syzbot


WARNING in dln2_start_rx_urbs/usb_submit_urb

Status: fixed on 2020/02/18 14:31
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+48a2851be24583b864dc@syzkaller.appspotmail.com
Fix commit: 2b8bd606b1e6 mfd: dln2: More sanity checking for endpoints
First crash: 1655d, last: 1566d
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 4.14 000/173] 4.14.171-stable review 185 (185) 2020/02/18 04:48
[PATCH 4.4 00/91] 4.4.214-stable review 99 (99) 2020/02/15 01:30
[PATCH 4.9 000/116] 4.9.214-stable review 129 (129) 2020/02/14 21:48
[PATCH 4.19 000/195] 4.19.103-stable review 205 (205) 2020/02/14 20:49
[PATCH 5.4 000/309] 5.4.19-stable review 321 (321) 2020/02/12 21:17
[PATCH 5.5 000/367] 5.5.3-stable review 385 (385) 2020/02/12 07:27
[PATCH] mfd: dln2: more sanity checking for endpoints 2 (2) 2019/12/13 10:29
Re: WARNING in dln2_start_rx_urbs/usb_submit_urb 3 (4) 2019/12/09 12:33
Reminder: 45 active syzbot reports in usb subsystem 1 (1) 2019/11/19 04:27
WARNING in dln2_start_rx_urbs/usb_submit_urb 0 (1) 2019/11/06 12:32
Last patch testing requests (1)
Created Duration User Patch Repo Result
2019/11/20 15:22 16m oneukum@suse.com patch https://github.com/google/kasan.git b1aa9d83 OK

Sample crash report:
usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
usb 1-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=fc.a4
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 83 at drivers/usb/core/urb.c:478 usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.5.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 panic+0x2aa/0x6e1 kernel/panic.c:221
 __warn.cold+0x2f/0x30 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 fixup_bug arch/x86/kernel/traps.c:169 [inline]
 do_error_trap+0x12b/0x1e0 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Code: 4d 85 ed 74 46 e8 a8 1c e1 fd 4c 89 f7 e8 90 87 17 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 60 27 3b 86 e8 30 03 b6 fd <0f> 0b e9 20 f4 ff ff e8 7c 1c e1 fd 0f 1f 44 00 00 e8 72 1c e1 fd
RSP: 0018:ffff8881d8b07168 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8129598d RDI: ffffed103b160e1f
RBP: ffff8881d97a6c50 R08: ffff8881d8d6c980 R09: fffffbfff1269cae
R10: fffffbfff1269cad R11: ffffffff8934e56f R12: 0000000000000003
R13: ffff8881d025b8b8 R14: ffff8881ce2ad0a0 R15: ffff8881d97a6a00
 dln2_start_rx_urbs+0x66/0xd0 drivers/mfd/dln2.c:633
 dln2_probe+0x664/0xb4c drivers/mfd/dln2.c:760
 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:361
 really_probe+0x290/0xad0 drivers/base/dd.c:548
 driver_probe_device+0x223/0x350 drivers/base/dd.c:721
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:828
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430
 __device_attach+0x217/0x390 drivers/base/dd.c:894
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490
 device_add+0x1459/0x1bf0 drivers/base/core.c:2487
 usb_set_configuration+0xe47/0x17d0 drivers/usb/core/message.c:2023
 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210
 usb_probe_device+0xaf/0x140 drivers/usb/core/driver.c:266
 really_probe+0x290/0xad0 drivers/base/dd.c:548
 driver_probe_device+0x223/0x350 drivers/base/dd.c:721
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:828
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430
 __device_attach+0x217/0x390 drivers/base/dd.c:894
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490
 device_add+0x1459/0x1bf0 drivers/base/core.c:2487
 usb_new_device.cold+0x540/0xcd0 drivers/usb/core/hub.c:2537
 hub_port_connect drivers/usb/core/hub.c:5184 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5324 [inline]
 port_event drivers/usb/core/hub.c:5470 [inline]
 hub_event+0x21cb/0x4300 drivers/usb/core/hub.c:5552
 process_one_work+0x945/0x15c0 kernel/workqueue.c:2264
 worker_thread+0x96/0xe20 kernel/workqueue.c:2410
 kthread+0x318/0x420 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (44):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/23 01:37 https://github.com/google/kasan.git usb-fuzzer 4cc301ee04d9 3334d684 .config console log report syz C ci2-upstream-usb
2019/12/13 11:09 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb 2a752b7c .config console log report syz C ci2-upstream-usb
2019/11/06 12:30 https://github.com/google/kasan.git usb-fuzzer b1aa9d834830 bc2c6e45 .config console log report syz C ci2-upstream-usb
2020/02/03 06:17 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/02 14:30 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/01/31 16:38 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config console log report ci2-upstream-usb
2020/01/26 15:09 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 f4e7270e .config console log report ci2-upstream-usb
2020/01/26 12:12 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 f4e7270e .config console log report ci2-upstream-usb
2020/01/22 09:13 https://github.com/google/kasan.git usb-fuzzer 4cc301ee04d9 8eda0b95 .config console log report ci2-upstream-usb
2020/01/18 11:36 https://github.com/google/kasan.git usb-fuzzer 4cc301ee04d9 3de7aabb .config console log report ci2-upstream-usb
2020/01/14 23:09 https://github.com/google/kasan.git usb-fuzzer 4cc301ee04d9 fa12bd3c .config console log report ci2-upstream-usb
2020/01/13 17:50 https://github.com/google/kasan.git usb-fuzzer 5a67532ceae3 99565c1a .config console log report ci2-upstream-usb
2020/01/12 16:43 https://github.com/google/kasan.git usb-fuzzer ae1794106b94 31290a45 .config console log report ci2-upstream-usb
2020/01/10 05:50 https://github.com/google/kasan.git usb-fuzzer ae1794106b94 4de4e9f0 .config console log report ci2-upstream-usb
2020/01/08 00:55 https://github.com/google/kasan.git usb-fuzzer ae1794106b94 6738e0b3 .config console log report ci2-upstream-usb
2020/01/07 10:24 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 1bcd407e .config console log report ci2-upstream-usb
2020/01/03 01:40 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 25a0186e .config console log report ci2-upstream-usb
2019/12/29 15:54 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 af6b8ef8 .config console log report ci2-upstream-usb
2019/12/29 02:20 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 af6b8ef8 .config console log report ci2-upstream-usb
2019/12/28 19:16 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 af6b8ef8 .config console log report ci2-upstream-usb
2019/12/27 10:16 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report ci2-upstream-usb
2019/12/27 06:50 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report ci2-upstream-usb
2019/12/27 04:18 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report ci2-upstream-usb
2019/12/25 19:54 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report ci2-upstream-usb
2019/12/25 09:42 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report ci2-upstream-usb
2019/12/24 20:24 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report ci2-upstream-usb
2019/12/23 22:05 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report ci2-upstream-usb
2019/12/23 18:39 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report ci2-upstream-usb
2019/12/17 22:15 https://github.com/google/kasan.git usb-fuzzer d533c9925862 1af3875f .config console log report ci2-upstream-usb
2019/12/08 16:18 https://github.com/google/kasan.git usb-fuzzer 1f22d15c209f 1508f453 .config console log report ci2-upstream-usb
2019/11/25 01:07 https://github.com/google/kasan.git usb-fuzzer da06441bb485 598ca6c8 .config console log report ci2-upstream-usb
2019/11/18 06:52 https://github.com/google/kasan.git usb-fuzzer 46178223c0ca d5696d51 .config console log report ci2-upstream-usb
2019/11/17 13:55 https://github.com/google/kasan.git usb-fuzzer 46178223c0ca d5696d51 .config console log report ci2-upstream-usb
2019/11/16 12:02 https://github.com/google/kasan.git usb-fuzzer 46178223c0ca cdac920b .config console log report ci2-upstream-usb
2019/11/16 08:13 https://github.com/google/kasan.git usb-fuzzer 46178223c0ca cdac920b .config console log report ci2-upstream-usb
2019/11/15 10:47 https://github.com/google/kasan.git usb-fuzzer 3183c03757f8 79248ee8 .config console log report ci2-upstream-usb
2019/11/14 12:51 https://github.com/google/kasan.git usb-fuzzer 3183c03757f8 048f2d49 .config console log report ci2-upstream-usb
2019/11/13 01:02 https://github.com/google/kasan.git usb-fuzzer 3183c03757f8 048f2d49 .config console log report ci2-upstream-usb
2019/11/12 00:39 https://github.com/google/kasan.git usb-fuzzer 3183c03757f8 377d77fa .config console log report ci2-upstream-usb
2019/11/09 13:08 https://github.com/google/kasan.git usb-fuzzer d60bbfea36c1 1e35461e .config console log report ci2-upstream-usb
2019/11/09 05:19 https://github.com/google/kasan.git usb-fuzzer d60bbfea36c1 1e35461e .config console log report ci2-upstream-usb
2019/11/08 08:33 https://github.com/google/kasan.git usb-fuzzer d60bbfea36c1 1e35461e .config console log report ci2-upstream-usb
2019/11/06 12:11 https://github.com/google/kasan.git usb-fuzzer b1aa9d834830 bc2c6e45 .config console log report ci2-upstream-usb
2019/11/06 04:03 https://github.com/google/kasan.git usb-fuzzer b1aa9d834830 bc2c6e45 .config console log report ci2-upstream-usb
* Struck through repros no longer work on HEAD.