WARNING in cm109_urb_irq_callback/usb_submit

WARNING in cm109_urb_irq_callback/usb_submit_urb
Status: upstream: reported C repro on 2020/12/30 03:58
Reported-by: syzbot+2d6d691af5ab4b7e66df@syzkaller.appspotmail.com
First crash: 214d, last: 2d11h

Cause bisection: introduced by (bisect log) [ignored commit]:
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

usb: gadget: add raw-gadget interface

Crash: WARNING in cm109_urb_irq_callback/usb_submit_urb (log)
Repro: C syz .config

Sample crash report:

cm109 3-1:0.0: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB 00000000cfeee59c submitted while active
WARNING: CPU: 1 PID: 8459 at drivers/usb/core/urb.c:378 usb_submit_urb+0x1271/0x1540 drivers/usb/core/urb.c:378
Modules linked in:
CPU: 1 PID: 8459 Comm: systemd-udevd Not tainted 5.13.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:usb_submit_urb+0x1271/0x1540 drivers/usb/core/urb.c:378
Code: 89 de e8 92 1b 29 fc 84 db 0f 85 91 f4 ff ff e8 d5 14 29 fc 4c 89 fe 48 c7 c7 80 98 06 8a c6 05 35 52 69 08 01 e8 0a b9 89 03 <0f> 0b e9 6f f4 ff ff c7 44 24 14 01 00 00 00 e9 26 f5 ff ff 41 be
RSP: 0018:ffffc90000dc09e0 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801f2f9c40 RSI: ffffffff815ce185 RDI: fffff520001b812e
RBP: ffff88801904e2a8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815c7fee R11: 0000000000000000 R12: 0000000000000046
R13: ffff88802652f858 R14: 00000000fffffff0 R15: ffff888016d16300
FS:  00007f10d8f418c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffecabb6bfc CR3: 0000000025d0b000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 cm109_urb_irq_callback+0x44f/0xaa0 drivers/input/misc/cm109.c:422
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1656
 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1726
 dummy_timer+0x11f4/0x32a0 drivers/usb/gadget/udc/dummy_hcd.c:1978
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1431
 expire_timers kernel/time/timer.c:1476 [inline]
 __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1745
 __run_timers kernel/time/timer.c:1726 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1758
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:559
 invoke_softirq kernel/softirq.c:433 [inline]
 __irq_exit_rcu+0x136/0x200 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
RIP: 0010:tomoyo_domain_quota_is_ok+0x30c/0x550 security/tomoyo/util.c:1094
Code: 5f c3 41 bc 01 00 00 00 31 db e8 af 34 dc fd 89 d9 44 89 e0 31 ff d3 f8 83 e0 01 41 89 c7 89 c6 e8 49 3c dc fd 45 85 ff 74 09 <e8> 8f 34 dc fd 41 83 c5 01 e8 86 34 dc fd 8d 73 01 bf 10 00 00 00
RSP: 0018:ffffc900017cf868 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff88801f2f9c40 RDI: 0000000000000003
RBP: ffff888017563780 R08: 0000000000000000 R09: 0000000000000005
R10: ffffffff8398a6c7 R11: 0000000000000010 R12: 0000000000000020
R13: 0000000000000360 R14: dffffc0000000000 R15: 0000000000000001
 tomoyo_supervisor+0x2f2/0xf00 security/tomoyo/common.c:2089
 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
 tomoyo_path_permission security/tomoyo/file.c:587 [inline]
 tomoyo_path_permission+0x270/0x3a0 security/tomoyo/file.c:573
 tomoyo_path_perm+0x2f0/0x400 security/tomoyo/file.c:838
 security_inode_getattr+0xcf/0x140 security/security.c:1332
 vfs_getattr fs/stat.c:139 [inline]
 vfs_statx+0x164/0x390 fs/stat.c:207
 vfs_fstatat fs/stat.c:225 [inline]
 vfs_lstat include/linux/fs.h:3384 [inline]
 __do_sys_newlstat+0x91/0x110 fs/stat.c:380
 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f10d7db3335
Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
RSP: 002b:00007ffecabb55b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00005620c03da230 RCX: 00007f10d7db3335
RDX: 00007ffecabb55f0 RSI: 00007ffecabb55f0 RDI: 00005620c03d9230
RBP: 00007ffecabb56b0 R08: 00007f10d8072188 R09: 0000000000001010
R10: 0000000000000050 R11: 0000000000000246 R12: 00005620c03d9230
R13: 00005620c03d9268 R14: 00005620c03df263 R15: 00005620c03df268

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2021/07/26 02:55	upstream	ff1176468d36	ae6bf8dd	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/06/10 09:58	upstream	cd1245d75ce9	6a81331a	.config	log	report	syz	C

Crashes (40):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2021/06/26 00:25	upstream	44db63d1ad8d	ae6bf8dd	.config	log	report	syz	C		WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/04/07 18:54	upstream	2d743660786e	6a81331a	.config	log	report	syz	C		WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/04/07 18:43	upstream	2d743660786e	6a81331a	.config	log	report	syz	C		WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/05/11 09:30	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root	2021/05/11 09:29	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/05/11 09:28	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/05/11 09:19	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/05/07 19:58	upstream	d2b6f8a17919	f6da8120	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/05/07 19:11	upstream	d2b6f8a17919	f6da8120	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root	2021/05/02 21:43	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/05/02 21:39	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/05/01 21:46	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/05/01 21:45	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/05/01 21:43	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root	2021/05/01 21:43	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/04/27 06:21	upstream	4a0225c3d208	805b5003	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/04/24 01:37	upstream	18a3c5f7abfd	17f0b706	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/04/23 19:55	upstream	18a3c5f7abfd	17f0b706	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/04/17 03:33	upstream	2f7b98d1e55c	7e2b734b	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/04/13 08:12	upstream	89698becf06d	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/04/13 07:17	upstream	89698becf06d	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/04/13 05:30	upstream	89698becf06d	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-root	2021/04/12 08:31	upstream	7d900724913c	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/04/07 18:27	upstream	2d743660786e	6a81331a	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/04/07 18:21	upstream	2d743660786e	6a81331a	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce	2021/03/10 04:54	upstream	144c79ef3353	26967e35	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/05/11 09:19	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/05/02 21:46	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/05/01 21:50	upstream	d2b6f8a17919	77e2b668	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/23 16:08	upstream	18a3c5f7abfd	17f0b706	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/14 01:41	upstream	eebe426d32e1	a184b83e	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/13 22:25	upstream	89698becf06d	a184b83e	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/13 19:13	upstream	89698becf06d	a184b83e	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-386	2021/04/07 19:03	upstream	2d743660786e	6a81331a	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/05/07 19:20	linux-next	869a85b925fc	f6da8120	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/04/13 05:18	linux-next	5df924d19629	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/04/13 05:11	linux-next	5df924d19629	bfeda1b1	.config	log	report			info	WARNING in cm109_urb_irq_callback/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2020/12/30 05:44	upstream	139711f033f6	0fa352f2	.config	log	report			info
ci-upstream-kasan-gce-selinux-root	2020/12/26 03:50	upstream	5814bc2d4cc2	821e0b09	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2020/12/30 23:55	linux-next	d7a03a44a5e9	ecb8c012	.config	log	report			info