Re: crash by cdc_acm driver in kernels 4.8-rc1/5

From: Oliver Neukum
Date: Tue Nov 15 2016 - 06:13:10 EST


On Tue, 2016-11-15 at 01:16 +0100, Wim Osterholt wrote:

Hi,

> Whell, yes.
> The only thing that appears you'll have to do is unset 'CONFIG_SMP'.

OK. I haven't tested that, nor would I ever considered it.

> My machines didn't have the luxury of multicore processors (until recently),
> so there never has been any reason to deliberately switch these options on!
>
> In the process of searching, many options may have changed. The crash/OOPS
> has now mitigated into just a WARNING with a call trace.
> (Or it could be a totally different bug?)
> After the call trace the device is working normally and a shutdown
> completes to the end now.
> That is with the config given here:
> http://webserver.djo.tudelft.nl/.config-4.9-rc4.OK (CONFIG_SMP=y)
> http://webserver.djo.tudelft.nl/WARNING-4.9-rc4 (call trace for C_S unset)
>
> Tests on other machines with (slightly) different configs all seem to
> confirm that the problems are gone when CONFIG_SMP is set.

OK, something extremely strange is going on. And I think it is time to get
the big hammer out. I made an extremely stupid debugging patch. Could
you test with it?

Regards
Oliver

From d9c67172611257c262a19e9d3d4d9e6b9a69e88c Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@xxxxxxx>
Date: Tue, 8 Nov 2016 16:12:11 +0100
Subject: [PATCH] acm: insane debugging

extremnely stupid debugging patch

Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx>
---
drivers/usb/class/cdc-acm.c | 49 +++++++++++++++++++++++++++++++++++++++------
1 file changed, 43 insertions(+), 6 deletions(-)

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 0f3f62e..a460e46 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1329,68 +1329,103 @@ made_compressed_probe:
if (acm == NULL)
goto alloc_fail;

+printk(KERN_ERR"Check point 1\n");
minor = acm_alloc_minor(acm);
if (minor < 0)
goto alloc_fail1;
-
+printk(KERN_ERR"Check point 2\n");
ctrlsize = usb_endpoint_maxp(epctrl);
+printk(KERN_ERR"Check point 3\n");
readsize = usb_endpoint_maxp(epread) *
(quirks == SINGLE_RX_URB ? 1 : 2);
+printk(KERN_ERR"Check point 4\n");
acm->combined_interfaces = combined_interfaces;
+printk(KERN_ERR"Check point 5\n");
acm->writesize = usb_endpoint_maxp(epwrite) * 20;
+printk(KERN_ERR"Check point 6\n");
acm->control = control_interface;
+printk(KERN_ERR"Check point 7\n");
acm->data = data_interface;
+printk(KERN_ERR"Check point 8\n");
acm->minor = minor;
+printk(KERN_ERR"Check point 9\n");
acm->dev = usb_dev;
+printk(KERN_ERR"Check point 10\n");
if (h.usb_cdc_acm_descriptor)
acm->ctrl_caps = h.usb_cdc_acm_descriptor->bmCapabilities;
+printk(KERN_ERR"Check point 11\n");
if (quirks & NO_CAP_LINE)
acm->ctrl_caps &= ~USB_CDC_CAP_LINE;
+printk(KERN_ERR"Check point 12\n");
acm->ctrlsize = ctrlsize;
+printk(KERN_ERR"Check point 13\n");
acm->readsize = readsize;
+printk(KERN_ERR"Check point 14\n");
acm->rx_buflimit = num_rx_buf;
+printk(KERN_ERR"Check point 15\n");
INIT_WORK(&acm->work, acm_softint);
+printk(KERN_ERR"Check point 16\n");
init_waitqueue_head(&acm->wioctl);
+printk(KERN_ERR"Check point 17\n");
spin_lock_init(&acm->write_lock);
+printk(KERN_ERR"Check point 18\n");
spin_lock_init(&acm->read_lock);
+printk(KERN_ERR"Check point 19\n");
mutex_init(&acm->mutex);
+printk(KERN_ERR"Check point 20\n");
acm->is_int_ep = usb_endpoint_xfer_int(epread);
+printk(KERN_ERR"Check point 21\n");
if (acm->is_int_ep)
acm->bInterval = epread->bInterval;
+printk(KERN_ERR"Check point 22\n");
tty_port_init(&acm->port);
+printk(KERN_ERR"Check point 23\n");
acm->port.ops = &acm_port_ops;
+printk(KERN_ERR"Check point 24\n");
init_usb_anchor(&acm->delayed);
+printk(KERN_ERR"Check point 25\n");
acm->quirks = quirks;
+printk(KERN_ERR"Check point 26\n");

buf = usb_alloc_coherent(usb_dev, ctrlsize, GFP_KERNEL, &acm->ctrl_dma);
if (!buf)
goto alloc_fail2;
acm->ctrl_buffer = buf;
+printk(KERN_ERR"Check point 27\n");

if (acm_write_buffers_alloc(acm) < 0)
goto alloc_fail4;
+printk(KERN_ERR"Check point 28\n");

acm->ctrlurb = usb_alloc_urb(0, GFP_KERNEL);
if (!acm->ctrlurb)
goto alloc_fail5;
+printk(KERN_ERR"Check point 29\n");

for (i = 0; i < num_rx_buf; i++) {
struct acm_rb *rb = &(acm->read_buffers[i]);
struct urb *urb;
+printk(KERN_ERR"Check point 30, buffer %d\n", i);

rb->base = usb_alloc_coherent(acm->dev, readsize, GFP_KERNEL,
&rb->dma);
if (!rb->base)
goto alloc_fail6;
+printk(KERN_ERR"Check point 31, buffer %d\n", i);
rb->index = i;
+printk(KERN_ERR"Check point 32, buffer %d\n", i);
rb->instance = acm;
+printk(KERN_ERR"Check point 33, buffer %d\n", i);

urb = usb_alloc_urb(0, GFP_KERNEL);
if (!urb)
goto alloc_fail6;
+printk(KERN_ERR"Check point 34, buffer %d\n", i);

urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
+printk(KERN_ERR"Check point 35, buffer %d\n", i);
urb->transfer_dma = rb->dma;
+printk(KERN_ERR"Check point 36, buffer %d\n", i);
if (acm->is_int_ep) {
usb_fill_int_urb(urb, acm->dev,
usb_rcvintpipe(usb_dev, epread->bEndpointAddress),
@@ -1405,9 +1440,11 @@ made_compressed_probe:
acm->readsize,
acm_read_bulk_callback, rb);
}
-
+printk(KERN_ERR"Check point 37, buffer %d\n", i);
acm->read_urbs[i] = urb;
+printk(KERN_ERR"Check point 38, buffer %d\n", i);
__set_bit(i, &acm->read_urbs_free);
+printk(KERN_ERR"Check point 39, buffer %d\n", i);
}
for (i = 0; i < ACM_NW; i++) {
struct acm_wb *snd = &(acm->wb[i]);
@@ -1431,11 +1468,11 @@ made_compressed_probe:
}

usb_set_intfdata(intf, acm);
-
+printk(KERN_ERR"Check point 40\n");
i = device_create_file(&intf->dev, &dev_attr_bmCapabilities);
if (i < 0)
goto alloc_fail7;
-
+printk(KERN_ERR"Check point 41\n");
if (h.usb_cdc_country_functional_desc) { /* export the country data */
struct usb_cdc_country_functional_desc * cfd =
h.usb_cdc_country_functional_desc;
@@ -1447,7 +1484,7 @@ made_compressed_probe:
memcpy(acm->country_codes, (u8 *)&cfd->wCountyCode0,
cfd->bLength - 4);
acm->country_rel_date = cfd->iCountryCodeRelDate;
-
+printk(KERN_ERR"Check point 42\n");
i = device_create_file(&intf->dev, &dev_attr_wCountryCodes);
if (i < 0) {
kfree(acm->country_codes);
@@ -1455,7 +1492,7 @@ made_compressed_probe:
acm->country_code_size = 0;
goto skip_countries;
}
-
+printk(KERN_ERR"Check point 43\n");
i = device_create_file(&intf->dev,
&dev_attr_iCountryCodeRelDate);
if (i < 0) {
--
2.1.4