Re: [syzbot] WARNING in qt2_attach/usb_submit_urb

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Johan Hovold <johan@kernel.org>
To: syzbot <syzbot+19acce48d8344df49b3a@syzkaller.appspotmail.com>
Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
	linux-usb@vger.kernel.org, mathias.nyman@linux.intel.com,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] WARNING in qt2_attach/usb_submit_urb
Date: Mon, 24 May 2021 11:18:37 +0200	[thread overview]
Message-ID: <YKtvbeGYrceXVFAT@hovoldconsulting.com> (raw)
In-Reply-To: <000000000000d449f105c30fce00@google.com>

On Mon, May 24, 2021 at 02:12:25AM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    5cc59c41 USB: core: WARN if pipe direction != setup packet..
> git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> console output: https://syzkaller.appspot.com/x/log.txt?x=12dabf53d00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=1206ee92dd3d988d
> dashboard link: https://syzkaller.appspot.com/bug?extid=19acce48d8344df49b3a
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1198ed07d00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1772f1ddd00000
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+19acce48d8344df49b3a@syzkaller.appspotmail.com
> 
> usb 1-1: string descriptor 0 read error: -22
> usb 1-1: New USB device found, idVendor=061d, idProduct=c170, bcdDevice=11.41
> usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
> quatech2 1-1:31.224: Quatech 2nd gen USB to Serial Driver converter detected
> ------------[ cut here ]------------
> usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType 40
> WARNING: CPU: 1 PID: 2635 at drivers/usb/core/urb.c:410 usb_submit_urb+0x14aa/0x1830 drivers/usb/core/urb.c:410
> Modules linked in:
> CPU: 1 PID: 2635 Comm: kworker/1:2 Not tainted 5.13.0-rc2-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Workqueue: usb_hub_wq hub_event
> RIP: 0010:usb_submit_urb+0x14aa/0x1830 drivers/usb/core/urb.c:410
> Code: 84 4c 01 00 00 e8 a6 14 b3 fd 4c 89 f7 e8 4e a7 1b ff 45 89 e8 44 89 e1 48 89 ea 48 89 c6 48 c7 c7 c0 09 63 86 e8 18 f1 fb 01 <0f> 0b 49 8d 4f 5c 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 4c
> RSP: 0018:ffffc900001b6e08 EFLAGS: 00010286
> RAX: 0000000000000000 RBX: ffff888116d8c058 RCX: 0000000000000000
> RDX: ffff888114e61b40 RSI: ffffffff812a6013 RDI: fffff52000036db3
> RBP: ffff888109d7e690 R08: 0000000000000001 R09: 0000000000000000
> R10: ffffffff814b996b R11: 0000000000000000 R12: 0000000080000280
> R13: 0000000000000040 R14: ffff888116d8c0a8 R15: ffff8881097ac900
> FS:  0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 000055777d5bd160 CR3: 00000001045ec000 CR4: 00000000001506e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58
>  usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
>  usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
>  qt2_attach+0x82/0x550 drivers/usb/serial/quatech2.c:642

I had already found this one but not yet posted the v2. Should be fixed
here:

	https://lore.kernel.org/r/20210524091705.4282-1-johan@kernel.org

Johan

next prev parent reply	other threads:[~2021-05-24  9:18 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-24  9:12 [syzbot] WARNING in qt2_attach/usb_submit_urb syzbot
2021-05-24  9:18 ` Johan Hovold [this message]
2021-05-25  9:04   ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YKtvbeGYrceXVFAT@hovoldconsulting.com \
    --to=johan@kernel.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=mathias.nyman@linux.intel.com \
    --cc=syzbot+19acce48d8344df49b3a@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.