Re: WARNING in usb_submit_urb (3)

From: Alan Stern
Date: Mon Oct 15 2018 - 11:22:14 EST


On Fri, 12 Oct 2018, syzbot wrote:

> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: 9dcd936c5312 Merge tag 'for-4.19/dm-fixes-4' of git://git...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=123b8da1400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=88e9a8a39dc0be2d
> dashboard link: https://syzkaller.appspot.com/bug?extid=24a30223a4b609bb802e
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13888991400000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1476e5e6400000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+24a30223a4b609bb802e@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> IPVS: ftp: loaded support on port[0] = 21
> ------------[ cut here ]------------
> usb usb7: BOGUS urb flags, 1 --> 0
> WARNING: CPU: 0 PID: 5828 at drivers/usb/core/urb.c:503
> usb_submit_urb+0x717/0x14e0 drivers/usb/core/urb.c:502
> Kernel panic - not syncing: panic_on_warn set ...

This should have been fixed by commit 7a68d9fb8510 ("USB: usbdevfs:
sanitize flags more"). Was that commit not present in the kernel you
tested?

Alan Stern