Re: MUSB crash on OMAP3 board with second load of gadget

[Sergey Lapin]

On Thu, Jan 21, 2010 at 4:23 PM, Sergey Lapin <slapinid@xxxxxxxxx> wrote:
> On Thu, Jan 21, 2010 at 3:28 PM, Felipe Balbi <felipe.balbi@xxxxxxxxx> wrote:
>> On Thu, Jan 21, 2010 at 12:26:49PM +0100, ext Sergey Lapin wrote:
>>>
>>> Hi! I have crashes in MUSB code when working with USB gadget drivers.
>>> Kernel version: linux-omap master d8ebff302ff819587377b123e900e501e4135d86
>>> To reproduce: (USB device cable should be attached).
>>>
>>> dd if=/dev/zero of=/tmp/disk bs=1k count=1024
>>> mkdosfs -F 32 /tmp/disk
>>> insmod g_mass_storage  file=/tmp/disk stall=0
>>>
>>> Wait till disk is mounted on host, then
>>>
>>> rmmod g_mass_storage
>>> insmod g_mass_storage  file=/tmp/disk stall=0
>>>
>>> And here we get Oops in include/linux/list.h line 93,
>>
>> I guess it's the list corruption bug, right ?
>>
>> I've seen that, but couldn't get it to reproduce. Now that you said, I'll
>> try to find a fix for it.
If you're interested, this is my Oops dump:

[12034.007812] Unable to handle kernel NULL pointer dereference at
virtual address 00000001
[12034.015960] pgd = c0004000
[12034.018676] [00000001] *pgd=00000000
[12034.022308] Internal error: Oops: 17 [#1] PREEMPT
[12034.027038] last sysfs file:
/sys/devices/platform/leds-gpio/leds/gnome5::red14/brightness
[12034.035339] Modules linked in: g_mass_storage [last unloaded: g_mass_storage]
[12034.042541] CPU: 0    Not tainted  (2.6.33-rc4-07149-ga29cd26-dirty #9)
[12034.049224] PC is at list_del+0xc/0x90
[12034.053009] LR is at musb_g_giveback+0x28/0x130
[12034.057586] pc : [<c01b70d0>]    lr : [<c021d928>]    psr: 400001d3
[12034.057586] sp : c03f7e48  ip : 00029fa5  fp : c7832048
[12034.069122] r10: fa0ab000  r9 : fa0ab100  r8 : fa0ab100
[12034.074371] r7 : 00000001  r6 : c7832064  r5 : 00000000  r4 : c6872718
[12034.080963] r3 : 00000001  r2 : c03f7e4c  r1 : c03b02cb  r0 : c6872718
[12034.087524] Flags: nZcv  IRQs off  FIQs off  Mode SVC_32  ISA ARM
Segment kernel
[12034.095031] Control: 10c5387d  Table: 87024019  DAC: 00000017
[12034.100830] Process swapper (pid: 0, stack limit = 0xc03f62e8)
[12034.106689] Stack: (0xc03f7e48 to 0xc03f8000)
[12034.111083] 7e40:                   c6872718 c03b02cb c6872700
c021d928 c03f7e96 c021b650
[12034.119323] 7e60: c7832048 00000008 c03f7e96 00000000 00000008
c7832000 00000001 c021c230
[12034.127563] 7e80: 00000000 00000000 c0407a40 c0407538 0f2c8be7
0680c278 00000100 00000040
[12034.135803] 7ea0: 0fd51da8 00000000 000000f0 c7832000 00000008
00000099 00000000 00000000
[12034.144042] 7ec0: 00000000 c021b388 c7832000 00000008 fa0ab000
00000000 c7832000 60000153
[12034.152252] 7ee0: 0000005c c03f6000 0000005c c021b4c0 c78b9d00
c78b9d00 0000005c c0090b80
[12034.160491] 7f00: c78b9d00 c04099cc 0000005c 00000002 00000001
c03f6000 0000001f c0092c44
[12034.168731] 7f20: 0000005c 00000000 00000003 c0030070 ffffffff
fa200000 00000003 c0030ac4
[12034.176971] 7f40: 001e449b 00000000 001e449b 00000000 c04316c0
00000003 00000003 c04316c0
[12034.185211] 7f60: 80027478 411fc082 0000001f 00000000 00000000
c03f7f88 c00420d0 c00420dc
[12034.193450] 7f80: 60000053 ffffffff 00000000 001e449b 386d8e77
0fb39696 386d8e77 0f9551fb
[12034.201660] 7fa0: c03fbd50 c03fbe20 c0430cdc c03fbd50 c0476b48
c022d7ac c03f6000 c0430cdc
[12034.209899] 7fc0: c0029014 c03f9c10 80027478 c00324dc c045c9c0
c0008934 c000848c 00000000
[12034.218139] 7fe0: 00000000 c0029018 00000000 10c53c7d c0430df0
80008034 00000000 00000000
[12034.226379] [<c01b70d0>] (list_del+0xc/0x90) from [<c021d928>]
(musb_g_giveback+0x28/0x130)
[12034.234802] [<c021d928>] (musb_g_giveback+0x28/0x130) from
[<c021c230>] (musb_g_ep0_irq+0x32c/0x910)
[12034.244018] [<c021c230>] (musb_g_ep0_irq+0x32c/0x910) from
[<c021b388>] (musb_interrupt+0x2fc/0x3d4)
[12034.253204] [<c021b388>] (musb_interrupt+0x2fc/0x3d4) from
[<c021b4c0>] (generic_interrupt+0x60/0x94)
[12034.262512] [<c021b4c0>] (generic_interrupt+0x60/0x94) from
[<c0090b80>] (handle_IRQ_event+0xa4/0x1e0)
[12034.271881] [<c0090b80>] (handle_IRQ_event+0xa4/0x1e0) from
[<c0092c44>] (handle_level_irq+0xc0/0x150)
[12034.281250] [<c0092c44>] (handle_level_irq+0xc0/0x150) from
[<c0030070>] (asm_do_IRQ+0x70/0x90)
[12034.290008] [<c0030070>] (asm_do_IRQ+0x70/0x90) from [<c0030ac4>]
(__irq_svc+0x44/0xa8)
[12034.298065] Exception stack(0xc03f7f40 to 0xc03f7f88)
[12034.303161] 7f40: 001e449b 00000000 001e449b 00000000 c04316c0
00000003 00000003 c04316c0
[12034.311401] 7f60: 80027478 411fc082 0000001f 00000000 00000000
c03f7f88 c00420d0 c00420dc
[12034.319641] 7f80: 60000053 ffffffff
[12034.323150] [<c0030ac4>] (__irq_svc+0x44/0xa8) from [<c00420dc>]
(omap3_enter_idle+0x124/0x158)
[12034.331939] [<c00420dc>] (omap3_enter_idle+0x124/0x158) from
[<c022d7ac>] (cpuidle_idle_call+0xa4/0x180)
[12034.341491] [<c022d7ac>] (cpuidle_idle_call+0xa4/0x180) from
[<c00324dc>] (cpu_idle+0x48/0x98)
[12034.350189] [<c00324dc>] (cpu_idle+0x48/0x98) from [<c0008934>]
(start_kernel+0x268/0x2c8)
[12034.358489] [<c0008934>] (start_kernel+0x268/0x2c8) from
[<80008034>] (0x80008034)
[12034.366119] Code: c03a882b e92d4013 e5903004 e1a04000 (e593c000)
[12034.372406] ---[ end trace e93a9fc16bcba40b ]---
[12034.377075] Kernel panic - not syncing: Fatal exception in interrupt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/