syzbot

 sign-in | mailing list | source | docs
🐞 Open [732]
🐞 Fixed [113]
🐞 Invalid [694]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in ar5523_submit_rx_cmd/usb_submit_urb

Status: fixed on 2025/03/17 05:51
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+938ae786ee51a75ab0ff@syzkaller.appspotmail.com
Fix commit: 34f7ebff1b96 wifi: ar5523: enable proper endpoint verification
First crash: 705d, last: 53d
Fix bisection: fixed by (bisect log) :
commit 34f7ebff1b9699e0b89fa58b693bc098c2f5ec72
Author: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Date: Mon Apr 8 12:14:25 2024 +0000

  wifi: ar5523: enable proper endpoint verification

  
Bug presence (3)
Date Name Commit Repro Result
2024/06/10 linux-6.1.y (ToT) 88690811da69 C [report] WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2023/09/13 upstream (ToT) 23f108dc9ed2 C [report] WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2024/06/10 upstream (ToT) 83a7eefedc9b C Didn't crash
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 WARNING in ar5523_submit_rx_cmd/usb_submit_urb origin:upstream missing-backport C error 4 312d 698d 0/3 auto-obsoleted due to no activity on 2024/10/02 19:40
upstream WARNING in ar5523_submit_rx_cmd/usb_submit_urb usb wireless C error inconclusive 883 310d 2132d 0/28 auto-obsoleted due to no activity on 2024/08/07 17:46
Fix bisection attempts (13)
Created Duration User Patch Repo Result
2025/03/14 02:56 5h11m bisect fix linux-6.1.y OK (1) job log
2025/02/10 16:24 2h28m fix candidate upstream OK (0) job log log
2024/11/30 16:21 12h01m fix candidate upstream error job log
2024/10/15 01:27 0m fix candidate upstream error job log
2024/08/02 10:36 12h04m fix candidate upstream error job log
2024/05/30 16:47 10m bisect fix linux-6.1.y error job log
2024/03/14 10:03 1h35m bisect fix linux-6.1.y OK (0) job log log
2024/02/09 00:28 1h47m bisect fix linux-6.1.y OK (0) job log log
2024/01/02 03:12 1h10m bisect fix linux-6.1.y OK (0) job log log
2023/11/18 14:46 1h36m bisect fix linux-6.1.y OK (0) job log log
2023/10/17 18:05 1h36m bisect fix linux-6.1.y OK (0) job log log
2023/09/13 15:40 1h29m bisect fix linux-6.1.y OK (0) job log log
2023/06/29 17:21 1h22m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
usb 1-1: config 0 descriptor??
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 1954 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 1954 Comm: kworker/1:2 Not tainted 6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: usb_hub_wq hub_event
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff8000234a6980
x29: ffff8000234a69c0 x28: 0000000000000003 x27: ffff800013584a8c
x26: ffff0000d2342000 x25: ffff0000d4ee8000 x24: 00000000000000a5
x23: ffff80001358b300 x22: dfff800000000000 x21: 0000000000000003
x20: 0000000000000a20 x19: ffff0000c0881c00 x18: ffff8000234a5d80
x17: 0000000000000000 x16: ffff800012151454 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 6c523f855908b700
x8 : 6c523f855908b700 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000234a6278 x4 : ffff800015922ae0 x3 : ffff8000085867c0
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 ar5523_submit_rx_cmd+0x170/0x28c drivers/net/wireless/ath/ar5523/ar5523.c:212
 ar5523_probe+0x91c/0x1a9c drivers/net/wireless/ath/ar5523/ar5523.c:1652
 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396
 really_probe+0x394/0xacc drivers/base/dd.c:639
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785
 driver_probe_device+0x78/0x330 drivers/base/dd.c:815
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3671
 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238
 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293
 really_probe+0x394/0xacc drivers/base/dd.c:639
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785
 driver_probe_device+0x78/0x330 drivers/base/dd.c:815
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3671
 usb_new_device+0x908/0x1440 drivers/usb/core/hub.c:2605
 hub_port_connect drivers/usb/core/hub.c:5456 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5596 [inline]
 port_event drivers/usb/core/hub.c:5752 [inline]
 hub_event+0x23f4/0x4360 drivers/usb/core/hub.c:5834
 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
irq event stamp: 98148
hardirqs last  enabled at (98147): [<ffff800008342cc0>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (98148): [<ffff80001214d10c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (97396): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (97396): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (97391): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---
usb 1-1: error -22 when submitting rx urb
usb 1-1: Failed to submit rx cmd
ar5523: probe of 1-1:0.0 failed with error -22

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/01 22:25 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2023/12/02 11:11 linux-6.1.y 6ac30d748bb0 f819d6f7 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2023/04/30 22:16 linux-6.1.y ca1c9012c941 62df2017 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2024/04/25 12:31 linux-6.1.y 6741e066ec76 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2023/12/02 11:31 linux-6.1.y 6ac30d748bb0 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2023/05/30 09:08 linux-6.1.y a343b0dd87b4 cf184559 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in ar5523_submit_rx_cmd/usb_submit_urb
2023/12/02 10:56 linux-6.1.y 6ac30d748bb0 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in ar5523_submit_rx_cmd/usb_submit_urb
* Struck through repros no longer work on HEAD.