usb multi gadget kernel crush

Valeriy Dergachev

Hello, i am using custom am335x board and latest linux sdk

i have built g_multi gadget with rndis Ethernet, dma is enabled.

when i try to connect to windows PC sometimes it crushes the kernel with

11.954488] gadget: high-speed config #1: Multifunction with RNDIS
[   12.017934] Unable to handle kernel NULL pointer dereference at virtual address 00000014
[   12.026392] pgd = c0004000
[   12.029208] [00000014] *pgd=00000000
[   12.032944] Internal error: Oops: 17 [#1]
[   12.037120] Modules linked in: g_multi omaplfb(O) pvrsrvkm(O)
[   12.043133] CPU: 0    Tainted: G           O (3.2.0-00023-gd69b952 #62)
[   12.050162] PC is at rndis_response_complete+0x20/0x128 [g_multi]
[   12.056534] LR is at musb_g_giveback+0xd0/0x19c
[   12.061257] pc : [<bf097698>]    lr : [<c02f86c8>]    psr: 60000193
[   12.061263] sp : c0659bc8 ip : 00000000 fp : c0659bfc
[   12.073224] r10: c248c340 r9 : 00000000 r8 : c483ed00
[   12.078666] r7 : c3116000 r6 : c3116290 r5 : c248c640 r4 : 00000000
[   12.085466] r3 : 00000000 r2 : bf097678 r1 : c248c640 r0 : c3116290
[   12.092271] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel
[   12.099978] Control: 10c5387d Table: 832b0019 DAC: 00000015
[   12.105964] Process swapper (pid: 0, stack limit = 0xc06582f0)
[   12.112043] Stack: (0xc0659bc8 to 0xc065a000)
[   12.116588] 9bc0:                   c3116000 20000193 82002240 c065d7e0 c0659c1c c248c640
[   12.125114] 9be0: c3116290 00000000 c3116000 c483ed00 c0659c2c c0659c00 c02f86c8 bf097684
[   12.133641] 9c00: c0659c2c c0659c10 c003e428 c01fbdd0 000010f0 c3116000 0000000a c248c640
[   12.142167] 9c20: c0659c54 c0659c30 c02f6318 c02f8604 00000002 c248c640 c3116290 c3116000
[   12.150692] 9c40: a0000193 c483ed00 c0659c84 c0659c58 c02f6588 c02f6284 bf0a3b1c c00b0d5c
[   12.159218] 9c60: c248c640 c02f63e8 c0659d66 00000001 c3759454 c248c340 c0659ccc c0659c88
[   12.167744] 9c80: bf0a3d18 c02f63f4 c2191e80 c243de80 00000000 c483ed50 00001000 00000000
[   12.176270] 9ca0: c003e1d0 c248c640 c248c340 c31170f8 00000000 00000000 c0659d66 0000000c
[   12.184796] 9cc0: c0659d3c c0659cd0 bf0a0298 bf0a3bdc c0659cec c0659ce0 c003e2b0 c003e1e0
[   12.193323] 9ce0: c0659d24 c0659cf0 bf097fe8 c003e2a4 c311659c c06b3c30 c0659d5c 00001000
[   12.201849] 9d00: c02f9488 c243de80 c3116718 00000000 c3116000 c3116000 00000001 00001248
[   12.210375] 9d20: c483ed00 c06b3a68 00000008 bf0a00b0 c0659d9c c0659d40 c02f6c30 bf0a00bc
[   12.218901] 9d40: c3116718 c06b3c30 c0659d9c c0659d58 c02f92ac c02f8604 c3116254 c483ec00
[   12.227427] 9d60: 00000002 01a1ffc0 00000000 c3111000 c0659dcc c3116000 00000000 c06dcd48
[   12.235953] 9d80: c06b3690 00000000 00000099 000000f0 c0659dec c0659da0 c02f5088 c02f65fc
[   12.244479] 9da0: c0659dcc ffdbffc0 c3111000 00000000 00000001 0001ffc0 c06b4998 c067b3b0
[   12.253005] 9dc0: ffff8f82 c3116000 00000001 00000000 00000000 c06b4728 40000193 c483e800
[   12.261531] 9de0: c0659e44 c0659df0 c03025e0 c02f4f08 fffffffa 00000000 ffffffff 7fffffff
[   12.270058] 9e00: 00864e35 00000000 c0659e6c c0659e18 c0065400 00000000 000392f5 c30d9840
[   12.278584] 9e20: 00000013 00000000 00000000 00000013 c06cccbc c067bf24 c0659e7c c0659e48
[   12.287110] 9e40: c0078d78 c03021cc c067b3b0 c067b3b0 00000002 c067bf24 00000013 00000000
[   12.295636] 9e60: c0659f00 80004059 413fc082 00000000 c0659e94 c0659e80 c0078f10 c0078d2c
[   12.304162] 9e80: 00024000 c067bf24 c0659eac c0659e98 c007ad6c c0078eec 00000085 c068c214
[   12.312689] 9ea0: c0659ebc c0659eb0 c0078654 c007acec c0659edc c0659ec0 c00162e4 c007862c
[   12.321215] 9ec0: c0660600 00000004 fa200000 00000013 c0659efc c0659ee0 c000861c c00162b0
[   12.329741] 9ee0: c002b970 20000013 ffffffff c0659f34 c0659f74 c0659f00 c0015040 c000856c
[   12.338267] 9f00: 00000000 525cd78b 525cd78b 0008d5c0 c0662488 00000000 c0662248 00000000
[   12.346793] 9f20: 80004059 413fc082 00000000 c0659f74 2282f627 c0659f48 c0065550 c002b970
[   12.355320] 9f40: 20000013 ffffffff 525cd78b 0008d4f4 525cd78b 0008d5c0 00000000 c0662488
[   12.363846] 9f60: c06dd930 c0662248 c0659f94 c0659f78 c035620c c002b934 c06b7604 c0658000
[   12.372372] 9f80: c065e7a0 c0658000 c0659fb4 c0659f98 c00165d4 c0356170 c065a0bc c064c074
[   12.380899] 9fa0: c0767300 c065e794 c0659fc4 c0659fb8 c04840b4 c0016568 c0659ff4 c0659fc8
[   12.389425] 9fc0: c061d7d8 c048404c c061d1ac 00000000 00000000 c064c074 00000000 10c53c7d
[   12.397951] 9fe0: c065a044 c064c070 00000000 c0659ff8 80008040 c061d510 00000000 00000000
[   12.406469] Backtrace:
[   12.409036] [<bf097678>] (rndis_response_complete+0x0/0x128 [g_multi]) from [<c02f86c8>] (musb_g_giveback+0xd0/0x19c)
[   12.420093] r8:c483ed00 r7:c3116000 r6:00000000 r5:c3116290 r4:c248c640
[   12.427108] [<c02f85f8>] (musb_g_giveback+0x0/0x19c) from [<c02f6318>] (ep0_txstate+0xa0/0x170)
[   12.436171] r7:c248c640 r6:0000000a r5:c3116000 r4:000010f0
[   12.442091] [<c02f6278>] (ep0_txstate+0x0/0x170) from [<c02f6588>] (musb_g_ep0_queue+0x1a0/0x208)
[   12.451335] r8:c483ed00 r7:a0000193 r6:c3116000 r5:c3116290 r4:c248c640
[   12.458153] r3:00000002
[   12.460915] [<c02f63e8>] (musb_g_ep0_queue+0x0/0x208) from [<bf0a3d18>] (rndis_setup+0x148/0x20c [g_multi])
[   12.471099] [<bf0a3bd0>] (rndis_setup+0x0/0x20c [g_multi]) from [<bf0a0298>] (composite_setup+0x1e8/0xe20 [g_multi])
[   12.482084] [<bf0a00b0>] (composite_setup+0x0/0xe20 [g_multi]) from [<c02f6c30>] (musb_g_ep0_irq+0x640/0xf58)
[   12.492423] [<c02f65f0>] (musb_g_ep0_irq+0x0/0xf58) from [<c02f5088>] (musb_interrupt+0x18c/0x1078)
[   12.501862] [<c02f4efc>] (musb_interrupt+0x0/0x1078) from [<c03025e0>] (ti81xx_interrupt+0x420/0x5dc)
[   12.511494] [<c03021c0>] (ti81xx_interrupt+0x0/0x5dc) from [<c0078d78>] (handle_irq_event_percpu+0x58/0x1c0)
[   12.521743] [<c0078d20>] (handle_irq_event_percpu+0x0/0x1c0) from [<c0078f10>] (handle_irq_event+0x30/0x40)
[   12.531907] [<c0078ee0>] (handle_irq_event+0x0/0x40) from [<c007ad6c>] (handle_level_irq+0x8c/0x108)
[   12.541423] r4:c067bf24 r3:00024000
[   12.545162] [<c007ace0>] (handle_level_irq+0x0/0x108) from [<c0078654>] (generic_handle_irq+0x34/0x44)
[   12.554859] r4:c068c214 r3:00000085
[   12.558616] [<c0078620>] (generic_handle_irq+0x0/0x44) from [<c00162e4>] (handle_IRQ+0x40/0x8c)
[   12.567689] [<c00162a4>] (handle_IRQ+0x0/0x8c) from [<c000861c>] (omap3_intc_handle_irq+0xbc/0xc0)
[   12.577024] r6:00000013 r5:fa200000 r4:00000004 r3:c0660600
[   12.582944] [<c0008560>] (omap3_intc_handle_irq+0x0/0xc0) from [<c0015040>] (__irq_svc+0x40/0x60)
[   12.592189] Exception stack(0xc0659f00 to 0xc0659f48)
[   12.597455] 9f00: 00000000 525cd78b 525cd78b 0008d5c0 c0662488 00000000 c0662248 00000000
[   12.605981] 9f20: 80004059 413fc082 00000000 c0659f74 2282f627 c0659f48 c0065550 c002b970
[   12.614502] 9f40: 20000013 ffffffff
[   12.618132] r7:c0659f34 r6:ffffffff r5:20000013 r4:c002b970
[   12.624060] [<c002b928>] (am33xx_enter_idle+0x0/0x94) from [<c035620c>] (cpuidle_idle_call+0xa8/0x138)
[   12.633757] r6:c0662248 r5:c06dd930 r4:c0662488
[   12.638585] [<c0356164>] (cpuidle_idle_call+0x0/0x138) from [<c00165d4>] (cpu_idle+0x78/0xbc)
[   12.647467] r7:c0658000 r6:c065e7a0 r5:c0658000 r4:c06b7604
[   12.653401] [<c001655c>] (cpu_idle+0x0/0xbc) from [<c04840b4>] (rest_init+0x74/0x78)
[   12.661468] r7:c065e794 r6:c0767300 r5:c064c074 r4:c065a0bc
[   12.667404] [<c0484040>] (rest_init+0x0/0x78) from [<c061d7d8>] (start_kernel+0x2d4/0x2e0)
[   12.676023] [<c061d504>] (start_kernel+0x0/0x2e0) from [<80008040>] (0x80008040)
[   12.683736] Code: e5914014 e1a05001 e591c020 e1a06000 (e5943014)
[   12.690228] ---[ end trace 515109dbfa385334 ]---
[   12.695056] Kernel panic - not syncing: Fatal exception in interrupt
[   12.701677] Backtrace:
[   12.704256] [<c0018d28>] (dump_backtrace+0x0/0x110) from [<c048f604>] (dump_stack+0x18/0x1c)
[   12.713053] r6:00000000 r5:c0658000 r4:c06ba1c8 r3:c0679708
[   12.718983] [<c048f5ec>] (dump_stack+0x0/0x1c) from [<c048f808>] (panic+0x6c/0x194)
[   12.726979] [<c048f79c>] (panic+0x0/0x194) from [<c0019030>] (die+0x140/0x2e4)
[   12.734511] r3:00010000 r2:0000620b r1:00010000 r0:c05803e0
[   12.740422] r7:00000001
[   12.743069] [<c0018ef0>] (die+0x0/0x2e4) from [<c048f674>] (__do_kernel_fault.part.5+0x6c/0x7c)
[   12.752154] [<c048f608>] (__do_kernel_fault.part.5+0x0/0x7c) from [<c001c15c>] (do_page_fault+0x1f8/0x200)
[   12.762224] r7:c065d7e8 r3:c0659b80
[   12.765969] [<c001bf64>] (do_page_fault+0x0/0x200) from [<c00083a0>] (do_DataAbort+0x40/0xa0)
[   12.774871] [<c0008360>] (do_DataAbort+0x0/0xa0) from [<c0014fd8>] (__dabt_svc+0x38/0x60)
[   12.783401] Exception stack(0xc0659b80 to 0xc0659bc8)
[   12.788671] 9b80: c3116290 c248c640 bf097678 00000000 00000000 c248c640 c3116290 c3116000
[   12.797206] 9ba0: c483ed00 00000000 c248c340 c0659bfc 00000000 c0659bc8 c02f86c8 bf097698
[   12.805737] 9bc0: 60000193 ffffffff
[   12.809367] r7:c0659bb4 r6:ffffffff r5:60000193 r4:bf097698
[   12.815310] [<bf097678>] (rndis_response_complete+0x0/0x128 [g_multi]) from [<c02f86c8>] (musb_g_giveback+0xd0/0x19c)
[   12.826375] r8:c483ed00 r7:c3116000 r6:00000000 r5:c3116290 r4:c248c640
[   12.833397] [<c02f85f8>] (musb_g_giveback+0x0/0x19c) from [<c02f6318>] (ep0_txstate+0xa0/0x170)
[   12.842462] r7:c248c640 r6:0000000a r5:c3116000 r4:000010f0
[   12.848392] [<c02f6278>] (ep0_txstate+0x0/0x170) from [<c02f6588>] (musb_g_ep0_queue+0x1a0/0x208)
[   12.857645] r8:c483ed00 r7:a0000193 r6:c3116000 r5:c3116290 r4:c248c640
[   12.864475] r3:00000002
[   12.867229] [<c02f63e8>] (musb_g_ep0_queue+0x0/0x208) from [<bf0a3d18>] (rndis_setup+0x148/0x20c [g_multi])
[   12.877422] [<bf0a3bd0>] (rndis_setup+0x0/0x20c [g_multi]) from [<bf0a0298>] (composite_setup+0x1e8/0xe20 [g_multi])
[   12.888417] [<bf0a00b0>] (composite_setup+0x0/0xe20 [g_multi]) from [<c02f6c30>] (musb_g_ep0_irq+0x640/0xf58)
[   12.898767] [<c02f65f0>] (musb_g_ep0_irq+0x0/0xf58) from [<c02f5088>] (musb_interrupt+0x18c/0x1078)
[   12.908213] [<c02f4efc>] (musb_interrupt+0x0/0x1078) from [<c03025e0>] (ti81xx_interrupt+0x420/0x5dc)
[   12.917842] [<c03021c0>] (ti81xx_interrupt+0x0/0x5dc) from [<c0078d78>] (handle_irq_event_percpu+0x58/0x1c0)
[   12.928100] [<c0078d20>] (handle_irq_event_percpu+0x0/0x1c0) from [<c0078f10>] (handle_irq_event+0x30/0x40)
[   12.938271] [<c0078ee0>] (handle_irq_event+0x0/0x40) from [<c007ad6c>] (handle_level_irq+0x8c/0x108)
[   12.947797] r4:c067bf24 r3:00024000
[   12.951536] [<c007ace0>] (handle_level_irq+0x0/0x108) from [<c0078654>] (generic_handle_irq+0x34/0x44)
[   12.961241] r4:c068c214 r3:00000085
[   12.964990] [<c0078620>] (generic_handle_irq+0x0/0x44) from [<c00162e4>] (handle_IRQ+0x40/0x8c)
[   12.974070] [<c00162a4>] (handle_IRQ+0x0/0x8c) from [<c000861c>] (omap3_intc_handle_irq+0xbc/0xc0)
[   12.983415] r6:00000013 r5:fa200000 r4:00000004 r3:c0660600
[   12.989336] [<c0008560>] (omap3_intc_handle_irq+0x0/0xc0) from [<c0015040>] (__irq_svc+0x40/0x60)
[   12.998591] Exception stack(0xc0659f00 to 0xc0659f48)
[   13.003865] 9f00: 00000000 525cd78b 525cd78b 0008d5c0 c0662488 00000000 c0662248 00000000
[   13.012395] 9f20: 80004059 413fc082 00000000 c0659f74 2282f627 c0659f48 c0065550 c002b970
[   13.020925] 9f40: 20000013 ffffffff
[   13.024563] r7:c0659f34 r6:ffffffff r5:20000013 r4:c002b970
[   13.030486] [<c002b928>] (am33xx_enter_idle+0x0/0x94) from [<c035620c>] (cpuidle_idle_call+0xa8/0x138)
[   13.040193] r6:c0662248 r5:c06dd930 r4:c0662488
[   13.045030] [<c0356164>] (cpuidle_idle_call+0x0/0x138) from [<c00165d4>] (cpu_idle+0x78/0xbc)
[   13.053922] r7:c0658000 r6:c065e7a0 r5:c0658000 r4:c06b7604
[   13.059845] [<c001655c>] (cpu_idle+0x0/0xbc) from [<c04840b4>] (rest_init+0x74/0x78)
[   13.067922] r7:c065e794 r6:c0767300 r5:c064c074 r4:c065a0bc
[   13.073854] [<c0484040>] (rest_init+0x0/0x78) from [<c061d7d8>] (start_kernel+0x2d4/0x2e0)
[   13.082475] [<c061d504>] (start_kernel+0x0/0x2e0) from [<80008040>] (0x80008040)

when i disable ethernet adapter in windows device panel, it always works , with linux host this doesn’t happen, what maybe wrong?

over 11 years ago

0 Bin Liu over 11 years ago

TI__Guru**** 170531 points

Please try the following patch. I had the similar issue a few months ago.

diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c
index 6614490..1bb8ea8 100644
--- a/drivers/usb/gadget/f_rndis.c
+++ b/drivers/usb/gadget/f_rndis.c
@@ -405,14 +405,20 @@ static void rndis_response_available(void *_rndis)
 
 static void rndis_response_complete(struct usb_ep *ep, struct usb_request *req)
 {
-       struct f_rndis                  *rndis = req->context;
-       struct usb_composite_dev        *cdev = rndis->port.func.config->cdev;
+       struct f_rndis                  *rndis;
+       struct usb_composite_dev        *cdev;
        int                             status = req->status;
 
        /* after TX:
         *  - USB_CDC_GET_ENCAPSULATED_RESPONSE (ep0/control)
         *  - RNDIS_RESPONSE_AVAILABLE (status/irq)
         */
+       if (!req->context)
+               return;
+
+       rndis = req->context;
+       cdev = rndis->port.func.config->cdev;
+
        switch (status) {
        case -ECONNRESET:
        case -ESHUTDOWN:
-- 
1.7.0.4

0 Valeriy Dergachev over 11 years ago in reply to Bin Liu

Prodigy 120 points

thanks a lot) it solved my problem.

0 Bin Liu over 11 years ago in reply to Valeriy Dergachev

TI__Guru**** 170531 points

Sorry, but please try the following patch instead, which I remembered should be the correct fix. The previous one was just my early hack. The following patch was taken from the mainline kernel.

diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c
index c05c6fb..d214927 100644
--- a/drivers/usb/gadget/f_rndis.c
+++ b/drivers/usb/gadget/f_rndis.c
@@ -500,6 +500,7 @@ rndis_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
                        if (buf) {
                                memcpy(req->buf, buf, n);
                                req->complete = rndis_response_complete;
+                               req->context = rndis;
                                rndis_free_response(rndis->config, buf);
                                value = n;
                        }

0 Valeriy Dergachev over 11 years ago in reply to Bin Liu

Prodigy 120 points

thanks, i ll try it.

Processors

Processors forum

usb multi gadget kernel crush