syzbot

 sign-in | mailing list | source | docs
🐞 Open [789]
🐞 Fixed [132]
🐞 Invalid [871]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in bcm5974_start_traffic/usb_submit_urb

Status: upstream: reported C repro on 2024/02/06 21:35
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+90c7435c68b469a5d2fe@syzkaller.appspotmail.com
First crash: 589d, last: 26d
Fix bisection: failed (error log, bisect log)
  
Bug presence (2)
Date Name Commit Repro Result
2025/08/23 linux-6.1.y (ToT) 0bc96de781b4 C [report] WARNING in bcm5974_start_traffic/usb_submit_urb
2025/08/23 upstream (ToT) 6debb6904172 C Didn't crash
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in bcm5974_start_traffic/usb_submit_urb input -1 C error 41 545d 2140d 25/29 fixed on 2024/03/26 17:39
linux-5.15 WARNING in bcm5974_start_traffic/usb_submit_urb origin:upstream -1 C error 4 38d 528d 0/3 upstream: reported C repro on 2024/04/08 05:03
upstream WARNING in bcm5974_start_traffic/usb_submit_urb (2) usb input -1 C unreliable done 28 47d 521d 0/29 upstream: reported C repro on 2024/04/15 01:54
Fix bisection attempts (11)
Created Duration User Patch Repo Result
2025/03/05 16:07 16m bisect fix linux-6.1.y error job log
2025/01/29 20:17 2h38m bisect fix linux-6.1.y OK (0) job log log
2024/12/10 06:51 1h50m bisect fix linux-6.1.y OK (0) job log log
2024/10/27 01:29 2h22m bisect fix linux-6.1.y OK (0) job log log
2024/09/26 21:32 3h08m bisect fix linux-6.1.y OK (0) job log log
2024/08/19 20:06 1h42m bisect fix linux-6.1.y OK (0) job log log
2024/07/09 21:53 2h04m bisect fix linux-6.1.y OK (0) job log log
2024/06/01 02:30 1h50m bisect fix linux-6.1.y OK (0) job log log
2024/04/28 15:30 1h57m bisect fix linux-6.1.y OK (0) job log log
2024/03/28 03:08 2h44m fix candidate upstream OK (0) job log log
2024/03/12 17:28 1h45m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 3622 at drivers/usb/core/urb.c:505 usb_submit_urb+0xc74/0x1970 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 3622 Comm: acpid Not tainted 6.1.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:usb_submit_urb+0xc74/0x1970 drivers/usb/core/urb.c:504
Code: 8b 4c 89 f0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 0b 09 00 00 45 8b 06 48 c7 c7 80 32 2e 8b 48 89 ee 4c 89 e2 e8 7c f5 37 fb <0f> 0b 44 8b 64 24 34 44 0f b6 74 24 10 4c 89 f7 48 c7 c6 30 b0 67
RSP: 0018:ffffc90003297630 EFLAGS: 00010246
RAX: 2573530e5ba6af00 RBX: ffff8881447f4100 RCX: ffff88807d738000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: ffffffff8b2e9d80 R08: dffffc0000000000 R09: ffffed10171e4f34
R10: ffffed10171e4f34 R11: 1ffff110171e4f33 R12: ffff888019e8b870
R13: dffffc0000000000 R14: ffffffff8b2e3068 R15: ffff888019ed80f8
FS:  00007fc72bbd1740(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2e363fff CR3: 000000007fa15000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 bcm5974_start_traffic+0xd7/0x140 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x8e/0x120 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x16c/0x2e0 drivers/input/input.c:650
 mousedev_open_device+0xc3/0x150 drivers/input/mousedev.c:430
 mousedev_open+0x2e5/0x4a0 drivers/input/mousedev.c:556
 chrdev_open+0x597/0x670 fs/char_dev.c:414
 do_dentry_open+0x7e9/0x10d0 fs/open.c:882
 do_open fs/namei.c:3626 [inline]
 path_openat+0x25c6/0x2e70 fs/namei.c:3783
 do_filp_open+0x1c1/0x3c0 fs/namei.c:3810
 do_sys_openat2+0x142/0x490 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1345
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fc72bc5b407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffcddab56e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fc72bbd1740 RCX: 00007fc72bc5b407
RDX: 0000000000080800 RSI: 00007ffcddab58f0 RDI: ffffffffffffff9c
RBP: 00007ffcddab58f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000020
R13: 00007ffcddab59f0 R14: 0000562d94fff7fe R15: 00007ffcddab59f0
 </TASK>

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/23 07:05 linux-6.1.y 0bc96de781b4 bf27483f .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in bcm5974_start_traffic/usb_submit_urb
2025/02/03 03:00 linux-6.1.y 0cbb5f65e52f 568559e4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in bcm5974_start_traffic/usb_submit_urb
2024/12/23 07:04 linux-6.1.y 29f02ec58a94 b4fbdbd4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in bcm5974_start_traffic/usb_submit_urb
2024/02/06 21:34 linux-6.1.y f1bb70486c9c 6404acf9 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in bcm5974_start_traffic/usb_submit_urb
* Struck through repros no longer work on HEAD.