syzbot


WARNING in rtl28xxu_ctrl_msg/usb_submit_urb

Status: fixed on 2021/11/10 13:22
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+faf11bbadc5a372564da@syzkaller.appspotmail.com
Fix commit: 76f22c93b209 media: rtl28xxu: fix zero-length control request media: rtl28xxu: fix zero-length control request
First crash: 1092d, last: 1044d
Discussions (17)
Title Replies (including bot) Last reply
[PATCH 5.10 000/135] 5.10.58-rc1 review 159 (159) 2021/08/19 08:52
[PATCH 4.14 00/42] 4.14.244-rc1 review 46 (46) 2021/08/16 03:01
[PATCH 4.4 00/25] 4.4.281-rc1 review 30 (30) 2021/08/15 19:51
[PATCH 4.9 00/30] 4.9.280-rc1 review 34 (34) 2021/08/14 19:50
[PATCH 4.19 00/54] 4.19.203-rc1 review 64 (64) 2021/08/12 19:20
[PATCH 5.13 000/175] 5.13.10-rc1 review 183 (183) 2021/08/12 06:45
[PATCH 5.4 00/85] 5.4.140-rc1 review 91 (91) 2021/08/11 22:21
[PATCH 5.12 000/242] 5.12.18-rc1 review 258 (258) 2021/07/22 14:12
[PATCH 5.4 000/122] 5.4.133-rc1 review 131 (131) 2021/07/17 01:21
[PATCH 5.10 000/215] 5.10.51-rc1 review 225 (225) 2021/07/17 01:20
[PATCH 5.13 000/266] 5.13.3-rc1 review 276 (276) 2021/07/16 18:08
[PATCH 0/2] media: rtl28xxu: fix regression in linux-next 3 (3) 2021/06/23 08:45
[PATCH 0/3] media: fix zero-length USB control requests 6 (6) 2021/06/07 07:34
Re: [PATCH] media: rtl28xxu: add type-detection instrumentation 6 (6) 2021/06/02 12:33
Re: [git:media_stage/master] media: rtl28xxu: fix zero-length control request 1 (1) 2021/06/02 12:32
[PATCH v2 0/3] media: fix zero-length USB control requests 4 (4) 2021/05/31 09:44
[syzbot] WARNING in rtl28xxu_ctrl_msg/usb_submit_urb 1 (3) 2021/05/24 13:19

Sample crash report:
usb 1-1: New USB device found, idVendor=0413, idProduct=6a03, bcdDevice=39.7e
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
------------[ cut here ]------------
usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
WARNING: CPU: 1 PID: 32 at drivers/usb/core/urb.c:410 usb_submit_urb+0x14aa/0x1830 drivers/usb/core/urb.c:410
Modules linked in:
CPU: 1 PID: 32 Comm: kworker/1:1 Not tainted 5.13.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x14aa/0x1830 drivers/usb/core/urb.c:410
Code: 84 4c 01 00 00 e8 a6 14 b3 fd 4c 89 f7 e8 4e a7 1b ff 45 89 e8 44 89 e1 48 89 ea 48 89 c6 48 c7 c7 c0 09 63 86 e8 18 f1 fb 01 <0f> 0b 49 8d 4f 5c 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 4c
RSP: 0018:ffffc900001a6d50 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88811ab8a058 RCX: 0000000000000000
RDX: ffff888107fc0000 RSI: ffffffff812a6013 RDI: fffff52000034d9c
RBP: ffff88810e79f7a8 R08: 0000000000000001 R09: 0000000000000000
R10: ffffffff814b996b R11: 0000000000000000 R12: 0000000080000280
R13: 00000000000000c0 R14: ffff88811ab8a0a8 R15: ffff8881097a2500
FS:  0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d9ffcec928 CR3: 00000001103c2000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58
 usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
 usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
 rtl28xxu_ctrl_msg+0x4b7/0x700 drivers/media/usb/dvb-usb-v2/rtl28xxu.c:43
 rtl28xxu_identify_state+0xb6/0x320 drivers/media/usb/dvb-usb-v2/rtl28xxu.c:624
 dvb_usbv2_probe+0x55b/0x7d0 drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:947
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 really_probe+0x291/0xf60 drivers/base/dd.c:576
 driver_probe_device+0x298/0x410 drivers/base/dd.c:763
 __device_attach_driver+0x203/0x2c0 drivers/base/dd.c:870
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4b0 drivers/base/dd.c:938
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbe0/0x2100 drivers/base/core.c:3320
 usb_set_configuration+0x113f/0x1910 drivers/usb/core/message.c:2164
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 really_probe+0x291/0xf60 drivers/base/dd.c:576
 driver_probe_device+0x298/0x410 drivers/base/dd.c:763
 __device_attach_driver+0x203/0x2c0 drivers/base/dd.c:870
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4b0 drivers/base/dd.c:938
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbe0/0x2100 drivers/base/core.c:3320
 usb_new_device.cold+0x721/0x1058 drivers/usb/core/hub.c:2556
 hub_port_connect drivers/usb/core/hub.c:5297 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5437 [inline]
 port_event drivers/usb/core/hub.c:5583 [inline]
 hub_event+0x2357/0x4330 drivers/usb/core/hub.c:5665
 process_one_work+0x98d/0x1580 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x38c/0x460 kernel/kthread.c:313
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Crashes (50):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/05/24 13:19 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5cc59c418fde 3c7fef33 .config console log report syz C ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/07/11 08:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7756f1d6369e 8f5a7b8c .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/07/10 16:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7756f1d6369e 8f5a7b8c .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/07/08 13:52 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7756f1d6369e 1aade754 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/07/08 10:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7756f1d6369e 1aade754 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/07/07 06:56 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7756f1d6369e 4846d5c1 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/07/03 16:00 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7756f1d6369e 55aa55c2 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/29 06:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7756f1d6369e 9d2ab5df .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/26 03:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7756f1d6369e ae6bf8dd .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/24 11:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 00a738b86ec0 ec865f6a .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/23 04:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 00a738b86ec0 aba2b2fb .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/22 04:18 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 00a738b86ec0 aba2b2fb .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/22 02:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 00a738b86ec0 aba2b2fb .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/19 20:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 04d72afa34ed aba2b2fb .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/17 09:08 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1da8116eb0c5 aba2b2fb .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/17 07:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1da8116eb0c5 aba2b2fb .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/16 16:40 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1da8116eb0c5 c06f97ad .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/15 20:28 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5f4dee73a4bc 8022d7e3 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/14 06:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 12f739798470 1ba81399 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/13 07:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 12f739798470 1ba81399 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/13 01:19 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 12f739798470 1ba81399 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/12 17:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 12f739798470 1ba81399 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/12 16:19 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 12f739798470 1ba81399 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/10 22:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 12f739798470 1ba81399 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/05 16:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 87191ca9f902 500c2339 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/04 17:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 87191ca9f902 966a236b .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/04 05:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ca5ce8252910 0740de69 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/04 05:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ca5ce8252910 0740de69 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/03 03:45 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5ff90af9da8f 0740de69 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/03 03:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5ff90af9da8f 0740de69 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/03 03:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5ff90af9da8f 0740de69 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/01 16:31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing aa10fab0f859 032639db .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/01 12:52 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing aa10fab0f859 032639db .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/06/01 12:46 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing aa10fab0f859 032639db .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/31 15:26 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing aa10fab0f859 032639db .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/31 15:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing aa10fab0f859 032639db .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/30 19:00 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7652dd2c5cb7 325a8dab .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/30 15:00 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7652dd2c5cb7 325a8dab .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/29 16:48 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7652dd2c5cb7 325a8dab .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/29 00:28 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7652dd2c5cb7 858ea628 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/28 11:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7652dd2c5cb7 858ea628 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/27 11:51 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing baabd69492bb 858ea628 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/26 12:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a0765597c986 750ce164 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/26 08:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a0765597c986 93d3a9f6 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/26 08:29 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a0765597c986 93d3a9f6 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/25 17:46 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a0765597c986 93d3a9f6 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/25 01:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a0765597c986 3c7fef33 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/24 12:33 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5cc59c418fde 3c7fef33 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
2021/05/24 07:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 5cc59c418fde 3c7fef33 .config console log report info ci2-upstream-usb WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
* Struck through repros no longer work on HEAD.