On Sat, 18 Aug 2012, Amit Uttamchandani wrote: > On Fri, Aug 17, 2012 at 10:04:24PM -0400, Alan Stern wrote: > > [snip] > > Thanks for the reply. > > > > > > > Some updates: > > > > > > After running usbmon, I realized that the paging request address is the > > > address of the urb. > > > > That doesn't make sense. implement() shouldn't know anything about the > > address of any URBs. (It should be able to access an URB's transfer > > buffer, but that's a different matter.) > > > > Check out the following output from the oops markup > (http://paste.debian.net/184443/). It isolates the > faulting instruction. Maybe it makes more sense to you? Nope. That output shows nothing about any URBs. In particular, it gives no indication that the faulting address is an URB's address. > > > I think the urb gets deleted while the implement > > > function is going on. > > > > If hid_output_report() gets passed the address of an URB then something > > has already gone wrong. > > > > Looking at the output of usbmon, the kernel re-uses URB addresses. Is it > possible that the urb is freed while the instruction is in > *implement()*? In fact, the usbhid driver does not free any URBs until it is unbound from the device. It keeps a circular queue of URBs and uses them in sequence, over and over. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
