Bug 483783 - kernel hid-input.c divide error crash
kernel hid-input.c divide error crash
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.6
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Pete Zaitcev
Red Hat Kernel QE team
: OtherQA, ZStream
Depends On:
Blocks: 532027
  Show dependency treegraph
 
Reported: 2009-02-03 11:12 EST by Veaceslav Falico
Modified: 2014-09-30 19:44 EDT (History)
6 users (show)

See Also:
Fixed In Version: vmayatsk@redhat.com
Doc Type: Bug Fix
Doc Text:
Attaching a certain USB device could have caused a kernel crash due to a divide-by-zero error.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-02-16 10:25:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed patch (858 bytes, patch)
2009-02-03 11:12 EST, Veaceslav Falico
no flags Details | Diff
Same as requested patch, corrected patch path for -p1 (852 bytes, patch)
2009-02-09 17:24 EST, Pete Zaitcev
no flags Details | Diff

  None (edit)
Description Veaceslav Falico 2009-02-03 11:12:14 EST
Created attachment 330744 [details]
proposed patch

Description of problem:

When a bad usb hid device is attached, the kernel crashes with divide error.

hub 2-0:1.0: port 2 disabled by hub (EMI?), re-enabling...
usb 2-2: USB disconnect, address 3
usb 2-2: new low speed USB device using address 4
input: USB HID v1.10 Keyboard [Fujitsu Siemens Computers GmbH FSC KB USB] on usb-0000:00:1d.0-2
input: USB HID v1.10 Device [Fujitsu Siemens Computers GmbH FSC KB USB] on usb-0000:00:1d.0-2
application seamonkey-bin uses obsolete OSS audio interface
hub 2-0:1.0: port 2 disabled by hub (EMI?), re-enabling...
usb 2-2: USB disconnect, address 4
usb 2-2: new low speed USB device using address 5
input: USB HID v1.10 Keyboard [Fujitsu Siemens Computers GmbH FSC KB USB] on usb-0000:00:1d.0-2
input: USB HID v1.10 Device [Fujitsu Siemens Computers GmbH FSC KB USB] on usb-0000:00:1d.0-2

crash>log
[..]

divide error: 0000 [1] SMP
CPU 3
Modules linked in: sr_mod nfsd exportfs lp netconsole netdump autofs4 nfs lockd nfs_acl vmnet(U) parport_pc parport vmblock(U) vmmon(U) sunrpc ds yenta_socket pcmcia_core cpufre
q_powersave ib_srp ib_sdp ib_ipoib rdma_ucm rdma_cm iw_cm ib_addr ib_umad ib_ucm ib_uverbs ib_cm ib_sa ib_mad ib_core dm_mirror dm_multipath dm_mod button battery ac nvidia(U) i
2c_core md5 ipv6 joydev uhci_hcd ehci_hcd i5000_edac edac_mc snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc e1000 floppy ext3 jbd ahci at
a_piix libata mptscsih mptsas mptspi mptscsi mptbase sd_mod scsi_mod
Pid: 0, comm: swapper Tainted: PF     2.6.9-78.0.1.ELsmp
RIP: 0010:[<ffffffff802a17b7>] <ffffffff802a17b7>{hidinput_hid_event+255}
RSP: 0018:00000100bfe47d98  EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000001005a2d6818
RBP: 000001031f213370 R08: 00000100bfe33e98 R09: 000001005a2d6800
R10: 0000000300000000 R11: 000001005a2d6818 R12: 000001005a2d6818
R13: 000001031f213300 R14: 000001031f213300 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffffffff8050d400(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000001959910 CR3: 00000000bfe34000 CR4: 00000000000006e0
Process swapper (pid: 0, threadinfo 00000100bfe32000, task 000001000697b030)
Stack: 0000000000000000 0000010007da4000 00000100bfe33e98 0000000000000000
      000001031f213370 ffffffff8029e8db 000001031f213300 0000000000000000
      0000010428ae3a20 0000000000000000
Call Trace:<IRQ> <ffffffff8029e8db>{hid_process_event+37} <ffffffff8029ebc5>{hid_input_report+700}
      <ffffffff8029ed48>{hid_irq_in+167} <ffffffff80294f93>{usb_hcd_giveback_urb+126}
      <ffffffffa01b6ccf>{:uhci_hcd:uhci_finish_completion+98}
      <ffffffffa01b72e5>{:uhci_hcd:uhci_irq+1540} <ffffffff80295b74>{usb_hcd_irq+41}
      <ffffffff80112ff2>{handle_IRQ_event+41} <ffffffff8011326c>{do_IRQ+197}
      <ffffffff801108bf>{ret_from_intr+0}  <EOI> <ffffffff8010e88c>{mwait_idle+86}
      <ffffffff8010e81c>{cpu_idle+26}

Code: f7 f9 0f b7 55 08 89 c1 b8 00 00 00 00 8d 59 01 83 fb 09 0f
RIP <ffffffff802a17b7>{hidinput_hid_event+255} RSP <00000100bfe47d98>

-------------

crash> sym ffffffff802a17b7
ffffffff802a17b7 (T) hidinput_hid_event+255  ../debug/kernel-2.6.9/linux-2.6.9/drivers/usb/input/hid-input.c: 451


Version-Release number of selected component (if applicable):
x86_64
2.6.9-78.0.1.ELsmp

 
Actual results:
kernel crashes with divide error.

Expected results:
kernel works
Comment 1 Pete Zaitcev 2009-02-09 17:22:16 EST
SEG has done the work, we just need to throw this patch into the build.
Requesting PM ack.
Comment 2 Pete Zaitcev 2009-02-09 17:24:03 EST
Created attachment 331379 [details]
Same as requested patch, corrected patch path for -p1
Comment 11 Vivek Goyal 2009-11-09 15:15:36 EST
Committed in 89.15.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
Comment 14 Vivek Goyal 2010-10-18 17:27:58 EDT
Some errors/confusions while adding the bz to errata tool. Returning bz to MODIFIED state so that it can be added to errata.
Comment 16 Douglas Silas 2011-01-30 18:24:30 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Attaching a certain USB device could have caused a kernel crash due to a divide-by-zero error.
Comment 17 errata-xmlrpc 2011-02-16 10:25:56 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0263.html

Note You need to log in before you can comment on or make changes to this bug.