syzbot

 sign-in | mailing list | source | docs
🐞 Open [721]
🐞 Fixed [113]
🐞 Invalid [725]
Missing Backports [79]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in bcm5974_start_traffic/usb_submit_urb

Status: upstream: reported C repro on 2024/02/06 21:35
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+90c7435c68b469a5d2fe@syzkaller.appspotmail.com
First crash: 444d, last: 82d
Fix bisection: failed (error log, bisect log)
  
Bug presence (2)
Date Name Commit Repro Result
2024/02/07 linux-6.1.y (ToT) f1bb70486c9c C [report] WARNING in bcm5974_start_traffic/usb_submit_urb
2024/02/07 upstream (ToT) 6d280f4d760e C Didn't crash
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in bcm5974_start_traffic/usb_submit_urb input C error 41 400d 1995d 25/28 fixed on 2024/03/26 17:39
linux-5.15 WARNING in bcm5974_start_traffic/usb_submit_urb origin:upstream C error 4 19h07m 383d 0/3 upstream: reported C repro on 2024/04/08 05:03
upstream WARNING in bcm5974_start_traffic/usb_submit_urb (2) usb input C unreliable 20 8d14h 376d 0/28 upstream: reported C repro on 2024/04/15 01:54
Fix bisection attempts (11)
Created Duration User Patch Repo Result
2025/03/05 16:07 16m bisect fix linux-6.1.y error job log
2025/01/29 20:17 2h38m bisect fix linux-6.1.y OK (0) job log log
2024/12/10 06:51 1h50m bisect fix linux-6.1.y OK (0) job log log
2024/10/27 01:29 2h22m bisect fix linux-6.1.y OK (0) job log log
2024/09/26 21:32 3h08m bisect fix linux-6.1.y OK (0) job log log
2024/08/19 20:06 1h42m bisect fix linux-6.1.y OK (0) job log log
2024/07/09 21:53 2h04m bisect fix linux-6.1.y OK (0) job log log
2024/06/01 02:30 1h50m bisect fix linux-6.1.y OK (0) job log log
2024/04/28 15:30 1h57m bisect fix linux-6.1.y OK (0) job log log
2024/03/28 03:08 2h44m fix candidate upstream OK (0) job log log
2024/03/12 17:28 1h45m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 4293 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 4293 Comm: udevd Not tainted 6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000210f7390
x29: ffff8000210f73d0 x28: 0000000000000001 x27: ffff800013788c28
x26: ffff0000cb97ec00 x25: ffff0000ddc1f000 x24: 0000000000000286
x23: ffff80001378f540 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000cc0 x19: ffff0000c087f000 x18: ffff8000210f6780
x17: 0000000000000000 x16: ffff8000123313e4 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1981f7a51ff4e600
x8 : 1981f7a51ff4e600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000210f6c78 x4 : ffff800015b731c0 x3 : ffff800008586abc
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 bcm5974_start_traffic+0xe0/0x154 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x98/0x134 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x170/0x29c drivers/input/input.c:650
 evdev_open_device drivers/input/evdev.c:400 [inline]
 evdev_open+0x308/0x4b4 drivers/input/evdev.c:487
 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3626 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3783
 do_filp_open+0x1bc/0x3cc fs/namei.c:3810
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 5244
hardirqs last  enabled at (5243): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (5244): [<ffff80001232d0c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (5142): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:421 [inline]
softirqs last  enabled at (5142): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:606
softirqs last disabled at (5133): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:612
---[ end trace 0000000000000000 ]---
bcm5974 1-1:1.0: could not read from device
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 4293 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 4293 Comm: udevd Tainted: G        W          6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000210f7390
x29: ffff8000210f73d0 x28: 0000000000000001 x27: ffff800013788c28
x26: ffff0000c9709c00 x25: ffff0000c44dd000 x24: 0000000000000286
x23: ffff80001378f540 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000cc0 x19: ffff0000c3145200 x18: 1fffe000367a0176
x17: ffff800015a8d000 x16: ffff80000830159c x15: ffff0001b3d00bbc
x14: 1ffff00002b520b2 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000ff0100 x10: 0000000000000003 x9 : 1981f7a51ff4e600
x8 : 1981f7a51ff4e600 x7 : ffff800008277b18 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff80001248c5a0 x0 : ffff80019e31d000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 bcm5974_start_traffic+0xe0/0x154 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x98/0x134 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x170/0x29c drivers/input/input.c:650
 evdev_open_device drivers/input/evdev.c:400 [inline]
 evdev_open+0x308/0x4b4 drivers/input/evdev.c:487
 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3626 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3783
 do_filp_open+0x1bc/0x3cc fs/namei.c:3810
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 14394
hardirqs last  enabled at (14393): [<ffff800008277bb8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last  enabled at (14393): [<ffff800008277bb8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (14394): [<ffff80001232d0c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (14386): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:421 [inline]
softirqs last  enabled at (14386): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:606
softirqs last disabled at (14369): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:612
---[ end trace 0000000000000000 ]---
bcm5974 1-1:1.0: could not read from device
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 4293 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 4293 Comm: udevd Tainted: G        W          6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000210f7390
x29: ffff8000210f73d0 x28: 0000000000000001 x27: ffff800013788c28
x26: ffff0000c459c200 x25: ffff0000da3c9000 x24: 0000000000000286
x23: ffff80001378f540 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000cc0 x19: ffff0000c314ba00 x18: 1fffe000367a0176
x17: 0000000000000000 x16: ffff80001227ecc0 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1981f7a51ff4e600
x8 : 1981f7a51ff4e600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000210f6c78 x4 : ffff800015b731c0 x3 : ffff800008349ec8
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 bcm5974_start_traffic+0xe0/0x154 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x98/0x134 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x170/0x29c drivers/input/input.c:650
 evdev_open_device drivers/input/evdev.c:400 [inline]
 evdev_open+0x308/0x4b4 drivers/input/evdev.c:487
 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3626 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3783
 do_filp_open+0x1bc/0x3cc fs/namei.c:3810
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 23398
hardirqs last  enabled at (23397): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (23398): [<ffff80001232d0c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (23392): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:421 [inline]
softirqs last  enabled at (23392): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:606
softirqs last disabled at (23375): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:612
---[ end trace 0000000000000000 ]---
bcm5974 1-1:1.0: could not read from device
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 4293 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 4293 Comm: udevd Tainted: G        W          6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000210f7390
x29: ffff8000210f73d0 x28: 0000000000000001 x27: ffff800013788c28
x26: ffff0000c8961d00 x25: ffff0000d7cc3000 x24: 0000000000000286
x23: ffff80001378f540 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000cc0 x19: ffff0000c3147e00 x18: 1fffe000367a0176
x17: 0000000000000000 x16: ffff80001227ecc0 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1981f7a51ff4e600
x8 : 1981f7a51ff4e600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000210f6c78 x4 : ffff800015b731c0 x3 : ffff800008349ec8
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 bcm5974_start_traffic+0xe0/0x154 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x98/0x134 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x170/0x29c drivers/input/input.c:650
 evdev_open_device drivers/input/evdev.c:400 [inline]
 evdev_open+0x308/0x4b4 drivers/input/evdev.c:487
 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3626 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3783
 do_filp_open+0x1bc/0x3cc fs/namei.c:3810
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 30734
hardirqs last  enabled at (30733): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (30734): [<ffff80001232d0c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (30728): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:421 [inline]
softirqs last  enabled at (30728): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:606
softirqs last disabled at (30723): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:612
---[ end trace 0000000000000000 ]---
bcm5974 1-1:1.0: could not read from device
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 4293 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 4293 Comm: udevd Tainted: G        W          6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000210f7390
x29: ffff8000210f73d0 x28: 0000000000000001 x27: ffff800013788c28
x26: ffff0000cbf03e00 x25: ffff0000cf8f5000 x24: 0000000000000286
x23: ffff80001378f540 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000cc0 x19: ffff0000c315fc00 x18: 1fffe000367a0176
x17: 0000000000000000 x16: ffff80001227ecc0 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1981f7a51ff4e600
x8 : 1981f7a51ff4e600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000210f6c78 x4 : ffff800015b731c0 x3 : ffff800008349ec8
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 bcm5974_start_traffic+0xe0/0x154 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x98/0x134 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x170/0x29c drivers/input/input.c:650
 evdev_open_device drivers/input/evdev.c:400 [inline]
 evdev_open+0x308/0x4b4 drivers/input/evdev.c:487
 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3626 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3783
 do_filp_open+0x1bc/0x3cc fs/namei.c:3810
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 39046
hardirqs last  enabled at (39045): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (39046): [<ffff80001232d0c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (39040): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:421 [inline]
softirqs last  enabled at (39040): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:606
softirqs last disabled at (39029): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:612
---[ end trace 0000000000000000 ]---
bcm5974 1-1:1.0: could not read from device
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 4293 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 4293 Comm: udevd Tainted: G        W          6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000210f7390
x29: ffff8000210f73d0 x28: 0000000000000001 x27: ffff800013788c28
x26: ffff0000ca27aa00 x25: ffff0000db617000 x24: 0000000000000286
x23: ffff80001378f540 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000cc0 x19: ffff0000c3167400 x18: 1fffe000367a0176
x17: ffff800015a8d000 x16: ffff80000830159c x15: ffff0001b3d00bbc
x14: 1ffff00002b520b2 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000ff0100 x10: 0000000000000003 x9 : 1981f7a51ff4e600
x8 : 1981f7a51ff4e600 x7 : ffff800008277b18 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff80001248c5a0 x0 : ffff80019e31d000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 bcm5974_start_traffic+0xe0/0x154 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x98/0x134 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x170/0x29c drivers/input/input.c:650
 evdev_open_device drivers/input/evdev.c:400 [inline]
 evdev_open+0x308/0x4b4 drivers/input/evdev.c:487
 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3626 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3783
 do_filp_open+0x1bc/0x3cc fs/namei.c:3810
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 47712
hardirqs last  enabled at (47711): [<ffff800008277bb8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last  enabled at (47711): [<ffff800008277bb8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (47712): [<ffff80001232d0c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (47704): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:421 [inline]
softirqs last  enabled at (47704): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:606
softirqs last disabled at (47699): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:612
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 4293 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 4293 Comm: udevd Tainted: G        W          6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000210f7390
x29: ffff8000210f73d0 x28: 0000000000000001 x27: ffff800013788c28
x26: ffff0000cbcd7100 x25: ffff0000dc1b2000 x24: 0000000000000286
x23: ffff80001378f540 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000cc0 x19: ffff0000c316de00 x18: 1fffe000367a0176
x17: 0000000000000000 x16: ffff8000123313e4 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1981f7a51ff4e600
x8 : 1981f7a51ff4e600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000210f6c78 x4 : ffff800015b731c0 x3 : ffff800008586abc
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 bcm5974_start_traffic+0xe0/0x154 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x98/0x134 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x170/0x29c drivers/input/input.c:650
 evdev_open_device drivers/input/evdev.c:400 [inline]
 evdev_open+0x308/0x4b4 drivers/input/evdev.c:487
 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3626 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3783
 do_filp_open+0x1bc/0x3cc fs/namei.c:3810
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 56006
hardirqs last  enabled at (56005): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (56006): [<ffff80001232d0c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (55990): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:421 [inline]
softirqs last  enabled at (55990): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:606
softirqs last disabled at (55973): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:612
---[ end trace 0000000000000000 ]---
bcm5974 1-1:1.0: could not read from device
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 4293 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 4293 Comm: udevd Tainted: G        W          6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000210f7390
x29: ffff8000210f73d0 x28: 0000000000000001 x27: ffff800013788c28
x26: ffff0000cd448400 x25: ffff0000c30d2000 x24: 0000000000000286
x23: ffff80001378f540 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000cc0 x19: ffff0000c357b000 x18: 1fffe000367a0176
x17: 0000000000000000 x16: ffff8000123313e4 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1981f7a51ff4e600
x8 : 1981f7a51ff4e600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000210f6c78 x4 : ffff800015b731c0 x3 : ffff800008586abc
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 bcm5974_start_traffic+0xe0/0x154 drivers/input/mouse/bcm5974.c:799
 bcm5974_open+0x98/0x134 drivers/input/mouse/bcm5974.c:839
 input_open_device+0x170/0x29c drivers/input/input.c:650
 evdev_open_device drivers/input/evdev.c:400 [inline]
 evdev_open+0x308/0x4b4 drivers/input/evdev.c:487
 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3626 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3783
 do_filp_open+0x1bc/0x3cc fs/namei.c:3810
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 64680
hardirqs last  enabled at (64679): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (64680): [<ffff80001232d0c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (64664): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:421 [inline]
softirqs last  enabled at (64664): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:606
softirqs last disabled at (64659): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:612
---[ end trace 0000000000000000 ]---
bcm5974 1-1:1.0: could not read from device

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/03 03:00 linux-6.1.y 0cbb5f65e52f 568559e4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in bcm5974_start_traffic/usb_submit_urb
2024/12/23 07:04 linux-6.1.y 29f02ec58a94 b4fbdbd4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in bcm5974_start_traffic/usb_submit_urb
2024/02/06 21:34 linux-6.1.y f1bb70486c9c 6404acf9 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in bcm5974_start_traffic/usb_submit_urb
* Struck through repros no longer work on HEAD.