From: David Brownell <david-b@pacbell.net>
To: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: "'Alan Cox'" <alan@lxorguk.ukuu.org.uk>,
"'Alan Stern'" <stern@rowland.harvard.edu>,
"'Peter Korsgaard'" <jacmet@sunsite.dk>,
"'USB list'" <linux-usb@vger.kernel.org>,
"'Kernel development list'" <linux-kernel@vger.kernel.org>,
kyungmin.park@samsung.com
Subject: Re: PROBLEM: kernel oops with g_serial USB gadget on 2.6.30
Date: Wed, 24 Jun 2009 01:49:40 -0700 [thread overview]
Message-ID: <200906240149.41013.david-b@pacbell.net> (raw)
In-Reply-To: <002101c9f49a$6cfcaf50$46f60df0$%szyprowski@samsung.com>
On Wednesday 24 June 2009, Marek Szyprowski wrote:
> I did some additional tests and found another bug. When I enabled debug in my
> low level udc driver then I can easily trigger the following bug:
>
> [ 55.630000] Unable to handle kernel NULL pointer dereference at virtual address 00000014
> [ 55.630000] pgd = c0004000
> [ 55.630000] [00000014] *pgd=00000000
> [ 55.630000] Internal error: Oops: 17 [#1] PREEMPT
> [ 55.630000] Modules linked in:
> [ 55.630000] CPU: 0 Not tainted (2.6.30 #355)
> [ 55.630000] PC is at __lock_acquire+0xa0/0xa6c
> [ 55.630000] LR is at lock_acquire+0x58/0x6c
> [ 55.630000] ...
> [ 55.630000] [<c005786c>] (__lock_acquire+0xa0/0xa6c) from [<c0058290>] (lock_acquire+0x58/0x6c)
> [ 55.630000] [<c0058290>] (lock_acquire+0x58/0x6c) from [<c0274e74>] (_spin_lock_irqsave+0x44/0x58)
> [ 55.630000] [<c0274e74>] (_spin_lock_irqsave+0x44/0x58) from [<c019d608>] (gs_write_room+0x10/0x58)
> [ 55.630000] [<c019d608>] (gs_write_room+0x10/0x58) from [<c0156058>] (tty_write_room+0x20/0x28)
So it's looking like tty->driver_data is somehow NULL. That's
never supposed to happen. Did gs_open() fail or something?
> [ 55.630000] [<c0156058>] (tty_write_room+0x20/0x28) from [<c01538e0>] (process_echoes+0x4c/0x288)
> [ 55.630000] [<c01538e0>] (process_echoes+0x4c/0x288) from [<c0155a40>] (n_tty_receive_buf+0x9ec/0xecc)
> [ 55.630000] [<c0155a40>] (n_tty_receive_buf+0x9ec/0xecc) from [<c0158174>] (flush_to_ldisc+0x104/0x1b0)
> [ 55.630000] [<c0158174>] (flush_to_ldisc+0x104/0x1b0) from [<c00498e0>] (worker_thread+0x1d0/0x2cc)
> [ 55.630000] [<c00498e0>] (worker_thread+0x1d0/0x2cc) from [<c004d55c>] (kthread+0x58/0x90)
> [ 55.630000] [<c004d55c>] (kthread+0x58/0x90) from [<c003c03c>] (do_exit+0x0/0x5d0)
> [ 55.630000] [<c003c03c>] (do_exit+0x0/0x5d0) from [<c6c26180>] (0xc6c26180)
> [ 55.630000] Code: ea000076 e59d100c e3510000 1a000002 (e5994004)
> [ 55.640000] ---[ end trace f9a4499d9482c504 ]---
> [ 55.650000] note: events/0[5] exited with preempt_count 1
>
> The low latency mode is disabled. I've tested different ways of gathering
> the debug output from my lowlevel udc driver: in first attempt it was
> printk(KERN_INFO ...) then I switched to use lowlevel printascii() to remove
> possible interaction with console/tty framework at all. In both cases I got
> the above NULL pointer exception. It only worked fine when I switched to
> printk(KERN_DEBUG ...) with debug level above KERN_DEBUG, so all the
> messages were only buffered in dmesg buffer. This looks like a timing issue
> in tty framework...
>
next prev parent reply other threads:[~2009-06-24 8:49 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-22 12:04 PROBLEM: kernel oops with g_serial USB gadget on 2.6.30 Marek Szyprowski
2009-06-22 12:33 ` Peter Korsgaard
2009-06-22 13:55 ` Marek Szyprowski
2009-06-22 14:06 ` Peter Korsgaard
2009-06-22 14:06 ` Alan Stern
2009-06-22 14:12 ` Marek Szyprowski
2009-06-22 15:02 ` Alan Stern
2009-06-23 3:26 ` David Brownell
2009-06-23 6:41 ` Marek Szyprowski
2009-06-23 7:22 ` David Brownell
2009-06-23 8:37 ` Marek Szyprowski
2009-06-23 9:21 ` Alan Cox
2009-06-23 9:33 ` Marek Szyprowski
2009-06-23 9:54 ` Alan Cox
2009-06-23 15:00 ` Marek Szyprowski
2009-06-23 16:47 ` David Brownell
2009-06-23 16:52 ` David Brownell
2009-06-24 7:07 ` Marek Szyprowski
2009-06-24 8:42 ` Alan Cox
2009-06-24 8:54 ` David Brownell
2009-06-24 8:49 ` David Brownell [this message]
2009-06-24 10:30 ` Marek Szyprowski
2009-06-24 23:43 ` David Brownell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200906240149.41013.david-b@pacbell.net \
--to=david-b@pacbell.net \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=jacmet@sunsite.dk \
--cc=kyungmin.park@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox