Re: [PATCH v3] hid-sony: Prevent crash when rumble effects are still loaded at USB disconnect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 06/12/2016 03:56 PM, Antonio Ospite wrote:

On Sun, 12 Jun 2016 12:01:31 +0200
Manuel Reimer <mail+linux-input@xxxxxxxxxxx> wrote:


On 06/11/2016 09:15 PM, Cameron Gutman wrote:

[...]

I want to be sure we're on the right track though. Can you please resolve the address in the RIP register to a
line number in hid-sony.c?


Can you point me to some instructions on how to do this? The only way to
debug things, I currently know, is the "good old print(f/k)" debugging...



The return addresses are in the trace from the Oops, you can resolve
them with objdump, see:
https://ao2.it/en/blog/2010/11/02/bug-hunting-linux-kernel-land-unpretentious-primer

Ciao,
   Antonio


Thank you for this link and sorry for the late response.

This is my latest crash (abbreviated):

[  183.865163] ml_ff_playback start. Effect: 1 Value: 1
[  184.897065] ml_ff_playback start. Effect: 0 Value: 0
[  184.900069] hid-sony: Sending to uninitialized device failed!
[  184.956432] ml_ff_playback start. Effect: 1 Value: 0
[  184.957933] hid-sony: Sending to uninitialized device failed!
[  185.023015] ml_ff_playback start. Effect: 2 Value: 0
[  185.026143] hid-sony: Sending to uninitialized device failed!
[  190.863508] ml_effect_timer start
[ 190.866803] BUG: unable to handle kernel NULL pointer dereference at 00000000000000d8 [ 190.866803] IP: [<ffffffffa037f33d>] sony_play_effect+0x2d/0x90 [hid_sony]
Also contains some of my printk messages, so we now can actually see why the last sending attempts are happening (attempt to stop the effects). 

My sony_play_effect is at 0x310 and with 0x2d added we are at 0x33d.

In my case:
     339:	4c 8d 63 04          	lea    0x4(%rbx),%r12
sony_play_effect():
/home/manuel/kernel/4.5.4/src/b/drivers/hid/hid-sony.c:1978
     33d:	88 83 d8 00 00 00    	mov    %al,0xd8(%rbx)
/home/manuel/kernel/4.5.4/src/b/drivers/hid/hid-sony.c:1979
	sc->right = effect->u.rumble.weak_magnitude / 256;
     343:	0f b6 42 13          	movzbl 0x13(%rdx),%eax
sony_schedule_work():
/home/manuel/kernel/4.5.4/src/b/drivers/hid/hid-sony.c:1059
So if I interpret this right, then the source for the crash is the assignment of the weak magnitude value to sc->right? Maybe sc already freed/zeroed? 

Manuel
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media Devel]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Linux Wireless Networking]     [Linux Omap]

  Powered by Linux