From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752421AbcI1JQS (ORCPT ); Wed, 28 Sep 2016 05:16:18 -0400 Received: from mx2.suse.de ([195.135.220.15]:43905 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754058AbcI1JQI (ORCPT ); Wed, 28 Sep 2016 05:16:08 -0400 Message-ID: <1475054164.4635.7.camel@suse.com> Subject: Re: crash by cdc_acm driver in kernels 4.8-rc1/5 From: Oliver Neukum To: wim@djo.tudelft.nl Cc: linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org Date: Wed, 28 Sep 2016 11:16:04 +0200 In-Reply-To: <20160927163414.GA21487@djo.tudelft.nl> References: <20160908115803.GA28274@djo.tudelft.nl> <1473337238.32073.2.camel@suse.com> <20160908125850.GC28274@djo.tudelft.nl> <1473339915.32073.3.camel@suse.com> <20160912024340.GA16266@djo.tudelft.nl> <1474376714.4358.28.camel@suse.com> <20160920154520.GA12174@djo.tudelft.nl> <1474460477.2675.19.camel@suse.com> <20160921164122.GB18823@djo.tudelft.nl> <1474555250.30534.1.camel@suse.com> <20160927163414.GA21487@djo.tudelft.nl> Content-Type: multipart/mixed; boundary="=-tnsqqlJL3OOv4nNWAuJ1" X-Mailer: Evolution 3.12.11 Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-tnsqqlJL3OOv4nNWAuJ1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit On Tue, 2016-09-27 at 18:34 +0200, Wim Osterholt wrote: > On Thu, Sep 22, 2016 at 04:40:50PM +0200, Oliver Neukum wrote: > > > > dmesg -c > > echo 9 > /proc/sysrq-trigger > > modprobe cdc_acm > > echo "module cdc_acm +mpf" > /sys/kernel/debug/dynamic_debug/control > > > > [plug your device in] > > > > and provide the full output of dmesg after that. > > After some experimenting I succeeded in grabbing it over the serial port. > The console was immedately frozen, but the serial port kept working: Very good. This is a valid oops. We can do two things. When I decode it, seems to crash in acm_alloc_minor() which does not make sense. It is likely that our kernels or compilers are a bit different. Could you please call gdb on your kernel module cdc-acm.ko and do: list *(acm_probe+0x4ee) this should show you where it crashes. In addition I've attached a patch with paranoid debugging. Could you compile and test a kernel with it? Regards Oliver --=-tnsqqlJL3OOv4nNWAuJ1 Content-Disposition: attachment; filename="0001-CDC-ACM-more-paranoid-debugging.patch" Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name="0001-CDC-ACM-more-paranoid-debugging.patch"; charset="UTF-8" RnJvbSAyOGJiNTI1YWIyOTViZDAxNDc2ODg2OGVhZmI2YTc2ZDBjMGQ4MGMyIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBPbGl2ZXIgTmV1a3VtIDxvbmV1a3VtQHN1c2UuY29tPgpEYXRl OiBXZWQsIDI4IFNlcCAyMDE2IDExOjExOjA0ICswMjAwClN1YmplY3Q6IFtQQVRDSF0gQ0RDLUFD TTogbW9yZSBwYXJhbm9pZCBkZWJ1Z2dpbmcKCi0tLQogZHJpdmVycy91c2IvY2xhc3MvY2RjLWFj bS5jIHwgNCArKysrCiAxIGZpbGUgY2hhbmdlZCwgNCBpbnNlcnRpb25zKCspCgpkaWZmIC0tZ2l0 IGEvZHJpdmVycy91c2IvY2xhc3MvY2RjLWFjbS5jIGIvZHJpdmVycy91c2IvY2xhc3MvY2RjLWFj bS5jCmluZGV4IDc4ZjBmODUuLjI4M2UxNmUgMTAwNjQ0Ci0tLSBhL2RyaXZlcnMvdXNiL2NsYXNz L2NkYy1hY20uYworKysgYi9kcml2ZXJzL3VzYi9jbGFzcy9jZGMtYWNtLmMKQEAgLTEzMjQsMTAg KzEzMjQsMTMgQEAgbWFkZV9jb21wcmVzc2VkX3Byb2JlOgogCWlmIChtaW5vciA8IDApCiAJCWdv dG8gYWxsb2NfZmFpbDE7CiAKKwlXQVJOX09OKCFlcGN0cmwpOwogCWN0cmxzaXplID0gdXNiX2Vu ZHBvaW50X21heHAoZXBjdHJsKTsKKwlXQVJOX09OKCFlcHJlYWQpOwogCXJlYWRzaXplID0gdXNi X2VuZHBvaW50X21heHAoZXByZWFkKSAqCiAJCQkJKHF1aXJrcyA9PSBTSU5HTEVfUlhfVVJCID8g MSA6IDIpOwogCWFjbS0+Y29tYmluZWRfaW50ZXJmYWNlcyA9IGNvbWJpbmVkX2ludGVyZmFjZXM7 CisJV0FSTl9PTighZXB3cml0ZSk7CiAJYWNtLT53cml0ZXNpemUgPSB1c2JfZW5kcG9pbnRfbWF4 cChlcHdyaXRlKSAqIDIwOwogCWFjbS0+Y29udHJvbCA9IGNvbnRyb2xfaW50ZXJmYWNlOwogCWFj bS0+ZGF0YSA9IGRhdGFfaW50ZXJmYWNlOwpAQCAtMTM1Miw2ICsxMzU1LDcgQEAgbWFkZV9jb21w cmVzc2VkX3Byb2JlOgogCWFjbS0+cG9ydC5vcHMgPSAmYWNtX3BvcnRfb3BzOwogCWluaXRfdXNi X2FuY2hvcigmYWNtLT5kZWxheWVkKTsKIAlhY20tPnF1aXJrcyA9IHF1aXJrczsKKwlkZXZfZGJn KCZpbnRmLT5kZXYsICJjb250cm9sIHN0cnVjdHVyZXMgc2V0IHVwXG4iKTsKIAogCWJ1ZiA9IHVz Yl9hbGxvY19jb2hlcmVudCh1c2JfZGV2LCBjdHJsc2l6ZSwgR0ZQX0tFUk5FTCwgJmFjbS0+Y3Ry bF9kbWEpOwogCWlmICghYnVmKQotLSAKMi42LjIKCg== --=-tnsqqlJL3OOv4nNWAuJ1--