ci2 starts bisection 2023-06-28 07:43:16.383915967 +0000 UTC m=+147415.474263821 bisecting fixing commit since a343b0dd87b42ba9d508fbf7d0c06f744c2e0954 building syzkaller on cf1845599c0bdab59c69518eaa0ecb960ec7ddf0 ensuring issue is reproducible on original commit a343b0dd87b42ba9d508fbf7d0c06f744c2e0954 testing commit a343b0dd87b42ba9d508fbf7d0c06f744c2e0954 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ef1b7c05794abfa8c115b798b3b99048d7b033868eeacb0bad1155acc437e19b all runs: crashed: INFO: task hung in usbdev_open testing current HEAD e84a4e368abe42cf359fe237f0238820859d5044 testing commit e84a4e368abe42cf359fe237f0238820859d5044 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bc43c129b7c4fd2f636eb51444904e86e41cbedcb9d233ebef99aef3426ce977 all runs: OK too many neither good nor bad results, skipping this commit # git bisect start e84a4e368abe42cf359fe237f0238820859d5044 a343b0dd87b42ba9d508fbf7d0c06f744c2e0954 Bisecting: 341 revisions left to test after this (roughly 9 steps) [6fb0b098f6905a9e4bcf37516773d04e98de6b17] io_uring: undeprecate epoll_ctl support testing commit 6fb0b098f6905a9e4bcf37516773d04e98de6b17 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a3fe88f543bb0fc21ba65676f18bee560af1becdb1d55fe73dc02ac221574e10 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad 6fb0b098f6905a9e4bcf37516773d04e98de6b17 Bisecting: 170 revisions left to test after this (roughly 8 steps) [c3ff24625a426b9ee32cc9003fa70aafe69dcb3b] iommu/amd: Don't block updates to GATag if guest mode is on testing commit c3ff24625a426b9ee32cc9003fa70aafe69dcb3b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c2686bff5702f4cac9b1b29cff72a59d7380f0951304c1893918b50c4f30adff all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad c3ff24625a426b9ee32cc9003fa70aafe69dcb3b Bisecting: 85 revisions left to test after this (roughly 7 steps) [06ec5be891183d27c54e4728146ea44903a8765e] optee: fix uninited async notif value testing commit 06ec5be891183d27c54e4728146ea44903a8765e gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 62beecdfca3ae25b2479002aa03b24b132c395841ac07e8c0e155c24caa77fe7 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad 06ec5be891183d27c54e4728146ea44903a8765e Bisecting: 42 revisions left to test after this (roughly 5 steps) [8756863c7fe0f94b23a2e0f0a0d2a79d58e2a329] drm/radeon: reintroduce radeon_dp_work_func content testing commit 8756863c7fe0f94b23a2e0f0a0d2a79d58e2a329 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 46831c7b80787e9aa2fa083177377e640e57daf66f39ae9a9b9b4cc4e8dd355b all runs: crashed: INFO: task hung in usbdev_open # git bisect good 8756863c7fe0f94b23a2e0f0a0d2a79d58e2a329 Bisecting: 21 revisions left to test after this (roughly 5 steps) [8d81d3b0ed3610d24191d24f8e9e20f6775f0cc5] ASoC: lpass: Fix for KASAN use_after_free out of bounds testing commit 8d81d3b0ed3610d24191d24f8e9e20f6775f0cc5 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 642077bafbe31fbfe94712f92f69b062479ee0fdd6949c4e2d550a07f261cd07 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad 8d81d3b0ed3610d24191d24f8e9e20f6775f0cc5 Bisecting: 10 revisions left to test after this (roughly 3 steps) [ed0ef89508d26f2f1c6a034be49fe4f6747e67e7] perf/x86/uncore: Correct the number of CHAs on SPR testing commit ed0ef89508d26f2f1c6a034be49fe4f6747e67e7 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f2c5a12dd677ed8e5aecd31dce9894c2d9e0a676f4eb53682429ca9284114e34 all runs: crashed: INFO: task hung in usbdev_open # git bisect good ed0ef89508d26f2f1c6a034be49fe4f6747e67e7 Bisecting: 5 revisions left to test after this (roughly 3 steps) [c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef] fbdev: udlfb: Fix endpoint check testing commit c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 787c3b16cc615db2c207ab912b6428c901900d76963f74a934eea41150250add all runs: crashed: INFO: task hung in usbdev_open # git bisect good c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef Bisecting: 2 revisions left to test after this (roughly 2 steps) [09e9d1f52f974596006adaafea1d0f793f762d7d] USB: core: Add routines for endpoint checks in old drivers testing commit 09e9d1f52f974596006adaafea1d0f793f762d7d gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 827149653a1361c557764ebc3f0247ae124ddc101b510bdcb90c7b6c863a9c4e all runs: crashed: INFO: task hung in usbdev_open # git bisect good 09e9d1f52f974596006adaafea1d0f793f762d7d Bisecting: 0 revisions left to test after this (roughly 1 step) [53764a17f5d8f0d00b13297d06b5e65fa844288b] media: radio-shark: Add endpoint checks testing commit 53764a17f5d8f0d00b13297d06b5e65fa844288b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6fb28cb6c255df2f3e31718d07d712b1869b9d051de269835cc2f5422bffbbd6 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad 53764a17f5d8f0d00b13297d06b5e65fa844288b Bisecting: 0 revisions left to test after this (roughly 0 steps) [d5dba4b7bf904143702fb4be641802ee2e9c95aa] USB: sisusbvga: Add endpoint checks testing commit d5dba4b7bf904143702fb4be641802ee2e9c95aa gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2cb50d02f9d1719bca410fde42f28762438a763826ace004f634627ad873a54f all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad d5dba4b7bf904143702fb4be641802ee2e9c95aa d5dba4b7bf904143702fb4be641802ee2e9c95aa is the first bad commit commit d5dba4b7bf904143702fb4be641802ee2e9c95aa Author: Alan Stern Date: Mon Apr 10 15:38:22 2023 -0400 USB: sisusbvga: Add endpoint checks commit df05a9b05e466a46725564528b277d0c570d0104 upstream. The syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 1 PID: 26 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.2.0-rc5-syzkaller-00199-g5af6ce704936 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Code: 7c 24 18 e8 6c 50 80 fb 48 8b 7c 24 18 e8 62 1a 01 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 60 b1 fa 8a e8 84 b0 be 03 <0f> 0b e9 58 f8 ff ff e8 3e 50 80 fb 48 81 c5 c0 05 00 00 e9 84 f7 RSP: 0018:ffffc90000a1ed18 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff888012783a80 RSI: ffffffff816680ec RDI: fffff52000143d95 RBP: ffff888079020000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000003 R13: ffff888017d33370 R14: 0000000000000003 R15: ffff888021213600 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005592753a60b0 CR3: 0000000022899000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sisusb_bulkout_msg drivers/usb/misc/sisusbvga/sisusbvga.c:224 [inline] sisusb_send_bulk_msg.constprop.0+0x904/0x1230 drivers/usb/misc/sisusbvga/sisusbvga.c:379 sisusb_send_bridge_packet drivers/usb/misc/sisusbvga/sisusbvga.c:567 [inline] sisusb_do_init_gfxdevice drivers/usb/misc/sisusbvga/sisusbvga.c:2077 [inline] sisusb_init_gfxdevice+0x87b/0x4000 drivers/usb/misc/sisusbvga/sisusbvga.c:2177 sisusb_probe+0x9cd/0xbe2 drivers/usb/misc/sisusbvga/sisusbvga.c:2869 ... The problem was caused by the fact that the driver does not check whether the endpoints it uses are actually present and have the appropriate types. This can be fixed by adding a simple check of the endpoints. Link: https://syzkaller.appspot.com/bug?extid=23be03b56c5259385d79 Reported-and-tested-by: syzbot+23be03b56c5259385d79@syzkaller.appspotmail.com Signed-off-by: Alan Stern Link: https://lore.kernel.org/r/48ef98f7-51ae-4f63-b8d3-0ef2004bb60a@rowland.harvard.edu Signed-off-by: Greg Kroah-Hartman Signed-off-by: Greg Kroah-Hartman drivers/usb/misc/sisusbvga/sisusb.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) culprit signature: 2cb50d02f9d1719bca410fde42f28762438a763826ace004f634627ad873a54f parent signature: 827149653a1361c557764ebc3f0247ae124ddc101b510bdcb90c7b6c863a9c4e revisions tested: 12, total time: 9h27m45.757243934s (build: 7h32m8.593513013s, test: 1h50m24.443511117s) first good commit: d5dba4b7bf904143702fb4be641802ee2e9c95aa USB: sisusbvga: Add endpoint checks recipients (to): ["gregkh@linuxfoundation.org" "stern@rowland.harvard.edu" "syzbot+23be03b56c5259385d79@syzkaller.appspotmail.com"] recipients (cc): []