syzbot


general protection fault in gigaset_probe

Status: fixed on 2020/02/14 01:19
Subsystems: staging usb
[Documentation on labels]
Reported-by: syzbot+35b1c403a14f5c89eba7@syzkaller.appspotmail.com
Fix commit: 53f35a39c386 staging: gigaset: fix general protection fault on probe
First crash: 1908d, last: 1789d
Discussions (12)
Title Replies (including bot) Last reply
[PATCH 3.16 000/245] 3.16.83-rc1 review 260 (260) 2020/04/24 17:54
[PATCH 4.9 000/199] 4.9.207-stable review 204 (204) 2019/12/20 18:47
[PATCH 4.4 000/162] 4.4.207-stable review 167 (167) 2019/12/20 18:47
[PATCH 5.4 000/177] 5.4.4-stable review 188 (188) 2019/12/17 18:48
[PATCH 5.3 000/180] 5.3.17-stable review 185 (185) 2019/12/17 18:19
[PATCH 4.19 000/140] 4.19.90-stable review 150 (150) 2019/12/17 18:18
[PATCH 4.14 000/267] 4.14.159-stable review 280 (280) 2019/12/17 18:18
[PATCH v2 0/3] staging: gigaset: fix crashes on probe 4 (4) 2019/12/02 08:56
[PATCH 0/4] staging: gigaset: fix crashes on probe 8 (8) 2019/11/29 14:23
Reminder: 45 active syzbot reports in usb subsystem 1 (1) 2019/11/19 04:27
[PATCH] isdn/gigaset: check endpoint null in gigaset_probe 4 (4) 2019/07/27 09:36
general protection fault in gigaset_probe 0 (1) 2019/07/25 12:18
Last patch testing requests (3)
Created Duration User Patch Repo Result
2019/07/26 13:05 16m tranmanphong@gmail.com patch https://github.com/google/kasan.git usb-fuzzer-usb-testing-2019.07.11 OK
2019/07/26 02:53 0m tranmanphong@gmail.com patch https://github.com/google/kasan.git usb-fuzzer-usb-testing-2019.07.11 error
2019/07/26 01:39 17m tranmanphong@gmail.com patch https://github.com/google/kasan.git usb-fuzzer-usb-testing-2019.07.11 OK

Sample crash report:
usb 1-1: new high-speed USB device number 2 using dummy_hcd
usb 1-1: New USB device found, idVendor=0681, idProduct=0009, bcdDevice=ed.98
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
usb 1-1: gigaset_probe: Device matched ... !
kcapi: controller [001]: usb_gigaset attached
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:gigaset_probe.cold+0x25d/0xd31 drivers/staging/isdn/gigaset/usb-gigaset.c:707
Code: e0 2a 80 3c 02 00 74 0a 48 8b 7c 24 08 e8 e7 1d e9 fc 4d 8b 6f 18 ba ff ff 37 00 48 c1 e2 2a 49 8d 7d 04 48 89 f8 48 c1 e8 03 <0f> b6 0c 10 49 8d 45 05 48 89 c6 48 c1 ee 03 0f b6 14 16 48 89 fe
RSP: 0018:ffff8881d89af2a0 EFLAGS: 00010247
RAX: 0000000000000000 RBX: ffff8881cfa04000 RCX: ffffffff81e0ea0d
RDX: dffffc0000000000 RSI: ffffffff834c66f6 RDI: 0000000000000004
RBP: ffff8881cfa030a0 R08: ffff8881d8c5c800 R09: ffffed103b135e3b
R10: ffffed103b135e3a R11: 0000000000000003 R12: ffff8881d203d180
R13: 0000000000000000 R14: ffff8881d5344000 R15: ffff8881d300df88
FS:  0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000018737d0 CR3: 00000001d15cf000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361
 really_probe+0x281/0x6d0 drivers/base/dd.c:548
 driver_probe_device+0x104/0x210 drivers/base/dd.c:721
 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430
 __device_attach+0x217/0x360 drivers/base/dd.c:894
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490
 device_add+0xae6/0x16f0 drivers/base/core.c:2202
 usb_set_configuration+0xdf6/0x1670 drivers/usb/core/message.c:2023
 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210
 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266
 really_probe+0x281/0x6d0 drivers/base/dd.c:548
 driver_probe_device+0x104/0x210 drivers/base/dd.c:721
 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430
 __device_attach+0x217/0x360 drivers/base/dd.c:894
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490
 device_add+0xae6/0x16f0 drivers/base/core.c:2202
 usb_new_device.cold+0x6a4/0xe79 drivers/usb/core/hub.c:2537
 hub_port_connect drivers/usb/core/hub.c:5184 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5324 [inline]
 port_event drivers/usb/core/hub.c:5470 [inline]
 hub_event+0x1df8/0x3800 drivers/usb/core/hub.c:5552
 ? rcu_read_lock_bh_held+0xb

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/08 19:09 https://github.com/google/kasan.git usb-fuzzer d60bbfea36c1 1e35461e .config console log report syz C ci2-upstream-usb
2019/07/25 10:20 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 32329ceb .config console log report syz C ci2-upstream-usb
2019/11/21 12:43 https://github.com/google/kasan.git usb-fuzzer da06441bb485 8098ea0f .config console log report ci2-upstream-usb
2019/11/15 20:19 https://github.com/google/kasan.git usb-fuzzer 3183c03757f8 79248ee8 .config console log report ci2-upstream-usb
2019/11/01 06:30 https://github.com/google/kasan.git usb-fuzzer ff6409a6ec35 a41ca8fa .config console log report ci2-upstream-usb
2019/07/25 10:08 https://github.com/google/kasan.git usb-fuzzer 6a3599ceaa39 32329ceb .config console log report ci2-upstream-usb
* Struck through repros no longer work on HEAD.