syzbot

 sign-in | mailing list | source | docs
🐞 Open [965] Subsystems 🐞 Fixed [4559] 🐞 Invalid [10500] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in corrupted (3)

Status: upstream: reported C repro on 2023/05/22 21:06
Labels: usb (incorrect?)
Reported-by: syzbot+27b0b464864741b18b99@syzkaller.appspotmail.com
Fix commit: media: usb: siano: Fix warning due to null work_func_t function pointer
Patched on: [], missing on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 13d, last: 8d20h

Cause bisection: introduced by (bisect log) :
commit ebad8e731c1c06adf04621d6fd327b860c0861b5
Author: Duoming Zhou <duoming@zju.edu.cn>
Date: Mon Jan 23 02:04:38 2023 +0000

  media: usb: siano: Fix use after free bugs caused by do_submit_urb

Crash: WARNING in smsusb_term_device (log)
Repro: C syz .config
Discussions (2)
Title Replies (including bot) Last reply
[PATCH RESEND] media: usb: siano: Fix warning due to null work_func_t function pointer 1 (1) 2023/05/22 23:59
[syzbot] [usb?] WARNING in corrupted (3) 0 (1) 2023/05/22 21:06
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING in corrupted (2) C done 1 1006d 1006d 1/1 fixed on 2020/09/28 07:49
upstream WARNING in corrupted (2) C done 40 73d 1276d 0/24 closed as dup on 2020/06/28 17:00
linux-4.19 WARNING in corrupted syz done 25 1332d 1484d 1/1 fixed on 2019/12/17 20:23
linux-4.14 WARNING in corrupted gfs2 C inconclusive 70 86d 1452d 0/1 upstream: reported C repro on 2019/06/10 00:20
linux-5.15 WARNING in corrupted origin:upstream C 3 24d 73d 0/3 upstream: reported C repro on 2023/03/19 11:32
android-414 WARNING in corrupted C 5 1400d 1447d 0/1 public: reported C repro on 2019/06/14 15:02
linux-6.1 WARNING in corrupted origin:upstream C 3 23d 73d 0/3 upstream: reported C repro on 2023/03/19 10:56
upstream WARNING in corrupted C 2 1420d 1420d 0/24 closed as invalid on 2019/08/01 15:17

Sample crash report:
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
usb 1-1: config 0 descriptor??
smsusb:smsusb_probe: board id=8, interface number 0
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1757 at kernel/workqueue.c:3182 __flush_work+0x946/0xb60 kernel/workqueue.c:3182
Modules linked in:
CPU: 1 PID: 1757 Comm: kworker/1:2 Not tainted 6.4.0-rc3-syzkaller-00004-g421ca22e3138 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: usb_hub_wq hub_event
RIP: 0010:__flush_work+0x946/0xb60 kernel/workqueue.c:3182
Code: 00 48 c7 c6 9b f7 53 81 48 c7 c7 40 90 79 8c e8 d0 ec 11 00 e9 6f fc ff ff e8 06 4b 30 00 0f 0b e9 63 fc ff ff e8 fa 4a 30 00 <0f> 0b 45 31 ed e9 54 fc ff ff e8 db 14 83 00 e9 3e fb ff ff e8 e1
RSP: 0018:ffffc90006196c08 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88807e1be0e8 RCX: 0000000000000000
RDX: ffff888022c25940 RSI: ffffffff8153f7d6 RDI: 0000000000000001
RBP: ffffc90006196da0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff81d6e472 R12: ffff88807e1be0e8
R13: 0000000000000001 R14: 0000000000000001 R15: ffff88807e1be100
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005604c5dceff0 CR3: 0000000023251000 CR4: 0000000000350ee0
Call Trace:
 <TASK>

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/05/23 05:27 upstream 421ca22e3138 4bce1a3e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in corrupted
2023/05/23 05:05 upstream 421ca22e3138 4bce1a3e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in corrupted
2023/05/23 04:54 upstream 421ca22e3138 4bce1a3e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in corrupted
2023/05/23 04:33 upstream 421ca22e3138 4bce1a3e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in corrupted
2023/05/23 04:15 upstream 421ca22e3138 4bce1a3e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in corrupted
2023/05/19 00:40 upstream 4d6d4c7f541d 3bb7af1d .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in corrupted
2023/05/18 22:23 upstream 4d6d4c7f541d 3bb7af1d .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in corrupted
2023/05/18 21:02 upstream 4d6d4c7f541d 3bb7af1d .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in corrupted
* Struck through repros no longer work on HEAD.