bisecting cause commit starting from e37b12e4bb21e7c81732370b0a2b34bd196f380b building syzkaller on 04201c0669446145fd9c347c5538da0ca13ff29b testing commit e37b12e4bb21e7c81732370b0a2b34bd196f380b with gcc (GCC) 8.1.0 kernel signature: 50ccb9a3ac9cf0161b461bcefaae004416ab81b3f83ccb9d29ffc15f45b53e8f all runs: crashed: UBSAN: shift-out-of-bounds in dummy_hub_control testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0 kernel signature: f5760b2c445d15f5ece92b856df5a49be8c93d3d22f6cda3cb5ed85afe8f4ee1 all runs: crashed: UBSAN: shift-out-of-bounds in dummy_hub_control testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 48a44b356059ba46606be11d05f4af2fd4977ae6064a111f191a24ab366037c1 all runs: crashed: UBSAN: shift-out-of-bounds in dummy_hub_control testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 22aa95b7e7e6aea83bcbde6ee96bb510036c390ecb1edc1d673d8134021fdfef all runs: crashed: UBSAN: shift-out-of-bounds in dummy_hub_control testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: f5d9faac2087b090050e744a65f37f315c08f987da9cd1b89f915d62396835a7 all runs: crashed: UBSAN: shift-out-of-bounds in dummy_hub_control testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: c44a15efe9f4dddfd3265e3ee72039e8fedc8e1a971752bf1b7899bdd24b69bf all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 0965e741efe2c9a43f96ed4ce7756181094148b594e50125c1ef55585450eb5a all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: dc0e86cd1e84b0f0c4d2d664ac1a48c712bc8a201fcae8c2993a60e9b2ae998d all runs: OK # git bisect start d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 219d54332a09e8d8741c1e1982f5eae56099de85 Bisecting: 8639 revisions left to test after this (roughly 13 steps) [8c39f71ee2019e77ee14f88b1321b2348db51820] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 8c39f71ee2019e77ee14f88b1321b2348db51820 with gcc (GCC) 8.1.0 kernel signature: bde99b8de2457f59df85708aec92464c2fa26330fddee94b0c7bb90559528407 all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control # git bisect bad 8c39f71ee2019e77ee14f88b1321b2348db51820 Bisecting: 3435 revisions left to test after this (roughly 12 steps) [3b397c7ccafe0624018cb09fc96729f8f6165573] Merge tag 'regmap-v5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap testing commit 3b397c7ccafe0624018cb09fc96729f8f6165573 with gcc (GCC) 8.1.0 kernel signature: 9f14e9282b80aa5a519953da1fea8a15ce1b5d8299fae1a5b8cc01758d05dd79 all runs: OK # git bisect good 3b397c7ccafe0624018cb09fc96729f8f6165573 Bisecting: 1576 revisions left to test after this (roughly 11 steps) [89d57dddd7d319ded00415790a0bb3c954b7e386] Merge tag 'media/v5.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 89d57dddd7d319ded00415790a0bb3c954b7e386 with gcc (GCC) 8.1.0 kernel signature: f37068fbc199e41d78d221a5368dcd400d5ff0e9e09542b209c66f67e7d36221 all runs: OK # git bisect good 89d57dddd7d319ded00415790a0bb3c954b7e386 Bisecting: 738 revisions left to test after this (roughly 10 steps) [8f56e4ebe05c26c30e167519273843476e39e244] Merge tag 'char-misc-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 8f56e4ebe05c26c30e167519273843476e39e244 with gcc (GCC) 8.1.0 kernel signature: d9201bdae1d2781ee49eaeb68bbb3e89e4b57619efe105045321b174ead9ec21 all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control # git bisect bad 8f56e4ebe05c26c30e167519273843476e39e244 Bisecting: 438 revisions left to test after this (roughly 9 steps) [d76886972823ce456c0c61cd2284e85668e2131e] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit d76886972823ce456c0c61cd2284e85668e2131e with gcc (GCC) 8.1.0 kernel signature: a5da3335404eb5f8d5fe6eb92fdc43c07da168c5617875555165c70e515c3991 all runs: OK # git bisect good d76886972823ce456c0c61cd2284e85668e2131e Bisecting: 219 revisions left to test after this (roughly 8 steps) [65cc8bf99349f651a0a2cee69333525fe581f306] USB: documentation: flags on usb-storage versus UAS testing commit 65cc8bf99349f651a0a2cee69333525fe581f306 with gcc (GCC) 8.1.0 kernel signature: 5b63d5d2817e0dbe7909865b64059c50e9d4667c77490e959275772e04c9942e all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control # git bisect bad 65cc8bf99349f651a0a2cee69333525fe581f306 Bisecting: 109 revisions left to test after this (roughly 7 steps) [728fcd55e9ac3c7058949d78a443bedc7251b320] USB: legousbtower: drop redundant interrupt-in running flag testing commit 728fcd55e9ac3c7058949d78a443bedc7251b320 with gcc (GCC) 8.1.0 kernel signature: 23ff090d0310edef2a59a4f58250eaf5373175a655c565a5fd39e7bbccfc5969 all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control # git bisect bad 728fcd55e9ac3c7058949d78a443bedc7251b320 Bisecting: 54 revisions left to test after this (roughly 6 steps) [f48c0a4228af75b7e6027d9b6b9b6e7e6ae47dc3] dt-bindings: rcar-gen3-phy-usb3: Add r8a774b1 support testing commit f48c0a4228af75b7e6027d9b6b9b6e7e6ae47dc3 with gcc (GCC) 8.1.0 kernel signature: cf1aba0ec35a4d3cf10a6f6d1038343dcf0e7522160cd03b2d18158e91df4616 all runs: OK # git bisect good f48c0a4228af75b7e6027d9b6b9b6e7e6ae47dc3 Bisecting: 27 revisions left to test after this (roughly 5 steps) [8c127a42af89c39560a8c5bd5accadaaa5741f8c] usb: typec: Introduce typec_get_drvdata() testing commit 8c127a42af89c39560a8c5bd5accadaaa5741f8c with gcc (GCC) 8.1.0 kernel signature: 863db5a6b561ada101e47c9f194a2db08e95755211a6fd6befe36cf4eff4a982 all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control # git bisect bad 8c127a42af89c39560a8c5bd5accadaaa5741f8c Bisecting: 13 revisions left to test after this (roughly 4 steps) [c6919d5e0cd168a732034d8dc19fdc3dff683a2b] usb: roles: Add usb_role_switch_find_by_fwnode() testing commit c6919d5e0cd168a732034d8dc19fdc3dff683a2b with gcc (GCC) 8.1.0 kernel signature: 16bf99bb878500739674a25a0673b5fc3b9a269125a5e2aa21c8048f8e24c0ec all runs: OK # git bisect good c6919d5e0cd168a732034d8dc19fdc3dff683a2b Bisecting: 6 revisions left to test after this (roughly 3 steps) [cd7da3bc6c580e398e30349d88ff664113c9408e] usb: usb251xb: Add support for USB2422 testing commit cd7da3bc6c580e398e30349d88ff664113c9408e with gcc (GCC) 8.1.0 kernel signature: 5553a5af7a264a390ff9f40bf978f51b30cbf350a98ac8f4409b8ff5e3f85f04 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: can't ssh into the instance # git bisect good cd7da3bc6c580e398e30349d88ff664113c9408e Bisecting: 3 revisions left to test after this (roughly 2 steps) [a363d50515eb464a4e2aade12312cfdc1b156944] usb: host: fotg210: add missed clk_put calls testing commit a363d50515eb464a4e2aade12312cfdc1b156944 with gcc (GCC) 8.1.0 kernel signature: 28bbf1b5c9ce1d6c7eb770ca55d394b47deede9af88e0474c555744a2e89b2d3 all runs: OK # git bisect good a363d50515eb464a4e2aade12312cfdc1b156944 Bisecting: 1 revision left to test after this (roughly 1 step) [6dabeb891c001c592645df2f477fed9f5d959987] USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein testing commit 6dabeb891c001c592645df2f477fed9f5d959987 with gcc (GCC) 8.1.0 kernel signature: ab377ca066cf7634ad143195e5c229306e6cc8c65cbd3829e68098735d5d2bf6 all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control # git bisect bad 6dabeb891c001c592645df2f477fed9f5d959987 Bisecting: 0 revisions left to test after this (roughly 0 steps) [8442b02bf3c6770e0d7e7ea17be36c30e95987b6] USB: dummy-hcd: increase max number of devices to 32 testing commit 8442b02bf3c6770e0d7e7ea17be36c30e95987b6 with gcc (GCC) 8.1.0 kernel signature: a18f4bdbd6b85e5b440700a56259aad9154718419993fb2ccc42d0bd343fbaa2 all runs: crashed: UBSAN: undefined-behaviour in dummy_hub_control # git bisect bad 8442b02bf3c6770e0d7e7ea17be36c30e95987b6 8442b02bf3c6770e0d7e7ea17be36c30e95987b6 is the first bad commit commit 8442b02bf3c6770e0d7e7ea17be36c30e95987b6 Author: Andrey Konovalov Date: Mon Oct 21 16:20:58 2019 +0200 USB: dummy-hcd: increase max number of devices to 32 When fuzzing the USB subsystem with syzkaller, we currently use 8 testing processes within one VM. To isolate testing processes from one another it is desirable to assign a dedicated USB bus to each of those, which means we need at least 8 Dummy UDC/HCD devices. This patch increases the maximum number of Dummy UDC/HCD devices to 32 (more than 8 in case we need more of them in the future). Signed-off-by: Andrey Konovalov Link: https://lore.kernel.org/r/665578f904484069bb6100fb20283b22a046ad9b.1571667489.git.andreyknvl@google.com Signed-off-by: Greg Kroah-Hartman drivers/usb/gadget/udc/dummy_hcd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: a18f4bdbd6b85e5b440700a56259aad9154718419993fb2ccc42d0bd343fbaa2 parent signature: 28bbf1b5c9ce1d6c7eb770ca55d394b47deede9af88e0474c555744a2e89b2d3 revisions tested: 22, total time: 4h15m48.259781179s (build: 2h7m16.383483065s, test: 2h6m2.569596952s) first bad commit: 8442b02bf3c6770e0d7e7ea17be36c30e95987b6 USB: dummy-hcd: increase max number of devices to 32 recipients (to): ["andreyknvl@google.com" "balbi@kernel.org" "gregkh@linuxfoundation.org" "gregkh@linuxfoundation.org" "linux-usb@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: UBSAN: undefined-behaviour in dummy_hub_control ================================================================================ UBSAN: Undefined behaviour in drivers/usb/gadget/udc/dummy_hcd.c:2288:33 shift exponent 257 is too large for 32-bit type 'int' CPU: 0 PID: 10822 Comm: syz-executor.5 Not tainted 5.4.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x86/0xca lib/dump_stack.c:113 ubsan_epilogue+0xd/0x3a lib/ubsan.c:158 __ubsan_handle_shift_out_of_bounds.cold.13+0x21/0x68 lib/ubsan.c:404 dummy_hub_control.cold.8+0x1c/0xdd drivers/usb/gadget/udc/dummy_hcd.c:2288 rh_call_control drivers/usb/core/hcd.c:682 [inline] rh_urb_enqueue drivers/usb/core/hcd.c:841 [inline] usb_hcd_submit_urb+0x807/0x2150 drivers/usb/core/hcd.c:1548 usb_submit_urb+0xa65/0x1280 drivers/usb/core/urb.c:569 usb_start_wait_urb+0x106/0x500 drivers/usb/core/message.c:57 usb_internal_control_msg drivers/usb/core/message.c:101 [inline] usb_control_msg+0x331/0x570 drivers/usb/core/message.c:152 proc_control+0x2a9/0x5b0 drivers/usb/core/devio.c:1163 usbdev_do_ioctl+0x166c/0x3130 drivers/usb/core/devio.c:2523 usbdev_ioctl+0x9/0x10 drivers/usb/core/devio.c:2696 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0x196/0x1150 fs/ioctl.c:696 ksys_ioctl+0x62/0x90 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:718 do_syscall_64+0x93/0x4e0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45e149 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f7ba75edc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e149 RDX: 0000000020000000 RSI: 00000000c0185500 RDI: 0000000000000003 RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c R13: 00007ffe6d5c95bf R14: 00007f7ba75ee9c0 R15: 000000000119bf8c ================================================================================