lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 25 Mar 2013 15:38:34 -0700
From:	Sarah Sharp <sarah.a.sharp@...ux.intel.com>
To:	Petko Manolov <petkan@...rs.sourceforge.net>
Cc:	linux-usb@...r.kernel.org, Greg KH <gregkh@...uxfoundation.org>,
	netdev@...r.kernel.org,
	Stephen Hemminger <stephen@...workplumber.org>
Subject: Active URB submitted twice in pegasus driver

Hi Petko,

I'm testing a USB to ethernet adapter with Greg's usb-linus branch (based
on 3.9-rc4).  I'm seeing an odd behavior, and I'm suspicious that a
second behavior found by Stephen Hemminger may also be related:

http://marc.info/?l=linux-usb&m=136364625519235&w=2

When I load the pegasus driver for this adapter (without an ethernet
cable hooked to it), and this is on a cold system boot or a complete
unloading and reloading of the usbcore, I get the following warning:

Mar 25 12:06:19 maggie kernel: [ 3108.750206] ------------[ cut here ]------------
Mar 25 12:06:19 maggie kernel: [ 3108.750214] WARNING: at drivers/usb/core/urb.c:327 usb_submit_urb+0x4d1/0x4f0 [usbcore]()
Mar 25 12:06:19 maggie kernel: [ 3108.750216] Hardware name: Shark Bay Client platform
Mar 25 12:06:19 maggie kernel: [ 3108.750217] URB ffff88014267b300 submitted while active
Mar 25 12:06:19 maggie kernel: [ 3108.750218] Modules linked in: pegasus usbmon uvcvideo videobuf2_core videodev snd_usb_audio media snd_usbmidi_lib videobuf2_vmalloc videobuf2_memops usbhid xhci_hcd usbcore usb_common snd_hda_codec_hdmi nouveau coretemp ghash_clmulni_intel aesni_intel ablk_helper cryptd lrw aes_x86_64 xts gf128mul bnep rfcomm bluetooth snd_hda_codec_realtek snd_hda_intel hid_generic snd_hda_codec microcode snd_seq_midi snd_rawmidi snd_hwdep snd_seq_midi_event serio_raw ttm snd_pcm snd_seq lpc_ich snd_timer drm_kms_helper snd_seq_device mei drm snd soundcore snd_page_alloc i2c_algo_bit mxm_wmi video wmi hid e1000e ptp pps_core [last unloaded: videobuf2_memops]
Mar 25 12:06:19 maggie kernel: [ 3108.750256] Pid: 916, comm: NetworkManager Tainted: G        W    3.9.0-rc4+ #2
Mar 25 12:06:19 maggie kernel: [ 3108.750257] Call Trace:
Mar 25 12:06:19 maggie kernel: [ 3108.750262]  [<ffffffff81061c3f>] warn_slowpath_common+0x7f/0xc0
Mar 25 12:06:19 maggie kernel: [ 3108.750264]  [<ffffffff81061d36>] warn_slowpath_fmt+0x46/0x50
Mar 25 12:06:19 maggie kernel: [ 3108.750268]  [<ffffffffa031b8f1>] usb_submit_urb+0x4d1/0x4f0 [usbcore]
Mar 25 12:06:19 maggie kernel: [ 3108.750272]  [<ffffffff815e1e37>] ? dev_set_rx_mode+0x27/0x50
Mar 25 12:06:19 maggie kernel: [ 3108.750284]  [<ffffffffa0031981>] ctrl_callback+0x121/0x170 [pegasus]
Mar 25 12:06:19 maggie kernel: [ 3108.750286]  [<ffffffffa00321d0>] pegasus_set_multicast+0x50/0xc0 [pegasus]
Mar 25 12:06:19 maggie kernel: [ 3108.750289]  [<ffffffff815e1dbf>] __dev_set_rx_mode+0x5f/0xb0
Mar 25 12:06:19 maggie kernel: [ 3108.750291]  [<ffffffff815e1e3f>] dev_set_rx_mode+0x2f/0x50
Mar 25 12:06:19 maggie kernel: [ 3108.750293]  [<ffffffff815e22b8>] __dev_change_flags+0x158/0x180
Mar 25 12:06:19 maggie kernel: [ 3108.750295]  [<ffffffff815e2398>] dev_change_flags+0x28/0x70
Mar 25 12:06:19 maggie kernel: [ 3108.750297]  [<ffffffff815ef422>] do_setlink+0x272/0x980
Mar 25 12:06:19 maggie kernel: [ 3108.750301]  [<ffffffff813c0a50>] ? nla_parse+0x30/0xe0
Mar 25 12:06:19 maggie kernel: [ 3108.750303]  [<ffffffff815f2ad9>] rtnl_newlink+0x369/0x5c0
Mar 25 12:06:19 maggie kernel: [ 3108.750306]  [<ffffffff810dca56>] ? __module_text_address+0x16/0x80
Mar 25 12:06:19 maggie kernel: [ 3108.750310]  [<ffffffff8135e8a7>] ? apparmor_capable+0x27/0xa0
Mar 25 12:06:19 maggie kernel: [ 3108.750312]  [<ffffffff815f257d>] rtnetlink_rcv_msg+0x11d/0x310
Mar 25 12:06:19 maggie kernel: [ 3108.750314]  [<ffffffff815eec07>] ? rtnl_lock+0x17/0x20
Mar 25 12:06:19 maggie kernel: [ 3108.750315]  [<ffffffff815f2460>] ? __rtnl_unlock+0x20/0x20
Mar 25 12:06:19 maggie kernel: [ 3108.750318]  [<ffffffff8160fb99>] netlink_rcv_skb+0xa9/0xd0
Mar 25 12:06:19 maggie kernel: [ 3108.750320]  [<ffffffff815eec35>] rtnetlink_rcv+0x25/0x40
Mar 25 12:06:19 maggie kernel: [ 3108.750322]  [<ffffffff8160f4d1>] netlink_unicast+0x1b1/0x230
Mar 25 12:06:19 maggie kernel: [ 3108.750324]  [<ffffffff8160f85e>] netlink_sendmsg+0x30e/0x3c0
Mar 25 12:06:19 maggie kernel: [ 3108.750326]  [<ffffffff815c1122>] sock_sendmsg+0xd2/0xf0
Mar 25 12:06:19 maggie kernel: [ 3108.750329]  [<ffffffff81181025>] ? might_fault+0xa5/0xb0
Mar 25 12:06:19 maggie kernel: [ 3108.750331]  [<ffffffff81180fdc>] ? might_fault+0x5c/0xb0
Mar 25 12:06:19 maggie kernel: [ 3108.750333]  [<ffffffff815d1c46>] ? verify_iovec+0x56/0xd0
Mar 25 12:06:19 maggie kernel: [ 3108.750335]  [<ffffffff815c26ac>] __sys_sendmsg+0x38c/0x3a0
Mar 25 12:06:19 maggie kernel: [ 3108.750338]  [<ffffffff811dc608>] ? fget_light+0x48/0x4f0
Mar 25 12:06:19 maggie kernel: [ 3108.750340]  [<ffffffff811dc6c3>] ? fget_light+0x103/0x4f0
Mar 25 12:06:19 maggie kernel: [ 3108.750342]  [<ffffffff811dc608>] ? fget_light+0x48/0x4f0
Mar 25 12:06:19 maggie kernel: [ 3108.750344]  [<ffffffff815c4d99>] sys_sendmsg+0x49/0x90
Mar 25 12:06:19 maggie kernel: [ 3108.750347]  [<ffffffff81727599>] system_call_fastpath+0x16/0x1b
Mar 25 12:06:19 maggie kernel: [ 3108.750349] ---[ end trace 60f47965e5b51911 ]---

The warning doesn't show up on subsequent plugs of the device, or if I
unload the pegasus driver and reload it with the device plugged in.
It's only when I unload the xHCI driver and the USB core and reload
those and the pegasus driver that the warning appears.

I'm suspicious that it's an xHCI driver or USB core bug, but I wanted to
run it past you and see if you already know about this issue.  From a
USB mon trace (which is also attached) and the backtrace, it seems like
the URB in question is being used to submit control transfers.

Sarah Sharp

View attachment "pegasus-warning-2013-03-25-12-05.txt" of type "text/plain" (132926 bytes)

View attachment "pegasus-warning-2013-03-25-12-05-usbmon-log.txt" of type "text/plain" (887323 bytes)

View attachment "pegasus-lsusb.txt" of type "text/plain" (638 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ