Re: WARNING in usb_submit_urb (3)

From: Andrey Konovalov
Date: Mon Oct 15 2018 - 12:20:40 EST


On Mon, Oct 15, 2018 at 5:22 PM, Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:
> On Fri, 12 Oct 2018, syzbot wrote:
>
>> Hello,
>>
>> syzbot found the following crash on:
>>
>> HEAD commit: 9dcd936c5312 Merge tag 'for-4.19/dm-fixes-4' of git://git...
>> git tree: upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=123b8da1400000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=88e9a8a39dc0be2d
>> dashboard link: https://syzkaller.appspot.com/bug?extid=24a30223a4b609bb802e
>> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13888991400000
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1476e5e6400000
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+24a30223a4b609bb802e@xxxxxxxxxxxxxxxxxxxxxxxxx
>>
>> IPVS: ftp: loaded support on port[0] = 21
>> ------------[ cut here ]------------
>> usb usb7: BOGUS urb flags, 1 --> 0
>> WARNING: CPU: 0 PID: 5828 at drivers/usb/core/urb.c:503
>> usb_submit_urb+0x717/0x14e0 drivers/usb/core/urb.c:502
>> Kernel panic - not syncing: panic_on_warn set ...
>
> This should have been fixed by commit 7a68d9fb8510 ("USB: usbdevfs:
> sanitize flags more"). Was that commit not present in the kernel you
> tested?

The commit is there, AFAICT. This must be a different issue.