Android SDK
  1. Android SDK

linux-imx

Public

Commits

Peter Chen
d1fea6ce833
Peter Chen committed 81058840235
MLK-22366-8 usb: cdns3: ep0: check gadget private data pointer before calling composite_setup

At very rare cases, the cdev at compsite driver will be NULL when the
interrupt occurs, see below oops. The root cause has not found, to avoid
NULL pointer, we could add one checker before calling composite API.

libprocessgroup: Successfully killed process cgroup uid 0 pid 10441 in 41ms
using random self ethernet address
using random host ethernet address
init: Service 'adbd' (pid 10441) received signal 9
init: processing action (init.svc.adbd=stopped) from (/init.usb.configfs.rc:14)
init: Received control message 'start' for 'adbd' from pid: 3215 (/vendor/bin/hw/android.hardware.usb@1.1-service.imx)
init: starting service 'adbd'...
init: Created socket '/dev/socket/adbd', mode 660, user 1000, group 1000
read descriptors
read strings
usb0: HOST MAC 1a:7c:d4:da:d4:57
usb0: MAC 6e:64:d4:2b:a2:01
init: Received control message 'start' for 'adbd' from pid: 3345 (system_server)
android_work: did not send uevent (0 0           (null))
read descriptors
read strings
android_work: sent uevent USB_STATE=CONNECTED
configfs-gadget gadget: high-speed config #1: b
android_work: sent uevent USB_STATE=CONFIGURED
android_work: sent uevent USB_STATE=DISCONNECTED
read descriptors
read strings
android_work: sent uevent USB_STATE=CONNECTED
configfs-gadget gadget: high-speed config #1: b
android_work: sent uevent USB_STATE=CONFIGURED
Unable to handle kernel NULL pointer dereference at virtual address 00000090
android_work: sent uevent USB_STATE=DISCONNECTED
Mem abort info:
  Exception class = DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgd = ffff80082c136000
[0000000000000090] *pgd=00000008ac177003, *pud=00000008ac178003, *pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in: wlan
CPU: 3 PID: 2329 Comm: irq/37-5b110000 Tainted: G        W       4.14.98-07849-g5336857 #3
Hardware name: Freescale i.MX8QXP MEK (DT)
task: ffff80083b3e8000 task.stack: ffff00000b318000
PC is at _raw_spin_lock_irqsave+0x1c/0x50
LR is at android_setup+0x34/0x13c
pc : [<ffff000009009d30>] lr : [<ffff000008a03288>] pstate: 800001c5
sp : ffff00000b31bc30
x29: ffff00000b31bc30 x28: ffff80083ae4a6a4
x27: 0000000000000001 x26: 0000000000000140
x25: ffff000008145bc8 x24: ffff8008360ed010
x23: 0000000000000000 x22: 0000000000000090
x21: ffff80083b3e8000 x20: ffff00000a8ee000
x19: fffffffffffffbd8 x18: 0000000000000008
x17: 0000f63c442ded10 x16: ffff000008173bf8
x15: 00006436c9000000 x14: 002756cd00000000
x13: 00e80008a2b0df53 x12: 0000000000000018
x11: 000000082cd330c0 x10: 0000000000000a30
x9 : ffff00000b31bd00 x8 : ffff80083b3e8a90
x7 : 0000000082bdc457 x6 : 0000000000000001
x5 : 0000000000000000 x4 : 0000000000000000
x3 : 00000000000001c0 x2 : ffff80083b3e8000
x1 : 0000000000000001 x0 : 0000000000000090

X2: 0xffff80083b3e7f80:
7f80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7fa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7fc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7fe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
8000  00000020 00000000 ffffffff ffffffff 00000002 00000000 00000000 00000000
8020  0b318000 ffff0000 00000003 00208040 00000000 00000000 00000000 00000000
8040  00000001 00000003 00000006 00000000 00082641 00000001 31296200 ffff8008
8060  00000003 00000001 00000031 00000078 00000031 00000032 09031e38 ffff0000

X8: 0xffff80083b3e8a10:
8a10  00000000 00000000 3ae46f80 ffff8008 00000001 00000000 00000000 00000000
8a30  2ccd0e00 ffff8008 3b3e8000 ffff8008 3b3e8000 ffff8008 09873000 ffff0000
8a50  367af800 ffff8008 00000000 00000000 3b3e8648 ffff8008 09c7e000 ffff0000
8a70  3ff67800 ffff8008 09031d48 ffff0000 0b31bd00 ffff0000 0b31bd00 ffff0000
8a90  080861bc ffff0000 00000000 00000000 00000000 00000000 00000000 00000000
8ab0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
8ad0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
8af0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

X19: 0xfffffffffffffb58:
fb58  ******** ******** ******** ******** ******** ******** ******** ********
fb78  ******** ******** ******** ******** ******** ******** ******** ********
fb98  ******** ******** ******** ******** ******** ******** ******** ********
fbb8  ******** ******** ******** ******** ******** ******** ******** ********
fbd8  ******** ******** ******** ******** ******** ******** ******** ********
fbf8  ******** ******** ******** ******** ******** ******** ******** ********
fc18  ******** ******** ******** ******** ******** ******** ******** ********
fc38  ******** ******** ******** ******** ******** ******** ******** ********

X21: 0xffff80083b3e7f80:
7f80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7fa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7fc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
7fe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
8000  00000020 00000000 ffffffff ffffffff 00000002 00000000 00000000 00000000
8020  0b318000 ffff0000 00000003 00208040 00000000 00000000 00000000 00000000
8040  00000001 00000003 00000006 00000000 00082641 00000001 31296200 ffff8008
8060  00000003 00000001 00000031 00000078 00000031 00000032 09031e38 ffff0000

X24: 0xffff8008360ecf90:
cf90  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
cfb0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
cfd0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
cff0  00000000 00000000 00000000 00000000 3ae4c010 ffff8008 3ae4c010 ffff8008
d010  00000000 00000000 360ed018 ffff8008 360ed018 ffff8008 08a067ec ffff0000
d030  36191400 ffff8008 091c3650 ffff0000 3bf5d618 ffff8008 3bf5d730 ffff8008
d050  361a0430 ffff8008 00000000 00000005 00000000 00000000 095d0150 ffff0000
d070  3ae4c010 ffff8008 361a0500 ffff8008 095c9850 ffff0000 36191428 ffff8008

X28: 0xffff80083ae4a624:
a624  00000000 00000000 00000025 0000010f 00000000 3ae4a600 ffff8008 09d8fad0
a644  ffff0000 3a088000 ffff8008 3ab11780 ffff8008 00000000 00000000 09886bb0
a664  ffff0000 081486a4 ffff0000 3ae46a80 ffff8008 00000000 00000000 00000000
a684  00000000 00011a91 00000000 00082641 00000001 00000001 0000f49b 8000f49b
a6a4  352b352b 00000000 00000000 00000000 00000000 00000000 00000000 00000000
a6c4  00000000 00000000 00000000 00000001 00000000 f2def2de 00000000 3ae4a6e0
a6e4  ffff8008 3ae4a6e0 ffff8008 00000001 00000000 00000000 00000000 361a0700
a704  ffff8008 00000000 00000000 00000000 00000000 3ab11400 ffff8008 3ae4a720

Process irq/37-5b110000 (pid: 2329, stack limit = 0xffff00000b318000)
Call trace:
Exception stack(0xffff00000b31baf0 to 0xffff00000b31bc30)
bae0:                                   0000000000000090 0000000000000001
bb00: ffff80083b3e8000 00000000000001c0 0000000000000000 0000000000000000
bb20: 0000000000000001 0000000082bdc457 ffff80083b3e8a90 ffff00000b31bd00
bb40: 0000000000000a30 000000082cd330c0 0000000000000018 00e80008a2b0df53
bb60: 002756cd00000000 00006436c9000000 ffff000008173bf8 0000f63c442ded10
bb80: 0000000000000008 fffffffffffffbd8 ffff00000a8ee000 ffff80083b3e8000
bba0: 0000000000000090 0000000000000000 ffff8008360ed010 ffff000008145bc8
bbc0: 0000000000000140 0000000000000001 ffff80083ae4a6a4 ffff00000b31bc30
bbe0: ffff000008a03288 ffff00000b31bc30 ffff000009009d30 00000000800001c5
bc00: ffff80083b3e8648 ffff000009c7e000 ffffffffffffffff ffff80083b3e8000
bc20: ffff00000b31bc30 ffff000009009d30
[<ffff000009009d30>] _raw_spin_lock_irqsave+0x1c/0x50
[<ffff0000089bd9b0>] cdns3_ep0_delegate_req+0x4c/0x80
[<ffff0000089be004>] cdns3_check_ep0_interrupt_proceed+0x33c/0x654
[<ffff0000089bca44>] cdns3_device_thread_irq_handler+0x4b0/0x4bc
[<ffff0000089b77b4>] cdns3_thread_irq+0x48/0x68
[<ffff000008145bf0>] irq_thread_fn+0x28/0x88
[<ffff000008145e38>] irq_thread+0x13c/0x228
[<ffff0000080fed70>] kthread+0x104/0x130
[<ffff000008085064>] ret_from_fork+0x10/0x18
Code: b9401041 11000421 b9001041 f9800011 (885ffc01)
---[ end trace 497c9866542e50ab ]---
Kernel panic - not syncing: Fatal exception
SMP: stopping secondary CPUs
Kernel Offset: disabled
CPU features: 0x0802008
Memory Limit: none
Rebooting in 5 seconds..

Signed-off-by: Peter Chen <peter.chen@nxp.com>