syzbot

 sign-in | mailing list | source | docs
🐞 Open [1538]
Subsystems
🐞 Fixed [6444]
🐞 Invalid [16330]
Missing Backports [198]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in carl9170_usb_rx_complete

Status: upstream: reported C repro on 2025/06/06 17:24
Subsystems: wireless
[Documentation on labels]
Reported-by: syzbot+0d8afba53e8fb2633217@syzkaller.appspotmail.com
First crash: 49d, last: 17d
Discussions (4)
Title Replies (including bot) Last reply
[PATCH v2] wifi: carl9170: do not ping device which has failed to load firmware 3 (3) 2025/06/17 23:32
[syzbot] [wireless?] general protection fault in carl9170_usb_rx_complete 0 (3) 2025/06/16 17:42
[PATCH] wifi: carl9170: do not ping device which has failed to load firmware 3 (3) 2025/06/15 19:54
Re: [PATCH] wifi: carl9170: do not ping device which has failed to load firmware 2 (2) 2025/06/14 16:33
Last patch testing requests (5)
Created Duration User Patch Repo Result
2025/07/19 09:34 17m retest repro https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing OK log
2025/07/19 09:34 16m retest repro https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing OK log
2025/06/16 17:42 20m dmantipov@yandex.ru patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 44a5ab7a7958fbf190ae384b8ef252f23b840c1b OK log
2025/06/10 07:11 18m dmantipov@yandex.ru patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 report log
2025/06/07 00:00 1h48m hdanton@sina.com patch upstream OK log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]
CPU: 1 UID: 0 PID: 9031 Comm: kworker/1:1 Not tainted 6.16.0-rc2-syzkaller-00053-gcf16f408364e #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events legacy_dvb_usb_read_remote_control
RIP: 0010:__queue_work+0x9d/0x10f0 kernel/workqueue.c:2256
Code: 85 db 0f 84 ae 04 00 00 e8 50 80 34 00 49 8d 86 c0 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e8 0c 00 00 41 8b 9e c0 01 00
RSP: 0018:ffffc900001a8a48 EFLAGS: 00010002

RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90001202000
RDX: 0000000000000038 RSI: ffffffff81494c30 RDI: 0000000000000005
RBP: ffff88811c10bbd0 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000008
R13: 0000000000000000 R14: 0000000000000000 R15: 0100000000000002
FS:  0000000000000000(0000) GS:ffff888269264000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000000 CR3: 0000000134b02000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 queue_work_on+0x15f/0x1f0 kernel/workqueue.c:2392
 queue_work include/linux/workqueue.h:662 [inline]
 ieee80211_queue_work net/mac80211/util.c:906 [inline]
 ieee80211_queue_work+0x113/0x180 net/mac80211/util.c:899
 carl9170_usb_rx_complete+0x275/0x2b0 drivers/net/wireless/ath/carl9170/usb.c:448
 __usb_hcd_giveback_urb+0x38d/0x6e0 drivers/usb/core/hcd.c:1650
 usb_hcd_giveback_urb+0x39b/0x450 drivers/usb/core/hcd.c:1734
 dummy_timer+0x180e/0x3a20 drivers/usb/gadget/udc/dummy_hcd.c:1995
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1842
 handle_softirqs+0x205/0x8d0 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_flush_all+0x9a2/0xc60 kernel/printk/printk.c:3227
Code: 00 e8 b2 42 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 40 79 20 00 48 85 db 0f 85 55 01 00 00 e8 c2 7d 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 97 7b 7d
RSP: 0018:ffffc90012e87868 EFLAGS: 00000293
RAX: ffffffff895d4678 RBX: 0000000000000000 RCX: ffffffff815d4eb0
RDX: ffff888114380000 RSI: ffffffff815d4ebe RDI: 0000000000000007
RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff895d4678
R13: ffffffff895d4620 R14: ffffc90012e878f8 R15: dffffc0000000000
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xd8/0x210 kernel/printk/printk.c:3325
 vprintk_emit+0x418/0x6d0 kernel/printk/printk.c:2450
 _printk+0xc7/0x100 kernel/printk/printk.c:2475
 legacy_dvb_usb_read_remote_control+0x40b/0x4f0 drivers/media/usb/dvb-usb/dvb-usb-remote.c:124
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5b3/0x6c0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__queue_work+0x9d/0x10f0 kernel/workqueue.c:2256
Code: 85 db 0f 84 ae 04 00 00 e8 50 80 34 00 49 8d 86 c0 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e8 0c 00 00 41 8b 9e c0 01 00
RSP: 0018:ffffc900001a8a48 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90001202000
RDX: 0000000000000038 RSI: ffffffff81494c30 RDI: 0000000000000005
RBP: ffff88811c10bbd0 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000008
R13: 0000000000000000 R14: 0000000000000000 R15: 0100000000000002
FS:  0000000000000000(0000) GS:ffff888269264000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000000 CR3: 0000000134b02000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	85 db                	test   %ebx,%ebx
   2:	0f 84 ae 04 00 00    	je     0x4b6
   8:	e8 50 80 34 00       	call   0x34805d
   d:	49 8d 86 c0 01 00 00 	lea    0x1c0(%r14),%rax
  14:	48 89 c2             	mov    %rax,%rdx
  17:	48 89 44 24 10       	mov    %rax,0x10(%rsp)
  1c:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  23:	fc ff df
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	74 08                	je     0x3a
  32:	3c 03                	cmp    $0x3,%al
  34:	0f 8e e8 0c 00 00    	jle    0xd22
  3a:	41                   	rex.B
  3b:	8b                   	.byte 0x8b
  3c:	9e                   	sahf
  3d:	c0 01 00             	rolb   $0x0,(%rcx)

Crashes (586):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/05 05:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/05 03:25 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/05 02:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/05 01:10 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 23:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 22:56 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 20:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 17:40 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 14:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 12:19 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 10:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 09:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 08:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 05:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 03:11 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/04 01:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 23:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 22:08 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 76ad128c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 20:44 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 18:58 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 17:02 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 14:31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 13:08 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 11:42 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 08:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 07:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 06:16 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 05:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 04:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 02:38 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/03 00:38 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/02 22:38 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/02 19:46 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/02 14:51 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/02 13:11 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/02 09:29 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/02 08:08 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/02 06:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/02 01:31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 091a06cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/01 23:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 091a06cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/01 19:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 091a06cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/01 18:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing cf16f408364e 091a06cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/01 14:43 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7481a97c5f49 091a06cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/01 13:14 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7481a97c5f49 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/01 11:56 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7481a97c5f49 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/07/01 09:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7481a97c5f49 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/06/03 08:44 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 882826f58b2c a30356b7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
2025/06/03 02:58 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 882826f58b2c a30356b7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in carl9170_usb_rx_complete
* Struck through repros no longer work on HEAD.