On Tue, Apr 30, 2019 at 5:00 PM Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote: > > On Tue, 30 Apr 2019, syzbot wrote: > > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver > > git tree: https://github.com/google/kasan.git usb-fuzzer > > console output: https://syzkaller.appspot.com/x/log.txt?x=141ca62d200000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15 > > dashboard link: https://syzkaller.appspot.com/bug?extid=af8f8d2ac0d39b0ed3a0 > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1405bedd200000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ce3bbb200000 > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+af8f8d2ac0d39b0ed3a0@xxxxxxxxxxxxxxxxxxxxxxxxx > > > > usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice= > > d.3c > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 > > usb 1-1: config 0 descriptor?? > > pvrusb2: Hardware description: Terratec Grabster AV400 > > pvrusb2: ********** > > pvrusb2: WARNING: Support for this device (Terratec Grabster AV400) is > > experimental. > > pvrusb2: Important functionality might not be entirely working. > > pvrusb2: Please consider contacting the driver author to help with further > > stabilization of the driver. > > pvrusb2: ********** > > > > > > --- > > This bug is generated by a bot. It may contain errors. > > See https://goo.gl/tpsmEJ for more information about syzbot. > > syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. > > This does seem like a bug in syzbot. Why does it think this pr_info() > output indicates a crash? Is it fooled by the capitalized "WARNING" at > the start of one of the lines? Well, as of [1] WARN*() should only be used to indicate a kernel bug. Normally, WARN*() prints a line that start with a warning, which is followed by a stack trace. Unfortunately the stack trace is not always present (kernel memory is badly corrupted, console deadlocked, etc.), so syzbot detects the "WARNING:" line as a beginning of a WARN*() reported bug. In this case the driver does something like `pr_info("WARNING: ...", ...)`, which confuses syzbot. I'd say it's the kernel that needs to be changed here to use some other kind of prefix for printing warning messages. [1] https://github.com/torvalds/linux/commit/96c6a32ccb55a366054fd82cc63523bb7f7493d3
