]  ? __pfx_schedule_timeout+0x10/0x10
[  126.209881]  usb_stor_transparent_scsi_command+0x12/0x20 [usb_storage]
[  126.209905]  usb_stor_control_thread+0x20b/0x2d0 [usb_storage]
[  126.209931]  ? __pfx_usb_stor_control_thread+0x10/0x10 [usb_storage]
[  126.209955]  kthread+0xfb/0x130
[  126.209967]  ? __pfx_kthread+0x10/0x10
[  126.209978]  ret_from_fork+0x40/0x60
[  126.209988]  ? __pfx_kthread+0x10/0x10
[  126.209998]  ret_from_fork_asm+0x1b/0x30
[  126.210016]  </TASK>
[  126.210020] Modules linked in: ums_alauda usb_storage rfcomm ccm bnep
intel_rapl_msr mei_hdcp snd_hda_codec_hdmi snd_ctl_led snd_hda_codec_conexant
snd_hda_codec_generic uvcvideo videobuf2_vmalloc uvc snd_hda_intel btusb
snd_intel_dspcfg btrtl snd_intel_sdw_acpi videobuf2_memops btbcm btintel btmtk
videobuf2_v4l2 bluetooth snd_hda_codec videodev videobuf2_common mc
ecdh_generic intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp
binfmt_misc snd_hda_core rapl snd_hwdep intel_cstate iwldvm snd_pcm
nls_iso8859_1 think_lmi input_leds joydev mac80211 at24 serio_raw
firmware_attributes_class wmi_bmof libarc4 snd_seq_midi snd_seq_midi_event
iwlwifi snd_rawmidi thinkpad_acpi snd_seq snd_seq_device nvram snd_timer
ledtrig_audio mei_me platform_profile cfg80211 snd mei soundcore mac_hid
sch_fq_codel msr parport_pc ppdev lp pstore_blk parport ramoops pstore_zone
reed_solomon efi_pstore ip_tables x_tables autofs4 i915 drm_buddy i2c_algo_bit
ttm crct10dif_pclmul drm_display_helper crc32_pclmul ghash_clmulni_intel cec
[  126.210212]  sha512_ssse3 rc_core aesni_intel sdhci_pci crypto_simd
drm_kms_helper ahci cryptd cqhci psmouse i2c_i801 libahci drm i2c_smbus lpc_ich
e1000e sdhci video wmi
[  126.210262] CR2: 0000000000000000
[  126.210270] ---[ end trace 0000000000000000 ]---
[  126.974625] RIP: 0010:alauda_transport+0x4e6/0x12e2 [ums_alauda]
[  126.974660] Code: 0f 4c 8b b1 98 00 00 00 49 83 fe 01 0f 87 6f 0a 00 00 4b
8d 0c 76 44 89 e8 44 8b 6d a8 48 c1 e1 04 48 8b 4c 0b 20 48 8b 04 c1 <42> 0f b7
04 68 66 83 f8 ff 0f 84 18 ff ff ff 44 0f b7 f8 49 83 fe
[  126.974670] RSP: 0018:ffffa17ac0bb3cd0 EFLAGS: 00010206
[  126.974680] RAX: 0000000000000000 RBX: ffff8ab097457a80 RCX:
ffff8ab1913c6ac8
[  126.974687] RDX: 00000000019c2003 RSI: ffffd88bc0000000 RDI:
0000000000000000
[  126.974693] RBP: ffffa17ac0bb3db0 R08: 0000000000000000 R09:
0000000000000000
[  126.974698] R10: 0000000000000001 R11: 0000000000000000 R12:
ffff8ab08121c000
[  126.974703] R13: 0000000000000000 R14: 0000000000000001 R15:
ffff8ab081915138
[  126.974709] FS:  0000000000000000(0000) GS:ffff8ab19a2c0000(0000)
knlGS:0000000000000000
[  126.974716] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  126.974722] CR2: 0000000000000000 CR3: 0000000113a8a005 CR4:
00000000000606e0
[  126.974729] note: usb-storage[2777] exited with irqs disabled

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

next prev parent reply	other threads:[~2023-09-04 19:41 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-02  1:05 [Bug 217862] New: [BUG] Alauda driver causes oops when inserted with card in with transfer buffer is on stack, throws errors if card is inserted afterwards bugzilla-daemon
2023-09-02  1:05 ` [Bug 217862] " bugzilla-daemon
2023-09-02  2:49 ` bugzilla-daemon
2023-09-02 23:36 ` bugzilla-daemon
2023-09-03 16:09 ` bugzilla-daemon
2023-09-04 19:41 ` bugzilla-daemon [this message]
2023-09-05  0:46 ` bugzilla-daemon
2023-09-05 16:16 ` bugzilla-daemon
2023-09-05 16:17 ` bugzilla-daemon
2023-09-05 17:47 ` bugzilla-daemon
2023-09-05 17:48 ` bugzilla-daemon
2023-09-05 19:43 ` bugzilla-daemon
2023-09-06  1:25 ` bugzilla-daemon
2023-09-06 14:49 ` bugzilla-daemon
2023-09-07  1:35 ` bugzilla-daemon
2023-09-07 13:02 ` bugzilla-daemon
2023-09-09 20:58 ` bugzilla-daemon
2023-09-10  2:33 ` bugzilla-daemon
2023-09-13 18:08 ` bugzilla-daemon
2023-09-13 19:08 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-217862-208809-0MUfEtFBKM@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@kernel.org \
    --cc=linux-usb@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.