Re: WARNING in pvr2_i2c_core_done

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+e74a998ca8f1df9cc332@syzkaller.appspotmail.com>
To: Markus.Elfring@web.de, andreyknvl@google.com,
	bkkarthik@pesu.pes.edu, dan.carpenter@oracle.com,
	gregkh@linuxfoundation.org, hdanton@sina.com,
	linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
	rafael@kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: WARNING in pvr2_i2c_core_done
Date: Tue, 21 Jul 2020 21:06:10 -0700	[thread overview]
Message-ID: <0000000000001fd19405aaffdc0a@google.com> (raw)
In-Reply-To: <20200722031640.nobv2bfgex46sngo@pesu.pes.edu>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
general protection fault in kernfs_find_ns

pvrusb2: Invalid write control endpoint
pvrusb2: Invalid write control endpoint
pvrusb2: Invalid write control endpoint
pvrusb2: Invalid write control endpoint
general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
CPU: 0 PID: 78 Comm: pvrusb2-context Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kernfs_find_ns+0x31/0x370 fs/kernfs/dir.c:829
Code: 49 89 d6 41 55 41 54 55 48 89 fd 53 48 83 ec 08 e8 f4 61 af ff 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1e 03 00 00 48 8d bd 98 00 00 00 48 8b 5d 70 48
RSP: 0018:ffff8881d419f938 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffffffff863789c0 RCX: ffffffff85a79ba7
RDX: 000000000000000e RSI: ffffffff81901d1c RDI: 0000000000000070
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff873ed1e7
R10: fffffbfff0e7da3c R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff863790e0
FS:  0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3a7e248000 CR3: 00000001d2224000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kernfs_find_and_get_ns+0x2f/0x60 fs/kernfs/dir.c:906
 kernfs_find_and_get include/linux/kernfs.h:548 [inline]
 sysfs_unmerge_group+0x5d/0x160 fs/sysfs/group.c:366
 dpm_sysfs_remove+0x62/0xb0 drivers/base/power/sysfs.c:790
 device_del+0x18b/0xd20 drivers/base/core.c:2834
 device_unregister+0x22/0xc0 drivers/base/core.c:2889
 i2c_unregister_device include/linux/err.h:41 [inline]
 i2c_client_dev_release+0x39/0x50 drivers/i2c/i2c-core-base.c:465
 device_release+0x71/0x200 drivers/base/core.c:1559
 kobject_cleanup lib/kobject.c:693 [inline]
 kobject_release lib/kobject.c:722 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x245/0x540 lib/kobject.c:739
 put_device drivers/base/core.c:2779 [inline]
 device_unregister+0x34/0xc0 drivers/base/core.c:2890
 i2c_unregister_device+0x38/0x40 include/linux/err.h:41
 v4l2_i2c_new_subdev_board+0x159/0x2c0 drivers/media/v4l2-core/v4l2-i2c.c:114
 v4l2_i2c_new_subdev+0xb8/0xf0 drivers/media/v4l2-core/v4l2-i2c.c:135
 pvr2_hdw_load_subdev drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2023 [inline]
 pvr2_hdw_load_modules drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2075 [inline]
 pvr2_hdw_setup_low drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2156 [inline]
 pvr2_hdw_setup drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2262 [inline]
 pvr2_hdw_initialize+0xc8d/0x3600 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2339
 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:109 [inline]
 pvr2_context_thread_func+0x250/0x850 drivers/media/usb/pvrusb2/pvrusb2-context.c:158
 kthread+0x392/0x470 kernel/kthread.c:291
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351
Modules linked in:
---[ end trace a2576a16aa8e791c ]---
RIP: 0010:kernfs_find_ns+0x31/0x370 fs/kernfs/dir.c:829
Code: 49 89 d6 41 55 41 54 55 48 89 fd 53 48 83 ec 08 e8 f4 61 af ff 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1e 03 00 00 48 8d bd 98 00 00 00 48 8b 5d 70 48
RSP: 0018:ffff8881d419f938 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffffffff863789c0 RCX: ffffffff85a79ba7
RDX: 000000000000000e RSI: ffffffff81901d1c RDI: 0000000000000070
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff873ed1e7
R10: fffffbfff0e7da3c R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff863790e0
FS:  0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3a7e248000 CR3: 00000001d2224000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


Tested on:

commit:         b791d1bd Merge tag 'locking-kcsan-2020-06-11' of git://git..
git tree:       https://github.com/google/kasan.git usb-fuzzer
console output: https://syzkaller.appspot.com/x/log.txt?x=1208f437100000
kernel config:  https://syzkaller.appspot.com/x/.config?x=ccf1899337a6e343
dashboard link: https://syzkaller.appspot.com/bug?extid=e74a998ca8f1df9cc332
compiler:       gcc (GCC) 10.1.0-syz 20200507
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14d56430900000

next prev parent reply	other threads:[~2020-07-22  4:06 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-22  3:16 [PATCH v2] i2c: fix WARNING in pvr2_i2c_core_done B K Karthik
2020-07-22  4:06 ` syzbot [this message]
     [not found]   ` <20200722091201.2076-1-hdanton@sina.com>
2020-07-22  9:18     ` B K Karthik
  -- strict thread matches above, loose matches on Subject: below --
2020-07-21 11:10 [PATCH] i2c: fix " B K Karthik
2020-07-21 11:20 ` syzbot
2020-07-21 11:55   ` B K Karthik
2019-09-25 12:59 syzbot
2019-09-25 14:10 ` Alan Stern
2019-09-25 15:34   ` Andrey Konovalov
2019-09-26 21:44     ` Alan Stern
2019-09-27  5:10       ` Greg Kroah-Hartman
2019-09-27 14:21         ` Alan Stern

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000001fd19405aaffdc0a@google.com \
    --to=syzbot+e74a998ca8f1df9cc332@syzkaller.appspotmail.com \
    --cc=Markus.Elfring@web.de \
    --cc=andreyknvl@google.com \
    --cc=bkkarthik@pesu.pes.edu \
    --cc=dan.carpenter@oracle.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hdanton@sina.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=rafael@kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.