Re: PROBLEM: kernel oops with g_serial USB gadget on 2.6.30

From: David Brownell
Date: Wed Jun 24 2009 - 04:49:57 EST

Next message: David Miller: "Re: NMI watchdog + NOHZ question"
Previous message: Michael S. Tsirkin: "Re: [PATCH] kvm: remove in_range from kvm_io_device"
In reply to: David Brownell: "Re: PROBLEM: kernel oops with g_serial USB gadget on 2.6.30"
Next in thread: Marek Szyprowski: "RE: PROBLEM: kernel oops with g_serial USB gadget on 2.6.30"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 24 June 2009, Marek Szyprowski wrote:
> I did some additional tests and found another bug. When I enabled debug in my
> low level udc driver then I can easily trigger the following bug:
>
> [ 55.630000] Unable to handle kernel NULL pointer dereference at virtual address 00000014
> [ 55.630000] pgd = c0004000
> [ 55.630000] [00000014] *pgd=00000000
> [ 55.630000] Internal error: Oops: 17 [#1] PREEMPT
> [ 55.630000] Modules linked in:
> [ 55.630000] CPU: 0 Not tainted (2.6.30 #355)
> [ 55.630000] PC is at __lock_acquire+0xa0/0xa6c
> [ 55.630000] LR is at lock_acquire+0x58/0x6c
> [ 55.630000] ...
> [ 55.630000] [<c005786c>] (__lock_acquire+0xa0/0xa6c) from [<c0058290>] (lock_acquire+0x58/0x6c)
> [ 55.630000] [<c0058290>] (lock_acquire+0x58/0x6c) from [<c0274e74>] (_spin_lock_irqsave+0x44/0x58)
> [ 55.630000] [<c0274e74>] (_spin_lock_irqsave+0x44/0x58) from [<c019d608>] (gs_write_room+0x10/0x58)
> [ 55.630000] [<c019d608>] (gs_write_room+0x10/0x58) from [<c0156058>] (tty_write_room+0x20/0x28)

So it's looking like tty->driver_data is somehow NULL. That's
never supposed to happen. Did gs_open() fail or something?

> [ 55.630000] [<c0156058>] (tty_write_room+0x20/0x28) from [<c01538e0>] (process_echoes+0x4c/0x288)
> [ 55.630000] [<c01538e0>] (process_echoes+0x4c/0x288) from [<c0155a40>] (n_tty_receive_buf+0x9ec/0xecc)
> [ 55.630000] [<c0155a40>] (n_tty_receive_buf+0x9ec/0xecc) from [<c0158174>] (flush_to_ldisc+0x104/0x1b0)
> [ 55.630000] [<c0158174>] (flush_to_ldisc+0x104/0x1b0) from [<c00498e0>] (worker_thread+0x1d0/0x2cc)
> [ 55.630000] [<c00498e0>] (worker_thread+0x1d0/0x2cc) from [<c004d55c>] (kthread+0x58/0x90)
> [ 55.630000] [<c004d55c>] (kthread+0x58/0x90) from [<c003c03c>] (do_exit+0x0/0x5d0)
> [ 55.630000] [<c003c03c>] (do_exit+0x0/0x5d0) from [<c6c26180>] (0xc6c26180)
> [ 55.630000] Code: ea000076 e59d100c e3510000 1a000002 (e5994004)
> [ 55.640000] ---[ end trace f9a4499d9482c504 ]---
> [ 55.650000] note: events/0[5] exited with preempt_count 1
>
> The low latency mode is disabled. I've tested different ways of gathering
> the debug output from my lowlevel udc driver: in first attempt it was
> printk(KERN_INFO ...) then I switched to use lowlevel printascii() to remove
> possible interaction with console/tty framework at all. In both cases I got
> the above NULL pointer exception. It only worked fine when I switched to
> printk(KERN_DEBUG ...) with debug level above KERN_DEBUG, so all the
> messages were only buffered in dmesg buffer. This looks like a timing issue
> in tty framework...
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Miller: "Re: NMI watchdog + NOHZ question"
Previous message: Michael S. Tsirkin: "Re: [PATCH] kvm: remove in_range from kvm_io_device"
In reply to: David Brownell: "Re: PROBLEM: kernel oops with g_serial USB gadget on 2.6.30"
Next in thread: Marek Szyprowski: "RE: PROBLEM: kernel oops with g_serial USB gadget on 2.6.30"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]