general protection fault in usb_find_alt_setting
24 views
Skip to first unread message
syzbot
Nov 12, 2017, 4:06:03 AM11/12/17
to ar...@arndb.de, gre...@linuxfoundation.org, jo...@kernel.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, mathia...@linux.intel.com, peter...@nxp.com, srira...@nxp.com, syzkall...@googlegroups.com
Hello,
syzkaller hit the following crash on
d9e0e63d9a6f88440eb201e1491fcf730272c706
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 3 PID: 23503 Comm: syz-executor5 Not tainted 4.14.0-rc8-next-20171110+
#12
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88007c5e0580 task.stack: ffff88006c3b8000
RIP: 0010:usb_find_alt_setting+0x38/0x310 drivers/usb/core/usb.c:231
RSP: 0018:ffff88006c3bf610 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83bf4473
RDX: 0000000000000000 RSI: ffffc90002773000 RDI: 0000000000000004
RBP: ffff88006c3bf650 R08: ffffed000d877ee2 R09: ffffed000d877ee2
R10: 0000000000000003 R11: ffffed000d877ee1 R12: ffff88007c668000
R13: 00000000000000fd R14: 00000000000007fd R15: 0000000000000000
FS: 00007f10e9fc8700(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020278000 CR3: 000000006e8fe000 CR4: 00000000000006e0
DR0: 0000000020000008 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
check_ctrlrecip+0xf3/0x290 drivers/usb/core/devio.c:831
proc_control+0x13f/0xe30 drivers/usb/core/devio.c:1078
usbdev_do_ioctl+0x2097/0x3670 drivers/usb/core/devio.c:2396
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0
sclass=netlink_xfrm_socket pig=23496 comm=syz-executor0
usbdev_ioctl+0x25/0x30 drivers/usb/core/devio.c:2553
vfs_ioctl fs/ioctl.c:46 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x447c99
RSP: 002b:00007f10e9fc7bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f10e9fc86cc RCX: 0000000000447c99
RDX: 000000002003dffa RSI: 00000000c0185500 RDI: 0000000000000014
RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000048d8 R14: 00000000006e8978 R15: 00007f10e9fc8700
Code: 89 d5 53 48 89 fb 48 83 ec 18 48 89 7d c8 89 75 d0 e8 2d 3c b0 fd 48
8d 7b 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02
48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a1 02 00
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=23514 comm=syz-executor7
RIP: usb_find_alt_setting+0x38/0x310 drivers/usb/core/usb.c:231 RSP:
ffff88006c3bf610
---[ end trace 53f2c0803d4e1797 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzkaller hit the following crash on
d9e0e63d9a6f88440eb201e1491fcf730272c706
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 3 PID: 23503 Comm: syz-executor5 Not tainted 4.14.0-rc8-next-20171110+
#12
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88007c5e0580 task.stack: ffff88006c3b8000
RIP: 0010:usb_find_alt_setting+0x38/0x310 drivers/usb/core/usb.c:231
RSP: 0018:ffff88006c3bf610 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83bf4473
RDX: 0000000000000000 RSI: ffffc90002773000 RDI: 0000000000000004
RBP: ffff88006c3bf650 R08: ffffed000d877ee2 R09: ffffed000d877ee2
R10: 0000000000000003 R11: ffffed000d877ee1 R12: ffff88007c668000
R13: 00000000000000fd R14: 00000000000007fd R15: 0000000000000000
FS: 00007f10e9fc8700(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020278000 CR3: 000000006e8fe000 CR4: 00000000000006e0
DR0: 0000000020000008 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
check_ctrlrecip+0xf3/0x290 drivers/usb/core/devio.c:831
proc_control+0x13f/0xe30 drivers/usb/core/devio.c:1078
usbdev_do_ioctl+0x2097/0x3670 drivers/usb/core/devio.c:2396
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0
sclass=netlink_xfrm_socket pig=23496 comm=syz-executor0
usbdev_ioctl+0x25/0x30 drivers/usb/core/devio.c:2553
vfs_ioctl fs/ioctl.c:46 [inline]
do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x447c99
RSP: 002b:00007f10e9fc7bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f10e9fc86cc RCX: 0000000000447c99
RDX: 000000002003dffa RSI: 00000000c0185500 RDI: 0000000000000014
RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000048d8 R14: 00000000006e8978 R15: 00007f10e9fc8700
Code: 89 d5 53 48 89 fb 48 83 ec 18 48 89 7d c8 89 75 d0 e8 2d 3c b0 fd 48
8d 7b 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02
48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a1 02 00
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=23514 comm=syz-executor7
RIP: usb_find_alt_setting+0x38/0x310 drivers/usb/core/usb.c:231 RSP:
ffff88006c3bf610
---[ end trace 53f2c0803d4e1797 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Dmitry Vyukov
May 11, 2018, 1:39:49 PM5/11/18
to syzbot, Arnd Bergmann, Greg Kroah-Hartman, Johan Hovold, LKML, USB list, mathia...@linux.intel.com, peter...@nxp.com, srira...@nxp.com, syzkaller-bugs
On Sun, Nov 12, 2017 at 10:06 AM, syzbot
<bot+c99ecc8a2c68eb7e06...@syzkaller.appspotmail.com>
wrote:
Let's consider this fixed by something.
#syz invalid
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c05b4ba7e98d2055dc57696%40google.com.
> For more options, visit https://groups.google.com/d/optout.
<bot+c99ecc8a2c68eb7e06...@syzkaller.appspotmail.com>
wrote:
> Hello,
>
> syzkaller hit the following crash on
> d9e0e63d9a6f88440eb201e1491fcf730272c706
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
This crash happened 779 times, but first 188d ago, and last 175d ago.
>
> syzkaller hit the following crash on
> d9e0e63d9a6f88440eb201e1491fcf730272c706
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
Let's consider this fixed by something.
#syz invalid
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c05b4ba7e98d2055dc57696%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages