syzbot

 sign-in | mailing list | source | docs
🐞 Open [869] Subsystems 🐞 Fixed [4877] 🐞 Invalid [11656] Missing Backports [69] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: trying to register non-static key in rtl_c2hcmd_launcher

Status: fixed on 2019/08/05 13:45
Subsystems: usb wireless
[Documentation on labels]
Reported-by: syzbot+1fcc5ef45175fc774231@syzkaller.appspotmail.com
Fix commit: 6c0ed66f1a5b rtlwifi: rtl8192cu: fix error handle when usb probe failed
First crash: 1698d, last: 1589d
Discussions (12)
Title Replies (including bot) Last reply
[PATCH 5.2 000/413] 5.2.3-stable review 444 (444) 2019/08/05 12:40
[PATCH 4.14 000/293] 4.14.135-stable review 302 (302) 2019/07/31 09:35
[PATCH 4.19 000/271] 4.19.61-stable review 284 (284) 2019/07/27 10:51
[PATCH AUTOSEL 4.19 001/158] wil6210: fix potential out-of-bounds read 161 (161) 2019/07/26 18:07
[PATCH 5.1 000/371] 5.1.20-stable review 384 (384) 2019/07/26 12:24
[PATCH AUTOSEL 5.2 001/249] ath10k: Check tx_stats before use it 267 (267) 2019/07/24 03:35
[PATCH AUTOSEL 4.14 001/105] wil6210: fix potential out-of-bounds read 107 (107) 2019/07/22 00:40
[PATCH AUTOSEL 5.1 001/219] ath10k: Check tx_stats before use it 219 (219) 2019/07/15 14:03
Reminder: 12 open syzbot bugs in "net/wireless" subsystem 1 (1) 2019/06/25 05:51
[PATCH] rtlwifi: rtl8192cu: fix error handle when usb probe failed 3 (3) 2019/06/25 04:54
Reminder: 42 open syzbot bugs in usb subsystem 1 (1) 2019/06/25 03:44
INFO: trying to register non-static key in rtl_c2hcmd_launcher 1 (2) 2019/05/28 16:10

Sample crash report:
usb 1-1: New USB device strings: Mfr=255, Product=7, SerialNumber=4
rtl_usb: reg 0xf0, usbctrl_vendorreq TimeOut! status:0xffffffb9 value=0x0
rtl8192cu: Chip version 0x10
rtl_usb: reg 0xa, usbctrl_vendorreq TimeOut! status:0xffffffb9 value=0x0
rtl_usb: Too few input end points found
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 0 PID: 107 Comm: kworker/0:2 Not tainted 5.2.0-rc6+ #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xca/0x13e lib/dump_stack.c:113
 assign_lock_key kernel/locking/lockdep.c:775 [inline]
 register_lock_class+0x11ae/0x1240 kernel/locking/lockdep.c:1084
 __lock_acquire+0x11d/0x5340 kernel/locking/lockdep.c:3674
 lock_acquire+0x100/0x2b0 kernel/locking/lockdep.c:4303
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x32/0x50 kernel/locking/spinlock.c:159
 rtl_c2hcmd_launcher+0xcc/0x390 drivers/net/wireless/realtek/rtlwifi/base.c:2349
 rtl_deinit_core+0x20/0x2d0 drivers/net/wireless/realtek/rtlwifi/base.c:579
 rtl_usb_probe.cold+0x855/0xa65 drivers/net/wireless/realtek/rtlwifi/usb.c:1093
 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361
 really_probe+0x281/0x660 drivers/base/dd.c:509
 driver_probe_device+0x104/0x210 drivers/base/dd.c:670
 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:777
 bus_for_each_drv+0x15c/0x1e0 drivers/base/bus.c:454
 __device_attach+0x217/0x360 drivers/base/dd.c:843
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:514
 device_add+0xae6/0x16f0 drivers/base/core.c:2111
 usb_set_configuration+0xdf6/0x1670 drivers/usb/core/message.c:2023
 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210
 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266
 really_probe+0x281/0x660 drivers/base/dd.c:509
 driver_probe_device+0x104/0x210 drivers/base/dd.c:670
 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:777
 bus_for_each_drv+0x15c/0x1e0 drivers/base/bus.c:454
 __device_attach+0x217/0x360 drivers/base/dd.c:843
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:514
 device_add+0xae6/0x16f0 drivers/base/core.c:2111
 usb_new_device.cold+0x8c1/0x1016 drivers/usb/core/hub.c:2536
 hub_port_connect drivers/usb/core/hub.c:5098 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5213 [inline]
 port_event drivers/usb/core/hub.c:5359 [inline]
 hub_event+0x1b3d/0x35f0 drivers/usb/core/hub.c:5441
 process_one_work+0x905/0x1570 kernel/workqueue.c:2269
 worker_thread+0x96/0xe20 kernel/workqueue.c:2415
 kthread+0x30b/0x410 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 107 Comm: kworker/0:2 Not tainted 5.2.0-rc6+ #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:rtl_free_entries_from_scan_list drivers/net/wireless/realtek/rtlwifi/base.c:1938 [inline]
RIP: 0010:rtl_deinit_core+0x7f/0x2d0 drivers/net/wireless/realtek/rtlwifi/base.c:580
Code: 4c 89 f2 48 c1 ea 03 80 3c 02 00 0f 85 52 02 00 00 4d 8b bc 24 c8 c4 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 22 02 00 00 4d 39 f7 4d 8b 2f 4c 89 ff 0f 84 3d
RSP: 0018:ffff8881d425f1c8 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 1ffffffff0f5a286
RDX: 0000000000000000 RSI: ffffffff8303ce30 RDI: ffff8881cf6f0b68
RBP: ffff8881cf6f0b20 R08: ffff8881d4250000 R09: ffffed1039ede521
R10: ffffed1039ede520 R11: ffff8881cf6f2903 R12: ffff8881cf6f2560
R13: ffff8881d169c8a8 R14: ffff8881cf6fea28 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f574939b000 CR3: 00000001d2e57000 CR4: 00000000001406f0
Call Trace:
 rtl_usb_probe.cold+0x855/0xa65 drivers/net/wireless/realtek/rtlwifi/usb.c:1093
 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361
 really_probe+0x281/0x660 drivers/base/dd.c:509
 driver_probe_device+0x104/0x210 drivers/base/dd.c:670
 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:777
 bus_for_each_drv+0x15c/0x1e0 drivers/base/bus.c:454
 __device_attach+0x217/0x360 drivers/base/dd.c:843
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:514
 device_add+0xae6/0x16f0 drivers/base/core.c:2111
 usb_set_configuration+0xdf6/0x1670 drivers/usb/core/message.c:2023
 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210
 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266
 really_probe+0x281/0x660 drivers/base/dd.c:509
 driver_probe_device+0x104/0x210 drivers/base/dd.c:670
 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:777
 bus_for_each_drv+0x15c/0x1e0 drivers/base/bus.c:454
 __device_attach+0x217/0x360 drivers/base/dd.c:843
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:514
 device_add+0xae6/0x16f0 drivers/base/core.c:2111
 usb_new_device.cold+0x8c1/0x1016 drivers/usb/core/hub.c:2536
 hub_port_connect drivers/usb/core/hub.c:5098 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5213 [inline]
 port_event drivers/usb/core/hub.c:5359 [inline]
 hub_event+0x1b3d/0x35f0 drivers/usb/core/hub.c:5441
 process_one_work+0x905/0x1570 kernel/workqueue.c:2269
 worker_thread+0x96/0xe20 kernel/workqueue.c:2415
 kthread+0x30b/0x410 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace e2eb8f6f00726c42 ]---
RIP: 0010:rtl_free_entries_from_scan_list drivers/net/wireless/realtek/rtlwifi/base.c:1938 [inline]
RIP: 0010:rtl_deinit_core+0x7f/0x2d0 drivers/net/wireless/realtek/rtlwifi/base.c:580
Code: 4c 89 f2 48 c1 ea 03 80 3c 02 00 0f 85 52 02 00 00 4d 8b bc 24 c8 c4 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 22 02 00 00 4d 39 f7 4d 8b 2f 4c 89 ff 0f 84 3d
RSP: 0018:ffff8881d425f1c8 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 1ffffffff0f5a286
RDX: 0000000000000000 RSI: ffffffff8303ce30 RDI: ffff8881cf6f0b68
RBP: ffff8881cf6f0b20 R08: ffff8881d4250000 R09: ffffed1039ede521
R10: ffffed1039ede520 R11: ffff8881cf6f2903 R12: ffff8881cf6f2560
R13: ffff8881d169c8a8 R14: ffff8881cf6fea28 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f574939b000 CR3: 00000001d2e57000 CR4: 00000000001406f0

Crashes (48950):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/11 17:23 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 186a30b9 .config console log report syz C ci2-upstream-usb
2019/07/11 13:23 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 ff7bf04c .config console log report syz C ci2-upstream-usb
2019/07/10 19:22 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report syz C ci2-upstream-usb
2019/07/10 01:44 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report syz C ci2-upstream-usb
2019/07/09 16:04 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 f62e1e85 .config console log report syz C ci2-upstream-usb
2019/07/01 14:26 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 907bf746 .config console log report syz C ci2-upstream-usb
2019/06/28 18:37 https://github.com/google/kasan.git usb-fuzzer 7829a896a587 7509bf36 .config console log report syz C ci2-upstream-usb
2019/06/12 19:23 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f 794a1ad7 .config console log report syz C ci2-upstream-usb
2019/06/07 17:52 https://github.com/google/kasan.git usb-fuzzer 69bbe8c72e6f cf9c3a50 .config console log report syz C ci2-upstream-usb
2019/04/12 09:44 https://github.com/google/kasan.git usb-fuzzer 9a33b36996cb 8916f5e1 .config console log report syz C ci2-upstream-usb
2019/04/12 08:51 https://github.com/google/kasan.git usb-fuzzer 9a33b36996cb 8916f5e1 .config console log report syz C ci2-upstream-usb
2019/04/12 03:11 https://github.com/google/kasan.git usb-fuzzer 9a33b36996cb 8916f5e1 .config console log report syz C ci2-upstream-usb
2019/04/12 17:42 https://github.com/google/kasan.git usb-fuzzer 9a33b36996cb 4f421599 .config console log report syz ci2-upstream-usb
2019/07/29 13:13 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 12:39 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 12:11 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 11:29 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 11:06 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 10:32 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 10:02 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 09:12 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 08:27 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 07:51 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 07:07 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 06:22 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 05:42 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 05:10 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 04:23 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 03:33 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 02:44 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 02:08 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 01:19 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/29 00:35 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 23:45 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 23:04 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 22:24 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 21:38 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 20:51 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 20:13 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 20:08 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 19:07 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 18:16 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 17:46 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 16:59 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 16:12 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 15:23 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 14:31 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 13:43 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 12:54 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 12:13 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 11:13 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 10:47 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 10:08 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/07/28 09:15 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 c85e1c5b .config console log report ci2-upstream-usb
2019/04/11 17:04 https://github.com/google/kasan.git usb-fuzzer 9a33b36996cb 13030ef8 .config console log report ci2-upstream-usb
* Struck through repros no longer work on HEAD.