From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: WARNING in usb_submit_urb (4) From: syzbot Message-Id: <000000000000697b730586d18142@google.com> Date: Thu, 18 Apr 2019 10:41:01 -0700 To: andreyknvl@google.com, linux-usb@vger.kernel.org, stern@rowland.harvard.edu, syzkaller-bugs@googlegroups.com List-ID: SGVsbG8sCgpzeXpib3QgaGFzIHRlc3RlZCB0aGUgcHJvcG9zZWQgcGF0Y2ggYnV0IHRoZSByZXBy b2R1Y2VyIHN0aWxsIHRyaWdnZXJlZCAgCmNyYXNoOgpXQVJOSU5HIGluIHVzYl9zdWJtaXRfdXJi CgpodWIgMy0wOjEuMDogMDAwMDAwMDBiODliYTRhYSBodWJfcmVzdW1lCmh1YiAzLTA6MS4wOiAw MDAwMDAwMGI4OWJhNGFhIGh1Yl9hY3RpdmF0ZSB0eXBlIDEgZGlzY29uIDAKaHViIDMtMDoxLjA6 IDAwMDAwMDAwYjg5YmE0YWEgaHViX2FjdGl2YXRlIHR5cGUgNCBkaXNjb24gMAotLS0tLS0tLS0t LS1bIGN1dCBoZXJlIF0tLS0tLS0tLS0tLS0KVVJCIDAwMDAwMDAwMzFmYjQ2M2Ugc3VibWl0dGVk IHdoaWxlIGFjdGl2ZQpXQVJOSU5HOiBDUFU6IDAgUElEOiAyOTE3IGF0IGRyaXZlcnMvdXNiL2Nv cmUvdXJiLmM6MzYzICAKdXNiX3N1Ym1pdF91cmIrMHgxMTEwLzB4MTQwMCBkcml2ZXJzL3VzYi9j b3JlL3VyYi5jOjM2MwpLZXJuZWwgcGFuaWMgLSBub3Qgc3luY2luZzogcGFuaWNfb25fd2FybiBz ZXQgLi4uCkNQVTogMCBQSUQ6IDI5MTcgQ29tbToga3dvcmtlci8wOjIgTm90IHRhaW50ZWQgNC4y MC4wLXJjMSsgIzEKSGFyZHdhcmUgbmFtZTogR29vZ2xlIEdvb2dsZSBDb21wdXRlIEVuZ2luZS9H b29nbGUgQ29tcHV0ZSBFbmdpbmUsIEJJT1MgIApHb29nbGUgMDEvMDEvMjAxMQpXb3JrcXVldWU6 IGV2ZW50c19wb3dlcl9lZmZpY2llbnQgaHViX2luaXRfZnVuYzIKQ2FsbCBUcmFjZToKICBfX2R1 bXBfc3RhY2sgbGliL2R1bXBfc3RhY2suYzo3NyBbaW5saW5lXQogIGR1bXBfc3RhY2srMHgyNTMv MHgzYmIgbGliL2R1bXBfc3RhY2suYzoxMTMKICBwYW5pYysweDJjYi8weDU4NiBrZXJuZWwvcGFu aWMuYzoxODgKICBfX3dhcm4uY29sZCsweDIwLzB4NGUga2VybmVsL3BhbmljLmM6NTQwCiAgcmVw b3J0X2J1ZysweDI2My8weDJiMCBsaWIvYnVnLmM6MTg2CiAgZml4dXBfYnVnIGFyY2gveDg2L2tl cm5lbC90cmFwcy5jOjE3OCBbaW5saW5lXQogIGZpeHVwX2J1ZyBhcmNoL3g4Ni9rZXJuZWwvdHJh cHMuYzoxNzMgW2lubGluZV0KICBkb19lcnJvcl90cmFwKzB4MTFiLzB4MjAwIGFyY2gveDg2L2tl cm5lbC90cmFwcy5jOjI3MQogIGRvX2ludmFsaWRfb3ArMHgzNy8weDUwIGFyY2gveDg2L2tlcm5l bC90cmFwcy5jOjI5MAogIGludmFsaWRfb3ArMHgxNC8weDIwIGFyY2gveDg2L2VudHJ5L2VudHJ5 XzY0LlM6OTY5ClJJUDogMDAxMDp1c2Jfc3VibWl0X3VyYisweDExMTAvMHgxNDAwIGRyaXZlcnMv dXNiL2NvcmUvdXJiLmM6MzYzCkNvZGU6IDg5IGRlIGU4IDQzIDIxIDdkIGZjIDg0IGRiIDBmIDg1 IGZlIGY1IGZmIGZmIGU4IGY2IDFmIDdkIGZjIDRjIDg5IGZlICAKNDggYzcgYzcgMDAgNDkgOTMg ODggYzYgMDUgNDMgMWMgMTAgMDUgMDEgZTggZDAgOTQgNDYgZmMgPDBmPiAwYiBlOSBkYyBmNSAg CmZmIGZmIGM3IDQ1IGM4IDAxIDAwIDAwIDAwIGU5IDk0IGY2IGZmIGZmIDQxIGJlIGVkClJTUDog MDAxODpmZmZmODg4MWNiOWNmODIwIEVGTEFHUzogMDAwMTAyODYKUkFYOiAwMDAwMDAwMDAwMDAw MDAwIFJCWDogMDAwMDAwMDAwMDAwMDAwMCBSQ1g6IDAwMDAwMDAwMDAwMDAwMDAKUkRYOiAwMDAw MDAwMDAwMDAwMDAwIFJTSTogZmZmZmZmZmY4MTY1NmU2NiBSREk6IDAwMDAwMDAwMDAwMDAwMDUK UkJQOiBmZmZmODg4MWNiOWNmODgwIFIwODogZmZmZjg4ODFjYjljMjQ4MCBSMDk6IGZmZmZlZDEw M2I1YzUwMjEKUjEwOiBmZmZmZWQxMDNiNWM1MDIwIFIxMTogZmZmZjg4ODFkYWUyODEwNyBSMTI6 IGZmZmY4ODgxY2I5Y2Y5YTAKUjEzOiBmZmZmODg4MWM0M2Q5MjUwIFIxNDogMDAwMDAwMDBmZmZm ZmZmMCBSMTU6IGZmZmY4ODgxZDc3MTgzMDAKICBodWJfYWN0aXZhdGUrMHhjYzIvMHgxOWMwIGRy aXZlcnMvdXNiL2NvcmUvaHViLmM6MTIxOAogIGh1Yl9pbml0X2Z1bmMyKzB4MWUvMHgzMCBkcml2 ZXJzL3VzYi9jb3JlL2h1Yi5jOjEyNDMKICBwcm9jZXNzX29uZV93b3JrKzB4ZDBjLzB4MWNlMCBr ZXJuZWwvd29ya3F1ZXVlLmM6MjE1MwogIHdvcmtlcl90aHJlYWQrMHgxNDMvMHgxNGEwIGtlcm5l bC93b3JrcXVldWUuYzoyMjk2CiAga3RocmVhZCsweDM1Ny8weDQzMCBrZXJuZWwva3RocmVhZC5j OjI0NgogIHJldF9mcm9tX2ZvcmsrMHgzYS8weDUwIGFyY2gveDg2L2VudHJ5L2VudHJ5XzY0LlM6 MzUyCktlcm5lbCBPZmZzZXQ6IGRpc2FibGVkClJlYm9vdGluZyBpbiA4NjQwMCBzZWNvbmRzLi4K CgpUZXN0ZWQgb246Cgpjb21taXQ6ICAgICAgICAgZTEyZTAwZTMgTWVyZ2UgdGFnICdrYnVpbGQt Zml4ZXMtdjQuMjAnIG9mIGdpdDovL2dpdC5rZXJuZS4uCmdpdCB0cmVlOiAgICAgICAgCmdpdDov L2dpdC5rZXJuZWwub3JnL3B1Yi9zY20vbGludXgva2VybmVsL2dpdC90b3J2YWxkcy9saW51eC5n aXQKY29uc29sZSBvdXRwdXQ6IGh0dHBzOi8vc3l6a2FsbGVyLmFwcHNwb3QuY29tL3gvbG9nLnR4 dD94PTE2YTdmMzhmMjAwMDAwCmtlcm5lbCBjb25maWc6ICBodHRwczovL3N5emthbGxlci5hcHBz cG90LmNvbS94Ly5jb25maWc/eD02OTY2N2U2MmE1ZTI0N2E3CmNvbXBpbGVyOiAgICAgICBnY2Mg KEdDQykgOS4wLjAgMjAxODEyMzEgKGV4cGVyaW1lbnRhbCkKcGF0Y2g6ICAgICAgICAgIGh0dHBz Oi8vc3l6a2FsbGVyLmFwcHNwb3QuY29tL3gvcGF0Y2guZGlmZj94PTExMmJiYmJmMjAwMDAwCg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.6 required=3.0 tests=FROM_LOCAL_HEX, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 062E6C10F0E for ; Thu, 18 Apr 2019 17:41:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D04C8214DA for ; Thu, 18 Apr 2019 17:41:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388301AbfDRRlC (ORCPT ); Thu, 18 Apr 2019 13:41:02 -0400 Received: from mail-it1-f197.google.com ([209.85.166.197]:43478 "EHLO mail-it1-f197.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733067AbfDRRlB (ORCPT ); Thu, 18 Apr 2019 13:41:01 -0400 Received: by mail-it1-f197.google.com with SMTP id m192so2920564ita.8 for ; Thu, 18 Apr 2019 10:41:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:in-reply-to:message-id:subject :from:to; bh=F/RWUlz3lTW5F5exa7+1XTzhDvYPRXHg2PvSS9/OQXk=; b=Q0OSJ1nGxhdnHEicenT31MQGk0OdJSRrzK0vsb3EWUEbk9kWdtWIOrqLQLDnFVM5Nm ivdII6AwvXJ0bq5FzEpk6luSGrsC/GIlwzl+G2YyB/c8g9mRk64/lUiqa2oCrPzHXJE3 oThHl7sIUUP3ykfx7dl0kZ0QJvN5+IFHNxA/iBnyAXxTrwKmLk6EvAoq62zh7b25sBlQ rvBu6T9A3j4I7tW1iYrzADwOe9PoQOaRz55dszyvs+Q4vgVgKOaD+32MThycuNC881iv 8UEH3ij/GXbxgpPPpLPM7C6EeyD1pLuo1byirGTkgUM3sXHNRduu42Z/VUyz2qkpSGon QdTg== X-Gm-Message-State: APjAAAUDr7EP1c3+MVQVsFcfH1fSg3VupQf0OuXJzBl1kv7b0RaYqEnj 2YHkTRs15YaXlRHhYNP/U90WjcQ08x8Krr1V4/SzWfxNVPZE X-Google-Smtp-Source: APXvYqwj5MwR/p1oNOBXc48i27ivUxKQifwn0vppF9s6qZy2rz7Rc7YDN/qI2gi+JJotkN9jTm5dzXeTCXwTMEZX9SsvJ0ixu4Qu MIME-Version: 1.0 X-Received: by 2002:a02:9a02:: with SMTP id b2mr5596858jal.120.1555609261012; Thu, 18 Apr 2019 10:41:01 -0700 (PDT) Date: Thu, 18 Apr 2019 10:41:01 -0700 In-Reply-To: X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <000000000000697b730586d18142@google.com> Subject: Re: WARNING in usb_submit_urb (4) From: syzbot To: andreyknvl@google.com, linux-usb@vger.kernel.org, stern@rowland.harvard.edu, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8"; delsp="yes"; format="flowed" Sender: linux-usb-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-usb@vger.kernel.org Message-ID: <20190418174101.e_eNS46YCqvnfRaimhTwWKkwyaAKx2ktiLStsEiTIKw@z> Hello, syzbot has tested the proposed patch but the reproducer still triggered crash: WARNING in usb_submit_urb hub 3-0:1.0: 00000000b89ba4aa hub_resume hub 3-0:1.0: 00000000b89ba4aa hub_activate type 1 discon 0 hub 3-0:1.0: 00000000b89ba4aa hub_activate type 4 discon 0 ------------[ cut here ]------------ URB 0000000031fb463e submitted while active WARNING: CPU: 0 PID: 2917 at drivers/usb/core/urb.c:363 usb_submit_urb+0x1110/0x1400 drivers/usb/core/urb.c:363 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 2917 Comm: kworker/0:2 Not tainted 4.20.0-rc1+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_power_efficient hub_init_func2 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x253/0x3bb lib/dump_stack.c:113 panic+0x2cb/0x586 kernel/panic.c:188 __warn.cold+0x20/0x4e kernel/panic.c:540 report_bug+0x263/0x2b0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969 RIP: 0010:usb_submit_urb+0x1110/0x1400 drivers/usb/core/urb.c:363 Code: 89 de e8 43 21 7d fc 84 db 0f 85 fe f5 ff ff e8 f6 1f 7d fc 4c 89 fe 48 c7 c7 00 49 93 88 c6 05 43 1c 10 05 01 e8 d0 94 46 fc <0f> 0b e9 dc f5 ff ff c7 45 c8 01 00 00 00 e9 94 f6 ff ff 41 be ed RSP: 0018:ffff8881cb9cf820 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff81656e66 RDI: 0000000000000005 RBP: ffff8881cb9cf880 R08: ffff8881cb9c2480 R09: ffffed103b5c5021 R10: ffffed103b5c5020 R11: ffff8881dae28107 R12: ffff8881cb9cf9a0 R13: ffff8881c43d9250 R14: 00000000fffffff0 R15: ffff8881d7718300 hub_activate+0xcc2/0x19c0 drivers/usb/core/hub.c:1218 hub_init_func2+0x1e/0x30 drivers/usb/core/hub.c:1243 process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153 worker_thread+0x143/0x14a0 kernel/workqueue.c:2296 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds.. Tested on: commit: e12e00e3 Merge tag 'kbuild-fixes-v4.20' of git://git.kerne.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git console output: https://syzkaller.appspot.com/x/log.txt?x=16a7f38f200000 kernel config: https://syzkaller.appspot.com/x/.config?x=69667e62a5e247a7 compiler: gcc (GCC) 9.0.0 20181231 (experimental) patch: https://syzkaller.appspot.com/x/patch.diff?x=112bbbbf200000