WARNING in corrupted/usb_submit_urb (2)
10 views
Skip to first unread message
syzbot
Nov 20, 2020, 10:15:22 AM11/20/20
to eli.bi...@gmail.com, gre...@linuxfoundation.org, gusta...@kernel.org, ingr...@epigenesys.com, linux-...@vger.kernel.org, linu...@vger.kernel.org, syzkall...@googlegroups.com, ti...@suse.de
Hello,
syzbot found the following issue on:
HEAD commit: 3494d588 Merge tag 'xtensa-20201119' of git://github.com/j..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10a028c1500000
kernel config: https://syzkaller.appspot.com/x/.config?x=75292221eb79ace2
dashboard link: https://syzkaller.appspot.com/bug?extid=4feb9bb7280fb554f021
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11c94f86500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178f05ce500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4feb9b...@syzkaller.appspotmail.com
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 3077 at drivers/usb/core/urb.c:493 usb_submit_urb+0xcde/0x14e0 drivers/usb/core/urb.c:493
Modules linked in:
CPU: 1 PID: 3077 Comm: kworker/1:2 Not tainted 5.10.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events request_firmware_work_func
RIP: 0010:usb_submit_urb+0xcde/0x14e0 drivers/usb/core/urb.c:493
Code: 84 d4 02 00 00 e8 02 b4 3b fc 4c 89 ef e8 8a 37 0d ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 80 6b e1 89 e8 5c f7 77 03 <0f> 0b e9 ca f8 ff ff e8 d6 b3 3b fc 48 81 c5 48 06 00 00 e9 f6 f7
RSP: 0018:ffffc90001a67820 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff88801a498000 RSI: ffffffff8158f3c5 RDI: fffff5200034cef6
RBP: ffff88801dcf8000 R08: 0000000000000001 R09: ffff8880b9f30627
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: ffff88814757f0a0 R14: ffff88801beffa78 R15: ffff888014092c00
FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fe72d35188 CR3: 0000000013cf7000 CR4: 00000000001506e0
DR0: 0000000000000000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 3494d588 Merge tag 'xtensa-20201119' of git://github.com/j..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10a028c1500000
kernel config: https://syzkaller.appspot.com/x/.config?x=75292221eb79ace2
dashboard link: https://syzkaller.appspot.com/bug?extid=4feb9bb7280fb554f021
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11c94f86500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178f05ce500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4feb9b...@syzkaller.appspotmail.com
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 3077 at drivers/usb/core/urb.c:493 usb_submit_urb+0xcde/0x14e0 drivers/usb/core/urb.c:493
Modules linked in:
CPU: 1 PID: 3077 Comm: kworker/1:2 Not tainted 5.10.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events request_firmware_work_func
RIP: 0010:usb_submit_urb+0xcde/0x14e0 drivers/usb/core/urb.c:493
Code: 84 d4 02 00 00 e8 02 b4 3b fc 4c 89 ef e8 8a 37 0d ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 80 6b e1 89 e8 5c f7 77 03 <0f> 0b e9 ca f8 ff ff e8 d6 b3 3b fc 48 81 c5 48 06 00 00 e9 f6 f7
RSP: 0018:ffffc90001a67820 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff88801a498000 RSI: ffffffff8158f3c5 RDI: fffff5200034cef6
RBP: ffff88801dcf8000 R08: 0000000000000001 R09: ffff8880b9f30627
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: ffff88814757f0a0 R14: ffff88801beffa78 R15: ffff888014092c00
FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fe72d35188 CR3: 0000000013cf7000 CR4: 00000000001506e0
DR0: 0000000000000000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Jan 13, 2021, 12:20:11 AM1/13/21
to eli.bi...@gmail.com, gre...@linuxfoundation.org, gusta...@kernel.org, ingr...@epigenesys.com, linux-...@vger.kernel.org, linu...@vger.kernel.org, st...@rowland.harvard.edu, syzkall...@googlegroups.com, ti...@suse.de
syzbot suspects this issue was fixed by commit:
commit c318840fb2a42ce25febc95c4c19357acf1ae5ca
Author: Alan Stern <st...@rowland.harvard.edu>
Date: Wed Dec 30 16:20:44 2020 +0000
USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17a8972f500000
start commit: cd796ed3 Merge tag 'trace-v5.10-rc7' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=59df2a4dced5f928
dashboard link: https://syzkaller.appspot.com/bug?extid=4feb9bb7280fb554f021
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1653b8a7500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=170d946b500000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit c318840fb2a42ce25febc95c4c19357acf1ae5ca
Author: Alan Stern <st...@rowland.harvard.edu>
Date: Wed Dec 30 16:20:44 2020 +0000
USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17a8972f500000
start commit: cd796ed3 Merge tag 'trace-v5.10-rc7' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=59df2a4dced5f928
dashboard link: https://syzkaller.appspot.com/bug?extid=4feb9bb7280fb554f021
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1653b8a7500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=170d946b500000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Alan Stern
Jan 13, 2021, 10:53:59 AM1/13/21
to syzbot, eli.bi...@gmail.com, gre...@linuxfoundation.org, gusta...@kernel.org, ingr...@epigenesys.com, linux-...@vger.kernel.org, linu...@vger.kernel.org, syzkall...@googlegroups.com, ti...@suse.de
identified has nothing to do with the original problem.
Alan Stern
Reply all
Reply to author
Forward
0 new messages