Looks like something nulled out urb->dev somehow ... after the urb got past checks for that in usbcore and usb-ohci, right along the submit path.
That strongly suggests it wasn't the thread submitting the URB, leaving printer.c as the main candidate for trashing this data structure. Does this reproduce if you run with only one CPU? Had any printer close() or disconnect activity happened around the time of this oops? - Dave ----- Original Message ----- From: "Allen Barnett" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 29, 2002 2:24 PM Subject: [linux-usb-devel] Oops in USB Driver on SMP Athlon System > Hi, > > I've got an SMP Athon system: Tyan S2466 motherboard (AMD 760MPX chip set) > with an OPTi Inc. 82C861 (rev 20) (prog-if 10 [OHCI]) PCI USB board. I'm > getting an oops trying to scan with an HP OfficeJet G85 connected to a USB > port. With kernel 2.4.18, the ksymoops output is (ptal-mlcd is the > OfficeJet's user mode driver): > > Unable to handle kernel NULL pointer dereference at virtual address 000000c0 > *pde = 00000000 > Oops: 0000 > CPU: 1 > EIP: 0010:[<f88a8385>] Not tainted > Using defaults from ksymoops -t elf32-i386 -a i386 > EFLAGS: 00010086 > eax: f73cfd5c ebx: 00000000 ecx: f6b580c0 edx: f73cfd5c > esi: f78f5800 edi: f6ae0264 ebp: f6b57000 esp: f68e5ed4 > ds: 0018 es: 0018 ss: 0018 > Process ptal-mlcd (pid: 1476, stackpage=f68e5000) > Stack: f7cb8ec4 000001f0 00000040 00000014 36b57000 36b57000 f78f5800 f6b580c0 > f6b57000 f88a6b6a f73cfd5c 0000c65f f6ae0278 f68e5f30 f68e4000 00000000 > 00000246 00000001 00000001 c0008300 f6ae0264 f6b580c0 f78f5800 36b57000 > Call Trace: [<f88a6b6a>] [<f8898174>] [<f88d67a1>] [<c013f165>] [<c0123842>] > [<c011e83b>] [<c010762b>] > Code: 8b 83 c0 00 00 00 8b 40 28 89 44 24 10 8b 44 24 28 8b 40 2c > > >>EIP; f88a8385 <[usb-ohci]td_submit_urb+15/360> <===== > Trace; f88a6b6a <[usb-ohci]sohci_submit_urb+63a/680> > Trace; f8898174 <[usbcore]usb_submit_urb+24/30> > Trace; f88d67a1 <[printer]usblp_write+181/1b0> > Trace; c013f165 <sys_write+95/160> > Trace; c0123842 <sys_alarm+32/50> > Trace; c011e83b <sys_gettimeofday+1b/a0> > Trace; c010762b <system_call+33/38> > Code; f88a8385 <[usb-ohci]td_submit_urb+15/360> > 00000000 <_EIP>: > Code; f88a8385 <[usb-ohci]td_submit_urb+15/360> <===== > 0: 8b 83 c0 00 00 00 mov 0xc0(%ebx),%eax <===== > Code; f88a838b <[usb-ohci]td_submit_urb+1b/360> > 6: 8b 40 28 mov 0x28(%eax),%eax > Code; f88a838e <[usb-ohci]td_submit_urb+1e/360> > 9: 89 44 24 10 mov %eax,0x10(%esp,1) > Code; f88a8392 <[usb-ohci]td_submit_urb+22/360> > d: 8b 44 24 28 mov 0x28(%esp,1),%eax > Code; f88a8396 <[usb-ohci]td_submit_urb+26/360> > 11: 8b 40 2c mov 0x2c(%eax),%eax > > I'd appreciate any help getting this working with the 2.4 series. > > Thanks, > Allen >
