Re: usb/gadget: warning in dummy_free_request

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Felipe Balbi <balbi@kernel.org>
To: Andrey Konovalov <andreyknvl@google.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Michal Nazarewicz <mina86@mina86.com>,
	linux-usb@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>
Cc: Dmitry Vyukov <dvyukov@google.com>,
	Kostya Serebryany <kcc@google.com>,
	syzkaller <syzkaller@googlegroups.com>
Subject: Re: usb/gadget: warning in dummy_free_request
Date: Tue, 27 Dec 2016 13:40:10 +0200	[thread overview]
Message-ID: <87bmvx1tyd.fsf@linux.intel.com> (raw)
In-Reply-To: <CAAeHK+x8=ghm6eKtGp3F8J5FNHTzi4H+YX3FPmAWVi=O0w4PCQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2917 bytes --]


Hi,

Andrey Konovalov <andreyknvl@google.com> writes:
> Hi!
>
> I've got the following error report while running the syzkaller fuzzer.
>
> On commit 3c49de52d5647cda8b42c4255cf8a29d1e22eff5 (Dec 2).
>
> WARNING: CPU: 0 PID: 5257 at drivers/usb/gadget/udc/dummy_hcd.c:672
> dummy_free_request+0x153/0x170
> Kernel panic - not syncing: panic_on_warn set ...
>
> usb 2-1: string descriptor 0 read error: -71
> usb 2-1: New USB device found, idVendor=0000, idProduct=0000
> usb 2-1: New USB device strings: Mfr=0, Product=170, SerialNumber=0
> CPU: 0 PID: 5257 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #16
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
>  ffff88006af0ec48 ffffffff81f96aba ffffffff00000200 1ffff1000d5e1d1c
>  ffffed000d5e1d14 0000000000000a06 0000000041b58ab3 ffffffff8598b4c8
>  ffffffff81f96828 0000000041b58ab3 ffffffff85942a10 ffffffff81432790
> Call Trace:
>  [<     inline     >] __dump_stack lib/dump_stack.c:15
>  [<ffffffff81f96aba>] dump_stack+0x292/0x398 lib/dump_stack.c:51
>  [<ffffffff8168c7be>] panic+0x1cb/0x3a9 kernel/panic.c:179
>  [<ffffffff812b80b4>] __warn+0x1c4/0x1e0 kernel/panic.c:542
>  [<ffffffff812b831c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
>  [<ffffffff830fcac3>] dummy_free_request+0x153/0x170
> drivers/usb/gadget/udc/dummy_hcd.c:672
>  [<ffffffff830ed160>] usb_ep_free_request+0xc0/0x420
> drivers/usb/gadget/udc/core.c:195
>  [<ffffffff83224fe1>] gadgetfs_unbind+0x131/0x190
> drivers/usb/gadget/legacy/inode.c:1612
>  [<ffffffff830ebcbf>] usb_gadget_remove_driver+0x10f/0x2b0
> drivers/usb/gadget/udc/core.c:1228
>  [<ffffffff830ec016>] usb_gadget_unregister_driver+0x1b6/0x2c0
> drivers/usb/gadget/udc/core.c:1357
>  [<ffffffff83224650>] dev_release+0x80/0x160
> drivers/usb/gadget/legacy/inode.c:1187
>  [<ffffffff81805852>] __fput+0x332/0x7f0 fs/file_table.c:208
>  [<ffffffff81805d95>] ____fput+0x15/0x20 fs/file_table.c:244
>  [<ffffffff81338b9b>] task_work_run+0x19b/0x270 kernel/task_work.c:116
>  [<     inline     >] exit_task_work include/linux/task_work.h:21
>  [<ffffffff812c7eca>] do_exit+0x16aa/0x2530 kernel/exit.c:828
>  [<ffffffff812cd749>] do_group_exit+0x149/0x420 kernel/exit.c:932
>  [<ffffffff812faa9d>] get_signal+0x76d/0x17b0 kernel/signal.c:2307
>  [<ffffffff811cfee2>] do_signal+0xd2/0x2120 arch/x86/kernel/signal.c:807
>  [<ffffffff81003d00>] exit_to_usermode_loop+0x170/0x200
> arch/x86/entry/common.c:156
>  [<     inline     >] prepare_exit_to_usermode arch/x86/entry/common.c:190
>  [<ffffffff81007293>] syscall_return_slowpath+0x3d3/0x420
> arch/x86/entry/common.c:259
>  [<ffffffff84f47f62>] entry_SYSCALL_64_fastpath+0xc0/0xc2
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> Kernel Offset: disabled

There have been several emails like this one. Can you check if
my branch testing/fixes is working for you?

-- 
balbi

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

next prev parent reply	other threads:[~2016-12-27 11:41 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-05 15:00 usb/gadget: warning in dummy_free_request Andrey Konovalov
2016-12-27 11:40 ` Felipe Balbi [this message]
2017-01-09 16:19   ` Andrey Konovalov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87bmvx1tyd.fsf@linux.intel.com \
    --to=balbi@kernel.org \
    --cc=andreyknvl@google.com \
    --cc=dvyukov@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=kcc@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=mina86@mina86.com \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.