Hi On 08/16/2016 06:15 PM, Binyamin Sharet wrote: > On 08/16/2016 05:49 PM, Greg KH wrote: >> On Tue, Aug 16, 2016 at 04:42:23PM +0300, Binyamin Sharet wrote: >>> Kernel version: raspberrypi 4.4.6-v7+ #871 >>> Kernel version: 4.4.0-24-generic #43-Ubuntu SMP >>> Driver source file: drivers/staging/media/lirc/lirc_imon.c >>> Umap2 command line: umap2vsscan -P <PHY> -s 0aa8:8001 >>> >>> After connecting such a device, the host usb stack became unresponsive. >>> Please see attached dmesg log. >>> >>> Binyamin Sharet >>> Cisco, STARE-C >>> [ 1206.083207] usb 3-2: new high-speed USB device number 2 using xhci_hcd >>> [ 1206.504969] usb 3-2: New USB device found, idVendor=0aa8, idProduct=8001 >>> [ 1206.504978] usb 3-2: New USB device strings: Mfr=1, Product=2, >>> SerialNumber=3 >>> [ 1206.504982] usb 3-2: Product: UMAP2. PID:0x8001 >>> [ 1206.504985] usb 3-2: Manufacturer: UMAP2. VID:0x0aa8 >>> [ 1206.504988] usb 3-2: SerialNumber: 123456 >>> [ 1207.732370] lirc_dev: IR Remote Control driver registered, major 244 >>> [ 1207.735697] lirc_imon: module is from the staging directory, the quality >>> is unknown, you have been warned. >>> [ 1207.736244] lirc_imon 3-2:1.0: lirc_dev: driver lirc_imon registered at >>> minor = 0 >>> [ 1207.736251] lirc_imon 3-2:1.0: Registered iMON driver (lirc minor: 0) >>> [ 1207.736268] lirc_imon 3-2:1.0: iMON device (0aa8:8001, intf0) on >>> usb<3:2> initialized >>> [ 1207.736320] usbcore: registered new interface driver lirc_imon >>> [ 1210.702280] lirc_imon 3-2:1.0: imon usb_rx_callback: status(-71): ignored >>> [ 1210.702356] usb 3-2: USB disconnect, device number 2 >>> [ 1210.702503] lirc_imon 3-2:1.0: imon usb_rx_callback: status(-71): ignored >>> >>> >>> >>> >>> [ 1440.146097] INFO: task kworker/1:0:14 blocked for more than 120 seconds. >>> [ 1440.146107] Tainted: G C OE 4.4.0-24-generic #43-Ubuntu >>> [ 1440.146110] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables >>> this message. >>> [ 1440.146113] kworker/1:0 D ffff8802149bfa68 0 14 2 >>> 0x00000000 >>> [ 1440.146126] Workqueue: usb_hub_wq hub_event >>> [ 1440.146129] ffff8802149bfa68 0000000076b5ce45 ffff8800c83fe040 >>> ffff8802149b1b80 >>> [ 1440.146134] ffff8802149c0000 ffff8800aaca261c ffff8802149b1b80 >>> 00000000ffffffff >>> [ 1440.146137] ffff8800aaca2620 ffff8802149bfa80 ffffffff81821b15 >>> ffff8800aaca2618 >>> [ 1440.146141] Call Trace: >>> [ 1440.146152] [<ffffffff81821b15>] schedule+0x35/0x80 >>> [ 1440.146157] [<ffffffff81821dbe>] schedule_preempt_disabled+0xe/0x10 >>> [ 1440.146162] [<ffffffff818239f9>] __mutex_lock_slowpath+0xb9/0x130 >>> [ 1440.146167] [<ffffffff81823a8f>] mutex_lock+0x1f/0x30 >>> [ 1440.146177] [<ffffffffc0839b2d>] imon_disconnect+0x3d/0x110 [lirc_imon] >>> [ 1440.146183] [<ffffffff81616023>] usb_unbind_interface+0x83/0x260 >>> [ 1440.146190] [<ffffffff8154d0f1>] __device_release_driver+0xa1/0x150 >>> [ 1440.146194] [<ffffffff8154d1c3>] device_release_driver+0x23/0x30 >>> [ 1440.146197] [<ffffffff8154c811>] bus_remove_device+0x101/0x170 >>> [ 1440.146202] [<ffffffff81548969>] device_del+0x139/0x260 >>> [ 1440.146207] [<ffffffff8161a93f>] ? usb_remove_ep_devs+0x1f/0x30 >>> [ 1440.146212] [<ffffffff816137e9>] usb_disable_device+0x89/0x270 >>> [ 1440.146216] [<ffffffff816091b2>] usb_disconnect+0x92/0x280 >>> [ 1440.146220] [<ffffffff8160ad82>] hub_port_connect+0x82/0x9c0 >>> [ 1440.146223] [<ffffffff8160bd91>] hub_event+0x6d1/0xb10 >>> [ 1440.146229] [<ffffffff810b92f5>] ? put_prev_entity+0x35/0x7d0 >>> [ 1440.146235] [<ffffffff8109a175>] process_one_work+0x165/0x480 >>> [ 1440.146240] [<ffffffff8109a4db>] worker_thread+0x4b/0x4c0 >>> [ 1440.146244] [<ffffffff8109a490>] ? process_one_work+0x480/0x480 >>> [ 1440.146248] [<ffffffff810a06a8>] kthread+0xd8/0xf0 >>> [ 1440.146252] [<ffffffff810a05d0>] ? kthread_create_on_node+0x1e0/0x1e0 >>> [ 1440.146256] [<ffffffff81825f8f>] ret_from_fork+0x3f/0x70 >>> [ 1440.146260] [<ffffffff810a05d0>] ? kthread_create_on_node+0x1e0/0x1e0 >>> [ 1440.146329] INFO: task colord-sane:4439 blocked for more than 120 >>> seconds. >>> [ 1440.146332] Tainted: G C OE 4.4.0-24-generic #43-Ubuntu >>> [ 1440.146334] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables >>> this message. >>> [ 1440.146336] colord-sane D ffff8801d8123d78 0 4439 1163 >>> 0x00000000 >>> [ 1440.146341] ffff8801d8123d78 00000000ffffffff ffffffff81e11500 >>> ffff8800c83fe040 >>> [ 1440.146345] ffff8801d8124000 ffff8802107b68fc ffff8800c83fe040 >>> 00000000ffffffff >>> [ 1440.146349] ffff8802107b6900 ffff8801d8123d90 ffffffff81821b15 >>> ffff8802107b68f8 >>> [ 1440.146353] Call Trace: >>> [ 1440.146358] [<ffffffff81821b15>] schedule+0x35/0x80 >>> [ 1440.146362] [<ffffffff81821dbe>] schedule_preempt_disabled+0xe/0x10 >>> [ 1440.146367] [<ffffffff818239f9>] __mutex_lock_slowpath+0xb9/0x130 >>> [ 1440.146371] [<ffffffff81823a8f>] mutex_lock+0x1f/0x30 >>> [ 1440.146375] [<ffffffff81619dd7>] read_descriptors+0x37/0x100 >>> [ 1440.146382] [<ffffffff8128c9ba>] sysfs_kf_bin_read+0x4a/0x70 >>> [ 1440.146387] [<ffffffff8128bf2b>] kernfs_fop_read+0xab/0x160 >>> [ 1440.146393] [<ffffffff8120c6d8>] __vfs_read+0x18/0x40 >>> [ 1440.146398] [<ffffffff8120cca6>] vfs_read+0x86/0x130 >>> [ 1440.146402] [<ffffffff8120d9f5>] SyS_read+0x55/0xc0 >>> [ 1440.146409] [<ffffffff81825bf2>] entry_SYSCALL_64_fastpath+0x16/0x71 >> Just an idea, can you provide the descriptors that you are using to fuzz >> these drivers with? Without that, it's a tough slog through the code to >> try to figure out what went wrong... >> >> thanks, >> >> greg k-h > Sure, I will send the descriptors that I used as a reply to the first > mail, as they are all the same (except for VID/PID in the device > descriptor). > > Binyamin Sharet > Cisco, STARE-C
I have retested this issue with ubuntu 16.04, using kernel 4.7-rc2 which is the version that I was asked to test with on another issue and it was not reproduced. -- Binyamin Sharet, Cisco, STARE-C -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
