Re: PROBLEM: Kernel Bug on USB unplugging (Elo TouchSystems CarrollTouch 4500U)
From: Alan Stern
Date: Mon May 30 2016 - 15:57:14 EST
On Mon, 30 May 2016, Pierre Sauter wrote:
> On unplugging this USB Touchscreen, everytime I get either:
>
> [ 161.596055] BUG: unable to handle kernel NULL pointer dereference at 00000015
> [ 161.596093] IP: [<c10c92b0>] get_next_timer_interrupt+0x80/0x270
> or
> [ 155.892061] BUG: unable to handle kernel paging request at 30303046
> [ 155.892101] IP: [<c10d13da>] get_next_timer_interrupt+0x8a/0x290
>
> and then panic and the system is unresponsive.
>
> Tried several kernels, without change.
>
> The 4.4.11 tested is Vanilla with Debian config, the 4.5 is a Debian Kernel with their patches.
>
> Output of oops on 4.4.11:
> [ 50.484019] usb 2-2: new full-speed USB device number 3 using uhci_hcd
> [ 50.672035] usb 2-2: New USB device found, idVendor=04e7, idProduct=0030
> [ 50.672056] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
> [ 50.672073] usb 2-2: Product: Elo TouchSystems CarrollTouch 4500U
> [ 50.672092] usb 2-2: Manufacturer: Elo TouchSystems, Inc.
> [ 50.672107] usb 2-2: SerialNumber: 08A58015
> [ 50.726177] input: Elo TouchSystems, Inc. Elo TouchSystems CarrollTouch 4500U as /devices/pci0000:00/0000:00:1d.1/usb2/2-2/2-2:1.0/0003:04E7:0030.0002/input/input20
> [ 50.780198] elo 0003:04E7:0030.0002: input,hidraw1: USB HID v1.00 Pointer [Elo TouchSystems, Inc. Elo TouchSystems CarrollTouch 4500U] on usb-0000:00:1d.1-2/input0
> [ 50.780234] elo 0003:04E7:0030.0002: broken firmware found, installing workaround
> [ 161.348076] usb 2-2: USB disconnect, device number 3
> [ 161.596055] BUG: unable to handle kernel NULL pointer dereference at 00000015
> [ 161.596093] IP: [<c10c92b0>] get_next_timer_interrupt+0x80/0x270
> [ 161.596119] *pdpt = 00000000376e6001 *pde = 0000000000000000
> [ 161.596142] Oops: 0000 [#1] SMP
> [ 161.596162] Modules linked in: joydev hid_elo elo binfmt_misc ftdi_sio usbserial iTCO_wdt snd_hda_codec_hdmi iTCO_vendor_support nouveau mxm_wmi wmi video coretemp ttm drm_kms_helper kvm_intel drm evdev kvm irqbypass snd_hda_codec_realtek nvidiafb vgastate serio_raw fb_ddc i2c_algo_bit i2c_i801 snd_hda_codec_generic lpc_ich snd_hda_intel mfd_core snd_hda_codec 8250_fintek acpi_cpufreq snd_hda_core snd_hwdep shpchp tpm_tis button ite_cir rc_core tpm processor usbtouchscreen snd_pcsp snd_pcm snd_timer snd soundcore ppdev lp parport_pc parport autofs4 ext4 crc16 mbcache jbd2 netconsole configfs hid_generic usbhid hid sg sr_mod cdrom sd_mod ata_generic psmouse ata_piix libata scsi_mod ehci_pci r8169 mii thermal uhci_hcd ehci_hcd usbcore usb_common
> [ 161.596719] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 4.4.11-debian32.686pae+1.1 #1
> [ 161.596799] Hardware name: ACER Extensa E270/EG31M, BIOS P01-A0L 09/24/2009
> [ 161.596814] task: f3916800 ti: f3976000 task.ti: f3976000
> [ 161.596827] EIP: 0060:[<c10c92b0>] EFLAGS: 00210086 CPU: 1
> [ 161.596842] EIP is at get_next_timer_interrupt+0x80/0x270
> [ 161.596854] EAX: ffffffff EBX: 000000e6 ECX: 000000d9 EDX: ffff78d9
> [ 161.596868] ESI: ffffffff EDI: 7fffffff EBP: f3977f20 ESP: f3977ee8
> [ 161.596881] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
> [ 161.596894] CR0: 8005003b CR2: 00000015 CR3: 32d88260 CR4: 000406f0
> [ 161.596907] Stack:
> [ 161.596916] f3977f20 ffff78d8 db43c556 9fdf4700 00000025 f3e4a980 00000069 80a65164
> [ 161.596967] 00000025 9fdfc4ec 00000025 f3e4b440 9fdf4700 00000025 f3977f68 c10d9319
> [ 161.597018] f3916800 c15139c6 00000000 f3e4a580 00000002 f3e51080 ffff78d8 00000025
> [ 161.597068] Call Trace:
> [ 161.597083] [<c10d9319>] ? __tick_nohz_idle_enter+0x2f9/0x4c0
> [ 161.597099] [<c15139c6>] ? __schedule+0x226/0x8f0
> [ 161.597113] [<c10d9c46>] ? tick_nohz_idle_enter+0x36/0x70
> [ 161.597128] [<c10a3b95>] ? cpu_startup_entry+0x35/0x300
> [ 161.597144] [<c1048052>] ? start_secondary+0x112/0x150
> [ 161.597156] Code: 00 8b 4b 10 85 c9 0f 84 87 00 00 00 8b 44 24 14 8b 50 08 8b 40 0c 39 c2 78 53 0f b6 ca 89 cb 8b 44 24 14 8b 44 98 20 85 c0 74 0c <f6> 40 16 10 74 22 8b 00 85 c0 75 f4 83 c3 01 0f b6 db 39 d9 75
> [ 161.597618] EIP: [<c10c92b0>] get_next_timer_interrupt+0x80/0x270 SS:ESP 0068:f3977ee8
> [ 161.597645] CR2: 0000000000000015
> [ 161.598185] ---[ end trace 43f94ff33c064faa ]---
> [ 161.598701] Kernel panic - not syncing: Attempted to kill the idle task!
> [ 161.599219] Kernel Offset: disabled
> [ 161.599778] ---[ end Kernel panic - not syncing: Attempted to kill the idle task!
What happens if you do (as root):
echo 2-2:1.0 >/sys/bus/usb/drivers/usbhid/unbind
before unplugging the device?
Alan Stern