[PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[胡连勤]

From: Lianqin Hu <hulianqin@vivo.com>

Added null pointer check to avoid system crash.

Unable to handle kernel NULL pointer dereference at
virtual address 00000000000001a8
pc : gs_read_complete+0x58/0x240
lr : usb_gadget_giveback_request+0x40/0x160
sp : ffffffc00f1539c0
x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000
x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000
x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8
x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098
x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000
x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac
x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008
x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000
x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8
Call trace:
gs_read_complete+0x58/0x240
usb_gadget_giveback_request+0x40/0x160
dwc3_remove_requests+0x170/0x484
dwc3_ep0_out_start+0xb0/0x1d4
__dwc3_gadget_start+0x25c/0x720
kretprobe_trampoline.cfi_jt+0x0/0x8
kretprobe_trampoline.cfi_jt+0x0/0x8
udc_bind_to_driver+0x1d8/0x300
usb_gadget_probe_driver+0xa8/0x1dc
gadget_dev_desc_UDC_store+0x13c/0x188
configfs_write_iter+0x160/0x1f4
vfs_write+0x2d0/0x40c
ksys_write+0x7c/0xf0
__arm64_sys_write+0x20/0x30
invoke_syscall+0x60/0x150
el0_svc_common+0x8c/0xf8
do_el0_svc+0x28/0xa0
el0_svc+0x24/0x84
el0t_64_sync_handler+0x88/0xec
el0t_64_sync+0x1b4/0x1b8
Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62)
---[ end trace 938847327a739172 ]---
Kernel panic - not syncing: Oops: Fatal exception

Signed-off-by: Lianqin Hu <hulianqin@vivo.com>
---
v1:
  - Optimize code comments, delete log printing
---
 drivers/usb/gadget/function/u_serial.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c
index b394105e55d6..65637d53bf02
--- a/drivers/usb/gadget/function/u_serial.c
+++ b/drivers/usb/gadget/function/u_serial.c
@@ -454,6 +454,14 @@ static void gs_read_complete(struct usb_ep *ep, struct usb_request *req)
 {
 	struct gs_port	*port = ep->driver_data;
 
+	/* When port is NULL, return to avoid panic. */
+	if (!port)
+		return;
+
 	/* Queue all received data until the tty layer is ready for it. */
 	spin_lock(&port->port_lock);
 	list_add_tail(&req->list, &port->read_queue);
@@ -465,6 +473,14 @@ static void gs_write_complete(struct usb_ep *ep, struct usb_request *req)
 {
 	struct gs_port	*port = ep->driver_data;
 
+   /* When port is NULL, return to avoid panic. */
+	if (!port)
+		return;
+
 	spin_lock(&port->port_lock);
 	list_add(&req->list, &port->write_pool);
 	port->write_started--;
-- 
2.39.0

Re: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[gregkh]

On Fri, Aug 16, 2024 at 11:21:24AM +0000, 胡连勤 wrote:
> From: Lianqin Hu <hulianqin@vivo.com>
> 
> Added null pointer check to avoid system crash.
> 
> Unable to handle kernel NULL pointer dereference at
> virtual address 00000000000001a8
> pc : gs_read_complete+0x58/0x240
> lr : usb_gadget_giveback_request+0x40/0x160
> sp : ffffffc00f1539c0
> x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000
> x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000
> x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8
> x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098
> x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000
> x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac
> x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008
> x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000
> x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0
> x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8
> Call trace:
> gs_read_complete+0x58/0x240
> usb_gadget_giveback_request+0x40/0x160
> dwc3_remove_requests+0x170/0x484
> dwc3_ep0_out_start+0xb0/0x1d4
> __dwc3_gadget_start+0x25c/0x720
> kretprobe_trampoline.cfi_jt+0x0/0x8
> kretprobe_trampoline.cfi_jt+0x0/0x8
> udc_bind_to_driver+0x1d8/0x300
> usb_gadget_probe_driver+0xa8/0x1dc
> gadget_dev_desc_UDC_store+0x13c/0x188
> configfs_write_iter+0x160/0x1f4
> vfs_write+0x2d0/0x40c
> ksys_write+0x7c/0xf0
> __arm64_sys_write+0x20/0x30
> invoke_syscall+0x60/0x150
> el0_svc_common+0x8c/0xf8
> do_el0_svc+0x28/0xa0
> el0_svc+0x24/0x84
> el0t_64_sync_handler+0x88/0xec
> el0t_64_sync+0x1b4/0x1b8
> Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62)
> ---[ end trace 938847327a739172 ]---
> Kernel panic - not syncing: Oops: Fatal exception
> 
> Signed-off-by: Lianqin Hu <hulianqin@vivo.com>
> ---
> v1:
>   - Optimize code comments, delete log printing

This is "v2" not "v1".

Also, same comment as before, what:
  - causes port to be NULL
  - prevents it from changing to NULL right after you check it

Both need to be answered before we can take this change.

thanks,

greg k-h

Re: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[Michael Nazzareno Trimarchi]

Hi Lianqin Hu

On Fri, Aug 16, 2024 at 1:58 PM gregkh@linuxfoundation.org
<gregkh@linuxfoundation.org> wrote:
>
> On Fri, Aug 16, 2024 at 11:21:24AM +0000, 胡连勤 wrote:
> > From: Lianqin Hu <hulianqin@vivo.com>
> >
> > Added null pointer check to avoid system crash.
> >
> > Unable to handle kernel NULL pointer dereference at
> > virtual address 00000000000001a8
> > pc : gs_read_complete+0x58/0x240
> > lr : usb_gadget_giveback_request+0x40/0x160
> > sp : ffffffc00f1539c0
> > x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000
> > x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000
> > x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8
> > x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098
> > x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000
> > x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac
> > x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008
> > x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000
> > x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0
> > x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8
> > Call trace:
> > gs_read_complete+0x58/0x240
> > usb_gadget_giveback_request+0x40/0x160
> > dwc3_remove_requests+0x170/0x484
> > dwc3_ep0_out_start+0xb0/0x1d4
> > __dwc3_gadget_start+0x25c/0x720
> > kretprobe_trampoline.cfi_jt+0x0/0x8
> > kretprobe_trampoline.cfi_jt+0x0/0x8
> > udc_bind_to_driver+0x1d8/0x300
> > usb_gadget_probe_driver+0xa8/0x1dc

Are you running a mainline kernel?

Michael

> > gadget_dev_desc_UDC_store+0x13c/0x188
> > configfs_write_iter+0x160/0x1f4
> > vfs_write+0x2d0/0x40c
> > ksys_write+0x7c/0xf0
> > __arm64_sys_write+0x20/0x30
> > invoke_syscall+0x60/0x150
> > el0_svc_common+0x8c/0xf8
> > do_el0_svc+0x28/0xa0
> > el0_svc+0x24/0x84
> > el0t_64_sync_handler+0x88/0xec
> > el0t_64_sync+0x1b4/0x1b8
> > Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62)
> > ---[ end trace 938847327a739172 ]---
> > Kernel panic - not syncing: Oops: Fatal exception
> >
> > Signed-off-by: Lianqin Hu <hulianqin@vivo.com>
> > ---
> > v1:
> >   - Optimize code comments, delete log printing
>
> This is "v2" not "v1".
>
> Also, same comment as before, what:
>   - causes port to be NULL
>   - prevents it from changing to NULL right after you check it
>
> Both need to be answered before we can take this change.
>
> thanks,
>
> greg k-h
>


-- 
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________

Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com

答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[胡连勤]

Hello linux community expert:

Q: Are you running a mainline kernel?
A: Yes.

Thanks

-----邮件原件-----
发件人: Michael Nazzareno Trimarchi <michael@amarulasolutions.com>
发送时间: 2024年8月16日 20:17
收件人: gregkh@linuxfoundation.org
抄送: 胡连勤 <hulianqin@vivo.com>; quic_prashk@quicinc.com; quic_jjohnson@quicinc.com; linux-usb@vger.kernel.org; linux-kernel@vger.kernel.org; opensource.kernel <opensource.kernel@vivo.com>; akpm@linux-foundation.org
主题: Re: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[你通常不会收到来自 michael@amarulasolutions.com 的电子邮件。请访问 https://aka.ms/LearnAboutSenderIdentification，以了解这一点为什么很重要]

Hi Lianqin Hu

On Fri, Aug 16, 2024 at 1:58 PM gregkh@linuxfoundation.org <gregkh@linuxfoundation.org> wrote:
>
> On Fri, Aug 16, 2024 at 11:21:24AM +0000, 胡连勤 wrote:
> > From: Lianqin Hu <hulianqin@vivo.com>
> >
> > Added null pointer check to avoid system crash.
> >
> > Unable to handle kernel NULL pointer dereference at virtual address
> > 00000000000001a8 pc : gs_read_complete+0x58/0x240 lr :
> > usb_gadget_giveback_request+0x40/0x160
> > sp : ffffffc00f1539c0
> > x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000
> > x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000
> > x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8
> > x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098
> > x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000
> > x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac
> > x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008
> > x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000
> > x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0
> > x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8
> > Call trace:
> > gs_read_complete+0x58/0x240
> > usb_gadget_giveback_request+0x40/0x160
> > dwc3_remove_requests+0x170/0x484
> > dwc3_ep0_out_start+0xb0/0x1d4
> > __dwc3_gadget_start+0x25c/0x720
> > kretprobe_trampoline.cfi_jt+0x0/0x8
> > kretprobe_trampoline.cfi_jt+0x0/0x8
> > udc_bind_to_driver+0x1d8/0x300
> > usb_gadget_probe_driver+0xa8/0x1dc

Are you running a mainline kernel?

Michael

> > gadget_dev_desc_UDC_store+0x13c/0x188
> > configfs_write_iter+0x160/0x1f4
> > vfs_write+0x2d0/0x40c
> > ksys_write+0x7c/0xf0
> > __arm64_sys_write+0x20/0x30
> > invoke_syscall+0x60/0x150
> > el0_svc_common+0x8c/0xf8
> > do_el0_svc+0x28/0xa0
> > el0_svc+0x24/0x84
> > el0t_64_sync_handler+0x88/0xec
> > el0t_64_sync+0x1b4/0x1b8
> > Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62) ---[ end trace
> > 938847327a739172 ]--- Kernel panic - not syncing: Oops: Fatal
> > exception
> >
> > Signed-off-by: Lianqin Hu <hulianqin@vivo.com>
> > ---
> > v1:
> >   - Optimize code comments, delete log printing
>
> This is "v2" not "v1".
>
> Also, same comment as before, what:
>   - causes port to be NULL
>   - prevents it from changing to NULL right after you check it
>
> Both need to be answered before we can take this change.
>
> thanks,
>
> greg k-h
>


--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________

Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL T. +31 (0)85 111 9172 info@amarulasolutions.com
http://www.amarulasolutions.com/

Re: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[Michael Nazzareno Trimarchi]

Hi

On Fri, Aug 16, 2024 at 3:30 PM 胡连勤 <hulianqin@vivo.com> wrote:
>
> Hello linux community expert:
>
> Q: Are you running a mainline kernel?
> A: Yes.

You should reply without top posting (refer to [1]). I'm trying to be
helpful to you but it's not easy. The question was
if your on some 6.10.y or older version of the kernel, the step to
reproduce it, and if you have any automation to test it

Michael

[1] https://subspace.kernel.org/etiquette.html

>
> Thanks
>
> -----邮件原件-----
> 发件人: Michael Nazzareno Trimarchi <michael@amarulasolutions.com>
> 发送时间: 2024年8月16日 20:17
> 收件人: gregkh@linuxfoundation.org
> 抄送: 胡连勤 <hulianqin@vivo.com>; quic_prashk@quicinc.com; quic_jjohnson@quicinc.com; linux-usb@vger.kernel.org; linux-kernel@vger.kernel.org; opensource.kernel <opensource.kernel@vivo.com>; akpm@linux-foundation.org
> 主题: Re: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback
>
> [你通常不会收到来自 michael@amarulasolutions.com 的电子邮件。请访问 https://aka.ms/LearnAboutSenderIdentification，以了解这一点为什么很重要]
>
> Hi Lianqin Hu
>
> On Fri, Aug 16, 2024 at 1:58 PM gregkh@linuxfoundation.org <gregkh@linuxfoundation.org> wrote:
> >
> > On Fri, Aug 16, 2024 at 11:21:24AM +0000, 胡连勤 wrote:
> > > From: Lianqin Hu <hulianqin@vivo.com>
> > >
> > > Added null pointer check to avoid system crash.
> > >
> > > Unable to handle kernel NULL pointer dereference at virtual address
> > > 00000000000001a8 pc : gs_read_complete+0x58/0x240 lr :
> > > usb_gadget_giveback_request+0x40/0x160
> > > sp : ffffffc00f1539c0
> > > x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000
> > > x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000
> > > x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8
> > > x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098
> > > x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000
> > > x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac
> > > x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008
> > > x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000
> > > x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0
> > > x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8
> > > Call trace:
> > > gs_read_complete+0x58/0x240
> > > usb_gadget_giveback_request+0x40/0x160
> > > dwc3_remove_requests+0x170/0x484
> > > dwc3_ep0_out_start+0xb0/0x1d4
> > > __dwc3_gadget_start+0x25c/0x720
> > > kretprobe_trampoline.cfi_jt+0x0/0x8
> > > kretprobe_trampoline.cfi_jt+0x0/0x8
> > > udc_bind_to_driver+0x1d8/0x300
> > > usb_gadget_probe_driver+0xa8/0x1dc
>
> Are you running a mainline kernel?
>
> Michael
>
> > > gadget_dev_desc_UDC_store+0x13c/0x188
> > > configfs_write_iter+0x160/0x1f4
> > > vfs_write+0x2d0/0x40c
> > > ksys_write+0x7c/0xf0
> > > __arm64_sys_write+0x20/0x30
> > > invoke_syscall+0x60/0x150
> > > el0_svc_common+0x8c/0xf8
> > > do_el0_svc+0x28/0xa0
> > > el0_svc+0x24/0x84
> > > el0t_64_sync_handler+0x88/0xec
> > > el0t_64_sync+0x1b4/0x1b8
> > > Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62) ---[ end trace
> > > 938847327a739172 ]--- Kernel panic - not syncing: Oops: Fatal
> > > exception
> > >
> > > Signed-off-by: Lianqin Hu <hulianqin@vivo.com>
> > > ---
> > > v1:
> > >   - Optimize code comments, delete log printing
> >
> > This is "v2" not "v1".
> >
> > Also, same comment as before, what:
> >   - causes port to be NULL
> >   - prevents it from changing to NULL right after you check it
> >
> > Both need to be answered before we can take this change.
> >
> > thanks,
> >
> > greg k-h
> >
>
>
> --
> Michael Nazzareno Trimarchi
> Co-Founder & Chief Executive Officer
> M. +39 347 913 2170
> michael@amarulasolutions.com
> __________________________________
>
> Amarula Solutions BV
> Joop Geesinkweg 125, 1114 AB, Amsterdam, NL T. +31 (0)85 111 9172 info@amarulasolutions.com
> http://www.amarulasolutions.com/



-- 
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________

Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com

答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[胡连勤]

Hello linux community expert:

> > Q: Are you running a mainline kernel?
> > A: Yes.
>
> You should reply without top posting (refer to [1]). I'm trying to be helpful to you but it's not easy. The question was if your on some 6.10.y or older version of the kernel, the step to reproduce it, and if you have any automation to test it
  The kernel version that has the problem is 5.15.
  To reproduce, turn on the combination mode of the mobile phone USB, such as adb+diag+serial_tty+rmnet_ipa+serial_cdev when running the monkey test.

> [1] https://subspace.kernel.org/etiquette.html

Thanks

> -----邮件原件-----
> 发件人: Michael Nazzareno Trimarchi <michael@amarulasolutions.com>
> 发送时间: 2024年8月16日 20:17
> 收件人: gregkh@linuxfoundation.org
> 抄送: 胡连勤 <hulianqin@vivo.com>; quic_prashk@quicinc.com;
> quic_jjohnson@quicinc.com; linux-usb@vger.kernel.org;
> linux-kernel@vger.kernel.org; opensource.kernel
> <opensource.kernel@vivo.com>; akpm@linux-foundation.org
> 主题: Re: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP
> callback
>
> [你通常不会收到来自 michael@amarulasolutions.com 的电子邮件。请访问
> https://aka.ms/LearnAboutSenderIdentification，以了解这一点为什么很重要]
>
> Hi Lianqin Hu
>
> On Fri, Aug 16, 2024 at 1:58 PM gregkh@linuxfoundation.org <gregkh@linuxfoundation.org> wrote:
> >
> > On Fri, Aug 16, 2024 at 11:21:24AM +0000, 胡连勤 wrote:
> > > From: Lianqin Hu <hulianqin@vivo.com>
> > >
> > > Added null pointer check to avoid system crash.
> > >
> > > Unable to handle kernel NULL pointer dereference at virtual
> > > address
> > > 00000000000001a8 pc : gs_read_complete+0x58/0x240 lr :
> > > usb_gadget_giveback_request+0x40/0x160
> > > sp : ffffffc00f1539c0
> > > x29: ffffffc00f1539c0 x28: ffffff8002a30000 x27: 0000000000000000
> > > x26: ffffff8002a30000 x25: 0000000000000000 x24: ffffff8002a30000
> > > x23: ffffff8002ff9a70 x22: ffffff898e7a7b00 x21: ffffff803c9af9d8
> > > x20: ffffff898e7a7b00 x19: 00000000000001a8 x18: ffffffc0099fd098
> > > x17: 0000000000001000 x16: 0000000080000000 x15: 0000000ac1200000
> > > x14: 0000000000000003 x13: 000000000000d5e8 x12: 0000000355c314ac
> > > x11: 0000000000000015 x10: 0000000000000012 x9 : 0000000000000008
> > > x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffffff887cd12000
> > > x5 : 0000000000000002 x4 : ffffffc00f9b07f0 x3 : ffffffc00f1538d0
> > > x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000000001a8
> > > Call trace:
> > > gs_read_complete+0x58/0x240
> > > usb_gadget_giveback_request+0x40/0x160
> > > dwc3_remove_requests+0x170/0x484
> > > dwc3_ep0_out_start+0xb0/0x1d4
> > > __dwc3_gadget_start+0x25c/0x720
> > > kretprobe_trampoline.cfi_jt+0x0/0x8
> > > kretprobe_trampoline.cfi_jt+0x0/0x8
> > > udc_bind_to_driver+0x1d8/0x300
> > > usb_gadget_probe_driver+0xa8/0x1dc
>
> Are you running a mainline kernel?
>
> Michael
>
> > > gadget_dev_desc_UDC_store+0x13c/0x188
> > > configfs_write_iter+0x160/0x1f4
> > > vfs_write+0x2d0/0x40c
> > > ksys_write+0x7c/0xf0
> > > __arm64_sys_write+0x20/0x30
> > > invoke_syscall+0x60/0x150
> > > el0_svc_common+0x8c/0xf8
> > > do_el0_svc+0x28/0xa0
> > > el0_svc+0x24/0x84
> > > el0t_64_sync_handler+0x88/0xec
> > > el0t_64_sync+0x1b4/0x1b8
> > > Code: aa1f03e1 aa1303e0 52800022 2a0103e8 (88e87e62) ---[ end
> > > trace
> > > 938847327a739172 ]--- Kernel panic - not syncing: Oops: Fatal
> > > exception
> > >
> > > Signed-off-by: Lianqin Hu <hulianqin@vivo.com>
> > > ---
> > > v1:
> > >   - Optimize code comments, delete log printing
> >
> > This is "v2" not "v1".
> >
> > Also, same comment as before, what:
> >   - causes port to be NULL
> >   - prevents it from changing to NULL right after you check it
> >
> > Both need to be answered before we can take this change.
> >
> > thanks,
> >
> > greg k-h
> >
>
>
> --
> Michael Nazzareno Trimarchi
> Co-Founder & Chief Executive Officer
> M. +39 347 913 2170
> michael@amarulasolutions.com
> __________________________________
>
> Amarula Solutions BV
> Joop Geesinkweg 125, 1114 AB, Amsterdam, NL T. +31 (0)85 111 9172
> info@amarulasolutions.com
> http://www.a/
> marulasolutions.com%2F&data=05%7C02%7Chulianqin%40vivo.com%7C5d9253962
> ca944a053e008dcbdf8b380%7C923e42dc48d54cbeb5821a797a6412ed%7C0%7C0%7C6
> 38594123095654428%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
> V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=bGLICbqT4vjx
> P22RIGujazq2N2AbsLAgdni80q%2BauaE%3D&reserved=0



--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________

Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL T. +31 (0)85 111 9172 info@amarulasolutions.com
http://www.amarulasolutions.com/

Re: 答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[gregkh]

On Fri, Aug 16, 2024 at 02:19:58PM +0000, 胡连勤 wrote:
> Hello linux community expert:
> 
> > > Q: Are you running a mainline kernel?
> > > A: Yes.
> >
> > You should reply without top posting (refer to [1]). I'm trying to be helpful to you but it's not easy. The question was if your on some 6.10.y or older version of the kernel, the step to reproduce it, and if you have any automation to test it
>   The kernel version that has the problem is 5.15.

Which specific 5.15 kernel?  The latest one or some random
Android-provided 5.15 kernel?

Does this also show up on 6.11-rc3?

>   To reproduce, turn on the combination mode of the mobile phone USB, such as adb+diag+serial_tty+rmnet_ipa+serial_cdev when running the monkey test.

What is "monkey test"?

I think this has been reported previously, and different patches have
been proposed, have you searched the archives?

Specifically, take a look at:
	https://lore.kernel.org/r/20240116141801.396398-1-khtsai@google.com

thanks,

greg k-h

答复: 答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[胡连勤]

Hello linux community expert:

>> > > Q: Are you running a mainline kernel?
>> > > A: Yes.
>> >
>> > You should reply without top posting (refer to [1]). I'm trying to
>> > be helpful to you but it's not easy. The question was if your on
>> > some 6.10.y or older version of the kernel, the step to reproduce
>> > it, and if you have any automation to test it
>>   The kernel version that has the problem is 5.15.

>Which specific 5.15 kernel?  The latest one or some random Android-provided 5.15 kernel?
 Android 13-5.15.
 The problem occurs randomly on kernel 5.15.

>Does this also show up on 6.11-rc3?
 Kernel 6.11 is still under development and has not yet been tested on a large scale, so this problem has not yet been encountered.

>>   To reproduce, turn on the combination mode of the mobile phone USB, such as adb+diag+serial_tty+rmnet_ipa+serial_cdev when running the monkey test.

>What is "monkey test"?
 Run the apk, and after it runs, click randomly on the mobile phone interface without any pattern, default user usage scenario.

>I think this has been reported previously, and different patches have been proposed, have you searched the archives?
 I haven't seen the patch given below before, I will read it carefully.
 I searched for Linux mainline commits before submitting, but I only compared them according to the crash stack information and did not notice the following commit.

>Specifically, take a look at:
>       https://lore.kernel.org/r/20240116141801.396398-1-khtsai@google.com

Thanks

答复: 答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[胡连勤]

Hello linux community expert:

>>I think this has been reported previously, and different patches have been proposed, have you searched the archives?
> I haven't seen the patch given below before, I will read it carefully.
> I searched for Linux mainline commits before submitting, but I only compared them according to the crash stack information and did not notice the following commit.
 I checked the stack trace again. The problem we encountered seems different from the problem reported in the link below, and they are not caused by the same reason.

>>Specifically, take a look at:
>>https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.
>>kernel.org%2Fr%2F20240116141801.396398-1-khtsai%40google.com&data=05%7C
>>02%7Chulianqin%40vivo.com%7Ca4b06e9db7bb43ab1bfc08dcbe01a836%7C923e42dc
>>48d54cbeb5821a797a6412ed%7C0%7C0%7C638594161566475032%7CUnknown%7CTWFpb
>>GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%
>>3D%7C0%7C%7C%7C&sdata=pdb%2B1b1qB1q2%2BZN096D9jxNytfN7%2Fo50DPt6pq5m1RU
>>%3D&reserved=0

Thanks

Re: 答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[Michael Nazzareno Trimarchi]

Hi

On Mon, Aug 19, 2024 at 10:26 AM 胡连勤 <hulianqin@vivo.com> wrote:
>
> Hello linux community expert:
>
> >>I think this has been reported previously, and different patches have been proposed, have you searched the archives?
> > I haven't seen the patch given below before, I will read it carefully.
> > I searched for Linux mainline commits before submitting, but I only compared them according to the crash stack information and did not notice the following commit.
>  I checked the stack trace again. The problem we encountered seems different from the problem reported in the link below, and they are not caused by the same reason.
>

Did you apply the patch? as suggested, is the test moving from one
gadget to the other?

Michael


> >>Specifically, take a look at:
> >>https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.
> >>kernel.org%2Fr%2F20240116141801.396398-1-khtsai%40google.com&data=05%7C
> >>02%7Chulianqin%40vivo.com%7Ca4b06e9db7bb43ab1bfc08dcbe01a836%7C923e42dc
> >>48d54cbeb5821a797a6412ed%7C0%7C0%7C638594161566475032%7CUnknown%7CTWFpb
> >>GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%
> >>3D%7C0%7C%7C%7C&sdata=pdb%2B1b1qB1q2%2BZN096D9jxNytfN7%2Fo50DPt6pq5m1RU
> >>%3D&reserved=0
>
> Thanks



-- 
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________

Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com

答复: 答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[胡连勤]

Hello linux community expert:

>> >>I think this has been reported previously, and different patches have been proposed, have you searched the archives?
>> > I haven't seen the patch given below before, I will read it carefully.
>> > I searched for Linux mainline commits before submitting, but I only compared them according to the crash stack information and did not notice the following commit.
>>  I checked the stack trace again. The problem we encountered seems different from the problem reported in the link below, and they are not caused by the same reason.
>>

>Did you apply the patch? as suggested, is the test moving from one gadget to the other?
 We apply the patch into kernel 5.15 and ran a stress test, and the problem did not recur.
 Connect the phone to the PC via a USB cable and run the monkey test (run an apk and click on it at will on the phone interface).

Thanks

Re: 答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[Michael Nazzareno Trimarchi]

Hi

On Mon, Aug 19, 2024 at 10:48 AM 胡连勤 <hulianqin@vivo.com> wrote:
>
> Hello linux community expert:
>
> >> >>I think this has been reported previously, and different patches have been proposed, have you searched the archives?
> >> > I haven't seen the patch given below before, I will read it carefully.
> >> > I searched for Linux mainline commits before submitting, but I only compared them according to the crash stack information and did not notice the following commit.
> >>  I checked the stack trace again. The problem we encountered seems different from the problem reported in the link below, and they are not caused by the same reason.
> >>
>
> >Did you apply the patch? as suggested, is the test moving from one gadget to the other?
>  We apply the patch into kernel 5.15 and ran a stress test, and the problem did not recur.

It means that does not happen again?

>  Connect the phone to the PC via a USB cable and run the monkey test (run an apk and click on it at will on the phone interface).
>

Yes I know but this monkey test is running a stress test moving from
usb storage, to other configfs right?

Michael

> Thanks



-- 
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________

Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com

答复: 答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[胡连勤]

Hello linux community expert:

>> >> >>I think this has been reported previously, and different patches have been proposed, have you searched the archives?
>> >> > I haven't seen the patch given below before, I will read it carefully.
>> >> > I searched for Linux mainline commits before submitting, but I only compared them according to the crash stack information and did not notice the following commit.
>> >>  I checked the stack trace again. The problem we encountered seems different from the problem reported in the link below, and they are not caused by the same reason.
>> >>
>>
>> >Did you apply the patch? as suggested, is the test moving from one gadget to the other?
>>  We apply the patch into kernel 5.15 and ran a stress test, and the problem did not recur.

>It means that does not happen again?
 Yes.

>>  Connect the phone to the PC via a USB cable and run the monkey test (run an apk and click on it at will on the phone interface).

>Yes I know but this monkey test is running a stress test moving from usb storage, to other configfs right?
 From the crash information, it can be seen that the switch is from mtp mode to vivo industrial mode port (adb+diag+cser_tty+gser_tty+rmnet)

Thanks

Re: 答复: [PATCH v1] usb: gadget: u_serial: check Null pointer in EP callback

[Michael Nazzareno Trimarchi]

HI

On Mon, Aug 19, 2024 at 11:00 AM 胡连勤 <hulianqin@vivo.com> wrote:
>
> Hello linux community expert:
>
> >> >> >>I think this has been reported previously, and different patches have been proposed, have you searched the archives?
> >> >> > I haven't seen the patch given below before, I will read it carefully.
> >> >> > I searched for Linux mainline commits before submitting, but I only compared them according to the crash stack information and did not notice the following commit.
> >> >>  I checked the stack trace again. The problem we encountered seems different from the problem reported in the link below, and they are not caused by the same reason.
> >> >>
> >>
> >> >Did you apply the patch? as suggested, is the test moving from one gadget to the other?
> >>  We apply the patch into kernel 5.15 and ran a stress test, and the problem did not recur.
>
> >It means that does not happen again?
>  Yes.
>
> >>  Connect the phone to the PC via a USB cable and run the monkey test (run an apk and click on it at will on the phone interface).
>
> >Yes I know but this monkey test is running a stress test moving from usb storage, to other configfs right?
>  From the crash information, it can be seen that the switch is from mtp mode to vivo industrial mode port (adb+diag+cser_tty+gser_tty+rmnet)
>
If the patch applied fix your problem, I think you are ok. I suggest
even you have an android
kernel to try to be more close to lts version of your kernel in Android

Michael


> Thanks



-- 
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael@amarulasolutions.com
__________________________________

Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info@amarulasolutions.com
www.amarulasolutions.com