bisecting cause commit starting from f40ddce88593482919761f74910f42f4b84c004b building syzkaller on 14052202e8d8d0bb407512b6861e9085f9171241 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: 401ae697250340a8f19fafbe34755b1004207c8f3a328d8b50087c42f968b433 all runs: crashed: WARNING in __usbhid_submit_report testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: ab71b74ae43b8e01293cb6979afead33d9008edddcb466f6d56f0f23bb6fe207 all runs: crashed: WARNING in __usbhid_submit_report testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217 kernel signature: a101d649bf0962eb896349f53f42525108b593f186d2cd8f9a781778a3990b4a all runs: crashed: WARNING in __usbhid_submit_report testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217 kernel signature: c3faff30c5f5505242b19b31fedfebb792b2b6db3ca15c5100cee4b3da2ac1e3 all runs: crashed: WARNING in usbhid_submit_report testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217 kernel signature: 3904fdeb990b0e70b8bda8efd10815e1863a3601695796bfbb63af277701bb1b all runs: crashed: WARNING in usbhid_submit_report testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.4.1 20210217 kernel signature: 589b17bb836575ebde53035ba6933173a07823dbf21cd598cf3fcca3079e81a6 all runs: OK # git bisect start 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7542 revisions left to test after this (roughly 13 steps) [50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.4.1 20210217 kernel signature: 3d38cefefd0be2f24ee59cd992d940856a323cfc59f979453f24b25b357b6ae4 all runs: crashed: WARNING in usbhid_submit_report # git bisect bad 50a5de895dbe5df947b3a695777db5b2c313e065 Bisecting: 4204 revisions left to test after this (roughly 12 steps) [56a451b780676bc1cdac011735fe2869fa2e9abf] Merge tag 'ntb-5.7' of git://github.com/jonmason/ntb testing commit 56a451b780676bc1cdac011735fe2869fa2e9abf with gcc (GCC) 8.4.1 20210217 kernel signature: f0921097f80205d68cdaedfcb9d3025254976a27e5ea320172f05ae42abaf996 all runs: crashed: WARNING in usbhid_submit_report # git bisect bad 56a451b780676bc1cdac011735fe2869fa2e9abf Bisecting: 1643 revisions left to test after this (roughly 11 steps) [49835c15a55225e9b3ff9cc9317135b334ea2d49] Merge tag 'pm-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit 49835c15a55225e9b3ff9cc9317135b334ea2d49 with gcc (GCC) 8.4.1 20210217 kernel signature: 0cdcca673bd4081c6734d70a1982291c28dee2f4f0fbc56ca9c74139f294d127 all runs: crashed: WARNING in usbhid_submit_report # git bisect bad 49835c15a55225e9b3ff9cc9317135b334ea2d49 Bisecting: 934 revisions left to test after this (roughly 10 steps) [063d1942247668eb0bb800aef5afbbef337344be] Merge tag 'media/v5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 063d1942247668eb0bb800aef5afbbef337344be with gcc (GCC) 8.4.1 20210217 kernel signature: fbe042cecd356fedfe5f2dfb1740ec7e6885055bd6cdb3a940b8d19fd5b91531 all runs: OK # git bisect good 063d1942247668eb0bb800aef5afbbef337344be Bisecting: 516 revisions left to test after this (roughly 9 steps) [e681bb287f40e7a9dbcb04cef80fd87a2511ab86] staging: vt6656: Use DIV_ROUND_UP macro instead of specific code testing commit e681bb287f40e7a9dbcb04cef80fd87a2511ab86 with gcc (GCC) 8.4.1 20210217 kernel signature: 681e80cd3deeb7aed6098f1c6195f80e2d4d8c0fc9fb7489c3bd4daf208a3515 all runs: OK # git bisect good e681bb287f40e7a9dbcb04cef80fd87a2511ab86 Bisecting: 266 revisions left to test after this (roughly 8 steps) [db34c5ffee649e2c4c870d1031a996398a187cf5] Merge tag 'usb-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit db34c5ffee649e2c4c870d1031a996398a187cf5 with gcc (GCC) 8.4.1 20210217 kernel signature: f4ff1a32b51d9db8012aeb687ed373a0595265e2cdc2170053b6d5adcc52760b all runs: crashed: WARNING in usbhid_submit_report # git bisect bad db34c5ffee649e2c4c870d1031a996398a187cf5 Bisecting: 121 revisions left to test after this (roughly 7 steps) [a8ab3e76297ea85d92f4ee0833bd469816a13ccf] Merge tag 'usb-for-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-next testing commit a8ab3e76297ea85d92f4ee0833bd469816a13ccf with gcc (GCC) 8.4.1 20210217 kernel signature: 488c461a14c17f47f619ff15ebf5772f4cfb8520e244b3e01a0d98e2676313b6 all runs: crashed: WARNING in usbhid_submit_report # git bisect bad a8ab3e76297ea85d92f4ee0833bd469816a13ccf Bisecting: 63 revisions left to test after this (roughly 6 steps) [d1c6a769cdf466053ae211789f2b0671c8a72331] usb: typec: mux: Allow the mux handles to be requested with fwnode testing commit d1c6a769cdf466053ae211789f2b0671c8a72331 with gcc (GCC) 8.4.1 20210217 kernel signature: 43856247d34684db32af930011bb919b182f6d5b46d848962da3f1cae26734c0 all runs: OK # git bisect good d1c6a769cdf466053ae211789f2b0671c8a72331 Bisecting: 31 revisions left to test after this (roughly 5 steps) [eeead847487f726fa177d0f4060c4f0816ad9cd9] usb: gadget: amd5536udc: fix spelling mistake "reserverd" -> "reserved" testing commit eeead847487f726fa177d0f4060c4f0816ad9cd9 with gcc (GCC) 8.4.1 20210217 kernel signature: b4d7c64f00598c882b87cb1d3e1b062d6f8527c5e57de88dd391958906f88f3a all runs: crashed: WARNING in usbhid_submit_report # git bisect bad eeead847487f726fa177d0f4060c4f0816ad9cd9 Bisecting: 15 revisions left to test after this (roughly 4 steps) [3d157c28d2289edf0439e8308e8de3a06acaaf0e] doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode testing commit 3d157c28d2289edf0439e8308e8de3a06acaaf0e with gcc (GCC) 8.4.1 20210217 kernel signature: 999ad651e18263c34f9a376fbdd8ca934b731ec5d0db535b68fef7a017ed0687 all runs: OK # git bisect good 3d157c28d2289edf0439e8308e8de3a06acaaf0e Bisecting: 7 revisions left to test after this (roughly 3 steps) [0227cc84c44417a29c8102e41db8ec2c11ebc6b2] usb: dwc3: core: don't do suspend for device mode if already suspended testing commit 0227cc84c44417a29c8102e41db8ec2c11ebc6b2 with gcc (GCC) 8.4.1 20210217 kernel signature: 191fdd7204fffec9ffb7226639637c31ad5914fa0bad8b3263e26f42ad74052f run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: can't ssh into the instance # git bisect good 0227cc84c44417a29c8102e41db8ec2c11ebc6b2 Bisecting: 3 revisions left to test after this (roughly 2 steps) [95b18f28979e12539cc02f6ec4e2c776e8551f39] dt-bindings: usb: dwc2: add compatible property for rk3328 usb testing commit 95b18f28979e12539cc02f6ec4e2c776e8551f39 with gcc (GCC) 8.4.1 20210217 kernel signature: ed085430a6adb2f348ad5b79f725479a4e3ec6552a8afc367478e308f0791d58 all runs: crashed: WARNING in usbhid_submit_report # git bisect bad 95b18f28979e12539cc02f6ec4e2c776e8551f39 Bisecting: 1 revision left to test after this (roughly 1 step) [1a0808cb9e417170ed6ab97254cf319dc3e3c310] usb: dwc2: Implement set_selfpowered() testing commit 1a0808cb9e417170ed6ab97254cf319dc3e3c310 with gcc (GCC) 8.4.1 20210217 kernel signature: 191fdd7204fffec9ffb7226639637c31ad5914fa0bad8b3263e26f42ad74052f all runs: OK # git bisect good 1a0808cb9e417170ed6ab97254cf319dc3e3c310 Bisecting: 0 revisions left to test after this (roughly 0 steps) [f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10] usb: gadget: add raw-gadget interface testing commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 with gcc (GCC) 8.4.1 20210217 kernel signature: ed085430a6adb2f348ad5b79f725479a4e3ec6552a8afc367478e308f0791d58 all runs: crashed: WARNING in usbhid_submit_report # git bisect bad f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 is the first bad commit commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 Author: Andrey Konovalov Date: Mon Feb 24 17:13:03 2020 +0100 usb: gadget: add raw-gadget interface USB Raw Gadget is a kernel module that provides a userspace interface for the USB Gadget subsystem. Essentially it allows to emulate USB devices from userspace. Enabled with CONFIG_USB_RAW_GADGET. Raw Gadget is currently a strictly debugging feature and shouldn't be used in production. Raw Gadget is similar to GadgetFS, but provides a more low-level and direct access to the USB Gadget layer for the userspace. The key differences are: 1. Every USB request is passed to the userspace to get a response, while GadgetFS responds to some USB requests internally based on the provided descriptors. However note, that the UDC driver might respond to some requests on its own and never forward them to the Gadget layer. 2. GadgetFS performs some sanity checks on the provided USB descriptors, while Raw Gadget allows you to provide arbitrary data as responses to USB requests. 3. Raw Gadget provides a way to select a UDC device/driver to bind to, while GadgetFS currently binds to the first available UDC. 4. Raw Gadget uses predictable endpoint names (handles) across different UDCs (as long as UDCs have enough endpoints of each required transfer type). 5. Raw Gadget has ioctl-based interface instead of a filesystem-based one. Reviewed-by: Greg Kroah-Hartman Signed-off-by: Andrey Konovalov Signed-off-by: Felipe Balbi Documentation/usb/index.rst | 1 + Documentation/usb/raw-gadget.rst | 61 ++ drivers/usb/gadget/legacy/Kconfig | 11 + drivers/usb/gadget/legacy/Makefile | 1 + drivers/usb/gadget/legacy/raw_gadget.c | 1078 ++++++++++++++++++++++++++++++++ include/uapi/linux/usb/raw_gadget.h | 167 +++++ 6 files changed, 1319 insertions(+) create mode 100644 Documentation/usb/raw-gadget.rst create mode 100644 drivers/usb/gadget/legacy/raw_gadget.c create mode 100644 include/uapi/linux/usb/raw_gadget.h culprit signature: ed085430a6adb2f348ad5b79f725479a4e3ec6552a8afc367478e308f0791d58 parent signature: 191fdd7204fffec9ffb7226639637c31ad5914fa0bad8b3263e26f42ad74052f revisions tested: 20, total time: 4h6m1.214620454s (build: 2h22m13.047806234s, test: 1h41m50.779337033s) first bad commit: f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 usb: gadget: add raw-gadget interface recipients (to): ["andreyknvl@google.com" "balbi@kernel.org" "gregkh@linuxfoundation.org"] recipients (cc): [] crash: WARNING in usbhid_submit_report ------------[ cut here ]------------ WARNING: CPU: 0 PID: 10877 at mm/page_alloc.c:4713 __alloc_pages_nodemask+0x58d/0x830 mm/page_alloc.c:4713 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 10877 Comm: syz-executor.3 Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x96/0xe0 lib/dump_stack.c:118 panic+0x2a1/0x52a kernel/panic.c:221 __warn.cold.10+0x25/0x2f kernel/panic.c:582 report_bug+0x1aa/0x260 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] fixup_bug arch/x86/kernel/traps.c:169 [inline] do_error_trap+0x12d/0x1e0 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:__alloc_pages_nodemask+0x58d/0x830 mm/page_alloc.c:4713 Code: 7e 0f 85 81 fd ff ff e8 fc e2 67 ff e9 77 fd ff ff 48 89 cf e8 e4 2a f4 ff e9 65 fc ff ff 81 e7 00 20 00 00 0f 85 3c fe ff ff <0f> 0b e9 35 fe ff ff 0f 0b 48 c7 c7 a0 05 46 8a e8 be 3a f5 01 0f RSP: 0018:ffffc9000a1cfba8 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff8880962dc000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000012 RDI: 0000000000000000 RBP: 1ffff92001439f79 R08: dffffc0000000000 R09: ffff8880962dd840 R10: 0000000000000001 R11: ffff8880962de8c7 R12: 0000000020000007 R13: 0000000000000012 R14: 0000000000000000 R15: 0000000000000012 alloc_pages include/linux/gfp.h:532 [inline] kmalloc_order+0x21/0xc0 mm/slab_common.c:1324 kmalloc_order_trace+0x18/0x150 mm/slab_common.c:1340 __usbhid_submit_report drivers/hid/usbhid/hid-core.c:588 [inline] usbhid_submit_report+0x4d7/0xdc0 drivers/hid/usbhid/hid-core.c:638 hid_hw_request include/linux/hid.h:1053 [inline] hiddev_ioctl+0x34a/0x13d0 drivers/hid/usbhid/hiddev.c:722 vfs_ioctl fs/ioctl.c:47 [inline] ksys_ioctl+0xb8/0x110 fs/ioctl.c:763 __do_sys_ioctl fs/ioctl.c:772 [inline] __se_sys_ioctl fs/ioctl.c:770 [inline] __x64_sys_ioctl+0x6a/0xb0 fs/ioctl.c:770 do_syscall_64+0x8e/0x4f0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465d99 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fcd8894c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465d99 RDX: 0000000020000080 RSI: 00000000400c4808 RDI: 0000000000000004 RBP: 00000000004bcf27 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffd464b2c4f R14: 00007fcd8894c300 R15: 0000000000022000 Kernel Offset: disabled Rebooting in 86400 seconds..