syzbot

 sign-in | mailing list | source | docs
🐞 Open [530] 🐞 Fixed [32] 🐞 Invalid [293] Missing Backports [43] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb

Status: upstream: reported C repro on 2023/04/01 13:22
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+2a236bd2ff7884f06afd@syzkaller.appspotmail.com
First crash: 382d, last: 300d
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2023/05/16 upstream (ToT) f1fcbaa18b28 C [report] WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb usb wireless C done 47 2d13h 1434d 0/26 upstream: reported C repro on 2020/05/14 20:18
linux-6.1 WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb origin:upstream C 2 23d 382d 0/3 upstream: reported C repro on 2023/04/01 12:52
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2023/08/12 16:16 1m bisect fix linux-5.15.y error job log (0)
2023/06/23 01:59 56m bisect fix linux-5.15.y job log (0) log
2023/05/01 17:44 43m bisect fix linux-5.15.y job log (0) log

Sample crash report:
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 1953 at drivers/usb/core/urb.c:503 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:502
Modules linked in:
CPU: 0 PID: 1953 Comm: kworker/0:2 Not tainted 5.15.105-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: usb_hub_wq hub_event
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:502
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:502
sp : ffff8000222d6770
x29: ffff8000222d67b0 x28: 0000000000000001 x27: ffff800012b080a8
x26: ffff0000c2b91f00 x25: ffff0000c0e04000 x24: 0000000000000040
x23: ffff800012b0e8c0 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000a20 x19: ffff0000c085d400 x18: 0000000000000001
x17: ff808000083336c4 x16: ffff80001193f6fc x15: ffff8000083336c4
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000832b16c x10: 0000000000000000 x9 : 9d5992e197ca5500
x8 : 9d5992e197ca5500 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000222d5ed8 x4 : ffff80001499f940 x3 : ffff800008549b3c
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000029
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:502
 carl9170_usb_submit_cmd_urb+0x7c/0x204 drivers/net/wireless/ath/carl9170/usb.c:229
 __carl9170_exec_cmd+0x2b0/0x40c drivers/net/wireless/ath/carl9170/usb.c:643
 carl9170_reboot+0xa4/0xf0 drivers/net/wireless/ath/carl9170/cmd.c:141
 carl9170_usb_disconnect+0x90/0x144 drivers/net/wireless/ath/carl9170/usb.c:1116
 usb_unbind_interface+0x1a4/0x758 drivers/usb/core/driver.c:458
 __device_release_driver drivers/base/dd.c:1224 [inline]
 device_release_driver_internal+0x464/0x6ac drivers/base/dd.c:1257
 device_release_driver+0x28/0x38 drivers/base/dd.c:1280
 usb_driver_release_interface drivers/usb/core/driver.c:627 [inline]
 usb_forced_unbind_intf+0x128/0x1f4 drivers/usb/core/driver.c:1117
 usb_reset_device+0x38c/0x9a0 drivers/usb/core/hub.c:6130
 carl9170_usb_probe+0x5c/0x9d0 drivers/net/wireless/ath/carl9170/usb.c:1044
 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396
 really_probe+0x26c/0xaec drivers/base/dd.c:595
 __driver_probe_device+0x1bc/0x3f8 drivers/base/dd.c:750
 driver_probe_device+0x78/0x34c drivers/base/dd.c:780
 __device_attach_driver+0x28c/0x4d8 drivers/base/dd.c:902
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:974
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1023
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3394
 usb_set_configuration+0x15e0/0x1b60 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238
 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293
 really_probe+0x26c/0xaec drivers/base/dd.c:595
 __driver_probe_device+0x1bc/0x3f8 drivers/base/dd.c:750
 driver_probe_device+0x78/0x34c drivers/base/dd.c:780
 __device_attach_driver+0x28c/0x4d8 drivers/base/dd.c:902
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:974
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1023
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3394
 usb_new_device+0x8fc/0x1448 drivers/usb/core/hub.c:2568
 hub_port_connect drivers/usb/core/hub.c:5358 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
 port_event drivers/usb/core/hub.c:5648 [inline]
 hub_event+0x22e4/0x48c4 drivers/usb/core/hub.c:5730
 process_one_work+0x790/0x11b8 kernel/workqueue.c:2306
 worker_thread+0x910/0x1034 kernel/workqueue.c:2453
 kthread+0x37c/0x45c kernel/kthread.c:319
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 80914
hardirqs last  enabled at (80913): [<ffff800008329304>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (80914): [<ffff80001193ad90>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last  enabled at (77952): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (77952): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (77939): [<ffff8000081b4ee0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (77939): [<ffff8000081b4ee0>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (77939): [<ffff8000081b4ee0>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:636
---[ end trace bd6ef75e051de5db ]---
usb 1-1: reset full-speed USB device number 2 using dummy_hcd
carl9170: probe of 1-1:0.24 failed with error -115
usb 1-1: Direct firmware load for carl9170-1.fw failed with error -2
usb 1-1: Falling back to sysfs fallback for: carl9170-1.fw

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/04/01 13:21 linux-5.15.y c957cbb87315 f325deb0 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
2023/05/22 18:05 linux-5.15.y 9d6bde853685 4bce1a3e .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
* Struck through repros no longer work on HEAD.