syzbot

 sign-in | mailing list | source | docs
🐞 Open [560] 🐞 Fixed [32] 🐞 Invalid [301] Missing Backports [45] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in ar5523_submit_rx_cmd/usb_submit_urb

Status: upstream: reported C repro on 2023/05/07 20:44
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+2916972236a9a68b3136@syzkaller.appspotmail.com
First crash: 362d, last: 8d12h
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2023/05/15 upstream (ToT) f1fcbaa18b28 C [report] WARNING in ar5523_submit_rx_cmd/usb_submit_urb
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 WARNING in ar5523_submit_rx_cmd/usb_submit_urb origin:upstream C 7 8d12h 369d 0/3 upstream: reported C repro on 2023/04/30 22:17
upstream WARNING in ar5523_submit_rx_cmd/usb_submit_urb usb wireless C error inconclusive 879 3d05h 1796d 0/26 upstream: reported C repro on 2019/06/03 11:41

Sample crash report:
usb 1-1: config 0 descriptor??
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 1526 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:502
Modules linked in:
CPU: 1 PID: 1526 Comm: kworker/1:2 Not tainted 5.15.156-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: usb_hub_wq hub_event
pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:502
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:502
sp : ffff800020cb69a0
x29: ffff800020cb69e0 x28: 0000000000000003 x27: ffff800012b74f4c
x26: ffff0000c2d7f000 x25: ffff0000c7cf9000 x24: 0000000000000400
x23: ffff800012b7b760 x22: dfff800000000000 x21: 0000000000000003
x20: 0000000000000a20 x19: ffff0000c0ff9800 x18: 0000000000000001
x17: 0000000000000000 x16: ffff8000119967f4 x15: 00000000ffffffff
x14: ffff0000cc7ed1c0 x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : 31f7f798e270fb00
x8 : 31f7f798e270fb00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800020cb6118 x4 : ffff800014a1f7c0 x3 : ffff800008550224
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:502
 ar5523_submit_rx_cmd+0x170/0x28c drivers/net/wireless/ath/ar5523/ar5523.c:212
 ar5523_probe+0x93c/0x1b40 drivers/net/wireless/ath/ar5523/ar5523.c:1653
 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396
 really_probe+0x26c/0xaec drivers/base/dd.c:595
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:755
 driver_probe_device+0x78/0x34c drivers/base/dd.c:785
 __device_attach_driver+0x28c/0x4d8 drivers/base/dd.c:907
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:979
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1028
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3409
 usb_set_configuration+0x15e0/0x1b60 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238
 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293
 really_probe+0x26c/0xaec drivers/base/dd.c:595
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:755
 driver_probe_device+0x78/0x34c drivers/base/dd.c:785
 __device_attach_driver+0x28c/0x4d8 drivers/base/dd.c:907
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:979
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1028
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3409
 usb_new_device+0x900/0x145c drivers/usb/core/hub.c:2593
 hub_port_connect drivers/usb/core/hub.c:5454 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5594 [inline]
 port_event drivers/usb/core/hub.c:5740 [inline]
 hub_event+0x236c/0x46b8 drivers/usb/core/hub.c:5822
 process_one_work+0x790/0x11b8 kernel/workqueue.c:2310
 worker_thread+0x910/0x1034 kernel/workqueue.c:2457
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 101910
hardirqs last  enabled at (101909): [<ffff80000832c48c>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (101910): [<ffff800011991e80>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:396
softirqs last  enabled at (100968): [<ffff800008021c64>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (100968): [<ffff800008021c64>] __do_softirq+0xb5c/0xdb0 kernel/softirq.c:587
softirqs last disabled at (100963): [<ffff8000081b6568>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (100963): [<ffff8000081b6568>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (100963): [<ffff8000081b6568>] __irq_exit_rcu+0x264/0x4d4 kernel/softirq.c:637
---[ end trace be4659d93df6d71e ]---
usb 1-1: error -22 when submitting rx urb
usb 1-1: Failed to submit rx cmd
ar5523: probe of 1-1:0.0 failed with error -22

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/25 12:56 linux-5.15.y c52b9710c83d 8bdc0f22 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2023/05/07 20:43 linux-5.15.y 8a7f2a5c5aa1 90c93c40 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2024/04/25 12:32 linux-5.15.y c52b9710c83d 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2024/04/25 12:41 linux-5.15.y c52b9710c83d 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 WARNING in ar5523_submit_rx_cmd/usb_submit_urb
* Struck through repros no longer work on HEAD.