syzbot


WARNING in submit_rx_urb/usb_submit_urb

Status: fixed on 2020/09/16 22:51
Reported-by: syzbot+c2a1fa67c02faa0de723@syzkaller.appspotmail.com
Fix commit: faaff9765664 staging: wlan-ng: properly check endpoint types
First crash: 1281d, last: 857d
Patch testing requests:
Created Duration User Patch Repo Result
2020/07/21 22:34 16m rkovhaev@gmail.com patch upstream OK
2020/07/21 17:41 16m rkovhaev@gmail.com patch upstream OK
2020/07/17 15:59 16m rkovhaev@gmail.com patch upstream OK
2020/07/17 15:34 9m rkovhaev@gmail.com patch upstream report log

Sample crash report:
prism2_usb 1-1:129.226 (unnamed net_device) (uninitialized): prism2_usb: Firmware not available, but not essential
prism2_usb 1-1:129.226 (unnamed net_device) (uninitialized): prism2_usb: can continue to use card anyway.
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 83 at drivers/usb/core/urb.c:478 usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 panic+0x2aa/0x6e1 kernel/panic.c:221
 __warn.cold+0x2f/0x30 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:175 [inline]
 fixup_bug arch/x86/kernel/traps.c:170 [inline]
 do_error_trap+0x12b/0x1e0 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Code: 4d 85 ed 74 46 e8 38 c2 d2 fd 4c 89 f7 e8 70 ac 16 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 00 52 3d 86 e8 40 96 a6 fd <0f> 0b e9 20 f4 ff ff e8 0c c2 d2 fd 0f 1f 44 00 00 e8 02 c2 d2 fd
RSP: 0018:ffff8881d8b1ef10 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff812a2d8d RDI: ffffed103b163dd4
RBP: ffff8881c606e0f0 R08: ffff8881d8d8ca40 R09: ffffed103b666292
R10: ffff8881db33148f R11: ffffed103b666291 R12: 0000000000000003
R13: ffff8881c953f1f8 R14: ffff8881cd29f0a0 R15: ffff8881ccd00008
 submit_rx_urb+0x2f8/0x400 drivers/staging/wlan-ng/hfa384x_usb.c:345
 hfa384x_drvr_start+0x1cf/0x480 drivers/staging/wlan-ng/hfa384x_usb.c:2362
 prism2sta_ifstate+0x24e/0x510 drivers/staging/wlan-ng/prism2sta.c:471
 prism2sta_probe_usb.cold+0x1c8/0x49e drivers/staging/wlan-ng/prism2usb.c:112
 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374
 really_probe+0x290/0xac0 drivers/base/dd.c:527
 driver_probe_device+0x223/0x350 drivers/base/dd.c:701
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:808
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:874
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0x1367/0x1c20 drivers/base/core.c:2533
 usb_set_configuration+0xed4/0x1850 drivers/usb/core/message.c:2025
 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241
 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272
 really_probe+0x290/0xac0 drivers/base/dd.c:527
 driver_probe_device+0x223/0x350 drivers/base/dd.c:701
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:808
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:874
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0x1367/0x1c20 drivers/base/core.c:2533
 usb_new_device.cold+0x552/0xf6e drivers/usb/core/hub.c:2548
 hub_port_connect drivers/usb/core/hub.c:5195 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5335 [inline]
 port_event drivers/usb/core/hub.c:5481 [inline]
 hub_event+0x226d/0x43c0 drivers/usb/core/hub.c:5563
 process_one_work+0x965/0x1630 kernel/workqueue.c:2268
 worker_thread+0x96/0xe20 kernel/workqueue.c:2414
 kthread+0x326/0x430 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (397):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-usb 2020/05/15 00:14 https://github.com/google/kasan.git usb-fuzzer 059e7e0ff26c 2d572622 .config log report syz C
ci2-upstream-usb 2020/03/01 22:10 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 4a4e0509 .config log report syz C
ci2-upstream-usb 2020/02/26 19:57 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 251aabb7 .config log report syz C
ci2-upstream-usb 2020/02/25 09:59 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 59b57593 .config log report syz C
ci2-upstream-usb 2020/01/25 05:42 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 2e95ab33 .config log report syz C
ci2-upstream-usb 2019/12/17 00:19 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb 0ae38e44 .config log report syz C
ci2-upstream-usb 2019/12/06 22:53 https://github.com/google/kasan.git usb-fuzzer 1f22d15c209f 85f26751 .config log report syz C
ci2-upstream-usb 2019/12/03 22:07 https://github.com/google/kasan.git usb-fuzzer 1f22d15c209f 0ecb9746 .config log report syz C
ci2-upstream-usb 2019/11/16 20:15 https://github.com/google/kasan.git usb-fuzzer 46178223c0ca cdac920b .config log report syz C
ci2-upstream-usb 2019/11/07 13:39 https://github.com/google/kasan.git usb-fuzzer d60bbfea36c1 d797d201 .config log report syz C
ci2-upstream-usb 2019/11/06 08:44 https://github.com/google/kasan.git usb-fuzzer b1aa9d834830 bc2c6e45 .config log report syz C
ci2-upstream-usb 2019/10/29 19:59 https://github.com/google/kasan.git usb-fuzzer ff6409a6ec35 5ea87a66 .config log report syz C
ci2-upstream-usb 2019/10/23 00:49 https://github.com/google/kasan.git usb-fuzzer 22be26f76193 4ee855e7 .config log report syz C
ci2-upstream-usb 2019/10/03 04:20 https://github.com/google/kasan.git usb-fuzzer 58d5f26a5584 2e29b534 .config log report syz C
ci2-upstream-usb 2019/09/27 01:20 https://github.com/google/kasan.git usb-fuzzer 2994c07743fe 2f1548bc .config log report syz C
ci2-upstream-usb 2019/09/22 02:03 https://github.com/google/kasan.git usb-fuzzer e0bd8d794fc9 d96e88f3 .config log report syz C
ci2-upstream-usb 2019/09/07 01:26 https://github.com/google/kasan.git usb-fuzzer f0df5c1be1e9 acb5b744 .config log report syz C
ci2-upstream-usb 2019/08/30 21:06 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 9adfa876 .config log report syz C
ci2-upstream-usb 2019/08/20 20:06 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 6b8391d0 .config log report syz C
ci2-upstream-usb 2019/08/09 20:04 https://github.com/google/kasan.git usb-fuzzer e96407b49762 aff9e255 .config log report syz C
ci2-upstream-usb 2019/07/23 08:55 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 bb071d58 .config log report syz C
ci2-upstream-usb 2019/07/12 00:38 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 186a30b9 .config log report syz C
ci2-upstream-usb 2019/07/11 01:02 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 ff7bf04c .config log report syz C
ci2-upstream-usb 2019/07/10 16:04 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config log report syz C
ci2-upstream-usb 2019/07/02 06:32 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 cccc4302 .config log report syz C
ci2-upstream-usb 2019/06/29 02:35 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config log report syz C
ci2-upstream-usb 2019/06/19 00:18 https://github.com/google/kasan.git usb-fuzzer 9939f56ee6c0 34bf9440 .config log report syz C
ci2-upstream-usb 2019/06/13 05:21 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 3f4e812b .config log report syz C
ci2-upstream-usb 2019/06/08 09:55 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 0159583c .config log report syz C
ci2-upstream-usb 2019/06/04 09:31 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f ce07a7ae .config log report syz C
ci2-upstream-usb 2020/07/27 04:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 51265195 .config log report
ci2-upstream-usb 2020/07/26 22:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 51265195 .config log report
ci2-upstream-usb 2020/07/26 18:44 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 51265195 .config log report
ci2-upstream-usb 2020/07/26 09:33 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 51265195 .config log report
ci2-upstream-usb 2020/07/26 05:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 1f7cc1ca .config log report
ci2-upstream-usb 2020/07/26 00:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 1f7cc1ca .config log report
ci2-upstream-usb 2020/07/25 21:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 1f7cc1ca .config log report
ci2-upstream-usb 2020/07/25 19:40 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 1f7cc1ca .config log report
ci2-upstream-usb 2020/07/25 17:46 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 1f7cc1ca .config log report
ci2-upstream-usb 2020/07/25 15:52 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 1f7cc1ca .config log report
ci2-upstream-usb 2020/07/25 14:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 1f7cc1ca .config log report
ci2-upstream-usb 2020/07/25 13:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 1f7cc1ca .config log report
ci2-upstream-usb 2020/07/25 10:11 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 0a13649c .config log report
ci2-upstream-usb 2020/07/25 06:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 0a13649c .config log report
ci2-upstream-usb 2020/07/25 06:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 0a13649c .config log report
ci2-upstream-usb 2020/07/25 01:38 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 0a13649c .config log report
ci2-upstream-usb 2020/07/24 21:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 554af388 .config log report
ci2-upstream-usb 2020/07/24 11:23 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 554af388 .config log report
ci2-upstream-usb 2020/07/24 06:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 70c104a1 .config log report
ci2-upstream-usb 2020/07/24 01:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 70c104a1 .config log report
ci2-upstream-usb 2020/07/23 18:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 70c104a1 .config log report
ci2-upstream-usb 2020/07/23 16:56 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9a360a7cae11 70c104a1 .config log report
ci2-upstream-usb 2020/07/23 12:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c17536d0abde 340ea530 .config log report
ci2-upstream-usb 2020/07/23 09:04 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c17536d0abde 340ea530 .config log report
ci2-upstream-usb 2020/07/23 05:42 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c17536d0abde 340ea530 .config log report
ci2-upstream-usb 2020/07/23 03:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c17536d0abde 340ea530 .config log report
ci2-upstream-usb 2020/07/23 00:18 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c17536d0abde 128cd85f .config log report
ci2-upstream-usb 2020/07/22 23:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c17536d0abde 128cd85f .config log report
ci2-upstream-usb 2020/07/22 22:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c17536d0abde 128cd85f .config log report
ci2-upstream-usb 2020/07/22 18:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c17536d0abde 128cd85f .config log report
ci2-upstream-usb 2020/07/22 10:56 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 6c9a9a8ddf3d 21f1765e .config log report
ci2-upstream-usb 2020/07/22 10:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 6c9a9a8ddf3d 21f1765e .config log report
ci2-upstream-usb 2020/07/22 06:45 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 6c9a9a8ddf3d 21f1765e .config log report
ci2-upstream-usb 2020/07/22 04:02 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 6c9a9a8ddf3d 21f1765e .config log report
ci2-upstream-usb 2020/07/22 01:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 15d157e87443 e562dd8a .config log report
ci2-upstream-usb 2020/07/21 23:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 15d157e87443 e562dd8a .config log report
ci2-upstream-usb 2020/07/21 22:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 15d157e87443 e562dd8a .config log report
ci2-upstream-usb 2020/07/21 15:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 15d157e87443 e562dd8a .config log report
ci2-upstream-usb 2020/07/21 11:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c d88894e6 .config log report
ci2-upstream-usb 2020/07/21 08:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c d88894e6 .config log report
ci2-upstream-usb 2020/07/21 02:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c d88894e6 .config log report
ci2-upstream-usb 2020/07/20 22:31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c 8caeeeb7 .config log report
ci2-upstream-usb 2020/07/20 20:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c 8caeeeb7 .config log report
ci2-upstream-usb 2020/07/20 17:23 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c 8caeeeb7 .config log report
ci2-upstream-usb 2020/07/20 12:04 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c 8caeeeb7 .config log report
ci2-upstream-usb 2020/07/20 10:52 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c 8caeeeb7 .config log report
ci2-upstream-usb 2020/07/20 09:48 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing eed3c957dd8c 8caeeeb7 .config log report
ci2-upstream-usb 2019/05/29 11:30 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 6bd61501 .config log report
* Struck through repros no longer work on HEAD.