* WARNING: Detected a wedged cx25840 chip; the device will not work. @ 2019-04-30 14:36 syzbot 2019-04-30 15:35 ` Greg KH 2019-04-30 17:26 ` Andrey Konovalov 0 siblings, 2 replies; 11+ messages in thread From: syzbot @ 2019-04-30 14:36 UTC (permalink / raw) To: andreyknvl, linux-kernel, linux-usb, syzkaller-bugs Hello, syzbot found the following crash on: HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver git tree: https://github.com/google/kasan.git usb-fuzzer console output: https://syzkaller.appspot.com/x/log.txt?x=12df67c3200000 kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15 dashboard link: https://syzkaller.appspot.com/bug?extid=170a86bf206dd2c6217e compiler: gcc (GCC) 9.0.0 20181231 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=108a28f3200000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=145d8a2d200000 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+170a86bf206dd2c6217e@syzkaller.appspotmail.com usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 pvrusb2: Hardware description: Gotview USB 2.0 DVD 2 pvrusb2: Invalid write control endpoint usb 1-1: USB disconnect, device number 2 pvrusb2: Invalid write control endpoint pvrusb2: WARNING: Detected a wedged cx25840 chip; the device will not work. pvrusb2: WARNING: Try power cycling the pvrusb2 device. pvrusb2: WARNING: Disabling further access to the device to prevent other foul-ups. pvrusb2: Device being rendered inoperable cx25840 0-0044: Unable to detect h/w, assuming cx23887 cx25840 0-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) pvrusb2: Attached sub-driver cx25840 pvrusb2: Attempted to execute control transfer when device not ok pvrusb2: Attempted to execute control transfer when device not ok --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: WARNING: Detected a wedged cx25840 chip; the device will not work. 2019-04-30 14:36 WARNING: Detected a wedged cx25840 chip; the device will not work syzbot @ 2019-04-30 15:35 ` Greg KH 2019-04-30 15:50 ` Greg KH 2019-04-30 17:26 ` Andrey Konovalov 1 sibling, 1 reply; 11+ messages in thread From: Greg KH @ 2019-04-30 15:35 UTC (permalink / raw) To: syzbot; +Cc: andreyknvl, linux-kernel, linux-usb, syzkaller-bugs On Tue, Apr 30, 2019 at 07:36:07AM -0700, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git usb-fuzzer > console output: https://syzkaller.appspot.com/x/log.txt?x=12df67c3200000 > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15 > dashboard link: https://syzkaller.appspot.com/bug?extid=170a86bf206dd2c6217e > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=108a28f3200000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=145d8a2d200000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+170a86bf206dd2c6217e@syzkaller.appspotmail.com > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 > pvrusb2: Hardware description: Gotview USB 2.0 DVD 2 > pvrusb2: Invalid write control endpoint > usb 1-1: USB disconnect, device number 2 > pvrusb2: Invalid write control endpoint > pvrusb2: WARNING: Detected a wedged cx25840 chip; the device will not work. > pvrusb2: WARNING: Try power cycling the pvrusb2 device. > pvrusb2: WARNING: Disabling further access to the device to prevent other > foul-ups. > pvrusb2: Device being rendered inoperable > cx25840 0-0044: Unable to detect h/w, assuming cx23887 > cx25840 0-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) > pvrusb2: Attached sub-driver cx25840 > pvrusb2: Attempted to execute control transfer when device not ok > pvrusb2: Attempted to execute control transfer when device not ok As the driver said, power cycle your device, it crashed :) Seriously, I think your script detection failed here, sorry. greg k-h ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: WARNING: Detected a wedged cx25840 chip; the device will not work. 2019-04-30 15:35 ` Greg KH @ 2019-04-30 15:50 ` Greg KH 0 siblings, 0 replies; 11+ messages in thread From: Greg KH @ 2019-04-30 15:50 UTC (permalink / raw) To: syzbot; +Cc: andreyknvl, linux-kernel, linux-usb, syzkaller-bugs On Tue, Apr 30, 2019 at 05:35:16PM +0200, Greg KH wrote: > On Tue, Apr 30, 2019 at 07:36:07AM -0700, syzbot wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver > > git tree: https://github.com/google/kasan.git usb-fuzzer > > console output: https://syzkaller.appspot.com/x/log.txt?x=12df67c3200000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15 > > dashboard link: https://syzkaller.appspot.com/bug?extid=170a86bf206dd2c6217e > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=108a28f3200000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=145d8a2d200000 > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+170a86bf206dd2c6217e@syzkaller.appspotmail.com > > > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 > > pvrusb2: Hardware description: Gotview USB 2.0 DVD 2 > > pvrusb2: Invalid write control endpoint > > usb 1-1: USB disconnect, device number 2 > > pvrusb2: Invalid write control endpoint > > pvrusb2: WARNING: Detected a wedged cx25840 chip; the device will not work. > > pvrusb2: WARNING: Try power cycling the pvrusb2 device. > > pvrusb2: WARNING: Disabling further access to the device to prevent other > > foul-ups. > > pvrusb2: Device being rendered inoperable > > cx25840 0-0044: Unable to detect h/w, assuming cx23887 > > cx25840 0-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) > > pvrusb2: Attached sub-driver cx25840 > > pvrusb2: Attempted to execute control transfer when device not ok > > pvrusb2: Attempted to execute control transfer when device not ok > > As the driver said, power cycle your device, it crashed :) > > Seriously, I think your script detection failed here, sorry. Ah, same issue as the other "WARNING" message, sorry for the noise. ^ permalink raw reply [flat|nested] 11+ messages in thread
* WARNING: Detected a wedged cx25840 chip; the device will not work. @ 2019-04-30 17:26 ` Andrey Konovalov 2019-04-30 17:26 ` Andrey Konovalov 2019-04-30 18:56 ` syzbot 0 siblings, 2 replies; 11+ messages in thread From: Andrey Konovalov @ 2019-04-30 17:26 UTC (permalink / raw) To: syzbot; +Cc: LKML, USB list, syzkaller-bugs On Tue, Apr 30, 2019 at 4:36 PM syzbot <syzbot+170a86bf206dd2c6217e@syzkaller.appspotmail.com> wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git usb-fuzzer > console output: https://syzkaller.appspot.com/x/log.txt?x=12df67c3200000 > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15 > dashboard link: https://syzkaller.appspot.com/bug?extid=170a86bf206dd2c6217e > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=108a28f3200000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=145d8a2d200000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+170a86bf206dd2c6217e@syzkaller.appspotmail.com > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 > pvrusb2: Hardware description: Gotview USB 2.0 DVD 2 > pvrusb2: Invalid write control endpoint > usb 1-1: USB disconnect, device number 2 > pvrusb2: Invalid write control endpoint > pvrusb2: WARNING: Detected a wedged cx25840 chip; the device will not work. > pvrusb2: WARNING: Try power cycling the pvrusb2 device. > pvrusb2: WARNING: Disabling further access to the device to prevent other > foul-ups. > pvrusb2: Device being rendered inoperable > cx25840 0-0044: Unable to detect h/w, assuming cx23887 > cx25840 0-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) > pvrusb2: Attached sub-driver cx25840 > pvrusb2: Attempted to execute control transfer when device not ok > pvrusb2: Attempted to execute control transfer when device not ok #syz test: https://github.com/google/kasan.git usb-fuzzer > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches commit f15cfa809ec035eebc0bec07bc9e1dd2123281a5 Author: Andrey Konovalov <andreyknvl@google.com> Date: Wed Apr 17 19:40:40 2019 +0200 media: pvrusb2: use a different format for warnings When the pvrusb2 driver detects that there's something wrong with the device, it prints a warning message. Right now those message are printed in two different formats: 1. ***WARNING*** message here 2. WARNING: message here There's an issue with the second format. Syzkaller recognizes it as a message produced by a WARN_ON(), which is used to indicate a bug in the kernel. However pvrusb2 prints those warnings to indicate an issue with the device, not the bug in the kernel. This patch changes the pvrusb2 driver to consistently use the first warning message format. This will unblock syzkaller testing of this driver. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c index 446a999dd2ce..a0f7b10045d2 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c @@ -1678,7 +1678,7 @@ static int pvr2_decoder_enable(struct pvr2_hdw *hdw,int enablefl) } if (!hdw->flag_decoder_missed) { pvr2_trace(PVR2_TRACE_ERROR_LEGS, - "WARNING: No decoder present"); + "***WARNING*** No decoder present"); hdw->flag_decoder_missed = !0; trace_stbit("flag_decoder_missed", hdw->flag_decoder_missed); @@ -2364,7 +2364,7 @@ struct pvr2_hdw *pvr2_hdw_create(struct usb_interface *intf, if (hdw_desc->flag_is_experimental) { pvr2_trace(PVR2_TRACE_INFO, "**********"); pvr2_trace(PVR2_TRACE_INFO, - "WARNING: Support for this device (%s) is experimental.", + "***WARNING*** Support for this device (%s) is experimental.", hdw_desc->description); pvr2_trace(PVR2_TRACE_INFO, "Important functionality might not be entirely working."); diff --git a/drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c b/drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c index 8f023085c2d9..43e54bdbd4aa 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c @@ -343,11 +343,11 @@ static int i2c_hack_cx25840(struct pvr2_hdw *hdw, if ((ret != 0) || (*rdata == 0x04) || (*rdata == 0x0a)) { pvr2_trace(PVR2_TRACE_ERROR_LEGS, - "WARNING: Detected a wedged cx25840 chip; the device will not work."); + "***WARNING*** Detected a wedged cx25840 chip; the device will not work."); pvr2_trace(PVR2_TRACE_ERROR_LEGS, - "WARNING: Try power cycling the pvrusb2 device."); + "***WARNING*** Try power cycling the pvrusb2 device."); pvr2_trace(PVR2_TRACE_ERROR_LEGS, - "WARNING: Disabling further access to the device to prevent other foul-ups."); + "***WARNING*** Disabling further access to the device to prevent other foul-ups."); // This blocks all further communication with the part. hdw->i2c_func[0x44] = NULL; pvr2_hdw_render_useless(hdw); diff --git a/drivers/media/usb/pvrusb2/pvrusb2-std.c b/drivers/media/usb/pvrusb2/pvrusb2-std.c index 6b651f8b54df..37dc299a1ca2 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-std.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-std.c @@ -353,7 +353,7 @@ struct v4l2_standard *pvr2_std_create_enum(unsigned int *countptr, bcnt = pvr2_std_id_to_str(buf,sizeof(buf),fmsk); pvr2_trace( PVR2_TRACE_ERROR_LEGS, - "WARNING: Failed to classify the following standard(s): %.*s", + "***WARNING*** Failed to classify the following standard(s): %.*s", bcnt,buf); } ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: WARNING: Detected a wedged cx25840 chip; the device will not work. 2019-04-30 17:26 ` Andrey Konovalov @ 2019-04-30 17:26 ` Andrey Konovalov 2019-04-30 18:56 ` syzbot 1 sibling, 0 replies; 11+ messages in thread From: Andrey Konovalov @ 2019-04-30 17:26 UTC (permalink / raw) To: syzbot; +Cc: LKML, USB list, syzkaller-bugs [-- Attachment #1: Type: text/plain, Size: 2165 bytes --] On Tue, Apr 30, 2019 at 4:36 PM syzbot <syzbot+170a86bf206dd2c6217e@syzkaller.appspotmail.com> wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git usb-fuzzer > console output: https://syzkaller.appspot.com/x/log.txt?x=12df67c3200000 > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15 > dashboard link: https://syzkaller.appspot.com/bug?extid=170a86bf206dd2c6217e > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=108a28f3200000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=145d8a2d200000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+170a86bf206dd2c6217e@syzkaller.appspotmail.com > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 > pvrusb2: Hardware description: Gotview USB 2.0 DVD 2 > pvrusb2: Invalid write control endpoint > usb 1-1: USB disconnect, device number 2 > pvrusb2: Invalid write control endpoint > pvrusb2: WARNING: Detected a wedged cx25840 chip; the device will not work. > pvrusb2: WARNING: Try power cycling the pvrusb2 device. > pvrusb2: WARNING: Disabling further access to the device to prevent other > foul-ups. > pvrusb2: Device being rendered inoperable > cx25840 0-0044: Unable to detect h/w, assuming cx23887 > cx25840 0-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) > pvrusb2: Attached sub-driver cx25840 > pvrusb2: Attempted to execute control transfer when device not ok > pvrusb2: Attempted to execute control transfer when device not ok #syz test: https://github.com/google/kasan.git usb-fuzzer > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches [-- Attachment #2: pvrusb2.patch --] [-- Type: text/x-patch, Size: 3641 bytes --] commit f15cfa809ec035eebc0bec07bc9e1dd2123281a5 Author: Andrey Konovalov <andreyknvl@google.com> Date: Wed Apr 17 19:40:40 2019 +0200 media: pvrusb2: use a different format for warnings When the pvrusb2 driver detects that there's something wrong with the device, it prints a warning message. Right now those message are printed in two different formats: 1. ***WARNING*** message here 2. WARNING: message here There's an issue with the second format. Syzkaller recognizes it as a message produced by a WARN_ON(), which is used to indicate a bug in the kernel. However pvrusb2 prints those warnings to indicate an issue with the device, not the bug in the kernel. This patch changes the pvrusb2 driver to consistently use the first warning message format. This will unblock syzkaller testing of this driver. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c index 446a999dd2ce..a0f7b10045d2 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c @@ -1678,7 +1678,7 @@ static int pvr2_decoder_enable(struct pvr2_hdw *hdw,int enablefl) } if (!hdw->flag_decoder_missed) { pvr2_trace(PVR2_TRACE_ERROR_LEGS, - "WARNING: No decoder present"); + "***WARNING*** No decoder present"); hdw->flag_decoder_missed = !0; trace_stbit("flag_decoder_missed", hdw->flag_decoder_missed); @@ -2364,7 +2364,7 @@ struct pvr2_hdw *pvr2_hdw_create(struct usb_interface *intf, if (hdw_desc->flag_is_experimental) { pvr2_trace(PVR2_TRACE_INFO, "**********"); pvr2_trace(PVR2_TRACE_INFO, - "WARNING: Support for this device (%s) is experimental.", + "***WARNING*** Support for this device (%s) is experimental.", hdw_desc->description); pvr2_trace(PVR2_TRACE_INFO, "Important functionality might not be entirely working."); diff --git a/drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c b/drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c index 8f023085c2d9..43e54bdbd4aa 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c @@ -343,11 +343,11 @@ static int i2c_hack_cx25840(struct pvr2_hdw *hdw, if ((ret != 0) || (*rdata == 0x04) || (*rdata == 0x0a)) { pvr2_trace(PVR2_TRACE_ERROR_LEGS, - "WARNING: Detected a wedged cx25840 chip; the device will not work."); + "***WARNING*** Detected a wedged cx25840 chip; the device will not work."); pvr2_trace(PVR2_TRACE_ERROR_LEGS, - "WARNING: Try power cycling the pvrusb2 device."); + "***WARNING*** Try power cycling the pvrusb2 device."); pvr2_trace(PVR2_TRACE_ERROR_LEGS, - "WARNING: Disabling further access to the device to prevent other foul-ups."); + "***WARNING*** Disabling further access to the device to prevent other foul-ups."); // This blocks all further communication with the part. hdw->i2c_func[0x44] = NULL; pvr2_hdw_render_useless(hdw); diff --git a/drivers/media/usb/pvrusb2/pvrusb2-std.c b/drivers/media/usb/pvrusb2/pvrusb2-std.c index 6b651f8b54df..37dc299a1ca2 100644 --- a/drivers/media/usb/pvrusb2/pvrusb2-std.c +++ b/drivers/media/usb/pvrusb2/pvrusb2-std.c @@ -353,7 +353,7 @@ struct v4l2_standard *pvr2_std_create_enum(unsigned int *countptr, bcnt = pvr2_std_id_to_str(buf,sizeof(buf),fmsk); pvr2_trace( PVR2_TRACE_ERROR_LEGS, - "WARNING: Failed to classify the following standard(s): %.*s", + "***WARNING*** Failed to classify the following standard(s): %.*s", bcnt,buf); } ^ permalink raw reply related [flat|nested] 11+ messages in thread
* WARNING: Detected a wedged cx25840 chip; the device will not work. @ 2019-04-30 18:56 ` syzbot 2019-04-30 18:56 ` syzbot 2019-04-30 19:34 ` Alan Stern 0 siblings, 2 replies; 11+ messages in thread From: syzbot @ 2019-04-30 18:56 UTC (permalink / raw) To: andreyknvl, linux-kernel, linux-usb, syzkaller-bugs Hello, syzbot has tested the proposed patch but the reproducer still triggered crash: WARNING in sysfs_remove_group pvrusb2: Attached sub-driver tuner pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules. pvrusb2: You need to resolve the failing condition before this driver can function. There should be some earlier messages giving more information about the problem. ------------[ cut here ]------------ sysfs group 'power' not found for kobject '0-0044' WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 sysfs_remove_group fs/sysfs/group.c:254 [inline] WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 586 Comm: pvrusb2-context Not tainted 5.1.0-rc3-g43151d6-dirty #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe8/0x16e lib/dump_stack.c:113 panic+0x29d/0x5f2 kernel/panic.c:214 __warn.cold+0x20/0x48 kernel/panic.c:571 report_bug+0x262/0x2a0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:179 [inline] fixup_bug arch/x86/kernel/traps.c:174 [inline] do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272 do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:sysfs_remove_group fs/sysfs/group.c:254 [inline] RIP: 0010:sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 Code: 48 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 01 00 75 41 48 8b 33 48 c7 c7 a0 31 7a 8e e8 e6 c2 6e ff <0f> 0b eb 95 e8 0d de d3 ff e9 d2 fe ff ff 48 89 df e8 00 de d3 ff RSP: 0018:ffff88809ced7b70 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffffffff8f037e80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815b2132 RDI: ffffed10139daf60 RBP: 0000000000000000 R08: ffff88809ce96200 R09: ffffed1015a23edb R10: ffffed1015a23eda R11: ffff8880ad11f6d7 R12: ffff888218b8e630 R13: ffffffff8f038520 R14: 1ffff110139daf97 R15: ffff888218b8e628 dpm_sysfs_remove+0xa2/0xc0 drivers/base/power/sysfs.c:737 device_del+0x175/0xb90 drivers/base/core.c:2246 usb 4-1: new high-speed USB device number 3 using dummy_hcd device_unregister+0x27/0xd0 drivers/base/core.c:2301 i2c_unregister_device drivers/i2c/i2c-core-base.c:814 [inline] __unregister_client drivers/i2c/i2c-core-base.c:1422 [inline] __unregister_client+0x7d/0x90 drivers/i2c/i2c-core-base.c:1418 device_for_each_child+0x100/0x170 drivers/base/core.c:2401 i2c_del_adapter drivers/i2c/i2c-core-base.c:1485 [inline] i2c_del_adapter+0x35b/0x640 drivers/i2c/i2c-core-base.c:1447 pvr2_i2c_core_done+0x6e/0xbb drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:662 pvr2_hdw_destroy+0x17e/0x380 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2669 pvr2_context_destroy+0x89/0x240 drivers/media/usb/pvrusb2/pvrusb2-context.c:79 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:146 [inline] pvr2_context_thread_func+0x65e/0x870 drivers/media/usb/pvrusb2/pvrusb2-context.c:167 kthread+0x313/0x420 kernel/kthread.c:253 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds.. Tested on: commit: 43151d6c usb-fuzzer: main usb gadget fuzzer driver git tree: https://github.com/google/kasan.git usb-fuzzer console output: https://syzkaller.appspot.com/x/log.txt?x=15433634a00000 kernel config: https://syzkaller.appspot.com/x/.config?x=274aad0cf966c3bc compiler: gcc (GCC) 9.0.0 20181231 (experimental) patch: https://syzkaller.appspot.com/x/patch.diff?x=13df3d24a00000 ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: WARNING: Detected a wedged cx25840 chip; the device will not work. 2019-04-30 18:56 ` syzbot @ 2019-04-30 18:56 ` syzbot 2019-04-30 19:34 ` Alan Stern 1 sibling, 0 replies; 11+ messages in thread From: syzbot @ 2019-04-30 18:56 UTC (permalink / raw) To: andreyknvl, linux-kernel, linux-usb, syzkaller-bugs Hello, syzbot has tested the proposed patch but the reproducer still triggered crash: WARNING in sysfs_remove_group pvrusb2: Attached sub-driver tuner pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules. pvrusb2: You need to resolve the failing condition before this driver can function. There should be some earlier messages giving more information about the problem. ------------[ cut here ]------------ sysfs group 'power' not found for kobject '0-0044' WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 sysfs_remove_group fs/sysfs/group.c:254 [inline] WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 586 Comm: pvrusb2-context Not tainted 5.1.0-rc3-g43151d6-dirty #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe8/0x16e lib/dump_stack.c:113 panic+0x29d/0x5f2 kernel/panic.c:214 __warn.cold+0x20/0x48 kernel/panic.c:571 report_bug+0x262/0x2a0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:179 [inline] fixup_bug arch/x86/kernel/traps.c:174 [inline] do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272 do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:sysfs_remove_group fs/sysfs/group.c:254 [inline] RIP: 0010:sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 Code: 48 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 01 00 75 41 48 8b 33 48 c7 c7 a0 31 7a 8e e8 e6 c2 6e ff <0f> 0b eb 95 e8 0d de d3 ff e9 d2 fe ff ff 48 89 df e8 00 de d3 ff RSP: 0018:ffff88809ced7b70 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffffffff8f037e80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815b2132 RDI: ffffed10139daf60 RBP: 0000000000000000 R08: ffff88809ce96200 R09: ffffed1015a23edb R10: ffffed1015a23eda R11: ffff8880ad11f6d7 R12: ffff888218b8e630 R13: ffffffff8f038520 R14: 1ffff110139daf97 R15: ffff888218b8e628 dpm_sysfs_remove+0xa2/0xc0 drivers/base/power/sysfs.c:737 device_del+0x175/0xb90 drivers/base/core.c:2246 usb 4-1: new high-speed USB device number 3 using dummy_hcd device_unregister+0x27/0xd0 drivers/base/core.c:2301 i2c_unregister_device drivers/i2c/i2c-core-base.c:814 [inline] __unregister_client drivers/i2c/i2c-core-base.c:1422 [inline] __unregister_client+0x7d/0x90 drivers/i2c/i2c-core-base.c:1418 device_for_each_child+0x100/0x170 drivers/base/core.c:2401 i2c_del_adapter drivers/i2c/i2c-core-base.c:1485 [inline] i2c_del_adapter+0x35b/0x640 drivers/i2c/i2c-core-base.c:1447 pvr2_i2c_core_done+0x6e/0xbb drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:662 pvr2_hdw_destroy+0x17e/0x380 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2669 pvr2_context_destroy+0x89/0x240 drivers/media/usb/pvrusb2/pvrusb2-context.c:79 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:146 [inline] pvr2_context_thread_func+0x65e/0x870 drivers/media/usb/pvrusb2/pvrusb2-context.c:167 kthread+0x313/0x420 kernel/kthread.c:253 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds.. Tested on: commit: 43151d6c usb-fuzzer: main usb gadget fuzzer driver git tree: https://github.com/google/kasan.git usb-fuzzer console output: https://syzkaller.appspot.com/x/log.txt?x=15433634a00000 kernel config: https://syzkaller.appspot.com/x/.config?x=274aad0cf966c3bc compiler: gcc (GCC) 9.0.0 20181231 (experimental) patch: https://syzkaller.appspot.com/x/patch.diff?x=13df3d24a00000 ^ permalink raw reply [flat|nested] 11+ messages in thread
* WARNING: Detected a wedged cx25840 chip; the device will not work. @ 2019-04-30 19:34 ` Alan Stern 2019-04-30 19:34 ` Alan Stern 2019-05-02 16:10 ` Andrey Konovalov 0 siblings, 2 replies; 11+ messages in thread From: Alan Stern @ 2019-04-30 19:34 UTC (permalink / raw) To: Mike Isely, syzbot Cc: andreyknvl, linux-media, Kernel development list, USB list, syzkaller-bugs On Tue, 30 Apr 2019, syzbot wrote: > Hello, > > syzbot has tested the proposed patch but the reproducer still triggered > crash: > WARNING in sysfs_remove_group > > pvrusb2: Attached sub-driver tuner > pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the > failure of one or more sub-device kernel modules. > pvrusb2: You need to resolve the failing condition before this driver can > function. There should be some earlier messages giving more information > about the problem. > ------------[ cut here ]------------ > sysfs group 'power' not found for kobject '0-0044' > WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 sysfs_remove_group > fs/sysfs/group.c:254 [inline] > WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 > sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 > Kernel panic - not syncing: panic_on_warn set ... > CPU: 1 PID: 586 Comm: pvrusb2-context Not tainted 5.1.0-rc3-g43151d6-dirty > #1 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0xe8/0x16e lib/dump_stack.c:113 > panic+0x29d/0x5f2 kernel/panic.c:214 > __warn.cold+0x20/0x48 kernel/panic.c:571 > report_bug+0x262/0x2a0 lib/bug.c:186 > fixup_bug arch/x86/kernel/traps.c:179 [inline] > fixup_bug arch/x86/kernel/traps.c:174 [inline] > do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272 > do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291 > invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 > RIP: 0010:sysfs_remove_group fs/sysfs/group.c:254 [inline] > RIP: 0010:sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 > Code: 48 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c > 01 00 75 41 48 8b 33 48 c7 c7 a0 31 7a 8e e8 e6 c2 6e ff <0f> 0b eb 95 e8 > 0d de d3 ff e9 d2 fe ff ff 48 89 df e8 00 de d3 ff > RSP: 0018:ffff88809ced7b70 EFLAGS: 00010286 > RAX: 0000000000000000 RBX: ffffffff8f037e80 RCX: 0000000000000000 > RDX: 0000000000000000 RSI: ffffffff815b2132 RDI: ffffed10139daf60 > RBP: 0000000000000000 R08: ffff88809ce96200 R09: ffffed1015a23edb > R10: ffffed1015a23eda R11: ffff8880ad11f6d7 R12: ffff888218b8e630 > R13: ffffffff8f038520 R14: 1ffff110139daf97 R15: ffff888218b8e628 > dpm_sysfs_remove+0xa2/0xc0 drivers/base/power/sysfs.c:737 > device_del+0x175/0xb90 drivers/base/core.c:2246 > usb 4-1: new high-speed USB device number 3 using dummy_hcd > device_unregister+0x27/0xd0 drivers/base/core.c:2301 > i2c_unregister_device drivers/i2c/i2c-core-base.c:814 [inline] > __unregister_client drivers/i2c/i2c-core-base.c:1422 [inline] > __unregister_client+0x7d/0x90 drivers/i2c/i2c-core-base.c:1418 > device_for_each_child+0x100/0x170 drivers/base/core.c:2401 > i2c_del_adapter drivers/i2c/i2c-core-base.c:1485 [inline] > i2c_del_adapter+0x35b/0x640 drivers/i2c/i2c-core-base.c:1447 > pvr2_i2c_core_done+0x6e/0xbb > drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:662 > pvr2_hdw_destroy+0x17e/0x380 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2669 > pvr2_context_destroy+0x89/0x240 > drivers/media/usb/pvrusb2/pvrusb2-context.c:79 > pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:146 [inline] > pvr2_context_thread_func+0x65e/0x870 > drivers/media/usb/pvrusb2/pvrusb2-context.c:167 > kthread+0x313/0x420 kernel/kthread.c:253 > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 > Kernel Offset: disabled > Rebooting in 86400 seconds.. > > > Tested on: > > commit: 43151d6c usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git usb-fuzzer > console output: https://syzkaller.appspot.com/x/log.txt?x=15433634a00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=274aad0cf966c3bc > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > patch: https://syzkaller.appspot.com/x/patch.diff?x=13df3d24a00000 It seems pretty clear that this problem is caused by the pvr2_context_thread trying to unregister the device before the main probe routine has finished registering it. I'm not familiar enough with this driver to want to fix the problem, however. Someone else who knows the code better should work on it. Alan Stern ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: WARNING: Detected a wedged cx25840 chip; the device will not work. 2019-04-30 19:34 ` Alan Stern @ 2019-04-30 19:34 ` Alan Stern 2019-05-02 16:10 ` Andrey Konovalov 1 sibling, 0 replies; 11+ messages in thread From: Alan Stern @ 2019-04-30 19:34 UTC (permalink / raw) To: Mike Isely, syzbot Cc: andreyknvl, linux-media, Kernel development list, USB list, syzkaller-bugs On Tue, 30 Apr 2019, syzbot wrote: > Hello, > > syzbot has tested the proposed patch but the reproducer still triggered > crash: > WARNING in sysfs_remove_group > > pvrusb2: Attached sub-driver tuner > pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the > failure of one or more sub-device kernel modules. > pvrusb2: You need to resolve the failing condition before this driver can > function. There should be some earlier messages giving more information > about the problem. > ------------[ cut here ]------------ > sysfs group 'power' not found for kobject '0-0044' > WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 sysfs_remove_group > fs/sysfs/group.c:254 [inline] > WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 > sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 > Kernel panic - not syncing: panic_on_warn set ... > CPU: 1 PID: 586 Comm: pvrusb2-context Not tainted 5.1.0-rc3-g43151d6-dirty > #1 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0xe8/0x16e lib/dump_stack.c:113 > panic+0x29d/0x5f2 kernel/panic.c:214 > __warn.cold+0x20/0x48 kernel/panic.c:571 > report_bug+0x262/0x2a0 lib/bug.c:186 > fixup_bug arch/x86/kernel/traps.c:179 [inline] > fixup_bug arch/x86/kernel/traps.c:174 [inline] > do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272 > do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291 > invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 > RIP: 0010:sysfs_remove_group fs/sysfs/group.c:254 [inline] > RIP: 0010:sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 > Code: 48 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c > 01 00 75 41 48 8b 33 48 c7 c7 a0 31 7a 8e e8 e6 c2 6e ff <0f> 0b eb 95 e8 > 0d de d3 ff e9 d2 fe ff ff 48 89 df e8 00 de d3 ff > RSP: 0018:ffff88809ced7b70 EFLAGS: 00010286 > RAX: 0000000000000000 RBX: ffffffff8f037e80 RCX: 0000000000000000 > RDX: 0000000000000000 RSI: ffffffff815b2132 RDI: ffffed10139daf60 > RBP: 0000000000000000 R08: ffff88809ce96200 R09: ffffed1015a23edb > R10: ffffed1015a23eda R11: ffff8880ad11f6d7 R12: ffff888218b8e630 > R13: ffffffff8f038520 R14: 1ffff110139daf97 R15: ffff888218b8e628 > dpm_sysfs_remove+0xa2/0xc0 drivers/base/power/sysfs.c:737 > device_del+0x175/0xb90 drivers/base/core.c:2246 > usb 4-1: new high-speed USB device number 3 using dummy_hcd > device_unregister+0x27/0xd0 drivers/base/core.c:2301 > i2c_unregister_device drivers/i2c/i2c-core-base.c:814 [inline] > __unregister_client drivers/i2c/i2c-core-base.c:1422 [inline] > __unregister_client+0x7d/0x90 drivers/i2c/i2c-core-base.c:1418 > device_for_each_child+0x100/0x170 drivers/base/core.c:2401 > i2c_del_adapter drivers/i2c/i2c-core-base.c:1485 [inline] > i2c_del_adapter+0x35b/0x640 drivers/i2c/i2c-core-base.c:1447 > pvr2_i2c_core_done+0x6e/0xbb > drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:662 > pvr2_hdw_destroy+0x17e/0x380 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2669 > pvr2_context_destroy+0x89/0x240 > drivers/media/usb/pvrusb2/pvrusb2-context.c:79 > pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:146 [inline] > pvr2_context_thread_func+0x65e/0x870 > drivers/media/usb/pvrusb2/pvrusb2-context.c:167 > kthread+0x313/0x420 kernel/kthread.c:253 > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 > Kernel Offset: disabled > Rebooting in 86400 seconds.. > > > Tested on: > > commit: 43151d6c usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git usb-fuzzer > console output: https://syzkaller.appspot.com/x/log.txt?x=15433634a00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=274aad0cf966c3bc > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > patch: https://syzkaller.appspot.com/x/patch.diff?x=13df3d24a00000 It seems pretty clear that this problem is caused by the pvr2_context_thread trying to unregister the device before the main probe routine has finished registering it. I'm not familiar enough with this driver to want to fix the problem, however. Someone else who knows the code better should work on it. Alan Stern ^ permalink raw reply [flat|nested] 11+ messages in thread
* WARNING: Detected a wedged cx25840 chip; the device will not work. @ 2019-05-02 16:10 ` Andrey Konovalov 2019-05-02 16:10 ` Andrey Konovalov 0 siblings, 1 reply; 11+ messages in thread From: Andrey Konovalov @ 2019-05-02 16:10 UTC (permalink / raw) To: Alan Stern Cc: Mike Isely, syzbot, linux-media, Kernel development list, USB list, syzkaller-bugs On Tue, Apr 30, 2019 at 9:34 PM Alan Stern <stern@rowland.harvard.edu> wrote: > > On Tue, 30 Apr 2019, syzbot wrote: > > > Hello, > > > > syzbot has tested the proposed patch but the reproducer still triggered > > crash: > > WARNING in sysfs_remove_group > > > > pvrusb2: Attached sub-driver tuner > > pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the > > failure of one or more sub-device kernel modules. > > pvrusb2: You need to resolve the failing condition before this driver can > > function. There should be some earlier messages giving more information > > about the problem. > > ------------[ cut here ]------------ > > sysfs group 'power' not found for kobject '0-0044' > > WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 sysfs_remove_group > > fs/sysfs/group.c:254 [inline] > > WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 > > sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 > > Kernel panic - not syncing: panic_on_warn set ... > > CPU: 1 PID: 586 Comm: pvrusb2-context Not tainted 5.1.0-rc3-g43151d6-dirty > > #1 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > Google 01/01/2011 > > Call Trace: > > __dump_stack lib/dump_stack.c:77 [inline] > > dump_stack+0xe8/0x16e lib/dump_stack.c:113 > > panic+0x29d/0x5f2 kernel/panic.c:214 > > __warn.cold+0x20/0x48 kernel/panic.c:571 > > report_bug+0x262/0x2a0 lib/bug.c:186 > > fixup_bug arch/x86/kernel/traps.c:179 [inline] > > fixup_bug arch/x86/kernel/traps.c:174 [inline] > > do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272 > > do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291 > > invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 > > RIP: 0010:sysfs_remove_group fs/sysfs/group.c:254 [inline] > > RIP: 0010:sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 > > Code: 48 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c > > 01 00 75 41 48 8b 33 48 c7 c7 a0 31 7a 8e e8 e6 c2 6e ff <0f> 0b eb 95 e8 > > 0d de d3 ff e9 d2 fe ff ff 48 89 df e8 00 de d3 ff > > RSP: 0018:ffff88809ced7b70 EFLAGS: 00010286 > > RAX: 0000000000000000 RBX: ffffffff8f037e80 RCX: 0000000000000000 > > RDX: 0000000000000000 RSI: ffffffff815b2132 RDI: ffffed10139daf60 > > RBP: 0000000000000000 R08: ffff88809ce96200 R09: ffffed1015a23edb > > R10: ffffed1015a23eda R11: ffff8880ad11f6d7 R12: ffff888218b8e630 > > R13: ffffffff8f038520 R14: 1ffff110139daf97 R15: ffff888218b8e628 > > dpm_sysfs_remove+0xa2/0xc0 drivers/base/power/sysfs.c:737 > > device_del+0x175/0xb90 drivers/base/core.c:2246 > > usb 4-1: new high-speed USB device number 3 using dummy_hcd > > device_unregister+0x27/0xd0 drivers/base/core.c:2301 > > i2c_unregister_device drivers/i2c/i2c-core-base.c:814 [inline] > > __unregister_client drivers/i2c/i2c-core-base.c:1422 [inline] > > __unregister_client+0x7d/0x90 drivers/i2c/i2c-core-base.c:1418 > > device_for_each_child+0x100/0x170 drivers/base/core.c:2401 > > i2c_del_adapter drivers/i2c/i2c-core-base.c:1485 [inline] > > i2c_del_adapter+0x35b/0x640 drivers/i2c/i2c-core-base.c:1447 > > pvr2_i2c_core_done+0x6e/0xbb > > drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:662 > > pvr2_hdw_destroy+0x17e/0x380 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2669 > > pvr2_context_destroy+0x89/0x240 > > drivers/media/usb/pvrusb2/pvrusb2-context.c:79 > > pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:146 [inline] > > pvr2_context_thread_func+0x65e/0x870 > > drivers/media/usb/pvrusb2/pvrusb2-context.c:167 > > kthread+0x313/0x420 kernel/kthread.c:253 > > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 > > Kernel Offset: disabled > > Rebooting in 86400 seconds.. > > > > > > Tested on: > > > > commit: 43151d6c usb-fuzzer: main usb gadget fuzzer driver > > git tree: https://github.com/google/kasan.git usb-fuzzer > > console output: https://syzkaller.appspot.com/x/log.txt?x=15433634a00000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=274aad0cf966c3bc > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > patch: https://syzkaller.appspot.com/x/patch.diff?x=13df3d24a00000 > > It seems pretty clear that this problem is caused by the > pvr2_context_thread trying to unregister the device before the main > probe routine has finished registering it. > > I'm not familiar enough with this driver to want to fix the problem, > however. Someone else who knows the code better should work on it. Yeah, it's a different bug than I intended to fix. I've sent patch for the original issue (using "WARNING:") though. > > Alan Stern > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: WARNING: Detected a wedged cx25840 chip; the device will not work. 2019-05-02 16:10 ` Andrey Konovalov @ 2019-05-02 16:10 ` Andrey Konovalov 0 siblings, 0 replies; 11+ messages in thread From: Andrey Konovalov @ 2019-05-02 16:10 UTC (permalink / raw) To: Alan Stern Cc: Mike Isely, syzbot, linux-media, Kernel development list, USB list, syzkaller-bugs On Tue, Apr 30, 2019 at 9:34 PM Alan Stern <stern@rowland.harvard.edu> wrote: > > On Tue, 30 Apr 2019, syzbot wrote: > > > Hello, > > > > syzbot has tested the proposed patch but the reproducer still triggered > > crash: > > WARNING in sysfs_remove_group > > > > pvrusb2: Attached sub-driver tuner > > pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the > > failure of one or more sub-device kernel modules. > > pvrusb2: You need to resolve the failing condition before this driver can > > function. There should be some earlier messages giving more information > > about the problem. > > ------------[ cut here ]------------ > > sysfs group 'power' not found for kobject '0-0044' > > WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 sysfs_remove_group > > fs/sysfs/group.c:254 [inline] > > WARNING: CPU: 1 PID: 586 at fs/sysfs/group.c:254 > > sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 > > Kernel panic - not syncing: panic_on_warn set ... > > CPU: 1 PID: 586 Comm: pvrusb2-context Not tainted 5.1.0-rc3-g43151d6-dirty > > #1 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > Google 01/01/2011 > > Call Trace: > > __dump_stack lib/dump_stack.c:77 [inline] > > dump_stack+0xe8/0x16e lib/dump_stack.c:113 > > panic+0x29d/0x5f2 kernel/panic.c:214 > > __warn.cold+0x20/0x48 kernel/panic.c:571 > > report_bug+0x262/0x2a0 lib/bug.c:186 > > fixup_bug arch/x86/kernel/traps.c:179 [inline] > > fixup_bug arch/x86/kernel/traps.c:174 [inline] > > do_error_trap+0x130/0x1f0 arch/x86/kernel/traps.c:272 > > do_invalid_op+0x37/0x40 arch/x86/kernel/traps.c:291 > > invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 > > RIP: 0010:sysfs_remove_group fs/sysfs/group.c:254 [inline] > > RIP: 0010:sysfs_remove_group+0x15a/0x1b0 fs/sysfs/group.c:245 > > Code: 48 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c > > 01 00 75 41 48 8b 33 48 c7 c7 a0 31 7a 8e e8 e6 c2 6e ff <0f> 0b eb 95 e8 > > 0d de d3 ff e9 d2 fe ff ff 48 89 df e8 00 de d3 ff > > RSP: 0018:ffff88809ced7b70 EFLAGS: 00010286 > > RAX: 0000000000000000 RBX: ffffffff8f037e80 RCX: 0000000000000000 > > RDX: 0000000000000000 RSI: ffffffff815b2132 RDI: ffffed10139daf60 > > RBP: 0000000000000000 R08: ffff88809ce96200 R09: ffffed1015a23edb > > R10: ffffed1015a23eda R11: ffff8880ad11f6d7 R12: ffff888218b8e630 > > R13: ffffffff8f038520 R14: 1ffff110139daf97 R15: ffff888218b8e628 > > dpm_sysfs_remove+0xa2/0xc0 drivers/base/power/sysfs.c:737 > > device_del+0x175/0xb90 drivers/base/core.c:2246 > > usb 4-1: new high-speed USB device number 3 using dummy_hcd > > device_unregister+0x27/0xd0 drivers/base/core.c:2301 > > i2c_unregister_device drivers/i2c/i2c-core-base.c:814 [inline] > > __unregister_client drivers/i2c/i2c-core-base.c:1422 [inline] > > __unregister_client+0x7d/0x90 drivers/i2c/i2c-core-base.c:1418 > > device_for_each_child+0x100/0x170 drivers/base/core.c:2401 > > i2c_del_adapter drivers/i2c/i2c-core-base.c:1485 [inline] > > i2c_del_adapter+0x35b/0x640 drivers/i2c/i2c-core-base.c:1447 > > pvr2_i2c_core_done+0x6e/0xbb > > drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:662 > > pvr2_hdw_destroy+0x17e/0x380 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2669 > > pvr2_context_destroy+0x89/0x240 > > drivers/media/usb/pvrusb2/pvrusb2-context.c:79 > > pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:146 [inline] > > pvr2_context_thread_func+0x65e/0x870 > > drivers/media/usb/pvrusb2/pvrusb2-context.c:167 > > kthread+0x313/0x420 kernel/kthread.c:253 > > ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 > > Kernel Offset: disabled > > Rebooting in 86400 seconds.. > > > > > > Tested on: > > > > commit: 43151d6c usb-fuzzer: main usb gadget fuzzer driver > > git tree: https://github.com/google/kasan.git usb-fuzzer > > console output: https://syzkaller.appspot.com/x/log.txt?x=15433634a00000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=274aad0cf966c3bc > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > patch: https://syzkaller.appspot.com/x/patch.diff?x=13df3d24a00000 > > It seems pretty clear that this problem is caused by the > pvr2_context_thread trying to unregister the device before the main > probe routine has finished registering it. > > I'm not familiar enough with this driver to want to fix the problem, > however. Someone else who knows the code better should work on it. Yeah, it's a different bug than I intended to fix. I've sent patch for the original issue (using "WARNING:") though. > > Alan Stern > ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2019-05-02 16:10 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-04-30 14:36 WARNING: Detected a wedged cx25840 chip; the device will not work syzbot 2019-04-30 15:35 ` Greg KH 2019-04-30 15:50 ` Greg KH 2019-04-30 17:26 ` Andrey Konovalov 2019-04-30 17:26 ` Andrey Konovalov 2019-04-30 18:56 ` syzbot 2019-04-30 18:56 ` syzbot 2019-04-30 19:34 ` Alan Stern 2019-04-30 19:34 ` Alan Stern 2019-05-02 16:10 ` Andrey Konovalov 2019-05-02 16:10 ` Andrey Konovalov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).