Created attachment 26485 [details] LinuxConfig g_ether.ko was started with the following commands: insmod /lib/modules/g_ether.ko ifconfig usb0 192.168.0.1 netmask 255.255.0.0 The board is connected via USB interface to Windows XP. Windows XP identifies USB device as RNDIS interface correctly. The Windows Driver was installed with the following file “linux-2.6.30\Documentation\usb\linux.inf” Windows provides the new interface. Ping from Windows to the board functions properly. By starting Wirechack the driver g_ether.ko crashes on the board. Here are the outputs coming out: Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = c0004000 [00000000] *pgd=00000000 Internal error: Oops: 17 [#1] Modules linked in: g_ether CPU: 0 Not tainted (2.6.30 #1) PC is at strlen+0xc/0x20 LR is at rndis_msg_parser+0x3b0/0x7dc [g_ether] pc : [<c00e7d74>] lr : [<bf0023a4>] psr: 20000093 sp : c0241e88 ip : c1ff42e0 fp : c2838050 r10: c1ff42e0 r9 : c2838030 r8 : c1ff42f4 r7 : c1ff430c r6 : c1ff42f4 r5 : bf006954 r4 : 00000000 r3 : 0001010c r2 : 00000000 r1 : bf006984 r0 : 00000000 Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 0005317f Table: 21c80000 DAC: 00000017 Process swapper (pid: 0, stack limit = 0xc0240268) Stack: (0xc0241e88 to 0xc0242000) 1e80: c1067120 c1067120 c1067360 00000000 c0254918 0000000c 1ea0: c104e440 bf0027f4 c0241f08 00000000 c1067120 c02549d8 00000000 c013dddc 1ec0: c0259bbc 0000000c 000c8802 c02549d8 c1067120 c013e870 41069265 c0254918 1ee0: 000c8802 c2838030 0000000a 00000001 c02549d8 00000030 00000004 c013f17c 1f00: c0254a08 c02549f0 00000021 004c0000 00000100 c1067ae0 00000000 00000000 1f20: 0000000a 2001ee40 41069265 2001ee0c 00000000 c005b4b8 0000000a c0247f00 1f40: 0000000a 0000000a c0259a48 c005cd3c c003dc08 0000000a 00000000 c0023050 1f60: c024319c ffffffff fefff000 c00239f4 00000000 0005317f 0005217f 60000013 1f80: c0025278 c0240000 c0025278 c0259a48 2001ee40 41069265 2001ee0c 00000000 1fa0: 600000d3 c0241fb8 c00252b8 c00252c4 60000013 ffffffff c002526c c002525c 1fc0: 00000000 c02610bc c0259a1c c0020ee4 c0243c78 c0008910 c0008434 00000000 1fe0: 00000000 c0020ee4 00053175 c0259a78 c00212e8 20008034 00000000 00000000 [<c00e7d74>] (strlen+0xc/0x20) from [<bf0023a4>] (rndis_msg_parser+0x3b0/0x7dc [g_ether]) [<bf0023a4>] (rndis_msg_parser+0x3b0/0x7dc [g_ether]) from [<bf0027f4>] (rndis_command_complete+0x24/0x6c [g_ether]) [<bf0027f4>] (rndis_command_complete+0x24/0x6c [g_ether]) from [<c013dddc>] (done+0x60/0x98) [<c013dddc>] (done+0x60/0x98) from [<c013e870>] (read_fifo+0xd8/0x104) [<c013e870>] (read_fifo+0xd8/0x104) from [<c013f17c>] (at91_udc_irq+0x694/0x72c) [<c013f17c>] (at91_udc_irq+0x694/0x72c) from [<c005b4b8>] (handle_IRQ_event+0x40/0x114) [<c005b4b8>] (handle_IRQ_event+0x40/0x114) from [<c005cd3c>] (handle_level_irq+0x8c/0xe4) [<c005cd3c>] (handle_level_irq+0x8c/0xe4) from [<c0023050>] (_text+0x50/0x78) [<c0023050>] (_text+0x50/0x78) from [<c00239f4>] (__irq_svc+0x34/0x60) Exception stack(0xc0241f70 to 0xc0241fb8) 1f60: 00000000 0005317f 0005217f 60000013 1f80: c0025278 c0240000 c0025278 c0259a48 2001ee40 41069265 2001ee0c 00000000 1fa0: 600000d3 c0241fb8 c00252b8 c00252c4 60000013 ffffffff [<c00239f4>] (__irq_svc+0x34/0x60) from [<c00252b8>] (default_idle+0x40/0x58) [<c00252b8>] (default_idle+0x40/0x58) from [<c002525c>] (cpu_idle+0x38/0x54) [<c002525c>] (cpu_idle+0x38/0x54) from [<c0008910>] (start_kernel+0x248/0x2a4) [<c0008910>] (start_kernel+0x248/0x2a4) from [<20008034>] (0x20008034) Code: c024d0fc e1a02000 ea000000 e2800001 (e5d03000) Kernel panic - not syncing: Fatal exception in interrupt [<c002938c>] (unwind_backtrace+0x0/0xdc) from [<c01b826c>] (panic+0x34/0x110) [<c01b826c>] (panic+0x34/0x110) from [<c002795c>] (die+0x130/0x15c) [<c002795c>] (die+0x130/0x15c) from [<c002a4b0>] (__do_kernel_fault+0x68/0x80) [<c002a4b0>] (__do_kernel_fault+0x68/0x80) from [<c002a6d0>] (do_page_fault+0x208/0x228) [<c002a6d0>] (do_page_fault+0x208/0x228) from [<c00231f8>] (do_DataAbort+0x30/0x90) [<c00231f8>] (do_DataAbort+0x30/0x90) from [<c00239ac>] (__dabt_svc+0x4c/0x60) Exception stack(0xc0241e40 to 0xc0241e88) 1e40: 00000000 bf006984 00000000 0001010c 00000000 bf006954 c1ff42f4 c1ff430c 1e60: c1ff42f4 c2838030 c1ff42e0 c2838050 c1ff42e0 c0241e88 bf0023a4 c00e7d74 1e80: 20000093 ffffffff [<c00239ac>] (__dabt_svc+0x4c/0x60) from [<bf0023a4>] (rndis_msg_parser+0x3b0/0x7dc [g_ether]) [<bf0023a4>] (rndis_msg_parser+0x3b0/0x7dc [g_ether]) from [<bf0027f4>] (rndis_command_complete+0x24/0x6c [g_ether]) [<bf0027f4>] (rndis_command_complete+0x24/0x6c [g_ether]) from [<c013dddc>] (done+0x60/0x98) [<c013dddc>] (done+0x60/0x98) from [<c013e870>] (read_fifo+0xd8/0x104) [<c013e870>] (read_fifo+0xd8/0x104) from [<c013f17c>] (at91_udc_irq+0x694/0x72c) [<c013f17c>] (at91_udc_irq+0x694/0x72c) from [<c005b4b8>] (handle_IRQ_event+0x40/0x114) [<c005b4b8>] (handle_IRQ_event+0x40/0x114) from [<c005cd3c>] (handle_level_irq+0x8c/0xe4) [<c005cd3c>] (handle_level_irq+0x8c/0xe4) from [<c0023050>] (_text+0x50/0x78) [<c0023050>] (_text+0x50/0x78) from [<c00239f4>] (__irq_svc+0x34/0x60) Exception stack(0xc0241f70 to 0xc0241fb8) 1f60: 00000000 0005317f 0005217f 60000013 1f80: c0025278 c0240000 c0025278 c0259a48 2001ee40 41069265 2001ee0c 00000000 1fa0: 600000d3 c0241fb8 c00252b8 c00252c4 60000013 ffffffff [<c00239f4>] (__irq_svc+0x34/0x60) from [<c00252b8>] (default_idle+0x40/0x58) [<c00252b8>] (default_idle+0x40/0x58) from [<c002525c>] (cpu_idle+0x38/0x54) [<c002525c>] (cpu_idle+0x38/0x54) from [<c0008910>] (start_kernel+0x248/0x2a4) [<c0008910>] (start_kernel+0x248/0x2a4) from [<20008034>] (0x20008034) The Wirechack hang till the usb cable is unplugged. I use Linux Version linux-2.6.30 with 2.6.30-at91.patch. The Version 2.6.32.9 crashes too. For further questions, I am available from 2010-06-07 Best regards
(switched to email. Please respond via emailed reply-to-all, not via the bugzilla web interface). On Fri, 21 May 2010 12:58:58 GMT bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=16023 > > Summary: g_ether.ko crashes at the board at91sam9260-ek > Product: Drivers > Version: 2.5 > Kernel Version: 2.6.30 and 2.6.32 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: USB > AssignedTo: greg@kroah.com > ReportedBy: alexmeldevelop@googlemail.com > Regression: No > > > Created an attachment (id=26485) > --> (https://bugzilla.kernel.org/attachment.cgi?id=26485) > LinuxConfig > > g_ether.ko was started with the following commands: > > insmod /lib/modules/g_ether.ko > ifconfig usb0 192.168.0.1 netmask 255.255.0.0 > > The board is connected via USB interface to Windows XP. Windows XP identifies > USB device as RNDIS interface correctly. > The Windows Driver was installed with the following file > ___linux-2.6.30\Documentation\usb\linux.inf___ > > > Windows provides the new interface. Ping from Windows to the board functions > properly. > By starting Wirechack the driver g_ether.ko crashes on the board. > > Here are the outputs coming out: > > > Unable to handle kernel NULL pointer dereference at virtual address 00000000 > pgd = c0004000 > [00000000] *pgd=00000000 > Internal error: Oops: 17 [#1] > Modules linked in: g_ether > CPU: 0 Not tainted (2.6.30 #1) > PC is at strlen+0xc/0x20 > LR is at rndis_msg_parser+0x3b0/0x7dc [g_ether] > pc : [<c00e7d74>] lr : [<bf0023a4>] psr: 20000093 > sp : c0241e88 ip : c1ff42e0 fp : c2838050 > r10: c1ff42e0 r9 : c2838030 r8 : c1ff42f4 > r7 : c1ff430c r6 : c1ff42f4 r5 : bf006954 r4 : 00000000 > r3 : 0001010c r2 : 00000000 r1 : bf006984 r0 : 00000000 > Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel > Control: 0005317f Table: 21c80000 DAC: 00000017 > Process swapper (pid: 0, stack limit = 0xc0240268) > Stack: (0xc0241e88 to 0xc0242000) > 1e80: c1067120 c1067120 c1067360 00000000 c0254918 0000000c > 1ea0: c104e440 bf0027f4 c0241f08 00000000 c1067120 c02549d8 00000000 c013dddc > 1ec0: c0259bbc 0000000c 000c8802 c02549d8 c1067120 c013e870 41069265 c0254918 > 1ee0: 000c8802 c2838030 0000000a 00000001 c02549d8 00000030 00000004 c013f17c > 1f00: c0254a08 c02549f0 00000021 004c0000 00000100 c1067ae0 00000000 00000000 > 1f20: 0000000a 2001ee40 41069265 2001ee0c 00000000 c005b4b8 0000000a c0247f00 > 1f40: 0000000a 0000000a c0259a48 c005cd3c c003dc08 0000000a 00000000 c0023050 > 1f60: c024319c ffffffff fefff000 c00239f4 00000000 0005317f 0005217f 60000013 > 1f80: c0025278 c0240000 c0025278 c0259a48 2001ee40 41069265 2001ee0c 00000000 > 1fa0: 600000d3 c0241fb8 c00252b8 c00252c4 60000013 ffffffff c002526c c002525c > 1fc0: 00000000 c02610bc c0259a1c c0020ee4 c0243c78 c0008910 c0008434 00000000 > 1fe0: 00000000 c0020ee4 00053175 c0259a78 c00212e8 20008034 00000000 00000000 > [<c00e7d74>] (strlen+0xc/0x20) from [<bf0023a4>] > (rndis_msg_parser+0x3b0/0x7dc > [g_ether]) > [<bf0023a4>] (rndis_msg_parser+0x3b0/0x7dc [g_ether]) from [<bf0027f4>] > (rndis_command_complete+0x24/0x6c [g_ether]) > [<bf0027f4>] (rndis_command_complete+0x24/0x6c [g_ether]) from [<c013dddc>] > (done+0x60/0x98) > [<c013dddc>] (done+0x60/0x98) from [<c013e870>] (read_fifo+0xd8/0x104) > [<c013e870>] (read_fifo+0xd8/0x104) from [<c013f17c>] > (at91_udc_irq+0x694/0x72c) > [<c013f17c>] (at91_udc_irq+0x694/0x72c) from [<c005b4b8>] > (handle_IRQ_event+0x40/0x114) > [<c005b4b8>] (handle_IRQ_event+0x40/0x114) from [<c005cd3c>] > (handle_level_irq+0x8c/0xe4) > [<c005cd3c>] (handle_level_irq+0x8c/0xe4) from [<c0023050>] (_text+0x50/0x78) > [<c0023050>] (_text+0x50/0x78) from [<c00239f4>] (__irq_svc+0x34/0x60) > Exception stack(0xc0241f70 to 0xc0241fb8) > 1f60: 00000000 0005317f 0005217f 60000013 > 1f80: c0025278 c0240000 c0025278 c0259a48 2001ee40 41069265 2001ee0c 00000000 > 1fa0: 600000d3 c0241fb8 c00252b8 c00252c4 60000013 ffffffff > [<c00239f4>] (__irq_svc+0x34/0x60) from [<c00252b8>] (default_idle+0x40/0x58) > [<c00252b8>] (default_idle+0x40/0x58) from [<c002525c>] (cpu_idle+0x38/0x54) > [<c002525c>] (cpu_idle+0x38/0x54) from [<c0008910>] > (start_kernel+0x248/0x2a4) > [<c0008910>] (start_kernel+0x248/0x2a4) from [<20008034>] (0x20008034) > Code: c024d0fc e1a02000 ea000000 e2800001 (e5d03000) > Kernel panic - not syncing: Fatal exception in interrupt > [<c002938c>] (unwind_backtrace+0x0/0xdc) from [<c01b826c>] (panic+0x34/0x110) > [<c01b826c>] (panic+0x34/0x110) from [<c002795c>] (die+0x130/0x15c) > [<c002795c>] (die+0x130/0x15c) from [<c002a4b0>] > (__do_kernel_fault+0x68/0x80) > [<c002a4b0>] (__do_kernel_fault+0x68/0x80) from [<c002a6d0>] > (do_page_fault+0x208/0x228) > [<c002a6d0>] (do_page_fault+0x208/0x228) from [<c00231f8>] > (do_DataAbort+0x30/0x90) > [<c00231f8>] (do_DataAbort+0x30/0x90) from [<c00239ac>] > (__dabt_svc+0x4c/0x60) > Exception stack(0xc0241e40 to 0xc0241e88) > 1e40: 00000000 bf006984 00000000 0001010c 00000000 bf006954 c1ff42f4 c1ff430c > 1e60: c1ff42f4 c2838030 c1ff42e0 c2838050 c1ff42e0 c0241e88 bf0023a4 c00e7d74 > 1e80: 20000093 ffffffff > [<c00239ac>] (__dabt_svc+0x4c/0x60) from [<bf0023a4>] > (rndis_msg_parser+0x3b0/0x7dc [g_ether]) > [<bf0023a4>] (rndis_msg_parser+0x3b0/0x7dc [g_ether]) from [<bf0027f4>] > (rndis_command_complete+0x24/0x6c [g_ether]) > [<bf0027f4>] (rndis_command_complete+0x24/0x6c [g_ether]) from [<c013dddc>] > (done+0x60/0x98) > [<c013dddc>] (done+0x60/0x98) from [<c013e870>] (read_fifo+0xd8/0x104) > [<c013e870>] (read_fifo+0xd8/0x104) from [<c013f17c>] > (at91_udc_irq+0x694/0x72c) > [<c013f17c>] (at91_udc_irq+0x694/0x72c) from [<c005b4b8>] > (handle_IRQ_event+0x40/0x114) > [<c005b4b8>] (handle_IRQ_event+0x40/0x114) from [<c005cd3c>] > (handle_level_irq+0x8c/0xe4) > [<c005cd3c>] (handle_level_irq+0x8c/0xe4) from [<c0023050>] (_text+0x50/0x78) > [<c0023050>] (_text+0x50/0x78) from [<c00239f4>] (__irq_svc+0x34/0x60) > Exception stack(0xc0241f70 to 0xc0241fb8) > 1f60: 00000000 0005317f 0005217f 60000013 > 1f80: c0025278 c0240000 c0025278 c0259a48 2001ee40 41069265 2001ee0c 00000000 > 1fa0: 600000d3 c0241fb8 c00252b8 c00252c4 60000013 ffffffff > [<c00239f4>] (__irq_svc+0x34/0x60) from [<c00252b8>] (default_idle+0x40/0x58) > [<c00252b8>] (default_idle+0x40/0x58) from [<c002525c>] (cpu_idle+0x38/0x54) > [<c002525c>] (cpu_idle+0x38/0x54) from [<c0008910>] > (start_kernel+0x248/0x2a4) > [<c0008910>] (start_kernel+0x248/0x2a4) from [<20008034>] (0x20008034) > > > > The Wirechack hang till the usb cable is unplugged. > > > > I use Linux Version linux-2.6.30 with 2.6.30-at91.patch. > The Version 2.6.32.9 crashes too. > > > For further questions, I am available from 2010-06-07 >
On Fri, 21 May 2010 14:52:18 -0700 (PDT) David Brownell <david-b@pacbell.net> wrote: > For the record: looks unrelated to the board. Some patch must have borkt > the RNDIS message parsing. I can't see any likely-looking changes to drivers/usb/gadget/rndis.c over the past couple of years.
Reply-To: david-b@pacbell.net For the record: looks unrelated to the board. Some patch must have borkt the RNDIS message parsing.
Same problem for me with AT91SAM9263 board from Ronetix and AT91SAM9260 board.
The problem is caused by: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=drivers/usb/gadget/f_rndis.c;h=882484a40398bce12d0eab023b9ab7922d1cade3;hb=HEAD#l710 This leads to invalid pointer dereference at: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=drivers/usb/gadget/rndis.c;h=5c0d06c79a81f1f5e5198aa1576e5e2d29d369f7;hb=HEAD#l295 Not being an expert in RNDIS not I just added NULL pointer checking to avoid the problem. But would appreciate a better solution.
closing as the patch is now in my tree.