syzbot

 sign-in | mailing list | source | docs
🐞 Open [950] 🐞 Fixed [4020] 🐞 Invalid [8931] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING in cm109_urb_irq_callback/usb_submit_urb

Status: upstream: reported C repro on 2020/12/30 03:58
Reported-by: syzbot+2d6d691af5ab4b7e66df@syzkaller.appspotmail.com
First crash: 641d, last: 8d03h

Cause bisection: introduced by (bisect log) [ignored commit]:
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

  usb: gadget: add raw-gadget interface

Crash: WARNING in cm109_urb_irq_callback/usb_submit_urb (log)
Repro: C syz .config
Patch testing requests:
Created Duration User Patch Repo Result
2021/08/03 19:46 18m paskripkin@gmail.com patch upstream OK

Sample crash report:
cm109 1-1:0.0: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB ffff888017f1ba00 submitted while active
WARNING: CPU: 0 PID: 3611 at drivers/usb/core/urb.c:378 usb_submit_urb+0x1116/0x1920 drivers/usb/core/urb.c:378
Modules linked in:
CPU: 0 PID: 3611 Comm: kworker/0:3 Not tainted 6.0.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x1116/0x1920 drivers/usb/core/urb.c:378
Code: 00 41 8b 06 89 44 24 10 e9 a5 f8 ff ff e8 82 d0 75 fb c6 05 6d 2c fe 07 01 48 c7 c7 00 e1 53 8b 4c 89 ee 31 c0 e8 aa a8 3d fb <0f> 0b e9 62 ef ff ff e8 5e d0 75 fb eb 2d e8 57 d0 75 fb 44 8b 74
RSP: 0018:ffffc90000007720 EFLAGS: 00010046
RAX: dbd83f1af379f600 RBX: ffff888027271048 RCX: ffff88807e3ad880
RDX: 0000000000000101 RSI: 0000000000000101 RDI: 0000000000000000
RBP: ffff888017f1ba08 R08: ffffffff816d5c8d R09: ffffed1017344f14
R10: ffffed1017344f14 R11: 1ffff11017344f13 R12: 0000000000000a20
R13: ffff888017f1ba00 R14: dffffc0000000000 R15: 0000000000000046
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f24de6f39b8 CR3: 000000000ca8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 cm109_urb_irq_callback+0x6be/0xc10 drivers/input/misc/cm109.c:422
 __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671
 dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x76a/0x980 kernel/time/timer.c:1790
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803
 __do_softirq+0x382/0x793 kernel/softirq.c:571
 __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1106
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:199
Code: 00 00 00 00 66 90 53 48 89 fb e8 17 00 00 00 48 8b 3d a8 16 9c 0c 48 89 de 5b e9 97 bc 52 00 cc cc cc cc cc cc cc 48 8b 04 24 <65> 48 8b 0c 25 00 6f 02 00 65 8b 15 f4 d6 78 7e f7 c2 00 01 ff 00
RSP: 0018:ffffc9000395f070 EFLAGS: 00000293
RAX: ffffffff813debb4 RBX: ffff8880a688d1d0 RCX: 0000000000000000
RDX: ffff88807e3ad880 RSI: 000000000000002e RDI: 0000000000000040
RBP: 0000000000000000 R08: ffffffff813deba5 R09: fffffbfff19cd8c9
R10: fffffbfff19cd8c9 R11: 1ffffffff19cd8c8 R12: ffff88802688d270
R13: ffff88802688d1d0 R14: 000000002688d1d0 R15: 000000000000002e
 phys_addr_valid arch/x86/mm/physaddr.h:7 [inline]
 __phys_addr+0x94/0x160 arch/x86/mm/physaddr.c:28
 virt_to_folio include/linux/mm.h:856 [inline]
 virt_to_slab+0x5/0xa0 mm/kasan/../slab.h:175
 kmem_cache_free+0x52/0x1d0 mm/slub.c:3551
 kernfs_put+0x340/0x490 fs/kernfs/dir.c:547
 __kernfs_remove+0xec0/0x1180 fs/kernfs/dir.c:1407
 kernfs_remove_by_name_ns+0x96/0xe0 fs/kernfs/dir.c:1589
 kernfs_remove_by_name include/linux/kernfs.h:615 [inline]
 remove_files fs/sysfs/group.c:28 [inline]
 sysfs_remove_group+0x102/0x2b0 fs/sysfs/group.c:288
 sysfs_remove_groups+0x5b/0xb0 fs/sysfs/group.c:312
 device_remove_groups drivers/base/core.c:2579 [inline]
 device_remove_attrs+0x1d8/0x290 drivers/base/core.c:2793
 device_del+0x6e4/0xbe0 drivers/base/core.c:3703
 usb_disable_device+0x3dd/0x820 drivers/usb/core/message.c:1419
 usb_disconnect+0x346/0x890 drivers/usb/core/hub.c:2235
 hub_port_connect+0x296/0x2930 drivers/usb/core/hub.c:5197
 hub_port_connect_change+0x619/0xbe0 drivers/usb/core/hub.c:5497
 port_event+0xec6/0x13b0 drivers/usb/core/hub.c:5653
 hub_event+0x5c1/0xd80 drivers/usb/core/hub.c:5735
 process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	66 90                	xchg   %ax,%ax
   6:	53                   	push   %rbx
   7:	48 89 fb             	mov    %rdi,%rbx
   a:	e8 17 00 00 00       	callq  0x26
   f:	48 8b 3d a8 16 9c 0c 	mov    0xc9c16a8(%rip),%rdi        # 0xc9c16be
  16:	48 89 de             	mov    %rbx,%rsi
  19:	5b                   	pop    %rbx
  1a:	e9 97 bc 52 00       	jmpq   0x52bcb6
  1f:	cc                   	int3
  20:	cc                   	int3
  21:	cc                   	int3
  22:	cc                   	int3
  23:	cc                   	int3
  24:	cc                   	int3
  25:	cc                   	int3
  26:	48 8b 04 24          	mov    (%rsp),%rax
* 2a:	65 48 8b 0c 25 00 6f 	mov    %gs:0x26f00,%rcx <-- trapping instruction
  31:	02 00
  33:	65 8b 15 f4 d6 78 7e 	mov    %gs:0x7e78d6f4(%rip),%edx        # 0x7e78d72e
  3a:	f7 c2 00 01 ff 00    	test   $0xff0100,%edx

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2022/05/12 00:52 upstream feb9c5e19e91 45a13a73 .config log report syz C
ci-upstream-kasan-gce 2021/12/10 11:19 upstream c741e49150db ae6bf8dd .config log report syz C
ci-upstream-kasan-gce 2021/10/09 06:50 upstream 5d6ab0bb408f ae6bf8dd .config log report syz C
ci-upstream-kasan-gce 2021/08/29 09:11 upstream 3f5ad13cb012 ae6bf8dd .config log report syz C
ci-upstream-kasan-gce 2021/07/26 02:55 upstream ff1176468d36 ae6bf8dd .config log report syz C
ci-upstream-kasan-gce-selinux-root 2021/06/10 09:58 upstream cd1245d75ce9 6a81331a .config log report syz C
* Struck through repros no longer work on HEAD.
Crashes (84):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2022/09/20 16:47 upstream 521a547ced64 7c41a9ba .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2022/07/25 16:51 upstream e0dccc3b76fb 664c519c .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2022/03/01 14:02 upstream 719fce7539cd 45a13a73 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2022/01/24 04:36 upstream dd81e1c7d5fb 214351e1 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/12/24 09:49 upstream 76657eaef4a7 6caa12e4 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/12/24 09:34 upstream 76657eaef4a7 6caa12e4 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/06/26 00:25 upstream 44db63d1ad8d ae6bf8dd .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2021/04/07 18:54 upstream 2d743660786e 6a81331a .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/04/07 18:43 upstream 2d743660786e 6a81331a .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/09/04 14:18 linux-next e47eb90a0a9a 28811d0a .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/02/03 18:44 linux-next 2d3d8c7643a5 4ebb2798 .config log report syz C WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2022/02/25 00:52 upstream 73878e5eb1bd b28851a4 .config log report syz WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/06/11 23:01 linux-next 6d0c80680317 0d5abf15 .config log report syz WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2022/09/09 11:58 upstream 506357871c18 f3027468 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/09/08 02:42 upstream 0066f1b0e275 435aeef7 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/09/06 17:28 upstream 53e99dcff61e 65aea2b9 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2022/08/14 19:57 upstream 7ebfc85e2cd7 8dfcaa3d .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/07/24 19:04 upstream af2c9ac24019 22343af4 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/06/30 23:33 upstream 1a0e93df1e10 1434eec0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/06/30 02:43 upstream d9b2ba67917c 1434eec0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/05/19 22:14 upstream f993aed406ea 50c53f39 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/04/11 20:22 upstream ce522ba9ef7e af01ee7d .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/03/18 10:20 upstream 551acdc3c3d2 e2d91b1d .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/03/14 01:00 upstream f0e18b03fcaf 9e8eaa75 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/03/08 18:21 upstream ea4424be1688 9e8eaa75 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/03/03 07:50 upstream 92ebf5f91b4d 45a13a73 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/01/17 08:47 upstream 79e06c4c4950 723cfaf0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/01/09 21:59 upstream 4634129ad9fd 2ca0d385 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2022/01/08 18:11 upstream d1587f7bfe9a 2ca0d385 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/12/16 14:59 upstream 2b14864acbaa 8dd6a5e3 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/11/10 08:39 upstream cb690f5238d7 55fa030c .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2021/10/17 22:05 upstream d999ade1cc86 0c5d9412 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/09/09 06:29 upstream 2d338201d531 e2776ee4 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/08/29 19:51 upstream 3f5ad13cb012 be2c130d .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/05/11 09:30 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/05/11 09:29 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2021/05/11 09:28 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/05/11 09:19 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/05/07 19:58 upstream d2b6f8a17919 f6da8120 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/05/07 19:11 upstream d2b6f8a17919 f6da8120 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root 2021/05/02 21:43 upstream d2b6f8a17919 77e2b668 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/05/02 21:39 upstream d2b6f8a17919 77e2b668 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root 2021/04/07 18:21 upstream 2d743660786e 6a81331a .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce 2021/03/10 04:54 upstream 144c79ef3353 26967e35 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2022/08/08 10:22 upstream 200e340f2196 88e3a122 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2021/11/04 12:22 upstream ce840177930f 4c1be0be .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2021/05/11 09:19 upstream 0aa099a312b6 ca873091 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2021/05/02 21:46 upstream d2b6f8a17919 77e2b668 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386 2021/05/01 21:50 upstream d2b6f8a17919 77e2b668 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/07/04 11:04 linux-next cb71b93c2dc3 1434eec0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/06/13 16:28 linux-next 6d0c80680317 0d5abf15 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/06/11 21:57 linux-next 6d0c80680317 0d5abf15 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/04/05 06:22 linux-next 696206280c5e 5915c2cb .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2022/01/08 23:28 linux-next b8170452cd51 2ca0d385 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/12/17 03:00 linux-next fbf252e09678 44068e19 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/12/13 00:39 linux-next ea922272cbe5 49ca1f59 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/11/07 16:43 linux-next 6a37ebbe07bf 4c1be0be .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/10/09 23:55 linux-next 683f29b781ae 838e7e2c .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/07/30 08:29 linux-next 4ccc9e2db7ac c585c7b0 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root 2021/05/07 19:20 linux-next 869a85b925fc f6da8120 .config log report info WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root 2020/12/30 05:44 upstream 139711f033f6 0fa352f2 .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/26 03:50 upstream 5814bc2d4cc2 821e0b09 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/12/30 23:55 linux-next d7a03a44a5e9 ecb8c012 .config log report info
* Struck through repros no longer work on HEAD.