From: syzbot <syzbot+7634edaea4d0b341c625@syzkaller.appspotmail.com>
To: andreyknvl@google.com, linux-usb@vger.kernel.org,
stern@rowland.harvard.edu, syzkaller-bugs@googlegroups.com
Subject: WARNING in usb_submit_urb (4)
Date: Tue, 16 Apr 2019 14:10:00 -0700 [thread overview]
Message-ID: <00000000000021301c0586ac31f4@google.com> (raw)
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
WARNING in usb_submit_urb
hub 3-0:1.0: 0000000090da6a2e hub_activate type 4 discon 0
hub 3-0:1.0: 0000000090da6a2e Submitting status URB
hub 3-0:1.0: 0000000090da6a2e Submitting status URB
------------[ cut here ]------------
URB 000000000612b84f submitted while active
WARNING: CPU: 1 PID: 3403 at drivers/usb/core/urb.c:363
usb_submit_urb+0x1110/0x1400 drivers/usb/core/urb.c:363
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 3403 Comm: kworker/1:2 Not tainted 4.20.0-rc1+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_power_efficient hub_init_func2
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x253/0x3bb lib/dump_stack.c:113
panic+0x2cb/0x586 kernel/panic.c:188
__warn.cold+0x20/0x4e kernel/panic.c:540
report_bug+0x263/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:290
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969
RIP: 0010:usb_submit_urb+0x1110/0x1400 drivers/usb/core/urb.c:363
Code: 89 de e8 73 20 7d fc 84 db 0f 85 fe f5 ff ff e8 26 1f 7d fc 4c 89 fe
48 c7 c7 60 49 93 88 c6 05 b3 1a 10 05 01 e8 00 94 46 fc <0f> 0b e9 dc f5
ff ff c7 45 c8 01 00 00 00 e9 94 f6 ff ff 41 be ed
RSP: 0018:ffff8881c64d7820 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81656e66 RDI: 0000000000000005
RBP: ffff8881c64d7880 R08: ffff8881c64fe2c0 R09: ffff8881c64feb88
R10: ffff8881c64fe2c0 R11: 0000000000000000 R12: ffff8881c64d79a0
R13: ffff8881ba64f690 R14: 00000000fffffff0 R15: ffff8881cc9bd200
hub_activate+0xcef/0x19f0 drivers/usb/core/hub.c:1219
hub_init_func2+0x1e/0x30 drivers/usb/core/hub.c:1244
process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153
worker_thread+0x143/0x14a0 kernel/workqueue.c:2296
kthread+0x357/0x430 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: e12e00e3 Merge tag 'kbuild-fixes-v4.20' of git://git.kerne..
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=154bbb87200000
kernel config: https://syzkaller.appspot.com/x/.config?x=69667e62a5e247a7
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
patch: https://syzkaller.appspot.com/x/patch.diff?x=1721f267200000
WARNING: multiple messages have this Message-ID (diff)
From: syzbot <syzbot+7634edaea4d0b341c625@syzkaller.appspotmail.com>
To: andreyknvl@google.com, linux-usb@vger.kernel.org,
stern@rowland.harvard.edu, syzkaller-bugs@googlegroups.com
Subject: Re: WARNING in usb_submit_urb (4)
Date: Tue, 16 Apr 2019 14:10:00 -0700 [thread overview]
Message-ID: <00000000000021301c0586ac31f4@google.com> (raw)
Message-ID: <20190416211000.43oq1WdVClMrAghOVdDMqSPT8xKAk6BGlnzc2GDKZ1c@z> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1904161614160.1605-100000@iolanthe.rowland.org>
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
WARNING in usb_submit_urb
hub 3-0:1.0: 0000000090da6a2e hub_activate type 4 discon 0
hub 3-0:1.0: 0000000090da6a2e Submitting status URB
hub 3-0:1.0: 0000000090da6a2e Submitting status URB
------------[ cut here ]------------
URB 000000000612b84f submitted while active
WARNING: CPU: 1 PID: 3403 at drivers/usb/core/urb.c:363
usb_submit_urb+0x1110/0x1400 drivers/usb/core/urb.c:363
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 3403 Comm: kworker/1:2 Not tainted 4.20.0-rc1+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_power_efficient hub_init_func2
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x253/0x3bb lib/dump_stack.c:113
panic+0x2cb/0x586 kernel/panic.c:188
__warn.cold+0x20/0x4e kernel/panic.c:540
report_bug+0x263/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:290
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969
RIP: 0010:usb_submit_urb+0x1110/0x1400 drivers/usb/core/urb.c:363
Code: 89 de e8 73 20 7d fc 84 db 0f 85 fe f5 ff ff e8 26 1f 7d fc 4c 89 fe
48 c7 c7 60 49 93 88 c6 05 b3 1a 10 05 01 e8 00 94 46 fc <0f> 0b e9 dc f5
ff ff c7 45 c8 01 00 00 00 e9 94 f6 ff ff 41 be ed
RSP: 0018:ffff8881c64d7820 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81656e66 RDI: 0000000000000005
RBP: ffff8881c64d7880 R08: ffff8881c64fe2c0 R09: ffff8881c64feb88
R10: ffff8881c64fe2c0 R11: 0000000000000000 R12: ffff8881c64d79a0
R13: ffff8881ba64f690 R14: 00000000fffffff0 R15: ffff8881cc9bd200
hub_activate+0xcef/0x19f0 drivers/usb/core/hub.c:1219
hub_init_func2+0x1e/0x30 drivers/usb/core/hub.c:1244
process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153
worker_thread+0x143/0x14a0 kernel/workqueue.c:2296
kthread+0x357/0x430 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..
Tested on:
commit: e12e00e3 Merge tag 'kbuild-fixes-v4.20' of git://git.kerne..
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=154bbb87200000
kernel config: https://syzkaller.appspot.com/x/.config?x=69667e62a5e247a7
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
patch: https://syzkaller.appspot.com/x/patch.diff?x=1721f267200000
next reply other threads:[~2019-04-16 21:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-16 21:10 syzbot [this message]
2019-04-16 21:10 ` WARNING in usb_submit_urb (4) syzbot
-- strict thread matches above, loose matches on Subject: below --
2019-04-18 20:24 syzbot
2019-04-18 20:24 ` syzbot
2019-04-18 20:04 Alan Stern
2019-04-18 20:04 ` Alan Stern
2019-04-18 18:29 syzbot
2019-04-18 18:29 ` syzbot
2019-04-18 18:09 Alan Stern
2019-04-18 18:09 ` Alan Stern
2019-04-18 17:41 syzbot
2019-04-18 17:41 ` syzbot
2019-04-18 16:53 Alan Stern
2019-04-18 16:53 ` Alan Stern
2019-04-18 16:00 Alan Stern
2019-04-18 16:00 ` Alan Stern
2019-04-17 21:12 syzbot
2019-04-17 21:12 ` syzbot
2019-04-17 20:59 Alan Stern
2019-04-17 20:59 ` Alan Stern
2019-04-16 20:57 Alan Stern
2019-04-16 20:57 ` Alan Stern
2019-04-16 19:33 syzbot
2019-04-16 19:33 ` syzbot
2019-04-16 19:10 Alan Stern
2019-04-16 19:10 ` Alan Stern
2019-04-16 17:53 syzbot
2019-04-16 17:53 ` syzbot
2019-04-16 17:39 Alan Stern
2019-04-16 17:39 ` Alan Stern
2018-11-07 1:52 syzbot
2018-11-12 10:04 ` syzbot
2018-11-13 20:37 ` Alan Stern
2018-11-14 18:02 ` Andrey Konovalov
2019-04-11 1:01 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000021301c0586ac31f4@google.com \
--to=syzbot+7634edaea4d0b341c625@syzkaller.appspotmail.com \
--cc=andreyknvl@google.com \
--cc=linux-usb@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.