syzbot


WARNING in usb_submit_urb (3)

Status: fixed on 2018/10/30 01:28
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+24a30223a4b609bb802e@syzkaller.appspotmail.com
Fix commit: 665c365a77fb USB: fix the usbfs flag sanitization for control transfers
First crash: 2243d, last: 2227d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH 3.16 000/328] 3.16.62-rc1 review 338 (338) 2018/12/16 22:01
[PATCH 4.18 00/34] 4.18.18-stable review 41 (41) 2018/11/10 15:24
[PATCH 4.14 00/31] 4.14.80-stable review 42 (42) 2018/11/10 15:24
[PATCH 4.4 000/114] 4.4.163-stable review 129 (129) 2018/11/10 15:22
[PATCH 3.18 000/144] 3.18.125-stable review 152 (152) 2018/11/10 00:44
[PATCH 4.9 000/171] 4.9.136-stable review 176 (176) 2018/11/09 21:55
USB: fix the usbfs flag sanitization for control transfers 1 (1) 2018/10/15 20:55
WARNING in usb_submit_urb (3) 4 (6) 2018/10/15 18:31
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in usb_submit_urb 1 2046d 2045d 0/1 auto-closed as invalid on 2019/10/24 17:37
upstream WARNING in usb_submit_urb (2) usb C 259 2244d 2282d 11/28 fixed on 2018/10/11 14:33
upstream WARNING in usb_submit_urb (4) usb syz done 46 2029d 2217d 12/28 fixed on 2019/05/15 23:14
upstream WARNING in usb_submit_urb (5) input usb syz 4 2021d 2026d 0/28 closed as invalid on 2019/05/27 12:47
upstream WARNING in usb_submit_urb usb C 2 2590d 2582d 4/28 fixed on 2018/02/02 04:39

Sample crash report:
IPVS: ftp: loaded support on port[0] = 21
------------[ cut here ]------------
usb usb7: BOGUS urb flags, 1 --> 0
WARNING: CPU: 0 PID: 5767 at drivers/usb/core/urb.c:503 usb_submit_urb+0x717/0x14e0 drivers/usb/core/urb.c:502
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 5767 Comm: syz-executor538 Not tainted 4.19.0-rc7+ #278
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
 panic+0x238/0x4e7 kernel/panic.c:184
 __warn.cold.8+0x163/0x1ba kernel/panic.c:536
 report_bug+0x254/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:993
RIP: 0010:usb_submit_urb+0x717/0x14e0 drivers/usb/core/urb.c:502
Code: 83 fc 48 8b 45 d0 48 8d b8 a0 00 00 00 e8 d1 be 44 ff 45 89 e0 44 89 e9 4c 89 fa 48 89 c6 48 c7 c7 00 72 71 88 e8 09 b3 4d fc <0f> 0b e8 12 e0 83 fc 48 c7 c6 00 73 71 88 4c 89 f7 e8 53 e1 83 fc
RSP: 0018:ffff8801d7f7f268 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff8801d75ce900 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81650405 RDI: 0000000000000005
RBP: ffff8801d7f7f2d8 R08: ffff8801d82e2200 R09: fffffbfff12720fc
R10: fffffbfff12720fc R11: ffffffff893907e3 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801ce24cd00
 proc_do_submiturb+0x1b7d/0x4020 drivers/usb/core/devio.c:1781
 proc_submiturb_compat+0x544/0x800 drivers/usb/core/devio.c:2015
 usbdev_do_ioctl+0x19a2/0x3b50 drivers/usb/core/devio.c:2492
 usbdev_ioctl+0x25/0x30 drivers/usb/core/devio.c:2569
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702
 __do_sys_ioctl fs/ioctl.c:709 [inline]
 __se_sys_ioctl fs/ioctl.c:707 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x444759
Code: 25 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00000000007eff78 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc565f3ac0 RCX: 0000000000444759
RDX: 0000000020000080 RSI: 00000000802c550a RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000120080522 R09: 0000000120080522
R10: 000000000000000f R11: 0000000000000213 R12: 0000000000402310
R13: 00000000004023a0 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (58):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/10/12 05:26 upstream 9dcd936c5312 ba6ddb43 .config console log report syz C ci-upstream-kasan-gce
2018/10/12 04:09 upstream 9dcd936c5312 ba6ddb43 .config console log report syz C ci-upstream-kasan-gce
2018/10/12 03:53 upstream 9dcd936c5312 ba6ddb43 .config console log report syz C ci-upstream-kasan-gce
2018/10/12 03:25 upstream 9dcd936c5312 ba6ddb43 .config console log report syz C ci-upstream-kasan-gce
2018/10/13 11:53 upstream bab5c80b2110 caf12900 .config console log report syz ci-upstream-kasan-gce-root
2018/10/13 11:33 upstream bab5c80b2110 caf12900 .config console log report syz ci-upstream-kasan-gce-root
2018/10/13 11:16 upstream bab5c80b2110 caf12900 .config console log report syz ci-upstream-kasan-gce-root
2018/10/12 18:02 upstream 90ad18418c2d caf12900 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/10/12 17:43 upstream 90ad18418c2d caf12900 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/10/12 09:59 upstream 0778a9f2dd92 ba6ddb43 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/10/12 09:43 upstream 0778a9f2dd92 ba6ddb43 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/10/12 09:30 upstream 0778a9f2dd92 ba6ddb43 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/10/12 03:12 upstream 0778a9f2dd92 ba6ddb43 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/10/12 03:11 upstream 0778a9f2dd92 ba6ddb43 .config console log report syz ci-upstream-kasan-gce-root
2018/10/12 03:05 upstream 9dcd936c5312 ba6ddb43 .config console log report syz ci-upstream-kasan-gce-smack-root
2018/10/12 19:33 linux-next 774ea0551a29 caf12900 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/10/12 19:13 linux-next 774ea0551a29 caf12900 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/10/12 13:15 linux-next 774ea0551a29 ba6ddb43 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/10/28 15:46 upstream 69d5b97c5973 6f9b225a .config console log report ci-upstream-kasan-gce
2018/10/27 06:15 upstream 18d0eae30e6a a8292de9 .config console log report ci-upstream-kasan-gce-root
2018/10/25 12:07 upstream 01aa9d518eae a8292de9 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/24 10:36 upstream 44786880df19 a8292de9 .config console log report ci-upstream-kasan-gce-root
2018/10/19 13:57 upstream 91b15613ce7f 9aba67b5 .config console log report ci-upstream-kasan-gce-selinux-root
2018/10/19 02:26 upstream fa520c47eaa1 9aba67b5 .config console log report ci-upstream-kasan-gce
2018/10/18 06:27 upstream c343db455eb3 b2695b95 .config console log report ci-upstream-kasan-gce-root
2018/10/17 18:15 upstream c0cff31be705 1ba7fd7e .config console log report ci-upstream-kasan-gce-smack-root
2018/10/17 17:06 upstream c0cff31be705 1ba7fd7e .config console log report ci-upstream-kasan-gce
2018/10/17 08:13 upstream b955a910d7fd 1ba7fd7e .config console log report ci-upstream-kasan-gce-smack-root
2018/10/17 02:57 upstream b955a910d7fd 1ba7fd7e .config console log report ci-upstream-kasan-gce
2018/10/16 16:52 upstream f0a7d1883d9f 1ba7fd7e .config console log report ci-upstream-kasan-gce-smack-root
2018/10/16 08:34 upstream f0a7d1883d9f 8cd30605 .config console log report ci-upstream-kasan-gce
2018/10/16 05:05 upstream f0a7d1883d9f 8cd30605 .config console log report ci-upstream-kasan-gce
2018/10/16 04:06 upstream f0a7d1883d9f 8cd30605 .config console log report ci-upstream-kasan-gce-root
2018/10/15 10:28 upstream 35a7f35ad1b1 caf12900 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/15 09:51 upstream 35a7f35ad1b1 caf12900 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/15 04:47 upstream 3a27203102eb caf12900 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/14 21:13 upstream 3a27203102eb caf12900 .config console log report ci-upstream-kasan-gce
2018/10/14 12:48 upstream 3a27203102eb caf12900 .config console log report ci-upstream-kasan-gce-root
2018/10/14 09:16 upstream 3a27203102eb caf12900 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/14 00:35 upstream 7ec21823634d caf12900 .config console log report ci-upstream-kasan-gce-root
2018/10/14 00:03 upstream 7ec21823634d caf12900 .config console log report ci-upstream-kasan-gce-selinux-root
2018/10/13 08:05 upstream bab5c80b2110 caf12900 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/13 01:43 upstream 6b3944e42e2e caf12900 .config console log report ci-upstream-kasan-gce
2018/10/13 00:53 upstream 6b3944e42e2e caf12900 .config console log report ci-upstream-kasan-gce
2018/10/12 22:44 upstream 6b3944e42e2e caf12900 .config console log report ci-upstream-kasan-gce
2018/10/12 11:34 upstream 0778a9f2dd92 ba6ddb43 .config console log report ci-upstream-kasan-gce
2018/10/12 05:53 upstream 0778a9f2dd92 ba6ddb43 .config console log report ci-upstream-kasan-gce-root
2018/10/12 02:54 upstream 0778a9f2dd92 ba6ddb43 .config console log report ci-upstream-kasan-gce-selinux-root
2018/10/12 02:52 upstream 9dcd936c5312 ba6ddb43 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/12 02:50 upstream 0778a9f2dd92 ba6ddb43 .config console log report ci-upstream-kasan-gce-root
2018/10/12 02:44 upstream 9dcd936c5312 ba6ddb43 .config console log report ci-upstream-kasan-gce
2018/10/27 21:19 linux-next 8c60c36d0b8c 8efba39a .config console log report ci-upstream-linux-next-kasan-gce-root
2018/10/16 21:45 linux-next 6d5d82417dd6 1ba7fd7e .config console log report ci-upstream-linux-next-kasan-gce-root
2018/10/15 04:28 linux-next 774ea0551a29 caf12900 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/10/12 04:56 linux-next 771b65e89c8a ba6ddb43 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.