From patchwork Mon Nov 21 13:19:32 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oliver Neukum X-Patchwork-Id: 83230 Delivered-To: patch@linaro.org Received: by 10.140.97.165 with SMTP id m34csp1520349qge; Mon, 21 Nov 2016 05:25:44 -0800 (PST) X-Received: by 10.13.221.12 with SMTP id g12mr14915629ywe.257.1479734744838; Mon, 21 Nov 2016 05:25:44 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x206si4724662ywa.334.2016.11.21.05.25.44; Mon, 21 Nov 2016 05:25:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754600AbcKUNZl (ORCPT + 26 others); Mon, 21 Nov 2016 08:25:41 -0500 Received: from mx2.suse.de ([195.135.220.15]:52182 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754185AbcKUNZj (ORCPT ); Mon, 21 Nov 2016 08:25:39 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 2ACD3AC1A; Mon, 21 Nov 2016 13:25:38 +0000 (UTC) Message-ID: <1479734372.2332.1.camel@suse.com> Subject: Re: crash by cdc_acm driver in kernels 4.8-rc1/5 From: Oliver Neukum To: wim@djo.tudelft.nl Cc: poma , linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org Date: Mon, 21 Nov 2016 14:19:32 +0100 In-Reply-To: <20161117161134.GA14413@djo.tudelft.nl> References: <1476713445.3938.1.camel@suse.com> <20161017152042.GA26559@djo.tudelft.nl> <1476793123.2637.3.camel@suse.com> <20161115001619.GA21030@djo.tudelft.nl> <20161115132930.GA20918@djo.tudelft.nl> <1479299670.2000.13.camel@suse.com> <20161116150757.GA15605@djo.tudelft.nl> <20161117015732.GA17637@djo.tudelft.nl> <20161117091434.GA6107@djo.tudelft.nl> <20161117161134.GA14413@djo.tudelft.nl> X-Mailer: Evolution 3.12.11 Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2016-11-17 at 17:11 +0100, Wim Osterholt wrote: > Nov 17 15:07:51 localhost kernel: Check point 10 > Nov 17 15:07:51 localhost kernel: BUG: unable to handle kernel NULL pointer dereference at 00000249 > Nov 17 15:07:51 localhost kernel: IP: [] acm_probe+0x559/0xe53 [cdc_acm] > Nov 17 15:07:51 localhost kernel: *pde = 00000000 > Nov 17 15:07:51 localhost kernel: Oops: 0000 [#1] SMP I don't understand it, bit please test the attached patch with dynamic debugging for cdc-acm and the kernel log level at maximum. And please repost "lsusb -v" for your device. Regards Oliver >From 51665f8ce6e13ba11b93b856290135bfe529d835 Mon Sep 17 00:00:00 2001 From: Oliver Neukum Date: Mon, 21 Nov 2016 14:08:31 +0100 Subject: [PATCH] CDC-ACM: debugging for parsed descriptors This is necessary to debug the parser on malformed headers. Signed-off-by: Oliver Neukum --- drivers/usb/class/cdc-acm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 6895f9e..f03b5db 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1188,6 +1188,12 @@ static int acm_probe(struct usb_interface *intf, cdc_parse_cdc_header(&h, intf, buffer, buflen); union_header = h.usb_cdc_union_desc; + + dev_dbg(&intf->dev, "Parsed device header\n"); + dev_dbg(&intf->dev, "Union descriptor %p\n", h.usb_cdc_union_desc); + dev_dbg(&intf->dev, "ACM descriptor %p\n", h.usb_cdc_acm_descriptor); + dev_dbg(&intf->dev, "Country descriptor %p\n", h.usb_cdc_country_functional_desc); + cmgmd = h.usb_cdc_call_mgmt_descriptor; if (cmgmd) call_intf_num = cmgmd->bDataInterface; -- 2.1.4