bisecting fixing commit since dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
building syzkaller on 214351e168def9426c79e1f65a93ddb112cee906
testing commit dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 66a6277e3fbc3ecce41d558ed1a44f1cadc70392c9d2977416f3b46f9d45bb32
run #0: crashed: BUG: corrupted list in usb_hcd_link_urb_to_ep
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
reproducer seems to be flaky
testing current HEAD 34af78c4e616c359ed428d79fe4758a35d2c5473
testing commit 34af78c4e616c359ed428d79fe4758a35d2c5473
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c134ffc3bfb140a9539995d5d723632e4f5f5bb8bef0784ec8952847aa146aa1
run #0: crashed: BUG: corrupted list in usb_hcd_link_urb_to_ep
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
Reproducer flagged being flaky
revisions tested: 2, total time: 23m38.368332752s (build: 11m56.178588316s, test: 11m13.239777921s)
the crash still happens on HEAD
commit msg: Merge tag 'iommu-updates-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
crash: BUG: corrupted list in usb_hcd_link_urb_to_ep
list_add double add: new=ffff888079a54b18, prev=ffff888079a54b18, next=ffff88807b4c6070.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:29!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 4870 Comm: syz-executor413 Tainted: G        W         5.17.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__list_add_valid.cold+0x26/0x3c lib/list_debug.c:29
Code: 3c 22 3a fb 4c 89 e1 48 c7 c7 a0 1e 41 89 e8 1b ce f1 ff 0f 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 e0 1f 41 89 e8 04 ce f1 ff <0f> 0b 48 89 f1 48 c7 c7 60 1f 41 89 4c 89 e6 e8 f0 cd f1 ff 0f 0b
RSP: 0018:ffffc9000324f478 EFLAGS: 00010086
RAX: 0000000000000058 RBX: ffff888079a54b00 RCX: 0000000000000000
RDX: 0000000000000005 RSI: ffffffff89411da0 RDI: fffff52000649e82
RBP: ffff888079a54b18 R08: 0000000000000058 R09: ffff8880b9e34187
R10: ffffed10173c6830 R11: 0000000000000007 R12: ffff88807b4c6070
R13: 0000000000000000 R14: ffff888079a54b18 R15: ffff88807b4c6078
FS:  00007f875e28a700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffea017038 CR3: 00000000193a4000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __list_add include/linux/list.h:69 [inline]
 list_add_tail include/linux/list.h:102 [inline]
 usb_hcd_link_urb_to_ep+0x1c4/0x330 drivers/usb/core/hcd.c:1181
 dummy_urb_enqueue+0x221/0x7a0 drivers/usb/gadget/udc/dummy_hcd.c:1284
 usb_hcd_submit_urb+0x276/0x1f80 drivers/usb/core/hcd.c:1555
 cm109_submit_buzz_toggle+0xbd/0x100 drivers/input/misc/cm109.c:351
 cm109_toggle_buzzer_async drivers/input/misc/cm109.c:487 [inline]
 cm109_input_ev+0x16d/0x1b0 drivers/input/misc/cm109.c:624
 input_handle_event+0x2a4/0x1160 drivers/input/input.c:381
 input_inject_event+0x201/0x220 drivers/input/input.c:476
 kd_sound_helper+0xeb/0x1f0 drivers/tty/vt/keyboard.c:256
 input_handler_for_each_handle+0xab/0x180 drivers/input/input.c:2468
 kd_mksound+0x81/0x100 drivers/tty/vt/keyboard.c:280
 do_con_trol+0x742/0x4dd0 drivers/tty/vt/vt.c:2177
 do_con_write+0x41f/0x19a0 drivers/tty/vt/vt.c:2951
 con_write+0xb/0x20 drivers/tty/vt/vt.c:3295
 process_output_block drivers/tty/n_tty.c:581 [inline]
 n_tty_write+0x34d/0xff0 drivers/tty/n_tty.c:2248
 do_tty_write drivers/tty/tty_io.c:1024 [inline]
 file_tty_write.constprop.0+0x447/0x7d0 drivers/tty/tty_io.c:1095
 call_write_iter include/linux/fs.h:2081 [inline]
 new_sync_write+0x368/0x600 fs/read_write.c:504
 vfs_write+0x610/0x900 fs/read_write.c:591
 ksys_write+0xf4/0x1d0 fs/read_write.c:644
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f875e2ea529
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f875e28a318 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f875e36e248 RCX: 00007f875e2ea529
RDX: 0000000000000078 RSI: 0000000020000180 RDI: 0000000000000004
RBP: 00007f875e36e240 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f875e334a08
R13: 00007fffea016fdf R14: 00007f875e28a400 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_add_valid.cold+0x26/0x3c lib/list_debug.c:29
Code: 3c 22 3a fb 4c 89 e1 48 c7 c7 a0 1e 41 89 e8 1b ce f1 ff 0f 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 e0 1f 41 89 e8 04 ce f1 ff <0f> 0b 48 89 f1 48 c7 c7 60 1f 41 89 4c 89 e6 e8 f0 cd f1 ff 0f 0b
RSP: 0018:ffffc9000324f478 EFLAGS: 00010086
RAX: 0000000000000058 RBX: ffff888079a54b00 RCX: 0000000000000000
RDX: 0000000000000005 RSI: ffffffff89411da0 RDI: fffff52000649e82
RBP: ffff888079a54b18 R08: 0000000000000058 R09: ffff8880b9e34187
R10: ffffed10173c6830 R11: 0000000000000007 R12: ffff88807b4c6070
R13: 0000000000000000 R14: ffff888079a54b18 R15: ffff88807b4c6078
FS:  00007f875e28a700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffea017038 CR3: 00000000193a4000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400