syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING: ODEBUG bug in rsi_probe

Status: fixed on 2020/02/18 14:31
Subsystems: usb wireless
[Documentation on labels]
Reported-by: syzbot+1d1597a5aa3679c65b9f@syzkaller.appspotmail.com
Fix commit: 92aafe77123a rsi: fix use-after-free on probe errors
First crash: 1833d, last: 1535d
Discussions (17)
Title Replies (including bot) Last reply
[PATCH 4.14 00/89] 4.14.170-stable review 93 (93) 2020/02/04 17:19
[PATCH 5.5 00/56] 5.5.1-stable review 66 (66) 2020/01/31 22:33
[PATCH 4.19 00/55] 4.19.101-stable review 66 (66) 2020/01/31 21:44
[PATCH 5.4 000/110] 5.4.17-stable review 116 (116) 2020/01/31 19:44
[PATCH 0/5] rsi: fix use-after-free, memleak and sleep-while-atomic 7 (7) 2019/12/18 18:57
WARNING: ODEBUG bug in rsi_probe 5 (10) 2019/11/29 11:27
KASAN: use-after-free Read in rsi_rx_done_handler 2 (3) 2019/11/28 17:12
KASAN: invalid-free in rsi_91x_deinit 3 (4) 2019/11/28 17:09
Reminder: 45 active syzbot reports in usb subsystem 1 (1) 2019/11/19 04:27
Reminder: 67 active syzbot reports in usb subsystem 1 (1) 2019/10/04 03:38
Reminder: 52 active syzbot reports in usb subsystem 4 (4) 2019/09/19 19:01
Reminder: 52 active syzbot reports in usb subsystem 1 (1) 2019/08/22 03:28
Reminder: 11 open syzbot bugs in "net/wireless" subsystem 1 (1) 2019/07/24 01:47
Reminder: 67 open syzbot bugs in usb subsystem 1 (1) 2019/07/24 01:35
Reminder: 47 open syzbot bugs in usb subsystem 1 (1) 2019/07/09 19:01
Reminder: 12 open syzbot bugs in "net/wireless" subsystem 1 (1) 2019/06/25 05:51
Reminder: 42 open syzbot bugs in usb subsystem 1 (1) 2019/06/25 03:44
Last patch testing requests (3)
Created Duration User Patch Repo Result
2019/11/29 10:41 33m johan@kernel.org patch https://github.com/google/kasan.git d34f9519 OK
2019/11/28 18:00 36m johan@kernel.org patch https://github.com/google/kasan.git da06441bb4 error OK
2019/11/28 17:34 0m johan@kernel.org patch https://github.com/google/kasan.git master error OK

Sample crash report:
usb 1-1: New USB device found, idVendor=1618, idProduct=9113, bcdDevice=19.d3
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
rsi_91x: rsi_probe: Initialized os intf ops
rsi_91x: rsi_usb_reg_read: Reg read failed with error code :-71
rsi_91x: rsi_hal_prepare_fwload: REGOUT read failed
rsi_91x: rsi_probe: Failed in device init
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: bl_cmd_timeout+0x0/0x40
WARNING: CPU: 1 PID: 83 at lib/debugobjects.c:481 debug_print_object+0x160/0x250 lib/debugobjects.c:481
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.5.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 panic+0x2aa/0x6e1 kernel/panic.c:221
 __warn.cold+0x2f/0x30 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 fixup_bug arch/x86/kernel/traps.c:169 [inline]
 do_error_trap+0x12b/0x1e0 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:debug_print_object+0x160/0x250 lib/debugobjects.c:481
Code: dd c0 0d fc 85 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd c0 0d fc 85 48 c7 c7 00 02 fc 85 e8 88 c3 2a ff <0f> 0b 83 05 eb b0 f8 05 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89
RSP: 0018:ffff8881d8b0f108 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81295a0d RDI: ffffed103b161e13
RBP: 0000000000000001 R08: ffff8881d8cb3100 R09: fffffbfff1269cae
R10: fffffbfff1269cad R11: ffffffff8934e56f R12: ffffffff871123e0
R13: ffffffff812f7470 R14: ffff8881cf92f250 R15: ffff8881d388b1c0
 __debug_check_no_obj_freed lib/debugobjects.c:963 [inline]
 debug_check_no_obj_freed+0x2df/0x443 lib/debugobjects.c:994
 slab_free_hook mm/slub.c:1422 [inline]
 slab_free_freelist_hook mm/slub.c:1458 [inline]
 slab_free mm/slub.c:3005 [inline]
 kfree+0x18a/0x300 mm/slub.c:3957
 rsi_probe+0xe71/0x1529 drivers/net/wireless/rsi/rsi_91x_sdio.c:1279
 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:361
 really_probe+0x290/0xad0 drivers/base/dd.c:548
 driver_probe_device+0x223/0x350 drivers/base/dd.c:721
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:828
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430
 __device_attach+0x217/0x390 drivers/base/dd.c:894
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490
 device_add+0x1459/0x1bf0 drivers/base/core.c:2487
 usb_set_configuration+0xe47/0x17d0 drivers/usb/core/message.c:2023
 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210
 usb_probe_device+0xaf/0x140 drivers/usb/core/driver.c:266
 really_probe+0x290/0xad0 drivers/base/dd.c:548
 driver_probe_device+0x223/0x350 drivers/base/dd.c:721
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:828
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430
 __device_attach+0x217/0x390 drivers/base/dd.c:894
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490
 device_add+0x1459/0x1bf0 drivers/base/core.c:2487
 usb_new_device.cold+0x540/0xcd0 drivers/usb/core/hub.c:2538
 hub_port_connect drivers/usb/core/hub.c:5185 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5325 [inline]
 port_event drivers/usb/core/hub.c:5471 [inline]
 hub_event+0x21cb/0x4300 drivers/usb/core/hub.c:5553
 process_one_work+0x945/0x15c0 kernel/workqueue.c:2264
 worker_thread+0x96/0xe20 kernel/workqueue.c:2410
 kthread+0x318/0x420 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (10487):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/26 06:08 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 f4e7270e .config console log report syz C ci2-upstream-usb
2020/01/23 12:03 https://github.com/google/kasan.git usb-fuzzer 4cc301ee04d9 3334d684 .config console log report syz C ci2-upstream-usb
2020/01/22 19:39 https://github.com/google/kasan.git usb-fuzzer 4cc301ee04d9 3334d684 .config console log report syz C ci2-upstream-usb
2019/12/19 19:40 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 36650b4b .config console log report syz C ci2-upstream-usb
2019/12/16 20:22 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb 0ae38e44 .config console log report syz C ci2-upstream-usb
2019/12/12 18:54 https://github.com/google/kasan.git usb-fuzzer 4cc037ecf2cb 08003f64 .config console log report syz C ci2-upstream-usb
2019/12/11 16:36 https://github.com/google/kasan.git usb-fuzzer a38cc9afab8a 0d368675 .config console log report syz C ci2-upstream-usb
2019/12/06 22:07 https://github.com/google/kasan.git usb-fuzzer 1f22d15c209f 85f26751 .config console log report syz C ci2-upstream-usb
2019/12/03 18:46 https://github.com/google/kasan.git usb-fuzzer 1f22d15c209f ab342da3 .config console log report syz C ci2-upstream-usb
2019/11/15 18:42 https://github.com/google/kasan.git usb-fuzzer 3183c03757f8 79248ee8 .config console log report syz C ci2-upstream-usb
2019/11/06 20:49 https://github.com/google/kasan.git usb-fuzzer d60bbfea36c1 da505f84 .config console log report syz C ci2-upstream-usb
2019/11/05 20:30 https://github.com/google/kasan.git usb-fuzzer b1aa9d834830 af5c522d .config console log report syz C ci2-upstream-usb
2019/11/05 19:02 https://github.com/google/kasan.git usb-fuzzer b1aa9d834830 af5c522d .config console log report syz C ci2-upstream-usb
2019/10/29 19:20 https://github.com/google/kasan.git usb-fuzzer ff6409a6ec35 5ea87a66 .config console log report syz C ci2-upstream-usb
2019/10/23 00:24 https://github.com/google/kasan.git usb-fuzzer 22be26f76193 4ee855e7 .config console log report syz C ci2-upstream-usb
2019/10/10 22:15 https://github.com/google/kasan.git usb-fuzzer 58d5f26a5584 1a3bad90 .config console log report syz C ci2-upstream-usb
2019/10/02 19:24 https://github.com/google/kasan.git usb-fuzzer 58d5f26a5584 2e29b534 .config console log report syz C ci2-upstream-usb
2019/09/26 19:02 https://github.com/google/kasan.git usb-fuzzer 2994c07743fe 24d405a3 .config console log report syz C ci2-upstream-usb
2019/09/20 21:53 https://github.com/google/kasan.git usb-fuzzer e0bd8d794fc9 d96e88f3 .config console log report syz C ci2-upstream-usb
2019/08/27 20:51 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 d21c5d9d .config console log report syz C ci2-upstream-usb
2019/08/27 19:20 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 d21c5d9d .config console log report syz C ci2-upstream-usb
2019/08/27 16:44 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 d21c5d9d .config console log report syz C ci2-upstream-usb
2019/08/27 15:17 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 d21c5d9d .config console log report syz C ci2-upstream-usb
2019/08/27 08:49 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 d21c5d9d .config console log report syz C ci2-upstream-usb
2019/08/26 17:06 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 d21c5d9d .config console log report syz C ci2-upstream-usb
2019/08/26 10:54 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 d21c5d9d .config console log report syz C ci2-upstream-usb
2019/08/23 19:54 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 78ded196 .config console log report syz C ci2-upstream-usb
2019/08/20 16:58 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 cfc9868f .config console log report syz C ci2-upstream-usb
2019/08/09 16:36 https://github.com/google/kasan.git usb-fuzzer e96407b49762 aff9e255 .config console log report syz C ci2-upstream-usb
2019/08/09 07:42 https://github.com/google/kasan.git usb-fuzzer e96407b49762 ede31a9b .config console log report syz C ci2-upstream-usb
2019/08/07 20:17 https://github.com/google/kasan.git usb-fuzzer e96407b49762 e6ebef88 .config console log report syz C ci2-upstream-usb
2019/07/23 01:02 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 55e0c077 .config console log report syz C ci2-upstream-usb
2019/07/11 18:26 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 186a30b9 .config console log report syz C ci2-upstream-usb
2019/07/11 16:21 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 186a30b9 .config console log report syz C ci2-upstream-usb
2019/07/10 20:27 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report syz C ci2-upstream-usb
2019/07/09 16:55 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report syz C ci2-upstream-usb
2019/07/01 20:14 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 907bf746 .config console log report syz C ci2-upstream-usb
2019/06/28 20:35 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report syz C ci2-upstream-usb
2019/06/28 14:31 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report syz C ci2-upstream-usb
2019/06/12 20:21 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 794a1ad7 .config console log report syz C ci2-upstream-usb
2019/04/19 23:53 https://github.com/google/kasan.git usb-fuzzer d34f9519daaa b0e8efcb .config console log report syz C ci2-upstream-usb
2019/04/12 21:31 https://github.com/google/kasan.git usb-fuzzer 9a33b36996cb 4f421599 .config console log report syz ci2-upstream-usb
2020/02/04 11:09 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/04 07:51 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/04 06:14 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/04 04:39 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/04 01:41 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 23:00 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 20:48 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 18:40 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 17:38 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 16:17 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 12:33 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 09:08 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 05:27 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 03:19 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/03 01:08 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/02 23:06 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/02 21:00 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/02 19:31 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/02 18:48 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/02 14:40 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/02 12:58 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 93e5e335 .config console log report ci2-upstream-usb
2020/02/02 10:19 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 2274ad39 .config console log report ci2-upstream-usb
2020/02/02 09:12 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 2274ad39 .config console log report ci2-upstream-usb
2020/02/02 07:40 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 2274ad39 .config console log report ci2-upstream-usb
2020/02/02 04:29 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 2274ad39 .config console log report ci2-upstream-usb
2020/02/02 03:22 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 2274ad39 .config console log report ci2-upstream-usb
2020/02/02 01:14 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 2274ad39 .config console log report ci2-upstream-usb
2020/02/02 00:07 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 2274ad39 .config console log report ci2-upstream-usb
2020/02/01 21:19 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 326d4c78 .config console log report ci2-upstream-usb
2020/02/01 19:16 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 326d4c78 .config console log report ci2-upstream-usb
2020/02/01 16:29 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 326d4c78 .config console log report ci2-upstream-usb
2020/02/01 15:19 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 326d4c78 .config console log report ci2-upstream-usb
2020/02/01 13:53 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 326d4c78 .config console log report ci2-upstream-usb
2020/02/01 12:48 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 326d4c78 .config console log report ci2-upstream-usb
2020/02/01 09:14 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 0eb59c27 .config console log report ci2-upstream-usb
2020/02/01 06:51 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 0eb59c27 .config console log report ci2-upstream-usb
2020/02/01 03:38 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 0eb59c27 .config console log report ci2-upstream-usb
2020/02/01 02:17 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 0eb59c27 .config console log report ci2-upstream-usb
2020/02/01 01:08 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 0eb59c27 .config console log report ci2-upstream-usb
2020/01/31 22:05 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 0eb59c27 .config console log report ci2-upstream-usb
2020/01/31 15:44 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config console log report ci2-upstream-usb
2020/01/31 13:53 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config console log report ci2-upstream-usb
2020/01/31 09:23 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config console log report ci2-upstream-usb
2020/01/31 04:54 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config console log report ci2-upstream-usb
2020/01/31 02:39 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config console log report ci2-upstream-usb
2020/01/31 01:32 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config console log report ci2-upstream-usb
2020/01/30 21:09 https://github.com/google/kasan.git usb-fuzzer cd234325a5f1 5ed23f9a .config console log report ci2-upstream-usb
* Struck through repros no longer work on HEAD.