On Sun, Aug 2, 2009 at 23:09, Alex Riesen<raa.lkml@xxxxxxxxx> wrote:
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000003
> IP: [<ffffffffa005ce38>] acm_rx_tasklet+0x24e/0x3a3 [cdc_acm]
I tried to look a little around acm_rx_tasklet (cdc-acm.c, -rc5). I
think it is this code:
0000000000001bea <acm_rx_tasklet>:
...
1e27: 4d 8b 44 24 18 mov 0x18(%r12),%r8
1e2c: 89 f8 mov %edi,%eax
1e2e: c1 f8 0f sar $0xf,%eax
1e31: 83 e0 0f and $0xf,%eax
1e34: 48 8b 14 c2 mov (%rdx,%rax,8),%rdx
1e38: 0f b6 42 03 movzbl 0x3(%rdx),%eax ; I think it crashed here
which is this:
movq 24(%r12), %r8 # <variable>.base, temp.1149
movl %edi, %eax # D.22806, tmp117
sarl $15, %eax #, tmp117
andl $15, %eax #, tmp119
movq (%rdx,%rax,8), %rdx #, ep
movzbl 3(%rdx), %eax # <variable>.desc.bmAttributes,
<variable>.desc.bmAttributes
and correspondingly:
466 ep = (usb_pipein(acm->rx_endpoint) ? acm->dev->ep_in : acm->dev->ep_out)
467 [usb_pipeendpoint(acm->rx_endpoint)];
468 if (usb_endpoint_xfer_int(&ep->desc))
So it looks like ep is NULL (usb_endpoint_xfer_int accesses desc.bmAttributes,
which is 3 bytes off the beginning of struct usb_host_endpoint (desc being the
first field in usb_host_endpoint).
Any help with further debugging is very much appreciated (because
I don't know where to continue yet).
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
