bisecting cause commit starting from 051143e1602d90ea71887d92363edd539d411de5 building syzkaller on 9682898d6f14dd27f95c419d059fd867bb91b22b testing commit 051143e1602d90ea71887d92363edd539d411de5 with gcc (GCC) 8.1.0 kernel signature: 09e336747e4fdac3bd85971eb7ca685e527eaa69e937ada8609ed76dff89c87c all runs: crashed: WARNING in dlfb_submit_urb/usb_submit_urb testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 652026d4df3e92fc7271fb90d2cb1d7ef2774a2435e3f822ef2318a9d115436b all runs: OK # git bisect start 051143e1602d90ea71887d92363edd539d411de5 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7236 revisions left to test after this (roughly 13 steps) [f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm testing commit f365ab31efacb70bed1e821f7435626e0b2528a6 with gcc (GCC) 8.1.0 kernel signature: f1988b65663ed3e9c7d16360e63d10c4e8687124b1c290b8b50cd8361581684a run #0: boot failed: can't ssh into the instance run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6 Bisecting: 3542 revisions left to test after this (roughly 12 steps) [347619565197ae0e62a755efc4a80904d66fc0a1] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit 347619565197ae0e62a755efc4a80904d66fc0a1 with gcc (GCC) 8.1.0 kernel signature: cedbf59a96691e23ba1cb7582647747b6bba6e72a44f67d9adac2c99aa64e230 all runs: OK # git bisect good 347619565197ae0e62a755efc4a80904d66fc0a1 Bisecting: 1717 revisions left to test after this (roughly 11 steps) [c8372665b4b96d6a818b2693dd49236d5f9c8bc2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit c8372665b4b96d6a818b2693dd49236d5f9c8bc2 with gcc (GCC) 8.1.0 kernel signature: f9fe6281baa8fe89eb90cd6908e00e1b8bb9a357d5cd788550a3a30f9ffab8e3 all runs: OK # git bisect good c8372665b4b96d6a818b2693dd49236d5f9c8bc2 Bisecting: 853 revisions left to test after this (roughly 10 steps) [ed6889db63d24600e523ac28fbece33201906611] Merge tag 'dmaengine-fix-5.7-rc4' of git://git.infradead.org/users/vkoul/slave-dma testing commit ed6889db63d24600e523ac28fbece33201906611 with gcc (GCC) 8.1.0 kernel signature: e4a335205c32f9cbfe8efabcaf89f2f172e088f2b352ae191a27e3bf272e0766 all runs: OK # git bisect good ed6889db63d24600e523ac28fbece33201906611 Bisecting: 429 revisions left to test after this (roughly 9 steps) [8c1684bb81f173543599f1848c29a2a3b1ee5907] Merge tag 'for-linus-2020-05-13' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 8c1684bb81f173543599f1848c29a2a3b1ee5907 with gcc (GCC) 8.1.0 kernel signature: d3c57d8381762ea983764bc3b9119c313800b17228c4ba1d8bfccbc43dd403fd all runs: OK # git bisect good 8c1684bb81f173543599f1848c29a2a3b1ee5907 Bisecting: 224 revisions left to test after this (roughly 8 steps) [3d1c1e5931ce45b3a3f309385bbc00c78e9951c6] Merge tag 'block-5.7-2020-05-16' of git://git.kernel.dk/linux-block testing commit 3d1c1e5931ce45b3a3f309385bbc00c78e9951c6 with gcc (GCC) 8.1.0 kernel signature: ed65fb200be572c0f0aa32a864e96cee44dd4ad834538476957bc6c91c77b5f1 all runs: OK # git bisect good 3d1c1e5931ce45b3a3f309385bbc00c78e9951c6 Bisecting: 114 revisions left to test after this (roughly 7 steps) [b48397cb75ac17a5c6f99b3b41fab0ab1f879826] Merge branch 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace testing commit b48397cb75ac17a5c6f99b3b41fab0ab1f879826 with gcc (GCC) 8.1.0 kernel signature: 1438db7c15badcf535334d26a437161011d720749e820d1a987b3341ab30ada6 all runs: OK # git bisect good b48397cb75ac17a5c6f99b3b41fab0ab1f879826 Bisecting: 56 revisions left to test after this (roughly 6 steps) [97076ea41a093e67db20d0e40f728a054b799630] Merge tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux testing commit 97076ea41a093e67db20d0e40f728a054b799630 with gcc (GCC) 8.1.0 kernel signature: ab576d5975e77aa1971cf99cb2f22ddc70492a145eb4f780c2be1e9887783538 all runs: crashed: WARNING in dlfb_submit_urb/usb_submit_urb # git bisect bad 97076ea41a093e67db20d0e40f728a054b799630 Bisecting: 28 revisions left to test after this (roughly 5 steps) [fb27bc034df1e2c7930f606928b65aca652fed6a] Merge tag 'usb-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit fb27bc034df1e2c7930f606928b65aca652fed6a with gcc (GCC) 8.1.0 kernel signature: f52bf17743f224b37ec303c8ebe1da31ad8ef1c126263f78ed2bcf8c2268a295 all runs: crashed: WARNING in dlfb_submit_urb/usb_submit_urb # git bisect bad fb27bc034df1e2c7930f606928b65aca652fed6a Bisecting: 14 revisions left to test after this (roughly 4 steps) [5c4edcdbcd97fb3fb657898d0463afb84e4fbbb3] usb: typec: mux: intel: Fix DP_HPD_LVL bit field testing commit 5c4edcdbcd97fb3fb657898d0463afb84e4fbbb3 with gcc (GCC) 8.1.0 kernel signature: 4a20240cba3690031008da1e5d659afea9c7d1655c0d88935396ad6c8c16b9d2 all runs: OK # git bisect good 5c4edcdbcd97fb3fb657898d0463afb84e4fbbb3 Bisecting: 7 revisions left to test after this (roughly 3 steps) [6045dd7e5955f0175c9075f8ba80015369d6b201] usb: mtu3: constify struct debugfs_reg32 testing commit 6045dd7e5955f0175c9075f8ba80015369d6b201 with gcc (GCC) 8.1.0 kernel signature: cadb21d6677126dfbd5bb14f168ee2302669ebad1cc56e5c5dc0c619a3e1d99e all runs: crashed: WARNING in dlfb_submit_urb/usb_submit_urb # git bisect bad 6045dd7e5955f0175c9075f8ba80015369d6b201 Bisecting: 3 revisions left to test after this (roughly 2 steps) [c61769bd4777a922952aed0d042a2572e5bd9b74] usb: raw-gadget: support stalling/halting/wedging endpoints testing commit c61769bd4777a922952aed0d042a2572e5bd9b74 with gcc (GCC) 8.1.0 kernel signature: 0a9c885490cfa6d7e23376009d47aeb654504ce70f766a8ef0800b4f80bda0cd all runs: crashed: WARNING in dlfb_submit_urb/usb_submit_urb # git bisect bad c61769bd4777a922952aed0d042a2572e5bd9b74 Bisecting: 0 revisions left to test after this (roughly 1 step) [97df5e5758f7d1dd0ca97e3210696818fc45bdb3] usb: raw-gadget: fix gadget endpoint selection testing commit 97df5e5758f7d1dd0ca97e3210696818fc45bdb3 with gcc (GCC) 8.1.0 kernel signature: c8c0d9213e3fac76d96b816acc106385bbb47947fc30041fc69d9039120ec369 all runs: OK # git bisect good 97df5e5758f7d1dd0ca97e3210696818fc45bdb3 c61769bd4777a922952aed0d042a2572e5bd9b74 is the first bad commit commit c61769bd4777a922952aed0d042a2572e5bd9b74 Author: Andrey Konovalov Date: Thu May 7 19:06:57 2020 +0200 usb: raw-gadget: support stalling/halting/wedging endpoints Raw Gadget is currently unable to stall/halt/wedge gadget endpoints, which is required for proper emulation of certain USB classes. This patch adds a few more ioctls: - USB_RAW_IOCTL_EP0_STALL allows to stall control endpoint #0 when there's a pending setup request for it. - USB_RAW_IOCTL_SET/CLEAR_HALT/WEDGE allow to set/clear halt/wedge status on non-control non-isochronous endpoints. Fixes: f2c2e717642c ("usb: gadget: add raw-gadget interface") Signed-off-by: Andrey Konovalov Signed-off-by: Felipe Balbi Documentation/usb/raw-gadget.rst | 2 - drivers/usb/gadget/legacy/raw_gadget.c | 131 ++++++++++++++++++++++++++++++++- include/uapi/linux/usb/raw_gadget.h | 15 ++++ 3 files changed, 144 insertions(+), 4 deletions(-) culprit signature: 0a9c885490cfa6d7e23376009d47aeb654504ce70f766a8ef0800b4f80bda0cd parent signature: c8c0d9213e3fac76d96b816acc106385bbb47947fc30041fc69d9039120ec369 revisions tested: 15, total time: 3h38m52.936235596s (build: 1h32m1.942760794s, test: 2h5m41.997866113s) first bad commit: c61769bd4777a922952aed0d042a2572e5bd9b74 usb: raw-gadget: support stalling/halting/wedging endpoints cc: ["andreyknvl@google.com" "balbi@kernel.org" "corbet@lwn.net" "gregkh@linuxfoundation.org" "linux-doc@vger.kernel.org" "linux-kernel@vger.kernel.org" "linux-usb@vger.kernel.org"] crash: WARNING in dlfb_submit_urb/usb_submit_urb usb 4-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 4-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 2712 at drivers/usb/core/urb.c:479 usb_submit_urb+0xe9e/0x1470 drivers/usb/core/urb.c:478 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 2712 Comm: kworker/0:4 Not tainted 5.7.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.10+0x25/0x26 kernel/panic.c:582 report_bug+0x1ad/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:175 [inline] do_error_trap+0x123/0x210 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:usb_submit_urb+0xe9e/0x1470 drivers/usb/core/urb.c:478 Code: 48 89 c7 4c 89 54 24 10 89 4c 24 08 e8 bb 3f 65 ff 8b 4c 24 08 45 89 e8 4c 89 fa 48 89 c6 48 c7 c7 a0 53 03 88 e8 be 6c 9e fc <0f> 0b 4c 8b 54 24 10 e9 33 f6 ff ff 48 ba 00 00 00 00 00 fc ff df RSP: 0018:ffffc90007fcee98 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff888092861100 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff8b8dd0e0 RBP: ffff88809ea21000 R08: ffffed1015d066a9 R09: ffffed1015d066a9 R10: ffff8880ae833547 R11: ffffed1015d066a8 R12: 0000000000000003 R13: 0000000000000001 R14: 0000000000000001 R15: ffff8880a4667e40 dlfb_submit_urb+0x6c/0x140 drivers/video/fbdev/udlfb.c:1968 dlfb_set_video_mode+0x200f/0x2f90 drivers/video/fbdev/udlfb.c:315 dlfb_ops_set_par+0x272/0x8c0 drivers/video/fbdev/udlfb.c:1109 dlfb_usb_probe.cold.23+0xe6a/0x1a7a drivers/video/fbdev/udlfb.c:1731 usb_probe_interface+0x268/0x6c0 drivers/usb/core/driver.c:374 really_probe+0x1f9/0x5e0 drivers/base/dd.c:520 driver_probe_device+0xc9/0x1b0 drivers/base/dd.c:697 bus_for_each_drv+0x117/0x1a0 drivers/base/bus.c:431 __device_attach+0x1be/0x2c0 drivers/base/dd.c:870 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x1089/0x1a00 drivers/base/core.c:2538 usb_set_configuration+0xcc8/0x1640 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x61/0x90 drivers/usb/core/generic.c:241 usb_probe_device+0x91/0x160 drivers/usb/core/driver.c:272 really_probe+0x1f9/0x5e0 drivers/base/dd.c:520 driver_probe_device+0xc9/0x1b0 drivers/base/dd.c:697 bus_for_each_drv+0x117/0x1a0 drivers/base/bus.c:431 __device_attach+0x1be/0x2c0 drivers/base/dd.c:870 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x1089/0x1a00 drivers/base/core.c:2538 usb_new_device.cold.66+0x679/0xe85 drivers/usb/core/hub.c:2553 hub_port_connect drivers/usb/core/hub.c:5207 [inline] hub_port_connect_change drivers/usb/core/hub.c:5347 [inline] port_event drivers/usb/core/hub.c:5493 [inline] hub_event+0x15fe/0x2d60 drivers/usb/core/hub.c:5575 process_one_work+0x908/0x15d0 kernel/workqueue.c:2268 worker_thread+0x82/0xb50 kernel/workqueue.c:2414 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351 Kernel Offset: disabled Rebooting in 86400 seconds..