Hello, syzbot found the following issue on: HEAD commit: f868cd251776 Merge tag 'drm-fixes-2024-11-16' of https://g.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=175892c0580000 kernel config: https://syzkaller.appspot.com/x/.config?x=d2aeec8c0b2e420c dashboard link: https://syzkaller.appspot.com/bug?extid=e3ae1e7f4b88f3e696f5 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10edf1a7980000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10d892c0580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/50674231b58f/disk-f868cd25.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c6a8d7f6f69f/vmlinux-f868cd25.xz kernel image: https://storage.googleapis.com/syzbot-assets/5b4f3e883f4a/bzImage-f868cd25.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+e3ae1e7f4b88f3e696f5@xxxxxxxxxxxxxxxxxxxxxxxxx usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz usb 1-1: config 0 descriptor?? ------------[ cut here ]------------ URB ffff88802128ea00 submitted while active WARNING: CPU: 0 PID: 972 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1039/0x1930 drivers/usb/core/urb.c:379 Modules linked in: CPU: 0 UID: 0 PID: 972 Comm: kworker/0:2 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0x1039/0x1930 drivers/usb/core/urb.c:379 Code: 00 eb 66 e8 f9 b9 5b fa e9 79 f0 ff ff e8 ef b9 5b fa c6 05 4c a6 cd 08 01 90 48 c7 c7 80 21 b1 8c 4c 89 ee e8 48 b0 1c fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 c9 b9 5b fa eb 12 e8 c2 b9 5b fa 41 RSP: 0018:ffffc9000378ec50 EFLAGS: 00010246 RAX: 60687f36e4038100 RBX: 0000000000000cc0 RCX: ffff88802606bc00 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff88802128ea08 R08: ffffffff8155e312 R09: fffffbfff1cf9fd0 R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: ffff88802fb894a8 R13: ffff88802128ea00 R14: dffffc0000000000 R15: ffff88802fb89400 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005653c9143738 CR3: 0000000028d30000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> iguanair_send drivers/media/rc/iguanair.c:193 [inline] iguanair_get_features+0x1c8/0x7c0 drivers/media/rc/iguanair.c:218 iguanair_probe+0xb1c/0x1540 drivers/media/rc/iguanair.c:438 usb_probe_interface+0x645/0xbb0 drivers/usb/core/driver.c:399 really_probe+0x2b8/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:958 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:459 __device_attach+0x333/0x520 drivers/base/dd.c:1030 bus_probe_device+0x189/0x260 drivers/base/bus.c:534 device_add+0x856/0xbf0 drivers/base/core.c:3672 usb_set_configuration+0x1976/0x1fb0 drivers/usb/core/message.c:2210 usb_generic_driver_probe+0x88/0x140 drivers/usb/core/generic.c:254 usb_probe_device+0x1b8/0x380 drivers/usb/core/driver.c:294 really_probe+0x2b8/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:958 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:459 __device_attach+0x333/0x520 drivers/base/dd.c:1030 bus_probe_device+0x189/0x260 drivers/base/bus.c:534 device_add+0x856/0xbf0 drivers/base/core.c:3672 usb_new_device+0x104a/0x19a0 drivers/usb/core/hub.c:2651 hub_port_connect drivers/usb/core/hub.c:5521 [inline] hub_port_connect_change drivers/usb/core/hub.c:5661 [inline] port_event drivers/usb/core/hub.c:5821 [inline] hub_event+0x2d6d/0x5150 drivers/usb/core/hub.c:5903 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
