NULL pointer dereference in i2c-hid

From: Gabriele Mazzotta
Date: Wed Dec 10 2014 - 12:04:59 EST

Next message: Konstantin Khlebnikov: "Re: [RFC V5] mm:add KPF_ZERO_PAGE flag for /proc/kpageflags"
Previous message: John Fastabend: "Re: [RFC PATCH net-next 1/1] net: Support for switch port configuration"
Next in thread: Mika Westerberg: "Re: NULL pointer dereference in i2c-hid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

my laptop uses a touchpad that needs hid-rmi along with i2c-hid to work.
i2c-hid and hid-rmi can be loaded and unloaded independelty from each
other, however since 34f439e4afcd ("HID: i2c-hid: add runtime PM support")
if I unload hid-rmi and after it I also unload i2c-hid, I get a NULL
pointer dereference.

I have already reported this problem in the Bugzilla [1], but since that
report is about something else, I'm reporting this separately.

Here the dmesg:

[ 79.691459] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 79.691532] IP: [<ffffffffa05bc049>] __i2c_hid_command+0x49/0x310 [i2c_hid]
[ 79.691591] PGD 0
[ 79.691611] Oops: 0002 [#1] SMP
[ 79.691641] Modules linked in: ctr ccm binfmt_misc rfcomm bnep vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) i2c_hid(-) nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc ecb btusb uvcvideo bluetooth videobuf2_vmalloc joydev videobuf2_memops videobuf2_core hid_multitouch v4l2_common videodev usbhid media hid dell_wmi sparse_keymap arc4 nls_utf8 nls_cp437 iTCO_wdt iTCO_vendor_support intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel iwlmvm dell_laptop dcdbas aesni_intel mac80211 aes_x86_64 glue_helper snd_hda_codec_realtek lrw gf128mul snd_hda_codec_generic ablk_helper cryptd snd_hda_codec_hdmi iwlwifi psmouse cfg80211 serio_raw sg rfkill lpc_ich mfd_core ehci_pci i2c_i801 ehci_hcd thermal wmi
[ 79.692330] battery sdhci_acpi sdhci mmc_core intel_rst snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep snd_pcm i2c_designware_platform xhci_pci i2c_designware_core xhci_hcd snd_timer usbcore snd mei_me soundcore ac evdev usb_common mei shpchp processor fuse parport_pc ppdev lp parport [last unloaded: hid_rmi]
[ 79.692602] CPU: 0 PID: 2898 Comm: rmmod Tainted: G O 3.18.0+ #1
[ 79.692655] Hardware name: Dell Inc. XPS13 9333/0GFTRT, BIOS A04 03/19/2014
[ 79.692705] task: ffff8801eae4a340 ti: ffff8800b4608000 task.ti: ffff8800b4608000
[ 79.692758] RIP: 0010:[<ffffffffa05bc049>] [<ffffffffa05bc049>] __i2c_hid_command+0x49/0x310 [i2c_hid]
[ 79.692830] RSP: 0018:ffff8800b460bce8 EFLAGS: 00010206
[ 79.692868] RAX: ffffffffa05be720 RBX: ffff880212cb2f80 RCX: 0000000000000000
[ 79.692919] RDX: 0000000000000000 RSI: 0000000000000022 RDI: 0000000000000011
[ 79.692968] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 79.693018] R10: ffff880216400000 R11: 0000000000000000 R12: 0000000000000004
[ 79.693067] R13: 0000000000000000 R14: ffff880214c08400 R15: 0000000000000000
[ 79.693119] FS: 00007fd597c22700(0000) GS:ffff88021f200000(0000) knlGS:0000000000000000
[ 79.693175] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 79.693216] CR2: 0000000000000000 CR3: 00000000b46b5000 CR4: 00000000001407f0
[ 79.693266] Stack:
[ 79.693283] ffff880215b79800 ffff880214c92b00 ffff880214c084ce ffff880212d68920
[ 79.693344] 0000000000000004 ffffffff810424e1 0000000000000096 ffffffff81042855
[ 79.693405] 0000000000000292 ffff8800cfe77600 0000000000000096 ffff880214c08400
[ 79.693467] Call Trace:
[ 79.693494] [<ffffffff810424e1>] ? __unmask_ioapic+0x21/0x30
[ 79.693537] [<ffffffff81042855>] ? unmask_ioapic+0x25/0x40
[ 79.693581] [<ffffffffa05bc35b>] ? i2c_hid_set_power+0x4b/0xa0 [i2c_hid]
[ 79.693632] [<ffffffffa05bc3cf>] ? i2c_hid_runtime_resume+0x1f/0x30 [i2c_hid]
[ 79.693689] [<ffffffff814c08fb>] ? __rpm_callback+0x2b/0x70
[ 79.693733] [<ffffffff814c0961>] ? rpm_callback+0x21/0x90
[ 79.693776] [<ffffffff814c0dec>] ? rpm_resume+0x41c/0x600
[ 79.693820] [<ffffffff814c1e1c>] ? __pm_runtime_resume+0x4c/0x80
[ 79.693868] [<ffffffff814b8588>] ? __device_release_driver+0x28/0x100
[ 79.693917] [<ffffffff814b8d90>] ? driver_detach+0xa0/0xb0
[ 79.693959] [<ffffffff814b82cc>] ? bus_remove_driver+0x4c/0xb0
[ 79.694006] [<ffffffff810d1cfd>] ? SyS_delete_module+0x11d/0x1d0
[ 79.694054] [<ffffffff8165f107>] ? int_signal+0x12/0x17
[ 79.694095] [<ffffffff8165ee69>] ? system_call_fastpath+0x12/0x17
[ 79.694139] Code: 9f c0 00 00 00 44 8b 66 08 44 0f b6 6e 0c 8b 3e 48 8b 6b 40 48 81 fe 70 e7 5b a0 0f 84 51 02 00 00 89 fe 83 c7 01 0f b6 74 33 10 <40> 88 75 00 0f b6 74 3b 10 40 88 75 01 41 83 fc 02 7e 0f 0f b6
[ 79.694422] RIP [<ffffffffa05bc049>] __i2c_hid_command+0x49/0x310 [i2c_hid]
[ 79.694478] RSP <ffff8800b460bce8>
[ 79.694503] CR2: 0000000000000000
[ 79.712214] ---[ end trace e97e4d6468e56036 ]---

Regards,
Gabriele

[1] https://bugzilla.kernel.org/show_bug.cgi?id=81141
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Konstantin Khlebnikov: "Re: [RFC V5] mm:add KPF_ZERO_PAGE flag for /proc/kpageflags"
Previous message: John Fastabend: "Re: [RFC PATCH net-next 1/1] net: Support for switch port configuration"
Next in thread: Mika Westerberg: "Re: NULL pointer dereference in i2c-hid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]