syzbot

 sign-in | mailing list | source | docs
🐞 Open [815]
🐞 Fixed [75]
🐞 Invalid [975]
Missing Backports [122]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in smsusb_start_streaming/usb_submit_urb

Status: upstream: reported C repro on 2025/05/16 18:28
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+8152461df0aa6ce1b88e@syzkaller.appspotmail.com
First crash: 103d, last: 12d
Bug presence (1)
Date Name Commit Repro Result
2025/05/20 upstream (ToT) a5806cd506af C [report] WARNING in smsusb_start_streaming/usb_submit_urb
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 WARNING in smsusb_start_streaming/usb_submit_urb origin:upstream -1 C error 1 470d 502d 0/3 upstream: reported C repro on 2024/04/12 23:31
upstream WARNING in smsusb_start_streaming/usb_submit_urb usb media -1 C error inconclusive 173 10d 2199d 0/29 upstream: reported C repro on 2019/08/21 12:58
Last patch testing requests (3)
Created Duration User Patch Repo Result
2025/08/16 02:37 10m retest repro linux-5.15.y report log
2025/05/31 14:01 10m retest repro linux-5.15.y report log
2025/05/31 14:01 9m retest repro linux-5.15.y report log
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2025/08/01 21:56 1h44m bisect fix linux-5.15.y OK (0) job log log
2025/07/01 03:30 1h27m bisect fix linux-5.15.y OK (0) job log log

Sample crash report:
usb 1-1: Manufacturer: syz
usb 1-1: config 0 descriptor??
smsusb:smsusb_probe: board id=9, interface number 0
smsusb:siano_media_device_register: media controller created
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 21 at drivers/usb/core/urb.c:503 usb_submit_urb+0xc81/0x1980 drivers/usb/core/urb.c:502
Modules linked in:
CPU: 1 PID: 21 Comm: kworker/1:0 Not tainted 5.15.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xc81/0x1980 drivers/usb/core/urb.c:502
Code: 8a 4c 89 f0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 09 09 00 00 45 8b 06 48 c7 c7 40 60 a4 8a 48 89 ee 4c 89 e2 e8 2f 91 c7 03 <0f> 0b 44 8b 64 24 3c 8b 6c 24 30 44 0f b6 74 24 08 4c 89 f7 48 c7
RSP: 0018:ffffc90000db6bc0 EFLAGS: 00010246
RAX: 1754bbf64112cd00 RBX: ffff8880792ec030 RCX: ffff88813fe69dc0
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffffff8aa4c9c0 R08: dffffc0000000000 R09: fffff520001b6cdd
R10: fffff520001b6cdd R11: 1ffff920001b6cdc R12: ffff888024eaa438
R13: dffffc0000000000 R14: ffffffff8aa45e2c R15: ffff88807e6a10f8
FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc87d8fc48 CR3: 000000002a910000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 smsusb_submit_urb drivers/media/usb/siano/smsusb.c:173 [inline]
 smsusb_start_streaming+0x2d4/0x540 drivers/media/usb/siano/smsusb.c:197
 smsusb_init_device drivers/media/usb/siano/smsusb.c:472 [inline]
 smsusb_probe+0x1607/0x1d10 drivers/media/usb/siano/smsusb.c:569

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/16 20:03 linux-5.15.y 3b8db0e4f263 cfde8269 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING in smsusb_start_streaming/usb_submit_urb
2025/05/16 19:18 linux-5.15.y 3b8db0e4f263 cfde8269 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING in smsusb_start_streaming/usb_submit_urb
2025/05/16 18:28 linux-5.15.y 3b8db0e4f263 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan WARNING in smsusb_start_streaming/usb_submit_urb
* Struck through repros no longer work on HEAD.