WARNING in hso

WARNING in hso_probe
Status: upstream: reported C repro on 2019/09/27 17:19
Reported-by: syzbot+f00009d1881ba5ac45f8@syzkaller.appspotmail.com
First crash: 288d, last: 2d14h

duplicates (1):
Title	Repro	Bisected	Count	Last	Reported	Patched	Status
KASAN: use-after-free Read in hso_probe	C		56	2d09h	284d	0/17	closed as dup on 2019/11/19 14:43

Sample crash report:

sysfs group 'power' not found for kobject 'ttyHS0'
WARNING: CPU: 0 PID: 5 at fs/sysfs/group.c:279 sysfs_remove_group fs/sysfs/group.c:279 [inline]
WARNING: CPU: 0 PID: 5 at fs/sysfs/group.c:279 sysfs_remove_group+0x155/0x1b0 fs/sysfs/group.c:270
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 panic+0x2aa/0x6e1 kernel/panic.c:221
 __warn.cold+0x2f/0x30 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:175 [inline]
 fixup_bug arch/x86/kernel/traps.c:170 [inline]
 do_error_trap+0x12b/0x1e0 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:sysfs_remove_group fs/sysfs/group.c:279 [inline]
RIP: 0010:sysfs_remove_group+0x155/0x1b0 fs/sysfs/group.c:270
Code: 48 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 01 00 75 41 48 8b 33 48 c7 c7 60 8f f1 85 e8 d3 9a 82 ff <0f> 0b eb 95 e8 e2 34 d8 ff e9 d2 fe ff ff 48 89 df e8 d5 34 d8 ff
RSP: 0018:ffff8881da1d7008 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffffffff86174980 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff812a339d RDI: ffffed103b43adf3
RBP: 0000000000000000 R08: ffff8881da19e300 R09: ffffed103b64629a
R10: ffff8881db2314cf R11: ffffed103b646299 R12: ffff8881cc745000
R13: ffffffff86174f20 R14: ffff8881cc746000 R15: ffff8881d91d4070
 dpm_sysfs_remove+0x97/0xb0 drivers/base/power/sysfs.c:794
 device_del+0x18b/0xd30 drivers/base/core.c:2692
 device_unregister+0x22/0xc0 drivers/base/core.c:2747
 device_destroy+0x96/0xd0 drivers/base/core.c:3326
 tty_unregister_device+0x7e/0x1a0 drivers/tty/tty_io.c:3190
 hso_serial_tty_unregister drivers/net/usb/hso.c:2232 [inline]
 hso_create_bulk_serial_device drivers/net/usb/hso.c:2678 [inline]
 hso_probe.cold+0x9f/0x175 drivers/net/usb/hso.c:2944
 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374
 really_probe+0x290/0xac0 drivers/base/dd.c:520
 driver_probe_device+0x223/0x350 drivers/base/dd.c:697
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:804
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:870
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0x1367/0x1c40 drivers/base/core.c:2538
 usb_set_configuration+0xed4/0x1850 drivers/usb/core/message.c:2032
 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241
 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272
 really_probe+0x290/0xac0 drivers/base/dd.c:520
 driver_probe_device+0x223/0x350 drivers/base/dd.c:697
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:804
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:870
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0x1367/0x1c40 drivers/base/core.c:2538
 usb_new_device.cold+0x552/0xf6e drivers/usb/core/hub.c:2554
 hub_port_connect drivers/usb/core/hub.c:5208 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5348 [inline]
 port_event drivers/usb/core/hub.c:5494 [inline]
 hub_event+0x226d/0x43c0 drivers/usb/core/hub.c:5576
 process_one_work+0x965/0x1630 kernel/workqueue.c:2268
 worker_thread+0x96/0xe20 kernel/workqueue.c:2414
 kthread+0x326/0x430 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (17):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci2-upstream-usb	2020/05/29 22:51	https://github.com/google/kasan.git usb-fuzzer	2089c6ed	bed08304	.config	log	report	syz	C	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/04/13 03:17	https://github.com/google/kasan.git usb-fuzzer	0fa84af8	17a986e5	.config	log	report	syz	C	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2019/12/03 19:37	https://github.com/google/kasan.git usb-fuzzer	1f22d15c	0ecb9746	.config	log	report	syz	C	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2019/11/16 14:11	https://github.com/google/kasan.git usb-fuzzer	46178223	cdac920b	.config	log	report	syz	C	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2019/11/15 07:04	https://github.com/google/kasan.git usb-fuzzer	3183c037	79248ee8	.config	log	report	syz	C	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2019/10/13 05:28	https://github.com/google/kasan.git usb-fuzzer	58d5f26a	426631dd	.config	log	report	syz	C	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2019/10/08 21:05	https://github.com/google/kasan.git usb-fuzzer	58d5f26a	b1ebbfef	.config	log	report	syz	C	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2019/09/26 22:21	https://github.com/google/kasan.git usb-fuzzer	2994c077	2f1548bc	.config	log	report	syz	C	gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/07/08 14:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	768a0741	5962a2dc	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/05/15 16:58	https://github.com/google/kasan.git usb-fuzzer	806d8acc	d7f9fffa	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/04/21 13:13	https://github.com/google/kasan.git usb-fuzzer	0fa84af8	f20434a8	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/04/12 11:56	https://github.com/google/kasan.git usb-fuzzer	0fa84af8	36b0b050	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/03/25 12:51	https://github.com/google/kasan.git usb-fuzzer	e17994d1	41f049cc	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/03/17 03:26	https://github.com/google/kasan.git usb-fuzzer	d6ff8147	749688d2	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/03/14 19:27	https://github.com/google/kasan.git usb-fuzzer	d6ff8147	749688d2	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2020/02/22 12:48	https://github.com/google/kasan.git usb-fuzzer	307a2623	2c36e7a7	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org
ci2-upstream-usb	2019/11/05 01:16	https://github.com/google/kasan.git usb-fuzzer	16bfd2ae	76630fc9	.config	log	report			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org