syzbot

 sign-in | mailing list | source | docs
🐞 Open [1136] 🐞 Fixed [4221] 🐞 Invalid [9375] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING in cm109_urb_irq_callback/usb_submit_urb

Status: upstream: reported C repro on 2020/12/30 03:58
Reported-by: syzbot+2d6d691af5ab4b7e66df@syzkaller.appspotmail.com
First crash: 714d, last: 26d

Cause bisection: introduced by (bisect log) [ignored commit]:
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

  usb: gadget: add raw-gadget interface

Crash: WARNING in cm109_urb_irq_callback/usb_submit_urb (log)
Repro: C syz .config
Patch testing requests:
Created Duration User Patch Repo Result
2021/08/03 19:46 18m paskripkin@gmail.com patch upstream OK

Sample crash report:
cm109 1-1:0.0: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB ffff8880171d1b00 submitted while active
WARNING: CPU: 0 PID: 3269 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e8/0x1880 drivers/usb/core/urb.c:378
Modules linked in:
CPU: 0 PID: 3269 Comm: kworker/0:3 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x14e8/0x1880 drivers/usb/core/urb.c:378
Code: 89 de e8 8b 06 e9 fb 84 db 0f 85 a3 f3 ff ff e8 fe 09 e9 fb 4c 89 fe 48 c7 c7 00 6a 91 8a c6 05 25 0d 39 08 01 e8 d7 8b ac 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 d7 09 e9 fb 48 8b 7c 24 40
RSP: 0018:ffffc900000079d8 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88807bd201c0 RSI: ffffffff81605668 RDI: fffff52000000f2d
RBP: ffff88801fd9fb80 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000101 R11: 6666666620425255 R12: 0000000000000046
R13: ffff88802008d058 R14: 00000000fffffff0 R15: ffff8880171d1b00
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc4c20f9b68 CR3: 000000000bc8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 cm109_urb_irq_callback+0x2e6/0xaa0 drivers/input/misc/cm109.c:422
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1671
 usb_hcd_giveback_urb+0x380/0x430 drivers/usb/core/hcd.c:1754
 dummy_timer+0x11ff/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790
 __run_timers kernel/time/timer.c:1768 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
 __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:kasan_check_range+0x16/0x180 mm/kasan/generic.c:188
Code: ff ff 89 43 08 5b 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 85 f6 0f 84 3c 01 00 00 49 89 f9 41 54 44 0f b6 c2 49 01 f1 55 <53> 0f 82 18 01 00 00 48 b8 ff ff ff ff ff 7f ff ff 48 39 c7 0f 86
RSP: 0018:ffffc900030cf750 EFLAGS: 00000286
RAX: 0000000000000000 RBX: ffff8880174191d0 RCX: ffffffff81fc4941
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8880174191d0
RBP: ffff8880174191d0 R08: 0000000000000001 R09: ffff8880174191d4
R10: 0000000000000002 R11: 000000000008c07d R12: dffffc0000000000
R13: ffff8880174191d0 R14: 0000000000000000 R15: ffff888017419210
 instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
 atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:575 [inline]
 kernfs_put+0x21/0x50 fs/kernfs/dir.c:531
 __kernfs_remove+0x456/0x600 fs/kernfs/dir.c:1440
 kernfs_remove_by_name_ns+0xb0/0x120 fs/kernfs/dir.c:1626
 kernfs_remove_by_name include/linux/kernfs.h:618 [inline]
 remove_files+0x96/0x1c0 fs/sysfs/group.c:28
 sysfs_remove_group+0x87/0x170 fs/sysfs/group.c:288
 sysfs_remove_groups fs/sysfs/group.c:312 [inline]
 sysfs_remove_groups+0x5c/0xa0 fs/sysfs/group.c:304
 device_remove_groups drivers/base/core.c:2579 [inline]
 device_remove_attrs+0x192/0x290 drivers/base/core.c:2793
 device_del+0x4eb/0xc80 drivers/base/core.c:3703
 usb_disable_device+0x356/0x7a0 drivers/usb/core/message.c:1419
 usb_disconnect.cold+0x259/0x6ed drivers/usb/core/hub.c:2235
 hub_port_connect drivers/usb/core/hub.c:5197 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5653 [inline]
 hub_event+0x1f86/0x45e0 drivers/usb/core/hub.c:5735
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	ff 89 43 08 5b 5d    	decl   0x5d5b0843(%rcx)
   6:	c3                   	retq
   7:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
   e:	00 00 00 00
  12:	90                   	nop
  13:	48 85 f6             	test   %rsi,%rsi
  16:	0f 84 3c 01 00 00    	je     0x158
  1c:	49 89 f9             	mov    %rdi,%r9
  1f:	41 54                	push   %r12
  21:	44 0f b6 c2          	movzbl %dl,%r8d
  25:	49 01 f1             	add    %rsi,%r9
  28:	55                   	push   %rbp
* 29:	53                   	push   %rbx <-- trapping instruction
  2a:	0f 82 18 01 00 00    	jb     0x148
  30:	48 b8 ff ff ff ff ff 	movabs $0xffff7fffffffffff,%rax
  37:	7f ff ff
  3a:	48 39 c7             	cmp    %rax,%rdi
  3d:	0f                   	.byte 0xf
  3e:	86                   	.byte 0x86

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2022/05/12 00:52 upstream feb9c5e19e91 45a13a73 .config log report syz C
ci-upstream-kasan-gce 2021/12/10 11:19 upstream c741e49150db ae6bf8dd .config log report syz C
ci-upstream-kasan-gce 2021/10/09 06:50 upstream 5d6ab0bb408f ae6bf8dd .config log report syz C
ci-upstream-kasan-gce 2021/08/29 09:11 upstream 3f5ad13cb012 ae6bf8dd .config log report syz C
ci-upstream-kasan-gce 2021/07/26 02:55 upstream ff1176468d36 ae6bf8dd .config log report syz C
ci-upstream-kasan-gce-selinux-root 2021/06/10 09:58 upstream cd1245d75ce9 6a81331a .config log report syz C
* Struck through repros no longer work on HEAD.
Crashes (87):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2022/10/17 10:15 upstream 55be6084c8e0 67cb024c .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2022/09/20 16:47 upstream 521a547ced64 7c41a9ba .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2022/07/25 16:51 upstream e0dccc3b76fb 664c519c .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2022/03/01 14:02 upstream 719fce7539cd 45a13a73 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2022/01/24 04:36 upstream dd81e1c7d5fb 214351e1 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/12/24 09:49 upstream 76657eaef4a7 6caa12e4 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/12/24 09:34 upstream 76657eaef4a7 6caa12e4 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/06/26 00:25 upstream 44db63d1ad8d ae6bf8dd .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2021/04/07 18:54 upstream 2d743660786e 6a81331a .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/04/07 18:43 upstream 2d743660786e 6a81331a .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/09/04 14:18 linux-next e47eb90a0a9a 28811d0a .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/02/03 18:44 linux-next 2d3d8c7643a5 4ebb2798 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2022/02/25 00:52 upstream 73878e5eb1bd b28851a4 .config log report syz WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/06/11 23:01 linux-next 6d0c80680317 0d5abf15 .config log report syz WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/11/13 21:32 upstream af7a05689189 3ead01ad .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2022/09/09 11:58 upstream 506357871c18 f3027468 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/09/08 02:42 upstream 0066f1b0e275 435aeef7 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/09/06 17:28 upstream 53e99dcff61e 65aea2b9 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2022/08/14 19:57 upstream 7ebfc85e2cd7 8dfcaa3d .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/07/24 19:04 upstream af2c9ac24019 22343af4 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/06/30 23:33 upstream 1a0e93df1e10 1434eec0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/06/30 02:43 upstream d9b2ba67917c 1434eec0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/05/19 22:14 upstream f993aed406ea 50c53f39 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/04/11 20:22 upstream ce522ba9ef7e af01ee7d .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/03/18 10:20 upstream 551acdc3c3d2 e2d91b1d .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/03/14 01:00 upstream f0e18b03fcaf 9e8eaa75 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/03/08 18:21 upstream ea4424be1688 9e8eaa75 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/03/03 07:50 upstream 92ebf5f91b4d 45a13a73 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/01/17 08:47 upstream 79e06c4c4950 723cfaf0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/01/09 21:59 upstream 4634129ad9fd 2ca0d385 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/01/08 18:11 upstream d1587f7bfe9a 2ca0d385 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/12/16 14:59 upstream 2b14864acbaa 8dd6a5e3 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/11/10 08:39 upstream cb690f5238d7 55fa030c .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2021/10/17 22:05 upstream d999ade1cc86 0c5d9412 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/09/09 06:29 upstream 2d338201d531 e2776ee4 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/08/29 19:51 upstream 3f5ad13cb012 be2c130d .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/05/11 09:30 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/05/11 09:29 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2021/05/11 09:28 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/05/11 09:19 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/05/07 19:58 upstream d2b6f8a17919 f6da8120 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/05/07 19:11 upstream d2b6f8a17919 f6da8120 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/05/02 21:43 upstream d2b6f8a17919 77e2b668 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/05/02 21:39 upstream d2b6f8a17919 77e2b668 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/04/07 18:21 upstream 2d743660786e 6a81331a .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/03/10 04:54 upstream 144c79ef3353 26967e35 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2022/08/08 10:22 upstream 200e340f2196 88e3a122 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2021/11/04 12:22 upstream ce840177930f 4c1be0be .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2021/05/11 09:19 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2021/05/02 21:46 upstream d2b6f8a17919 77e2b668 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2021/05/01 21:50 upstream d2b6f8a17919 77e2b668 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/10/31 10:02 linux-next 4d48f589d294 2a71366b .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/07/04 11:04 linux-next cb71b93c2dc3 1434eec0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/06/13 16:28 linux-next 6d0c80680317 0d5abf15 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/06/11 21:57 linux-next 6d0c80680317 0d5abf15 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/04/05 06:22 linux-next 696206280c5e 5915c2cb .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/01/08 23:28 linux-next b8170452cd51 2ca0d385 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/12/17 03:00 linux-next fbf252e09678 44068e19 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/12/13 00:39 linux-next ea922272cbe5 49ca1f59 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/11/07 16:43 linux-next 6a37ebbe07bf 4c1be0be .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/10/09 23:55 linux-next 683f29b781ae 838e7e2c .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/07/30 08:29 linux-next 4ccc9e2db7ac c585c7b0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/05/07 19:20 linux-next 869a85b925fc f6da8120 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2020/12/30 05:44 upstream 139711f033f6 0fa352f2 .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/26 03:50 upstream 5814bc2d4cc2 821e0b09 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/12/30 23:55 linux-next d7a03a44a5e9 ecb8c012 .config log report info
* Struck through repros no longer work on HEAD.