bisecting cause commit starting from bdc48fa11e46f867ea4d75fa59ee87a7f48be144
building syzkaller on a0331e89e036103c95eb898742ea5d5f28a987b0
testing commit bdc48fa11e46f867ea4d75fa59ee87a7f48be144 with gcc (GCC) 8.1.0
kernel signature: acf2d3c3d012c769de5e2a428f4d93533c3ec501e17e3da7f4210dd74c77a97c
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: d6740ab194d09b354e923f208de55e4e9ef704de2a61bffbcdd447deede3cb64
all runs: OK
# git bisect start bdc48fa11e46f867ea4d75fa59ee87a7f48be144 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 7541 revisions left to test after this (roughly 13 steps)
[50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.1.0
kernel signature: d7234369697a01b5cec994c610d64dfe1e6d5416d0d828b887584c088b19c629
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
# git bisect bad 50a5de895dbe5df947b3a695777db5b2c313e065
Bisecting: 4204 revisions left to test after this (roughly 12 steps)
[56a451b780676bc1cdac011735fe2869fa2e9abf] Merge tag 'ntb-5.7' of git://github.com/jonmason/ntb
testing commit 56a451b780676bc1cdac011735fe2869fa2e9abf with gcc (GCC) 8.1.0
kernel signature: 9c47c93168654deb16b7d754980d3f59b7e1d419e56916ad31ec910433663a1d
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
# git bisect bad 56a451b780676bc1cdac011735fe2869fa2e9abf
Bisecting: 1643 revisions left to test after this (roughly 11 steps)
[49835c15a55225e9b3ff9cc9317135b334ea2d49] Merge tag 'pm-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
testing commit 49835c15a55225e9b3ff9cc9317135b334ea2d49 with gcc (GCC) 8.1.0
kernel signature: 4dba141927d5b8fa9ebe4d8bb669b5b48f8dff18b3e4f9d39b671e0632377543
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
# git bisect bad 49835c15a55225e9b3ff9cc9317135b334ea2d49
Bisecting: 934 revisions left to test after this (roughly 10 steps)
[063d1942247668eb0bb800aef5afbbef337344be] Merge tag 'media/v5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
testing commit 063d1942247668eb0bb800aef5afbbef337344be with gcc (GCC) 8.1.0
kernel signature: 53e941866417d10bfcc58fe1bf4229aa14c2a8b7774f730407914f41eaf70451
all runs: OK
# git bisect good 063d1942247668eb0bb800aef5afbbef337344be
Bisecting: 516 revisions left to test after this (roughly 9 steps)
[e681bb287f40e7a9dbcb04cef80fd87a2511ab86] staging: vt6656: Use DIV_ROUND_UP macro instead of specific code
testing commit e681bb287f40e7a9dbcb04cef80fd87a2511ab86 with gcc (GCC) 8.1.0
kernel signature: 557c3380096a88f2e02dab3a6476787171a034bed2f6e7d4574e01e72676193d
all runs: OK
# git bisect good e681bb287f40e7a9dbcb04cef80fd87a2511ab86
Bisecting: 266 revisions left to test after this (roughly 8 steps)
[db34c5ffee649e2c4c870d1031a996398a187cf5] Merge tag 'usb-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
testing commit db34c5ffee649e2c4c870d1031a996398a187cf5 with gcc (GCC) 8.1.0
kernel signature: 531f148f18dbd05abce39f2667eaf18d39d63ca871988d75fdb42cac65ad6341
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
# git bisect bad db34c5ffee649e2c4c870d1031a996398a187cf5
Bisecting: 121 revisions left to test after this (roughly 7 steps)
[a8ab3e76297ea85d92f4ee0833bd469816a13ccf] Merge tag 'usb-for-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-next
testing commit a8ab3e76297ea85d92f4ee0833bd469816a13ccf with gcc (GCC) 8.1.0
kernel signature: 3a74d0dc065fa038980b26bdb4d00a86e506e84523ff009eb34a87faea507c6a
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
# git bisect bad a8ab3e76297ea85d92f4ee0833bd469816a13ccf
Bisecting: 63 revisions left to test after this (roughly 6 steps)
[d1c6a769cdf466053ae211789f2b0671c8a72331] usb: typec: mux: Allow the mux handles to be requested with fwnode
testing commit d1c6a769cdf466053ae211789f2b0671c8a72331 with gcc (GCC) 8.1.0
kernel signature: b08c2bc8332a379e740dedfa59c6bc801203a364c153bae88cba2f9e2a69154b
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good d1c6a769cdf466053ae211789f2b0671c8a72331
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[eeead847487f726fa177d0f4060c4f0816ad9cd9] usb: gadget: amd5536udc: fix spelling mistake "reserverd" -> "reserved"
testing commit eeead847487f726fa177d0f4060c4f0816ad9cd9 with gcc (GCC) 8.1.0
kernel signature: 35c333938bafabfa3e4b27893829e51f36673c00efa2d2ada75db76d1d40ddc1
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
# git bisect bad eeead847487f726fa177d0f4060c4f0816ad9cd9
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[3d157c28d2289edf0439e8308e8de3a06acaaf0e] doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
testing commit 3d157c28d2289edf0439e8308e8de3a06acaaf0e with gcc (GCC) 8.1.0
kernel signature: 9cf7999bb87c16cee78ee415f5e4cdb7a9277b7d5beb36f2f9324b9372b74a06
all runs: OK
# git bisect good 3d157c28d2289edf0439e8308e8de3a06acaaf0e
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[0227cc84c44417a29c8102e41db8ec2c11ebc6b2] usb: dwc3: core: don't do suspend for device mode if already suspended
testing commit 0227cc84c44417a29c8102e41db8ec2c11ebc6b2 with gcc (GCC) 8.1.0
kernel signature: 91f6cc4e6c9249903c6ab2108ca40fa576f2c418fccf4d8e18464c1db40a5e16
all runs: OK
# git bisect good 0227cc84c44417a29c8102e41db8ec2c11ebc6b2
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[95b18f28979e12539cc02f6ec4e2c776e8551f39] dt-bindings: usb: dwc2: add compatible property for rk3328 usb
testing commit 95b18f28979e12539cc02f6ec4e2c776e8551f39 with gcc (GCC) 8.1.0
kernel signature: 7ac2277abc5f14ffb1cbe573a82600ae04b299b527ef379db765ab6e9e2f9141
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
# git bisect bad 95b18f28979e12539cc02f6ec4e2c776e8551f39
Bisecting: 1 revision left to test after this (roughly 1 step)
[1a0808cb9e417170ed6ab97254cf319dc3e3c310] usb: dwc2: Implement set_selfpowered()
testing commit 1a0808cb9e417170ed6ab97254cf319dc3e3c310 with gcc (GCC) 8.1.0
kernel signature: fd48266270afc2ffcd0d9a44ea809f48f15b1851c4a7de67d0dbd2c0ecb15bb3
all runs: OK
# git bisect good 1a0808cb9e417170ed6ab97254cf319dc3e3c310
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10] usb: gadget: add raw-gadget interface
testing commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 with gcc (GCC) 8.1.0
kernel signature: b6eb17c98119d763c9ead4862b5a551848f01b83c308d9ebd1240a1531fa99f7
all runs: crashed: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
# git bisect bad f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 is the first bad commit
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date:   Mon Feb 24 17:13:03 2020 +0100

    usb: gadget: add raw-gadget interface
    
    USB Raw Gadget is a kernel module that provides a userspace interface for
    the USB Gadget subsystem. Essentially it allows to emulate USB devices
    from userspace. Enabled with CONFIG_USB_RAW_GADGET. Raw Gadget is
    currently a strictly debugging feature and shouldn't be used in
    production.
    
    Raw Gadget is similar to GadgetFS, but provides a more low-level and
    direct access to the USB Gadget layer for the userspace. The key
    differences are:
    
    1. Every USB request is passed to the userspace to get a response, while
       GadgetFS responds to some USB requests internally based on the provided
       descriptors. However note, that the UDC driver might respond to some
       requests on its own and never forward them to the Gadget layer.
    
    2. GadgetFS performs some sanity checks on the provided USB descriptors,
       while Raw Gadget allows you to provide arbitrary data as responses to
       USB requests.
    
    3. Raw Gadget provides a way to select a UDC device/driver to bind to,
       while GadgetFS currently binds to the first available UDC.
    
    4. Raw Gadget uses predictable endpoint names (handles) across different
       UDCs (as long as UDCs have enough endpoints of each required transfer
       type).
    
    5. Raw Gadget has ioctl-based interface instead of a filesystem-based one.
    
    Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
    Signed-off-by: Felipe Balbi <balbi@kernel.org>

 Documentation/usb/index.rst            |    1 +
 Documentation/usb/raw-gadget.rst       |   61 ++
 drivers/usb/gadget/legacy/Kconfig      |   11 +
 drivers/usb/gadget/legacy/Makefile     |    1 +
 drivers/usb/gadget/legacy/raw_gadget.c | 1078 ++++++++++++++++++++++++++++++++
 include/uapi/linux/usb/raw_gadget.h    |  167 +++++
 6 files changed, 1319 insertions(+)
 create mode 100644 Documentation/usb/raw-gadget.rst
 create mode 100644 drivers/usb/gadget/legacy/raw_gadget.c
 create mode 100644 include/uapi/linux/usb/raw_gadget.h
culprit signature: b6eb17c98119d763c9ead4862b5a551848f01b83c308d9ebd1240a1531fa99f7
parent  signature: fd48266270afc2ffcd0d9a44ea809f48f15b1851c4a7de67d0dbd2c0ecb15bb3
revisions tested: 16, total time: 3h28m10.826611407s (build: 1h44m55.888967263s, test: 1h42m10.046517183s)
first bad commit: f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 usb: gadget: add raw-gadget interface
cc: ["andreyknvl@google.com" "balbi@kernel.org" "gregkh@linuxfoundation.org"]
crash: WARNING in snd_usbmidi_submit_urb/usb_submit_urb
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 00000000000007dc R14: 00000000004cab2a R15: 00007fa0ed0b56d4
usb 2-1: usb_submit_urb: -12
------------[ cut here ]------------
URB 00000000af2f9962 submitted while active
WARNING: CPU: 1 PID: 9707 at drivers/usb/core/urb.c:363 usb_submit_urb+0xdde/0x1470 drivers/usb/core/urb.c:363
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9707 Comm: syz-executor.1 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x128/0x182 lib/dump_stack.c:118
 panic+0x22a/0x4e3 kernel/panic.c:221
 __warn.cold.10+0x25/0x26 kernel/panic.c:582
 report_bug+0x1ad/0x270 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0x123/0x210 arch/x86/kernel/traps.c:267
 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:usb_submit_urb+0xdde/0x1470 drivers/usb/core/urb.c:363
Code: 59 92 06 05 00 b8 f0 ff ff ff 0f 85 32 fe ff ff 48 89 de 48 c7 c7 20 69 e1 87 89 44 24 04 c6 05 39 92 06 05 01 e8 be e8 ae fc <0f> 0b 8b 44 24 04 e9 0d fe ff ff 41 be 01 00 00 00 e9 aa f8 ff ff
RSP: 0018:ffffc9000859f3a8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff888094e63900 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff8b6414a0
RBP: ffff888094e63900 R08: ffffed1015d26661 R09: ffffed1015d26661
R10: ffffed1015d26660 R11: ffff8880ae933307 R12: dffffc0000000000
R13: ffff8880a73ee030 R14: ffffed1012b11d80 R15: ffff88809588ec00
 snd_usbmidi_submit_urb+0xd/0x40 sound/usb/midi.c:194
 snd_usbmidi_input_start_ep sound/usb/midi.c:2294 [inline]
 snd_usbmidi_input_start.part.11+0xc5/0x270 sound/usb/midi.c:2310
 snd_usbmidi_input_start sound/usb/midi.c:1119 [inline]
 substream_open.isra.21+0x45e/0x750 sound/usb/midi.c:1119
 open_substream+0x3c1/0x7b0 sound/core/rawmidi.c:288
 rawmidi_open_priv+0x23e/0x6f0 sound/core/rawmidi.c:331
 snd_rawmidi_kernel_open+0x152/0x200 sound/core/rawmidi.c:371
 midisynth_subscribe+0xe5/0x2f0 sound/core/seq/seq_midi.c:170
 subscribe_port sound/core/seq/seq_ports.c:412 [inline]
 check_and_subscribe_port+0x45b/0x6d0 sound/core/seq/seq_ports.c:495
 snd_seq_port_connect+0x2c2/0x4b0 sound/core/seq/seq_ports.c:564
 snd_seq_ioctl_subscribe_port+0x1aa/0x2b0 sound/core/seq/seq_clientmgr.c:1484
 snd_seq_oss_midi_open+0x325/0x560 sound/core/seq/oss/seq_oss_midi.c:364
 snd_seq_oss_synth_setup_midi+0xf2/0x4c0 sound/core/seq/oss/seq_oss_synth.c:269
 snd_seq_oss_open+0x657/0x7b0 sound/core/seq/oss/seq_oss_init.c:261
 odev_open+0x5b/0x80 sound/core/seq/oss/seq_oss.c:125
 chrdev_open+0x1d8/0x4e0 fs/char_dev.c:414
 do_dentry_open+0x3e5/0x1010 fs/open.c:797
 do_last fs/namei.c:3490 [inline]
 path_openat+0x8b5/0x2aa0 fs/namei.c:3607
 do_filp_open+0x171/0x240 fs/namei.c:3637
 do_sys_openat2+0x2b9/0x480 fs/open.c:1149
 do_sys_open+0x85/0xd0 fs/open.c:1165
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa0ed0b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000004f8580 RCX: 000000000045ca69
RDX: 000000000000c006 RSI: 0000000020000040 RDI: ffffffffffffff9c
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 00000000000007dc R14: 00000000004cab2a R15: 00007fa0ed0b56d4
Kernel Offset: disabled
Rebooting in 86400 seconds..