WARNING in media_create_pad

WARNING in media_create_pad_link
Status: upstream: reported C repro on 2020/05/14 20:18
Reported-by: syzbot+dd320d114deb3f5bb79b@syzkaller.appspotmail.com
First crash: 615d, last: 4d08h

Cause bisection: introduced by (bisect log) :
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

usb: gadget: add raw-gadget interface

Crash: KASAN: use-after-free Read in __media_entity_remove_links (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit adb6e6ac20eedcf1dce19dc75b224e63c0828ea1
Author: Bastien Nocera <hadess@hadess.net>
Date: Tue Aug 18 11:04:43 2020 +0000

USB: Also match device drivers using the ->match vfunc

Sample crash report:

usb 1-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice=69.6a
usb 1-1: New USB device strings: Mfr=64, Product=0, SerialNumber=0
usb 1-1: Manufacturer: syz
usb 1-1: config 0 descriptor??
usb 1-1: Found UVC 0.00 device <unnamed> (0bd3:0555)
uvcvideo 1-1:0.0: Entity type for entity ᐇ was not initialized!
------------[ cut here ]------------
WARNING: CPU: 0 PID: 922 at drivers/media/mc/mc-entity.c:667 media_create_pad_link+0x953/0xab0 drivers/media/mc/mc-entity.c:667
Modules linked in:
CPU: 0 PID: 922 Comm: kworker/0:2 Not tainted 5.16.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:media_create_pad_link+0x953/0xab0 drivers/media/mc/mc-entity.c:667
Code: 01 00 00 66 ff 03 31 c0 48 83 c4 50 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 db 31 fa fa 0f 0b b8 ea ff ff ff eb e3 e8 cd 31 fa fa <0f> 0b b8 ea ff ff ff eb d5 e8 bf 31 fa fa 0f 0b b8 ea ff ff ff eb
RSP: 0018:ffffc9000488e660 EFLAGS: 00010293
RAX: ffffffff868a4c43 RBX: 0000000000000000 RCX: ffff88801b7d8000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff868a4355 R09: ffffed10024f3e98
R10: ffffed10024f3e98 R11: 0000000000000000 R12: ffff88807770c880
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88807770d080
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556be68132a8 CR3: 00000000145b2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 uvc_mc_create_links drivers/media/usb/uvc/uvc_entity.c:50 [inline]
 uvc_mc_register_entities+0x7fa/0xa50 drivers/media/usb/uvc/uvc_entity.c:151
 uvc_register_chains drivers/media/usb/uvc/uvc_driver.c:2334 [inline]
 uvc_probe+0xad58/0xb700 drivers/media/usb/uvc/uvc_driver.c:2471

Crashes (45):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-smack-root	2022/01/06 05:43	upstream	49ef78e59b07	6acc789a	.config	log	report	syz	C		WARNING in media_create_pad_link
ci-upstream-kasan-gce-root	2021/12/20 17:08	upstream	a7904a538933	021b36cb	.config	log	report	syz	C		WARNING in media_create_pad_link
ci-upstream-kasan-gce-selinux-root	2021/07/08 07:00	upstream	3dbdb38e2869	95793bce	.config	log	report	syz	C		WARNING in media_create_pad_link
ci-upstream-kasan-gce	2021/06/20 17:36	upstream	913ec3c22ef4	aba2b2fb	.config	log	report	syz	C		WARNING in media_create_pad_link
ci-upstream-kasan-gce-smack-root	2021/05/29 07:46	upstream	5ff2756afde0	858ea628	.config	log	report	syz	C		WARNING in media_create_pad_link
ci-upstream-kasan-gce-root	2021/05/26 11:56	upstream	ad9f25d33860	54f0bcf1	.config	log	report	syz	C		WARNING in media_create_pad_link
ci-upstream-linux-next-kasan-gce-root	2021/06/20 00:46	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz	C		WARNING in media_create_pad_link
ci-upstream-kasan-gce-root	2020/05/29 22:00	upstream	75caf310d16c	3905eaae	.config	log	report	syz	C
ci-upstream-kasan-gce	2020/05/28 22:06	upstream	b0c3ba31be3e	0d951763	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2020/05/21 21:34	upstream	b85051e755b0	1f30020f	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2020/05/21 19:55	upstream	b85051e755b0	1f30020f	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/05/21 16:00	upstream	b85051e755b0	1f30020f	.config	log	report	syz	C
ci2-upstream-usb	2020/12/08 06:16	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	08a02f954b0d	51a9082e	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/05/28 22:01	linux-next	ff387fc20c69	0d951763	.config	log	report	syz	C
ci2-upstream-usb	2020/05/28 21:37	https://github.com/google/kasan.git usb-fuzzer	d19c64b3d097	c7192a2f	.config	log	report	syz	C
ci2-upstream-usb	2020/05/14 03:16	https://github.com/google/kasan.git usb-fuzzer	059e7e0ff26c	a885920d	.config	log	report	syz	C
ci-upstream-kasan-gce-386	2020/05/28 22:10	upstream	b0c3ba31be3e	0d951763	.config	log	report	syz
ci-upstream-kasan-gce-root	2021/12/16 04:04	upstream	2b14864acbaa	572bcb40	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce-root	2021/04/12 23:31	upstream	d434405aaab7	bfeda1b1	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce-smack-root	2021/04/02 18:15	upstream	1678e493d530	6a81331a	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce	2021/04/02 13:53	upstream	1678e493d530	6a81331a	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce	2021/04/02 11:00	upstream	ffd9fb546d49	6a81331a	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce-386	2022/01/15 11:18	upstream	112450df61b7	723cfaf0	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce-386	2021/05/13 23:57	upstream	c06a2ba62fc4	80f9b418	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce-386	2021/05/10 05:38	upstream	6efb943b8616	bc5434be	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce-386	2021/05/07 05:05	upstream	d2b6f8a17919	06585184	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce-386	2021/04/02 16:11	upstream	1678e493d530	6a81331a	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/10/29 06:42	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	79a4479a17b8	be531bb4	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/10/28 18:34	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	79a4479a17b8	be531bb4	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/05/09 18:02	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	31a8503589c4	bc5434be	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/04/20 00:07	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	4b853c236c7b	4285c989	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/04/15 16:07	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	4b853c236c7b	fcdb12ba	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/04/11 10:51	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	3db53374405f	6a81331a	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/04/10 09:47	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	496960274153	6a81331a	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-linux-next-kasan-gce-root	2021/04/02 11:44	linux-next	454c576c3f5e	6a81331a	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/04/02 11:37	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e5242861ec6a	6a81331a	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/03/24 06:21	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	049d3db625a6	e613994b	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/02/05 18:07	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	23e32a595e11	23a562df	.config	log	report			info	WARNING in media_create_pad_link
ci2-upstream-usb	2021/02/01 01:47	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	3c648d3deb0f	fc9fd31e	.config	log	report			info	WARNING in media_create_pad_link
ci-upstream-kasan-gce-root	2020/08/14 15:59	upstream	a1d21081a60d	424dd8e7	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/07/03 14:33	upstream	cd77006e01b3	bed10395	.config	log	report
ci2-upstream-usb	2020/12/13 22:10	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	a256e24021bf	8f160dd5	.config	log	report			info
ci2-upstream-usb	2020/06/28 12:22	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b3a5ce874c26	a2cdad9d	.config	log	report
ci2-upstream-usb	2020/06/16 14:49	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b3a9e3b9622a	4ea9d964	.config	log	report
ci2-upstream-usb	2020/06/12 17:08	https://github.com/google/kasan.git usb-fuzzer	b791d1bdf921	3036d6fd	.config	log	report