Hi! I'm using an AM3505 based board with MUSB in host mode. Accessing a storage device works fine until I unplug it. Then I get a kernel panic: [ 46.827880] Unable to handle kernel NULL pointer dereference at virtual address 00000011 [ 46.836456] pgd = c0004000 [ 46.839324] [00000011] *pgd=00000000 [ 46.843139] Internal error: Oops: 17 [#1] ARM [ 46.847778] Modules linked in: usb_storage [ 46.852142] CPU: 0 Not tainted (3.4.0-rc3alpha-00039-g18d08f9-dirty #39) [ 46.859619] PC is at rxstate+0x8/0xcc [ 46.863525] LR is at musb_interrupt+0xdc/0x154 [ 46.868255] pc : [<c0296818>] lr : [<c0295138>] psr: 60000193 [ 46.868255] sp : c0533e80 ip : c0590c8c fp : c7aa6500 [ 46.880371] r10: 60000193 r9 : 00000000 r8 : 00000001 [ 46.885894] r7 : 00000002 r6 : 00000001 r5 : 000000d4 r4 : c7af2128 [ 46.892791] r3 : c03b541c r2 : c0533e4c r1 : ffffffcc r0 : c7af2128 [ 46.899719] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel [ 46.907531] Control: 10c5387d Table: 87140019 DAC: 00000015 [ 46.913604] Process swapper (pid: 0, stack limit = 0xc05322f0) [ 46.919769] Stack: (0xc0533e80 to 0xc0534000) [ 46.924377] 3e80: c7af2128 00000000 00000001 00000002 00000001 00000000 60000193 c0295138 [ 46.933044] 3ea0: 00000000 00000004 c7af2128 00280000 00000000 c888a000 c054cb9c c0299c94 [ 46.941680] 3ec0: c0299b34 c7aa6400 c0555f20 00000047 00000047 80004059 00000000 00000000 [ 46.950347] 3ee0: c0555f98 c0073148 c0555f80 00000001 80004059 c0065f68 00060000 c0555f20 [ 46.958984] 3f00: c0555f70 c7aa6400 00000047 80004059 411fc087 00000000 00000000 c0073350 [ 46.967620] 3f20: c0555f20 c0555f70 c0533f70 c0075454 00000047 00000000 c0533f70 c0072ae8 [ 46.976287] 3f40: 000001da c000dd14 00000000 fa200000 c058fd1c c000852c c053cf60 c000dfd0 [ 46.984924] 3f60: 20000013 ffffffff c0533fa4 c03867c4 00000001 c053cf60 00000000 c000de0c [ 46.993560] 3f80: c0532000 c053eb30 c053e6c8 c058f4c8 80004059 411fc087 00000000 00000000 [ 47.002227] 3fa0: c05676c0 c0533fb8 c00669b8 c000dfd0 20000013 ffffffff 00000000 c053ac30 [ 47.010864] 3fc0: c058f400 c0bdf540 c053e6bc c05046dc 00000000 00000000 c0504168 00000000 [ 47.019500] 3fe0: 00000000 c05278f8 10c53c7d c053a0cc c05278f0 80008040 00000000 00000000 [ 47.028198] [<c0296818>] (rxstate+0x8/0xcc) from [<c0295138>] (musb_interrupt+0xdc/0x154) [ 47.036895] [<c0295138>] (musb_interrupt+0xdc/0x154) from [<c0299c94>] (am35x_musb_interrupt+0x160/0x20c) [ 47.047058] [<c0299c94>] (am35x_musb_interrupt+0x160/0x20c) from [<c0073148>] (handle_irq_event_percpu+0x78/0x244) [ 47.058044] [<c0073148>] (handle_irq_event_percpu+0x78/0x244) from [<c0073350>] (handle_irq_event+0x3c/0x5c) [ 47.068481] [<c0073350>] (handle_irq_event+0x3c/0x5c) from [<c0075454>] (handle_level_irq+0xb8/0xd0) [ 47.078155] [<c0075454>] (handle_level_irq+0xb8/0xd0) from [<c0072ae8>] (generic_handle_irq+0x30/0x44) [ 47.088043] [<c0072ae8>] (generic_handle_irq+0x30/0x44) from [<c000dd14>] (handle_IRQ+0x60/0x84) [ 47.097381] [<c000dd14>] (handle_IRQ+0x60/0x84) from [<c000852c>] (omap3_intc_handle_irq+0x54/0x68) [ 47.106994] [<c000852c>] (omap3_intc_handle_irq+0x54/0x68) from [<c03867c4>] (__irq_svc+0x44/0x60) [ 47.116455] Exception stack(0xc0533f70 to 0xc0533fb8) [ 47.121826] 3f60: 00000001 c053cf60 00000000 c000de0c [ 47.130462] 3f80: c0532000 c053eb30 c053e6c8 c058f4c8 80004059 411fc087 00000000 00000000 [ 47.139099] 3fa0: c05676c0 c0533fb8 c00669b8 c000dfd0 20000013 ffffffff [ 47.146148] [<c03867c4>] (__irq_svc+0x44/0x60) from [<c000dfd0>] (cpu_idle+0x6c/0xc8) [ 47.154449] [<c000dfd0>] (cpu_idle+0x6c/0xc8) from [<c05046dc>] (start_kernel+0x258/0x29c) [ 47.163238] Code: e1a00005 e8bd81f0 e92d47f0 e3a050d4 (e5d13045) [ 47.169921] ---[ end trace 0756e0df28097749 ]--- [ 47.174835] Kernel panic - not syncing: Fatal exception in interrupt The code is in drivers/usb/musb/musb_gadget.c. Here rxstate is called from musb_g_rx with an req parameter of 0xffffffcc. Enabling debug info in musb_interrupt() in musb_core.c indicates that it receives an peripheral interrupt just after unplug: ... [ 42.589721] musb-hdrc musb-hdrc: ** IRQ host usb0008 tx0000 rx0004 [ 42.596588] musb-hdrc musb-hdrc: ** IRQ host usb0008 tx0000 rx0004 [ 42.652496] musb-hdrc musb-hdrc: ** IRQ host usb0008 tx0004 rx0000 [ 42.659362] musb-hdrc musb-hdrc: ** IRQ host usb0008 tx0000 rx0004 ** unplugging here ** [ 46.813629] musb-hdrc musb-hdrc: ** IRQ peripheral usb0028 tx0000 rx0004 [ 46.819036] musb-hdrc musb-hdrc: <== (null), rxcsr 0000 ffffffcc [ 46.827880] Unable to handle kernel NULL pointer dereference at virtual address 00000011 ... My board setup is based on arch/arm/mach-omap2/board-am3517evm.c, which sets mode = MUSB_HOST. It seems that am35x_set_mode() is not called which should configure the mode register, so I added CONF2_FORCE_HOST to am3517_evm_musb_init(), but this didn't change anything. Also, I tried removing the ifdefs from am35x_set_mode() in arch/arm/mach-omap2/omap_phy_internal.c, as CONFIG_USB_MUSB_HDRC_HCD doesn't exist in Kconfig anymore (see commit 622859634a663c5e55d0e2a2cdbb55ac058d97b3). Is it expected that I receive a peripheral interrupt even when forcing host mode? Best regards, Jan -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
