MUSB crash on OMAP3 board with second load of gadget
From: Sergey Lapin
Date: Thu Jan 21 2010 - 06:26:58 EST
Hi! I have crashes in MUSB code when working with USB gadget drivers.
Kernel version: linux-omap master d8ebff302ff819587377b123e900e501e4135d86
To reproduce: (USB device cable should be attached).
dd if=/dev/zero of=/tmp/disk bs=1k count=1024
mkdosfs -F 32 /tmp/disk
insmod g_mass_storage file=/tmp/disk stall=0
Wait till disk is mounted on host, then
rmmod g_mass_storage
insmod g_mass_storage file=/tmp/disk stall=0
And here we get Oops in include/linux/list.h line 93,
list_del function, which leads us to drivers/usb/musb/musb_gadget.c,
function void musb_g_giveback(
struct musb_ep *ep,
struct usb_request *request,
int status),
just at the beginning of function.
if we add
pr_debug("list.prev = %p\n", request->list.prev);
pr_debug("list.next = %p\n", request->list.next);
and we see
list.prev = 6b6b6b6b
list.next = 6b6b6b6b
And these are NOT values set during list deletion.
Any ideas where to debug from here? If I just do return from that
function in case
of list.prev = 6b6b6b6b, then there's no crash, but there's no working
USB either.
if I just ignore list_del, I have crash later, where it seems to
execute bad code
from address 0x6b6b6b6a. Please, help!
Thanks a lot,
S.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/