syzbot

 sign-in | mailing list | source | docs
🐞 Open [786]
🐞 Fixed [134]
🐞 Invalid [891]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in cm109_input_open/usb_submit_urb (2)

Status: upstream: reported syz repro on 2025/09/29 15:23
Reported-by: syzbot+35c00f1182e1399f00b2@syzkaller.appspotmail.com
First crash: 1d09h, last: 20h48m
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in cm109_input_open/usb_submit_urb (2) input -1 2 662d 710d 0/29 auto-obsoleted due to no activity on 2024/03/17 05:41
linux-5.15 WARNING in cm109_input_open/usb_submit_urb -1 4 415d 470d 0/3 auto-obsoleted due to no activity on 2024/11/20 01:16
linux-5.15 WARNING in cm109_input_open/usb_submit_urb (2) -1 3 99d 162d 0/3 upstream: reported on 2025/04/21 01:41
upstream WARNING in cm109_input_open/usb_submit_urb input usb -1 syz unreliable error 2 1089d 1601d 0/29 auto-obsoleted due to no activity on 2023/04/22 01:04
upstream WARNING in cm109_input_open/usb_submit_urb (3) usb input -1 C error 93 6h53m 552d 0/29 upstream: reported C repro on 2024/03/27 14:52
linux-6.1 WARNING in cm109_input_open/usb_submit_urb -1 1 434d 434d 0/3 auto-obsoleted due to no activity on 2024/10/31 09:48

Sample crash report:
usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
usb 5-1: Product: syz
usb 5-1: SerialNumber: syz
usb 5-1: config 0 descriptor??
cm109 5-1:0.8: invalid payload size 0, expected 4
input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input472
------------[ cut here ]------------
URB ffff8880196edd00 submitted while active
WARNING: CPU: 1 PID: 4445 at drivers/usb/core/urb.c:379 usb_submit_urb+0xff0/0x1910 drivers/usb/core/urb.c:379
Modules linked in:
CPU: 1 PID: 4445 Comm: kworker/1:12 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xff0/0x1910 drivers/usb/core/urb.c:379
Code: 41 2e 8b 89 ea e8 96 9b fa 03 e9 f7 fb ff ff e8 b6 23 6b fb c6 05 94 69 f5 07 01 48 c7 c7 20 3f 2e 8b 48 89 de e8 b0 4f 37 fb <0f> 0b e9 86 f0 ff ff e8 94 23 6b fb eb 21 e8 8d 23 6b fb 44 8b 6c
RSP: 0018:ffffc90003516c40 EFLAGS: 00010246
RAX: c76e031590bcd200 RBX: ffff8880196edd00 RCX: ffff888026633b80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 000000000000000f R08: dffffc0000000000 R09: ffffed10171e4f34
R10: ffffed10171e4f34 R11: 1ffff110171e4f33 R12: dffffc0000000000
R13: 0000000000000cc0 R14: ffff8880196edd08 R15: ffff88807c580000
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007febfdb721e0 CR3: 000000002e315000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 cm109_input_open+0x1f7/0x460 drivers/input/misc/cm109.c:572
 input_open_device+0x16c/0x2e0 drivers/input/input.c:650
 kbd_connect+0xe9/0x130 drivers/tty/vt/keyboard.c:1593
 input_attach_handler drivers/input/input.c:1060 [inline]
 input_register_device+0xdfd/0x1310 drivers/input/input.c:2470
 cm109_usb_probe+0x10e5/0x15b0 drivers/input/misc/cm109.c:806
 usb_probe_interface+0x5a0/0xaf0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2aa/0xc70 drivers/base/dd.c:639
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:785
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2c6/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:1015
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3697
 usb_set_configuration+0x1991/0x1fd0 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x89/0x150 drivers/usb/core/generic.c:238
 usb_probe_device+0x139/0x270 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2aa/0xc70 drivers/base/dd.c:639
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:785
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2c6/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:1015
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3697
 usb_new_device+0xd4d/0x1620 drivers/usb/core/hub.c:2659
 hub_port_connect drivers/usb/core/hub.c:5517 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5657 [inline]
 port_event drivers/usb/core/hub.c:5817 [inline]
 hub_event+0x2d5e/0x54e0 drivers/usb/core/hub.c:5899
 process_one_work+0x898/0x1160 kernel/workqueue.c:2292
 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/30 04:29 linux-6.1.y 7b34dc04e4ff 86341da6 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in cm109_input_open/usb_submit_urb
2025/09/29 15:22 linux-6.1.y 7b34dc04e4ff 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in cm109_input_open/usb_submit_urb
* Struck through repros no longer work on HEAD.