The attached patch fixes the symptom.
The NULL dereference is caused by "chase_port" in
drivers/usb/serial/io_ti.c as tty == NULL.
Unfortunately I'm not familiar with the usb-serial system.
I guess the tty is already cleaned up and chase_port shouldn't be called
at this point.
It works for me but I'd like to see the proper solution.
On 03/01/13 00:44, Wolfgang Frisch wrote:
> I have a problem with my Digi Edgeport USB sensor.
>
> 1. Environment:
> - Digi Watchport/H USB sensor (io_ti driver)
> - Linux v3.7.1 on amd64
> Tested with v3.7.1 on 2 physical machines.
> Further tests were done in a virtual machine.
>
> 2. Observations:
> The problem was observed with Linux 3.7.1, 3.2 and 3.1.
> I'm not able to find a recent kernel without this problem.
>
> The sensor works until it is disconnected while its character device
> still being used. This causes a kernel Oops.
>
> Steps to reproduce:
> - Attach Watchport sensor
> - Connect, e.g.: minicom -D /dev/ttyUSB0
> - Detach the sensor
> - Kernel oops
>
> The dmesg log is attached.
>
diff --git a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c
index 60023c2..65258c1 100644
--- a/drivers/usb/serial/io_ti.c
+++ b/drivers/usb/serial/io_ti.c
@@ -534,6 +534,11 @@ static void chase_port(struct edgeport_port *port, unsigned long timeout,
wait_queue_t wait;
unsigned long flags;
+ // FIXME: chase_port is called with tty == NULL
+ if (tty == NULL) {
+ return;
+ }
+
if (!timeout)
timeout = (HZ * EDGE_CLOSING_WAIT)/100;
