Re: WARNING in usb_submit_urb (4)

Tue, 16 Apr 2019 10:39:46 -0700 

On Mon, 15 Apr 2019, Andrey Konovalov wrote:

> On Mon, Apr 15, 2019 at 5:16 PM Andrey Konovalov <andreyk...@google.com> 
> wrote:
> >
> > On Mon, Apr 15, 2019 at 2:34 PM syzbot
> > <syzbot+7634edaea4d0b341c...@syzkaller.appspotmail.com> wrote:
> > >
> > > Hello,
> > >
> > > syzbot has tested the proposed patch and the reproducer did not trigger
> > > crash:
> > >
> > > Reported-and-tested-by:
> > > syzbot+7634edaea4d0b341c...@syzkaller.appspotmail.com
> >
> > Hm, I think this is some kind of race and the patch affects the
> > timings, so this can't be reproduced that easily. I'll try to do it
> > manually.
> 
> Hm, now I'm having troubles to reproduce it manually. Let's try your
> debug patch once more on the exact commit this was reported. If it
> doesn't trigger, I think the best thing would be to close this report
> as invalid, and wait for syzbot to (hopefully) generate a fresh
> reproducer.
> 
> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> e12e00e388de

Okay, let's try a simpler and less intrusive debugging patch.

Alan Stern


#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 
e12e00e388de

--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1016,6 +1016,8 @@ static void hub_activate(struct usb_hub
        bool need_debounce_delay = false;
        unsigned delay;
 
+       dev_info(hub->intfdev, "%s type %d\n", __func__, type);
+
        /* Continue a partial initialization */
        if (type == HUB_INIT2 || type == HUB_INIT3) {
                device_lock(&hdev->dev);
@@ -1254,6 +1256,7 @@ static void hub_activate(struct usb_hub
  init3:
        hub->quiescing = 0;
 
+       dev_info(hub->intfdev, "Submitting status URB\n");
        status = usb_submit_urb(hub->urb, GFP_NOIO);
        if (status < 0)
                dev_err(hub->intfdev, "activate --> %d\n", status);
@@ -3711,7 +3714,7 @@ static int hub_suspend(struct usb_interf
                }
        }
 
-       dev_dbg(&intf->dev, "%s\n", __func__);
+       dev_info(&intf->dev, "%s\n", __func__);
 
        /* stop hub_wq and related activity */
        hub_quiesce(hub, HUB_SUSPEND);
@@ -3756,7 +3759,7 @@ static int hub_resume(struct usb_interfa
 {
        struct usb_hub *hub = usb_get_intfdata(intf);
 
-       dev_dbg(&intf->dev, "%s\n", __func__);
+       dev_info(&intf->dev, "%s\n", __func__);
        hub_activate(hub, HUB_RESUME);
 
        /*

Reply via email to