Most recent kernel where this bug did not occur: Distribution: gentoo Hardware Environment: i386 Software Environment: Problem Description: dummy_hcd dummy_hcd: USB Host+Gadget Emulator, driver 02 May 2005 dummy_hcd dummy_hcd: Dummy host controller dummy_hcd dummy_hcd: new USB bus registered, assigned bus number 4 usb usb4: configuration #1 chosen from 1 choice hub 4-0:1.0: USB hub found hub 4-0:1.0: 1 port detected dummy_udc dummy_udc: binding gadget driver 'zero' zero gadget: Gadget Zero, version: St Patrick's Day 2004 zero gadget: using dummy_udc, OUT ep-b IN ep-a dummy_hcd dummy_hcd: port status 0x00010101 has changes dummy_hcd dummy_hcd: port status 0x00010101 has changes zero gadget: resume dummy_hcd dummy_hcd: port status 0x00100503 has changes usb 4-1: new high speed USB device using dummy_hcd and address 2 zero gadget: resume dummy_hcd dummy_hcd: port status 0x00100503 has changes dummy_udc dummy_udc: set_address = 2 usb 4-1: configuration #3 chosen from 2 choices dummy_udc dummy_udc: enabled ep-a (ep1in-bulk) maxpacket 512 dummy_udc dummy_udc: enabled ep-b (ep2out-bulk) maxpacket 512 zero gadget: buflen 4096 zero gadget: high speed config #3: source and sink data dummy_udc dummy_udc: unregister gadget driver 'zero' zero gadget: reset config dummy_udc dummy_udc: disabled ep-a dummy_udc dummy_udc: disabled ep-b zero gadget: unbind Unable to handle kernel NULL pointer dereference at virtual address 00000120 printing eip: c028b74d *pde = 00000000 Oops: 0000 [#1] PREEMPT Modules linked in: g_zero dummy_hcd nvnet snd_intel8x0 snd_ac97_codec snd_ac97_bus CPU: 0 EIP: 0060:[<c028b74d>] Tainted: P VLI EFLAGS: 00010286 (2.6.16 #4) EIP is at __device_release_driver+0x4d/0xc0 eax: 00000000 ebx: dd1515d8 ecx: 00000001 edx: 00000001 esi: dd151570 edi: e0c29fa0 ebp: d7cce000 esp: d7ccff2c ds: 007b es: 007b ss: 0068 Process rmmod (pid: 5998, threadinfo=d7cce000 task=d7c60050) Stack: <0>dd151570 e0c29f80 00000292 c028b7d6 dd1510d0 e0c21f8d e0c23fc4 e0c23aa3 e0c25524 e0c28a4c e0c2a040 00000000 bfdce760 d7cce000 c01347a4 00000000 657a5f67 d9006f72 df725ac0 c014e1bb ffffffff b7fbd000 b7fbc000 c014e548 Call Trace: [<c028b7d6>] device_release_driver+0x16/0x30 [<e0c21f8d>] usb_gadget_unregister_driver+0xcd/0x130 [dummy_hcd] [<c01347a4>] sys_delete_module+0x144/0x170 [<c014e1bb>] remove_vma_list+0x4b/0x60 [<c014e548>] do_munmap+0xe8/0x150 [<c014e5f7>] sys_munmap+0x47/0x70 [<c0102fbb>] sysenter_past_esp+0x54/0x75 Code: 68 e8 c8 03 00 00 8b 56 68 8d 47 14 e8 0d ac f0 ff ba f2 a7 3b c0 89 d8 e8 01 ac f0 ff 8d 46 2c e8 a9 94 0f 00 8b 86 d4 00 00 00 <8b> 90 20 01 00 00 85 d2 75 29 8b 57 7c 85 d2 75 22 c7 86 d8 00 Steps to reproduce: insmod dummy_hcd insmod g_zero rmmod g_zero
*** Bug 6673 has been marked as a duplicate of this bug. ***
*** Bug 6674 has been marked as a duplicate of this bug. ***
Can you reproduce this with an untainted kernel? Thanks, Nish P.S. Please don't submit the same bug three times.
Maybe this is fix: *** dummy_hcd.c.bak 2006-06-10 21:33:18.000000000 +0400 --- dummy_hcd.c 2006-06-10 21:13:05.000000000 +0400 *************** usb_gadget_register_driver (struct usb_g *** 823,828 **** --- 823,829 ---- } driver->driver.bus = dum->gadget.dev.parent->bus; + dum->gadget.dev.bus = dum->gadget.dev.parent->bus; driver_register (&driver->driver); device_bind_driver (&dum->gadget.dev);
This patch can't possibly be correct, in the general case, but it's barely possible that it's right for dummy-hcd ... which Alan is now handling.
This is a known bug in 2.6.16. It has been fixed in 2.6.17. If you're interested, the patch that fixed the problem is here: http://marc.theaimsgroup.com/?l=linux-usb-devel&m=114382399230085&w=2
This has been fixed for some time now, as I understand things ... so unless this gets updated with "still broken in 2.6.18-rc6" (or later) I'll mark it as closed/fixed the week of 18-sept-2006.