WARNING in cm109_urb_irq_callback/usb_submit

WARNING in cm109_urb_irq_callback/usb_submit_urb
Status: upstream: reported C repro on 2020/12/30 03:58
Reported-by: syzbot+2d6d691af5ab4b7e66df@syzkaller.appspotmail.com
First crash: 116d, last: 4d05h

Cause bisection: introduced by (bisect log) [ignored commit]:
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

usb: gadget: add raw-gadget interface

Crash: WARNING in cm109_urb_irq_callback/usb_submit_urb (log)
Repro: C syz .config

Sample crash report:

cm109 1-1:0.0: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB 0000000046b46cac submitted while active
WARNING: CPU: 0 PID: 8625 at drivers/usb/core/urb.c:378 usb_submit_urb+0x1271/0x1540 drivers/usb/core/urb.c:378
Modules linked in:
CPU: 0 PID: 8625 Comm: systemd-udevd Not tainted 5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:usb_submit_urb+0x1271/0x1540 drivers/usb/core/urb.c:378
Code: 89 de e8 e2 01 33 fc 84 db 0f 85 91 f4 ff ff e8 c5 f9 32 fc 4c 89 fe 48 c7 c7 60 49 04 8a c6 05 37 83 70 08 01 e8 c4 b6 81 03 <0f> 0b e9 6f f4 ff ff c7 44 24 14 01 00 00 00 e9 26 f5 ff ff 41 be
RSP: 0000:ffffc900000079e8 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8880297e4280 RSI: ffffffff815b8145 RDI: fffff52000000f2f
RBP: ffff88802235cf80 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815b0eae R11: 0000000000000000 R12: 0000000000000046
R13: ffff8880286fa058 R14: 00000000fffffff0 R15: ffff88802234e600
FS:  00007fd1dc21a8c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b9b48f0f90 CR3: 0000000028a3a000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 cm109_urb_irq_callback+0x44f/0xaa0 drivers/input/misc/cm109.c:422
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1656
 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1726
 dummy_timer+0x11f4/0x32a0 drivers/usb/gadget/udc/dummy_hcd.c:1971
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1431
 expire_timers kernel/time/timer.c:1476 [inline]
 __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1745
 __run_timers kernel/time/timer.c:1726 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1758
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu kernel/softirq.c:422 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:434
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
RIP: 0010:check_kcov_mode+0x31/0x40 kernel/kcov.c:175
Code: 89 c2 81 e2 00 01 00 00 a9 00 01 ff 00 74 10 31 c0 85 d2 74 15 8b 96 34 15 00 00 85 d2 74 0b 8b 86 10 15 00 00 39 f8 0f 94 c0 <c3> 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 31 c0 65 8b 15 f7 d1
RSP: 0000:ffffc90001f57ea8 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000010 RCX: 000055b9b48f0f90
RDX: 0000000000000000 RSI: ffff8880297e4280 RDI: 0000000000000003
RBP: 0000000000000014 R08: 000055b9b48b5000 R09: ffffffff8fa9d8c7
R10: ffffffff813303f6 R11: 0000000000000001 R12: ffffc90001f57f58
R13: 000055b9b48f0f90 R14: ffff888014b11d68 R15: ffff8880316be840
 write_comp_data kernel/kcov.c:218 [inline]
 __sanitizer_cov_trace_cmp8+0x1d/0x70 kernel/kcov.c:264
 do_user_addr_fault+0x316/0x1210 arch/x86/mm/fault.c:1356
 handle_page_fault arch/x86/mm/fault.c:1475 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1531
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:577
RIP: 0033:0x55b9b48f0f90
Code: Unable to access opcode bytes at RIP 0x55b9b48f0f66.
RSP: 002b:00007fffb583f0a8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 000055b9b4c7aa60 RCX: 0000000000000000
RDX: 00007fffb583f0b8 RSI: 00007fffb583f0c0 RDI: 000055b9b4d2dae0
RBP: 00007fffb583f0c0 R08: 000000000000ffff R09: 0000000000000000
R10: 00007fd1db032220 R11: 000000000000000d R12: 00007fffb583f0b8
R13: 000055b9b4d2d6d0 R14: 000055b9b4c7aa60 R15: 000055b9b4c7aa78

Crashes (19):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-selinux-root	2021/04/07 18:54	upstream	2d743660	6a81331a	.config	log	report	syz	C		WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/04/07 18:43	upstream	2d743660	6a81331a	.config	log	report	syz	C		WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/04/17 03:33	upstream	2f7b98d1	7e2b734b	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/04/13 08:12	upstream	89698bec	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/04/13 07:17	upstream	89698bec	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/04/13 05:30	upstream	89698bec	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root	2021/04/12 08:31	upstream	7d900724	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/04/07 18:27	upstream	2d743660	6a81331a	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/04/07 18:21	upstream	2d743660	6a81331a	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/03/10 04:54	upstream	144c79ef	26967e35	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/14 01:41	upstream	eebe426d	a184b83e	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/13 22:25	upstream	89698bec	a184b83e	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/13 19:13	upstream	89698bec	a184b83e	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/07 19:03	upstream	2d743660	6a81331a	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/04/13 05:18	linux-next	5df924d1	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/04/13 05:11	linux-next	5df924d1	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2020/12/30 05:44	upstream	139711f0	0fa352f2	.config	log	report			info
ci-upstream-kasan-gce-selinux-root	2020/12/26 03:50	upstream	5814bc2d	821e0b09	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2020/12/30 23:55	linux-next	d7a03a44	ecb8c012	.config	log	report			info