syzbot

 sign-in | mailing list | source | docs
🐞 Open [677]
🐞 Fixed [94]
🐞 Invalid [514]
Missing Backports [36]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in vmk80xx_write_packet/usb_submit_urb

Status: fixed on 2024/05/27 10:09
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+acc65ab78db849d079c1@syzkaller.appspotmail.com
Fix commit: ac882d6b21bf comedi: vmk80xx: fix incomplete endpoint checking
First crash: 247d, last: 214d
Fix bisection: fixed by (bisect log) :
commit ac882d6b21bffecb57bcc4486701239eef5aa67b
Author: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Date: Mon Apr 8 17:16:33 2024 +0000

  comedi: vmk80xx: fix incomplete endpoint checking

  
Bug presence (2)
Date Name Commit Repro Result
2024/03/19 upstream (ToT) b3603fcb79b1 C [report] WARNING in vmk80xx_write_packet/usb_submit_urb
2024/05/04 upstream (ToT) 7367539ad4b0 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in vmk80xx_write_packet/usb_submit_urb usb C error inconclusive 61 223d 1962d 0/28 closed as dup on 2024/05/22 11:30
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2024/05/25 19:46 4h40m bisect fix linux-6.1.y OK (1) job log
2024/04/21 05:00 1h42m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 24 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 6.1.82-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Workqueue: usb_hub_wq hub_event
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
sp : ffff800019f16780
x29: ffff800019f167c0 x28: 0000000000000001 x27: ffff800013583ee8
x26: ffff0000d9746c00 x25: ffff0000d84c7000 x24: 00000000000003ff
x23: ffff80001358a760 x22: dfff800000000000 x21: 0000000000000002
x20: 0000000000000c00 x19: ffff0000c31f4000 x18: ffff800019f15b80
x17: 0000000000000000 x16: ffff80001214de8c x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : aada0450e36ee600
x8 : aada0450e36ee600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800019f16078 x4 : ffff800015922ae0 x3 : ffff8000085886bc
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504
 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58
 usb_bulk_msg+0x2dc/0x3f0 drivers/usb/core/message.c:387
 usb_interrupt_msg+0x50/0x68 drivers/usb/core/message.c:327
 vmk80xx_write_packet+0x2c8/0x440 drivers/comedi/drivers/vmk80xx.c:214
 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]
 vmk80xx_auto_attach+0x810/0x1550 drivers/comedi/drivers/vmk80xx.c:818
 comedi_auto_config+0x218/0x32c drivers/comedi/drivers.c:1066
 comedi_usb_auto_config+0x34/0x48 drivers/comedi/comedi_usb.c:66
 vmk80xx_usb_probe+0x50/0x60 drivers/comedi/drivers/vmk80xx.c:851
 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396
 really_probe+0x394/0xacc drivers/base/dd.c:639
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785
 driver_probe_device+0x78/0x330 drivers/base/dd.c:815
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3671
 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238
 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293
 really_probe+0x394/0xacc drivers/base/dd.c:639
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785
 driver_probe_device+0x78/0x330 drivers/base/dd.c:815
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3671
 usb_new_device+0x908/0x1440 drivers/usb/core/hub.c:2605
 hub_port_connect drivers/usb/core/hub.c:5456 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5596 [inline]
 port_event drivers/usb/core/hub.c:5752 [inline]
 hub_event+0x23f4/0x4360 drivers/usb/core/hub.c:5834
 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
irq event stamp: 23968
hardirqs last  enabled at (23967): [<ffff800008343cc0>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (23968): [<ffff800012149b44>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (22002): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (22002): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (21991): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---
comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'.
usb 1-1: USB disconnect, device number 2

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/19 01:28 linux-6.1.y d7543167affd baa80228 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in vmk80xx_write_packet/usb_submit_urb
* Struck through repros no longer work on HEAD.