Re: WARNING in usbhid_raw_request/usb_submit_urb (3)
From: Andrey Konovalov
Date: Thu Apr 02 2020 - 11:57:16 EST
On Thu, Apr 2, 2020 at 5:53 PM syzbot
<syzbot+db339689b2101f6f6071@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger crash:
>
> Reported-and-tested-by: syzbot+db339689b2101f6f6071@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> Tested on:
>
> commit: 0fa84af8 Merge tag 'usb-serial-5.7-rc1' of https://git.ker..
> git tree: https://github.com/google/kasan.git
> kernel config: https://syzkaller.appspot.com/x/.config?x=6b9c154b0c23aecf
> dashboard link: https://syzkaller.appspot.com/bug?extid=db339689b2101f6f6071
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> patch: https://syzkaller.appspot.com/x/patch.diff?x=143c2c63e00000
>
> Note: testing is done by a robot and is best-effort only.
Let's try this once again, maybe the reproducer is extremely unreliable.
#syz test: https://github.com/google/kasan.git 0fa84af8
Index: usb-devel/drivers/usb/core/urb.c
===================================================================
--- usb-devel.orig/drivers/usb/core/urb.c
+++ usb-devel/drivers/usb/core/urb.c
@@ -475,8 +475,9 @@ int usb_submit_urb(struct urb *urb, gfp_
/* Check that the pipe's type matches the endpoint's type */
if (usb_urb_ep_type_check(urb))
- dev_WARN(&dev->dev, "BOGUS urb xfer, pipe %x != type %x\n",
- usb_pipetype(urb->pipe), pipetypes[xfertype]);
+ dev_WARN(&dev->dev, "BOGUS urb xfer, pipe %x != type %x, ep addr 0x%02x, pipe 0x%x, xfertype %d\n",
+ usb_pipetype(urb->pipe), pipetypes[xfertype],
+ ep->desc.bEndpointAddress, urb->pipe, xfertype);
/* Check against a simple/standard policy */
allowed = (URB_NO_TRANSFER_DMA_MAP | URB_NO_INTERRUPT | URB_DIR_MASK |