syzbot


WARNING in cm109_input_open/usb_submit_urb

Status: upstream: reported syz repro on 2021/05/13 19:58
Reported-by: syzbot+d2ecf8b4cf94672e38a0@syzkaller.appspotmail.com
First crash: 633d, last: 121d

Cause bisection: introduced by (bisect log) [ignored commit]:
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

  usb: gadget: add raw-gadget interface

Crash: WARNING in cm109_submit_buzz_toggle/usb_submit_urb (log)
Repro: syz .config

Fix bisection: failed (bisect log)
Last patch testing requests:
Created Duration User Patch Repo Result
2023/01/15 05:32 18m retest repro upstream OK log
2022/10/07 01:30 16m retest repro upstream report log

Sample crash report:
usb 2-1: Product: syz
usb 2-1: Manufacturer: syz
usb 2-1: SerialNumber: syz
usb 2-1: config 0 descriptor??
cm109 2-1:0.0: invalid payload size 1024, expected 4
input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input207
------------[ cut here ]------------
URB 000000006a2658c1 submitted while active
WARNING: CPU: 0 PID: 3717 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e2/0x18a0 drivers/usb/core/urb.c:378
Modules linked in:
CPU: 0 PID: 3717 Comm: kworker/0:5 Not tainted 5.17.0-rc2-next-20220204-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x14e2/0x18a0 drivers/usb/core/urb.c:378
Code: 89 de e8 01 9b 04 fc 84 db 0f 85 a9 f3 ff ff e8 14 97 04 fc 4c 89 fe 48 c7 c7 20 0f 4b 8a c6 05 15 ec 0b 08 01 e8 1d 7e 9f 03 <0f> 0b e9 87 f3 ff ff 41 be ed ff ff ff e9 7c f3 ff ff e8 e7 96 04
RSP: 0018:ffffc900028eef48 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801d4aba80 RSI: ffffffff815fb548 RDI: fffff5200051dddb
RBP: ffff88807228d850 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815f52fe R11: 0000000000000000 R12: 000000000000000f
R13: ffff88807228d810 R14: 00000000fffffff0 R15: ffff8880746dfb00
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efc34667028 CR3: 000000007f5af000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 cm109_input_open+0x26f/0x360 drivers/input/misc/cm109.c:572
 input_open_device+0x1bb/0x320 drivers/input/input.c:629
 kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593
 input_attach_handler+0x180/0x1f0 drivers/input/input.c:1035
 input_register_device.cold+0xf0/0x304 drivers/input/input.c:2335
 cm109_usb_probe+0x1218/0x1700 drivers/input/misc/cm109.c:806
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc17/0x1ee0 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc17/0x1ee0 drivers/base/core.c:3405
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5362 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5506 [inline]
 port_event drivers/usb/core/hub.c:5664 [inline]
 hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5746
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-linux-next-kasan-gce-root 2022/02/09 07:47 linux-next ef6b35306dd8 0b33604d .config console log report syz WARNING in cm109_input_open/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/05/13 14:25 upstream dbb5afad100a ed7d41c5 .config console log report syz WARNING in cm109_input_open/usb_submit_urb
* Struck through repros no longer work on HEAD.