tags 421911 +patch +fixed-upstream +etch
thanks
Hello,
I ran into this too with 2.6.18-5-686 (2.6.18.dfsg.1-17) and a Nokia 5310.
dmesg shows:
usb 2-1: new full speed USB device using uhci_hcd and address 2
usb 2-1: configuration #1 chosen from 1 choice
drivers/usb/class/cdc-acm.c: Ignoring extra header, type -3, length 4
cdc_acm 2-1:1.1: ttyACM0: USB ACM device
usbcore: registered new driver cdc_acm
drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for
USB modems and ISDN adapters
usbcore: registered new driver cdc_ether
rndis_host 2-1:1.9: RNDIS init failed, -110
usb%d: unregister 'rndis_host' usb-0000:00:1d.1-1, RNDIS device
unregister_netdevice: device usb%d/c9719000 never was registered
------------[ cut here ]------------
kernel BUG at mm/slab.c:595!
invalid opcode: 0000 [#1]
SMP
Modules linked in: rndis_host cdc_ether usbnet cdc_acm i915 drm rfcomm
l2cap bluetooth ppdev parport_pc lp parport button ac battery ipt_REJECT
ipt_TCPMSS xt_tcpmss xt_tcpudp iptable_filter ip_tables x_tables pppoe
pppox ipv6 ppp_generic slhc i8xx_tco nls_iso8859_1 nls_cp437 vfat fat
dm_snapshot dm_mirror dm_mod ide_generic pcmcia firmware_class joydev
tsdev yenta_socket snd_intel8x0 snd_intel8x0m snd_pcm_oss snd_mixer_oss
snd_ac97_codec snd_ac97_bus rsrc_nonstatic pcmcia_core snd_pcm snd_timer
pegasus snd soundcore i2c_i801 shpchp pci_hotplug snd_page_alloc intel_agp
agpgart i2c_core psmouse rtc serio_raw evdev pcspkr ext3 jbd mbcache
ide_cd cdrom ide_disk 8139too piix 8139cp mii generic ide_core ehci_hcd
uhci_hcd usbcore thermal processor fan
CPU: 0
EIP: 0060:[<c0156d07>] Not tainted VLI
EFLAGS: 00010006 (2.6.18-5-686 #1)
EIP is at kfree+0x2e/0x65
eax: 80000824 ebx: c97192c0 ecx: defef7c0 edx: c112e240
esi: 00000282 edi: c9712b92 ebp: c9719000 esp: c378be18
ds: 007b es: 007b ss: 0068
Process modprobe (pid: 3901, ti=c378a000 task=cf157550 task.ti=c378a000)
Stack: c97192c0 dfbef60e c9719006 dfbef01a c53bf200 dfbf36a0 ca096948 c6127800
ffffff92 defd1e00 00000000 00000000 00000001 00000001 00000001 00000001
dfbf3660 c53bf200 dfbf4520 dfbf4550 c0210c30 df85cba5 c53bf214 c53bf214
Call Trace:
[<dfbef01a>] usbnet_probe+0x4ee/0x503 [usbnet]
[<c0210c30>] __driver_attach+0x0/0x5d
[<df85cba5>] usb_probe_interface+0x58/0x87 [usbcore]
[<c0210b91>] driver_probe_device+0x42/0x8b
[<c0210c68>] __driver_attach+0x38/0x5d
[<c02106b2>] bus_for_each_dev+0x33/0x55
[<c0210afb>] driver_attach+0x11/0x13
[<c0210c30>] __driver_attach+0x0/0x5d
[<c02103cb>] bus_add_driver+0x64/0xfd
[<df85c9da>] usb_register_driver+0x60/0xbb [usbcore]
[<c01358c1>] sys_init_module+0x16c3/0x1846
[<c0102c11>] sysenter_past_esp+0x56/0x79
[<c0102c11>] sysenter_past_esp+0x56/0x79
Code: 56 89 c7 53 74 58 9c 5e fa 8d 90 00 00 00 40 c1 ea 0c c1 e2 05 03 15
70 d3 36 c0 8b 02 f6 c4 40 74 03 8b 52 0c 8b 02 84 c0 78 08 <0f> 0b 53 02
81 a0 29 c0 89 e0 8b 4a 18 25 00 e0 ff ff 8b 40 10
EIP: [<c0156d07>] kfree+0x2e/0x65 SS:ESP 0068:c378be18
<6>usb 2-1: USB disconnect, address 2
Search for the slab line brings up
http://bugzilla.kernel.org/show_bug.cgi?id=7201 and the fix below
which applies and works with linux-source-2.6.18 (2.6.18.dfsg.1-17) when built
with config-2.6.18-5-686.
Please apply this to future etch updates.
-Mikko
From: Daniel Gollub <[EMAIL PROTECTED]>
Date: Tue, 16 Jan 2007 10:03:01 +0000 (+0100)
Subject: USB: rndis_host: fix crash while probing a Nokia S60 mobile
X-Git-Tag: v2.6.20-rc6~50^2~6
X-Git-Url:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=deb31f1764e0a11bcfe8d44e0658f83d83860e84
USB: rndis_host: fix crash while probing a Nokia S60 mobile
Bug fix for driver rndis_host which fixes rndis_host probing certain
Nokia S60 (Series 60) mobiles. While the rndis_host get probed by usbnet
and tries to bind the Nokia mobile the bind is going to fail. The
rndis_host module tries to release the device, in a wrong way, which
cause the oops.
Fixes Bugzilla #7201
Signed-off-by: Daniel Gollub <[EMAIL PROTECTED]>
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>
---
diff --git a/drivers/usb/net/rndis_host.c b/drivers/usb/net/rndis_host.c
index ea5f44d..a322a16 100644
--- a/drivers/usb/net/rndis_host.c
+++ b/drivers/usb/net/rndis_host.c
@@ -379,6 +379,7 @@ static int rndis_bind(struct usbnet *dev, struct
usb_interface *intf)
{
int retval;
struct net_device *net = dev->net;
+ struct cdc_state *info = (void *) &dev->data;
union {
void *buf;
struct rndis_msg_hdr *header;
@@ -397,7 +398,7 @@ static int rndis_bind(struct usbnet *dev, struct
usb_interface *intf)
return -ENOMEM;
retval = usbnet_generic_cdc_bind(dev, intf);
if (retval < 0)
- goto done;
+ goto fail;
net->hard_header_len += sizeof (struct rndis_data_hdr);
@@ -412,10 +413,7 @@ static int rndis_bind(struct usbnet *dev, struct
usb_interface *intf)
if (unlikely(retval < 0)) {
/* it might not even be an RNDIS device!! */
dev_err(&intf->dev, "RNDIS init failed, %d\n", retval);
-fail:
- usb_driver_release_interface(driver_of(intf),
- ((struct cdc_state *)&(dev->data))->data);
- goto done;
+ goto fail_and_release;
}
dev->hard_mtu = le32_to_cpu(u.init_c->max_transfer_size);
/* REVISIT: peripheral "alignment" request is ignored ... */
@@ -431,7 +429,7 @@ fail:
retval = rndis_command(dev, u.header);
if (unlikely(retval < 0)) {
dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
- goto fail;
+ goto fail_and_release;
}
tmp = le32_to_cpu(u.get_c->offset);
if (unlikely((tmp + 8) > (1024 - ETH_ALEN)
@@ -439,7 +437,7 @@ fail:
dev_err(&intf->dev, "rndis ethaddr off %d len %d ?\n",
tmp, le32_to_cpu(u.get_c->len));
retval = -EDOM;
- goto fail;
+ goto fail_and_release;
}
memcpy(net->dev_addr, tmp + (char *)&u.get_c->request_id, ETH_ALEN);
@@ -455,11 +453,18 @@ fail:
retval = rndis_command(dev, u.header);
if (unlikely(retval < 0)) {
dev_err(&intf->dev, "rndis set packet filter, %d\n", retval);
- goto fail;
+ goto fail_and_release;
}
retval = 0;
-done:
+
+ kfree(u.buf);
+ return retval;
+
+fail_and_release:
+ usb_set_intfdata(info->data, NULL);
+ usb_driver_release_interface(driver_of(intf), info->data);
+fail:
kfree(u.buf);
return retval;
}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
