Re: crash by cdc_acm driver in kernels 4.8-rc1/5

Oliver Neukum <oneukum@xxxxxxxx> · Tue, 15 Nov 2016 12:07:03 +0100

On Tue, 2016-11-15 at 01:16 +0100, Wim Osterholt wrote:

Hi,

> Whell, yes.
> The only thing that appears you'll have to do is unset 'CONFIG_SMP'.

OK. I haven't tested that, nor would I ever considered it.
 
> My machines didn't have the luxury of multicore processors (until recently),
> so there never has been any reason to deliberately switch these options on!
> 
> In the process of searching, many options may have changed. The crash/OOPS
> has now mitigated into just a WARNING with a call trace.
> (Or it could be a totally different bug?)
> After the call trace the device is working normally and a shutdown
> completes to the end now.
> That is with the config given here:
> http://webserver.djo.tudelft.nl/.config-4.9-rc4.OK (CONFIG_SMP=y)
> http://webserver.djo.tudelft.nl/WARNING-4.9-rc4    (call trace for C_S unset)
> 
> Tests on other machines with (slightly) different configs all seem to
> confirm that the problems are gone when CONFIG_SMP is set.

OK, something extremely strange is going on. And I think it is time to get
the big hammer out. I made an extremely stupid debugging patch. Could
you test with it?

	Regards
		Oliver

From d9c67172611257c262a19e9d3d4d9e6b9a69e88c Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@xxxxxxx>
Date: Tue, 8 Nov 2016 16:12:11 +0100
Subject: [PATCH] acm: insane debugging

extremnely stupid debugging patch

Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
---
 drivers/usb/class/cdc-acm.c | 49 +++++++++++++++++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 0f3f62e..a460e46 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1329,68 +1329,103 @@ made_compressed_probe:
 	if (acm == NULL)
 		goto alloc_fail;
 
+printk(KERN_ERR"Check point  1\n");
 	minor = acm_alloc_minor(acm);
 	if (minor < 0)
 		goto alloc_fail1;
-
+printk(KERN_ERR"Check point  2\n");
 	ctrlsize = usb_endpoint_maxp(epctrl);
+printk(KERN_ERR"Check point  3\n");
 	readsize = usb_endpoint_maxp(epread) *
 				(quirks == SINGLE_RX_URB ? 1 : 2);
+printk(KERN_ERR"Check point  4\n");
 	acm->combined_interfaces = combined_interfaces;
+printk(KERN_ERR"Check point  5\n");
 	acm->writesize = usb_endpoint_maxp(epwrite) * 20;
+printk(KERN_ERR"Check point  6\n");
 	acm->control = control_interface;
+printk(KERN_ERR"Check point  7\n");
 	acm->data = data_interface;
+printk(KERN_ERR"Check point  8\n");
 	acm->minor = minor;
+printk(KERN_ERR"Check point  9\n");
 	acm->dev = usb_dev;
+printk(KERN_ERR"Check point  10\n");
 	if (h.usb_cdc_acm_descriptor)
 		acm->ctrl_caps = h.usb_cdc_acm_descriptor->bmCapabilities;
+printk(KERN_ERR"Check point  11\n");
 	if (quirks & NO_CAP_LINE)
 		acm->ctrl_caps &= ~USB_CDC_CAP_LINE;
+printk(KERN_ERR"Check point  12\n");
 	acm->ctrlsize = ctrlsize;
+printk(KERN_ERR"Check point  13\n");
 	acm->readsize = readsize;
+printk(KERN_ERR"Check point  14\n");
 	acm->rx_buflimit = num_rx_buf;
+printk(KERN_ERR"Check point  15\n");
 	INIT_WORK(&acm->work, acm_softint);
+printk(KERN_ERR"Check point  16\n");
 	init_waitqueue_head(&acm->wioctl);
+printk(KERN_ERR"Check point  17\n");
 	spin_lock_init(&acm->write_lock);
+printk(KERN_ERR"Check point  18\n");
 	spin_lock_init(&acm->read_lock);
+printk(KERN_ERR"Check point  19\n");
 	mutex_init(&acm->mutex);
+printk(KERN_ERR"Check point  20\n");
 	acm->is_int_ep = usb_endpoint_xfer_int(epread);
+printk(KERN_ERR"Check point  21\n");
 	if (acm->is_int_ep)
 		acm->bInterval = epread->bInterval;
+printk(KERN_ERR"Check point  22\n");
 	tty_port_init(&acm->port);
+printk(KERN_ERR"Check point  23\n");
 	acm->port.ops = &acm_port_ops;
+printk(KERN_ERR"Check point  24\n");
 	init_usb_anchor(&acm->delayed);
+printk(KERN_ERR"Check point  25\n");
 	acm->quirks = quirks;
+printk(KERN_ERR"Check point  26\n");
 
 	buf = usb_alloc_coherent(usb_dev, ctrlsize, GFP_KERNEL, &acm->ctrl_dma);
 	if (!buf)
 		goto alloc_fail2;
 	acm->ctrl_buffer = buf;
+printk(KERN_ERR"Check point  27\n");
 
 	if (acm_write_buffers_alloc(acm) < 0)
 		goto alloc_fail4;
+printk(KERN_ERR"Check point  28\n");
 
 	acm->ctrlurb = usb_alloc_urb(0, GFP_KERNEL);
 	if (!acm->ctrlurb)
 		goto alloc_fail5;
+printk(KERN_ERR"Check point  29\n");
 
 	for (i = 0; i < num_rx_buf; i++) {
 		struct acm_rb *rb = &(acm->read_buffers[i]);
 		struct urb *urb;
+printk(KERN_ERR"Check point  30, buffer %d\n", i);
 
 		rb->base = usb_alloc_coherent(acm->dev, readsize, GFP_KERNEL,
 								&rb->dma);
 		if (!rb->base)
 			goto alloc_fail6;
+printk(KERN_ERR"Check point  31, buffer %d\n", i);
 		rb->index = i;
+printk(KERN_ERR"Check point  32, buffer %d\n", i);
 		rb->instance = acm;
+printk(KERN_ERR"Check point  33, buffer %d\n", i);
 
 		urb = usb_alloc_urb(0, GFP_KERNEL);
 		if (!urb)
 			goto alloc_fail6;
+printk(KERN_ERR"Check point  34, buffer %d\n", i);
 
 		urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
+printk(KERN_ERR"Check point  35, buffer %d\n", i);
 		urb->transfer_dma = rb->dma;
+printk(KERN_ERR"Check point  36, buffer %d\n", i);
 		if (acm->is_int_ep) {
 			usb_fill_int_urb(urb, acm->dev,
 					 usb_rcvintpipe(usb_dev, epread->bEndpointAddress),
@@ -1405,9 +1440,11 @@ made_compressed_probe:
 					  acm->readsize,
 					  acm_read_bulk_callback, rb);
 		}
-
+printk(KERN_ERR"Check point  37, buffer %d\n", i);
 		acm->read_urbs[i] = urb;
+printk(KERN_ERR"Check point  38, buffer %d\n", i);
 		__set_bit(i, &acm->read_urbs_free);
+printk(KERN_ERR"Check point  39, buffer %d\n", i);
 	}
 	for (i = 0; i < ACM_NW; i++) {
 		struct acm_wb *snd = &(acm->wb[i]);
@@ -1431,11 +1468,11 @@ made_compressed_probe:
 	}
 
 	usb_set_intfdata(intf, acm);
-
+printk(KERN_ERR"Check point  40\n");
 	i = device_create_file(&intf->dev, &dev_attr_bmCapabilities);
 	if (i < 0)
 		goto alloc_fail7;
-
+printk(KERN_ERR"Check point 41\n");
 	if (h.usb_cdc_country_functional_desc) { /* export the country data */
 		struct usb_cdc_country_functional_desc * cfd =
 					h.usb_cdc_country_functional_desc;
@@ -1447,7 +1484,7 @@ made_compressed_probe:
 		memcpy(acm->country_codes, (u8 *)&cfd->wCountyCode0,
 							cfd->bLength - 4);
 		acm->country_rel_date = cfd->iCountryCodeRelDate;
-
+printk(KERN_ERR"Check point  42\n");
 		i = device_create_file(&intf->dev, &dev_attr_wCountryCodes);
 		if (i < 0) {
 			kfree(acm->country_codes);
@@ -1455,7 +1492,7 @@ made_compressed_probe:
 			acm->country_code_size = 0;
 			goto skip_countries;
 		}
-
+printk(KERN_ERR"Check point  43\n");
 		i = device_create_file(&intf->dev,
 						&dev_attr_iCountryCodeRelDate);
 		if (i < 0) {
-- 
2.1.4





