syzbot

 sign-in | mailing list | source | docs
🐞 Open [950] 🐞 Fixed [4020] 🐞 Invalid [8931] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING: ODEBUG bug in smsusb_term_device

Status: upstream: reported C repro on 2019/07/23 12:48
Reported-by: syzbot+25ddf1bb485cd9400ca4@syzkaller.appspotmail.com
First crash: 1163d, last: 64d

Cause bisection: introduced by (bisect log) [ignored commit]:
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

  usb: gadget: add raw-gadget interface

Crash: WARNING: ODEBUG bug in smsusb_term_device (log)
Repro: syz .config

Fix bisection: the fix commit could be any of (bisect log):
  3dbdb38e2869 Merge branch 'for-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
  c40e8341e3b3 Merge tag 'cgroup-for-6.0-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
Sample crash report:
smsusb:smsusb_init_device: smscore_start_device(...) failed
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: work_struct hint: do_submit_urb+0x0/0x3e0 drivers/media/usb/siano/smsusb.c:146
WARNING: CPU: 3 PID: 1375 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Modules linked in:
CPU: 3 PID: 1375 Comm: kworker/3:2 Not tainted 5.17.0-syzkaller-10734-gcb7cbaae7fd9 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Workqueue: usb_hub_wq hub_event
RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd c0 12 26 8a 4c 89 ee 48 c7 c7 c0 06 26 8a e8 02 1c 29 05 <0f> 0b 83 05 25 09 c4 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffffc90005f1eda0 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff888016768280 RSI: ffffffff815f4e58 RDI: fffff52000be3da6
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815ef81e R11: 0000000000000000 R12: ffffffff89cb75e0
R13: ffffffff8a260ba0 R14: ffffffff814bafc0 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88802cd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005557bc6d5690 CR3: 00000000189b5000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __debug_check_no_obj_freed lib/debugobjects.c:992 [inline]
 debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1023
 kfree+0xc2/0x2c0 mm/slab.c:3808
 smsusb_term_device+0x1bd/0x2e0 drivers/media/usb/siano/smsusb.c:350
 smsusb_init_device+0xa80/0xb07 drivers/media/usb/siano/smsusb.c:487
 smsusb_probe+0xd8f/0xe2c drivers/media/usb/siano/smsusb.c:566
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:755
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:785
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:902
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:973
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:755
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:785
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:902
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:973
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x641/0x1091 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5358 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
 port_event drivers/usb/core/hub.c:5660 [inline]
 hub_event+0x25c6/0x4680 drivers/usb/core/hub.c:5742
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Crashes (35):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-qemu-upstream 2022/03/26 13:13 upstream cb7cbaae7fd9 89bc8608 .config log report syz C WARNING: ODEBUG bug in smsusb_term_device
ci-qemu-upstream 2022/03/13 08:31 upstream aad611a868d1 9e8eaa75 .config log report syz C WARNING: ODEBUG bug in smsusb_term_device
ci-qemu-upstream 2022/03/04 19:55 upstream 38f80f42147f 45a13a73 .config log report syz C WARNING: ODEBUG bug in smsusb_term_device
ci-qemu-upstream 2021/02/16 23:15 upstream f40ddce88593 98682e5e .config log report syz C WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb 2020/06/19 18:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f8f02d5c671f 123cf502 .config log report syz C
ci2-upstream-usb 2020/05/28 21:48 https://github.com/google/kasan.git usb-fuzzer d19c64b3d097 c7192a2f .config log report syz C
ci2-upstream-usb 2020/05/14 02:53 https://github.com/google/kasan.git usb-fuzzer 059e7e0ff26c a885920d .config log report syz C
ci2-upstream-usb 2020/03/24 15:08 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 33e14df3 .config log report syz C
ci2-upstream-usb 2020/03/06 14:54 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 7fb694ef .config log report syz C
ci2-upstream-usb 2020/02/28 21:48 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c c88c7b75 .config log report syz C
ci2-upstream-usb 2020/02/26 20:16 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 251aabb7 .config log report syz C
ci2-upstream-usb 2020/02/24 23:18 https://github.com/google/kasan.git usb-fuzzer d6ff8147a51c 59b57593 .config log report syz C
ci2-upstream-usb 2020/01/31 16:23 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config log report syz C
ci2-upstream-usb 2020/01/23 01:16 https://github.com/google/kasan.git usb-fuzzer 4cc301ee04d9 3334d684 .config log report syz C
ci2-upstream-usb 2019/12/17 05:09 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb d13d7958 .config log report syz C
ci2-upstream-usb 2019/09/22 10:56 https://github.com/google/kasan.git usb-fuzzer e0bd8d794fc9 d96e88f3 .config log report syz C
ci2-upstream-usb 2019/07/23 03:06 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 55e0c077 .config log report syz C
ci-upstream-kasan-gce-selinux-root 2021/07/09 01:03 upstream 3dbdb38e2869 1b20171a .config log report syz WARNING: ODEBUG bug in smsusb_term_device
ci-upstream-kasan-gce-smack-root 2021/05/30 10:16 upstream 6799d4f2da49 325a8dab .config log report syz WARNING: ODEBUG bug in smsusb_term_device
ci-upstream-linux-next-kasan-gce-root 2021/06/20 19:22 linux-next a1f92694393a aba2b2fb .config log report syz WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb 2020/12/09 02:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing b175d273d4e4 40cc414d .config log report syz
ci2-upstream-usb 2022/03/11 03:22 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 98d107b84614 9e8eaa75 .config log report info WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb 2021/11/14 17:11 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c8c109546a19 75b04091 .config log report info WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb 2021/09/03 01:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 1b4f3dfb4792 f62a5829 .config log report info WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb 2021/02/06 13:14 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 23e32a595e11 0655e081 .config log report info WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb 2020/12/08 12:49 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 08a02f954b0d 9af51e31 .config log report info
ci2-upstream-usb 2020/11/19 22:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e1e52361c61a 0767f13f .config log report info
ci2-upstream-usb 2020/10/10 16:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 93578a25d4e2 b74c49a6 .config log report info
ci2-upstream-usb 2019/12/14 10:38 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb eef6e580 .config log report
ci2-upstream-usb 2019/12/14 00:45 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb a5c1ab05 .config log report
ci2-upstream-usb 2019/09/07 07:12 https://github.com/google/kasan.git usb-fuzzer f0df5c1be1e9 a60cb4cd .config log report
ci2-upstream-usb 2019/09/02 10:24 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 db7c31ca .config log report
ci2-upstream-usb 2019/09/01 18:17 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 bad3cce2 .config log report
ci2-upstream-usb 2019/08/31 10:26 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 bcd7bcc2 .config log report
ci2-upstream-usb 2019/08/30 22:38 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 9adfa876 .config log report
* Struck through repros no longer work on HEAD.