syzbot


general protection fault in xpad_probe

Status: fixed on 2023/06/08 14:41
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+a3f758b8d8cb7e49afec@syzkaller.appspotmail.com
Fix commit: 53bea86b5712 Revert "Input: xpad - fix support for some third-party controllers"
First crash: 551d, last: 522d
Cause bisection: introduced by (bisect log) :
commit db7220c48d8d71476f881a7ae1285e1df4105409
Author: Vicki Pfau <vi@endrift.com>
Date: Fri Mar 24 17:42:27 2023 +0000

  Input: xpad - fix support for some third-party controllers

Crash: general protection fault in xpad_probe (log)
Repro: C syz .config
  
Discussions (5)
Title Replies (including bot) Last reply
Re: [PATCH] Input: xpad - fix GPF in xpad_probe 1 (1) 2023/08/14 21:12
[PATCH] Input: xpad - fix GPF in xpad_probe 8 (8) 2023/05/02 10:34
[syzbot] [kernel?] general protection fault in xpad_probe 2 (5) 2023/04/30 05:19
Re: [PATCH] Input: xpad - fix GPF in xpad_probe 2 (2) 2023/04/17 11:15
Re: [PATCH] Input: xpad - fix GPF in xpad_probe 1 (1) 2023/04/17 10:24
Last patch testing requests (1)
Created Duration User Patch Repo Result
2023/04/30 01:45 19m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 92e815cf07ed OK log

Sample crash report:
usb 1-1: config 0 has no interface number 0
usb 1-1: New USB device found, idVendor=1949, idProduct=5e70, bcdDevice=d7.a2
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
usb 1-1: string descriptor 0 read error: -71
general protection fault, probably for non-canonical address 0xdffffc0000000068: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000340-0x0000000000000347]
CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.3.0-next-20230428-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Workqueue: usb_hub_wq hub_event
RIP: 0010:dev_name include/linux/device.h:706 [inline]
RIP: 0010:__dev_printk+0x3b/0x270 drivers/base/core.c:4863
Code: f5 53 e8 c8 c3 6b fc 48 85 ed 0f 84 cb 01 00 00 e8 ba c3 6b fc 48 8d 7d 50 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 01 00 00 48 8b 5d 50 48 85 db 0f 84 b5 00 00
RSP: 0018:ffffc900000e6f70 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: fffff5200001cdf5 RCX: 0000000000000000
RDX: 0000000000000068 RSI: ffffffff85188a06 RDI: 0000000000000340
RBP: 00000000000002f0 R08: 0000000000000005 R09: 0000000000000000
R10: 00000000ffffffb9 R11: ffffffff81d6ff05 R12: ffffffff8ace98e0
R13: ffffc900000e6fc8 R14: ffff88801ed25a64 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1361dc1111 CR3: 00000000210fe000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 _dev_warn+0xdc/0x120 drivers/base/core.c:4907
 xpad_probe+0x197e/0x2020 drivers/input/joystick/xpad.c:2053
 usb_probe_interface+0x30f/0x960 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x240/0xca0 drivers/base/dd.c:658
 __driver_probe_device+0x1df/0x4b0 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830
 __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:958
 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:457
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17c/0x1c0 drivers/base/bus.c:532
 device_add+0x112d/0x1a40 drivers/base/core.c:3625
 usb_set_configuration+0x1196/0x1bc0 drivers/usb/core/message.c:2211
 usb_generic_driver_probe+0xcf/0x130 drivers/usb/core/generic.c:238
 usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x240/0xca0 drivers/base/dd.c:658
 __driver_probe_device+0x1df/0x4b0 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830
 __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:958
 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:457
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17c/0x1c0 drivers/base/bus.c:532
 device_add+0x112d/0x1a40 drivers/base/core.c:3625
 usb_new_device+0xcb2/0x19d0 drivers/usb/core/hub.c:2575
 hub_port_connect drivers/usb/core/hub.c:5407 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5551 [inline]
 port_event drivers/usb/core/hub.c:5711 [inline]
 hub_event+0x2d9e/0x4e40 drivers/usb/core/hub.c:5793
 process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
 kthread+0x344/0x440 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dev_name include/linux/device.h:706 [inline]
RIP: 0010:__dev_printk+0x3b/0x270 drivers/base/core.c:4863
Code: f5 53 e8 c8 c3 6b fc 48 85 ed 0f 84 cb 01 00 00 e8 ba c3 6b fc 48 8d 7d 50 48 b8 00 00 00 00 00 fc ff df 48 89
----------------
Code disassembly (best guess):
   0:	f5                   	cmc
   1:	53                   	push   %rbx
   2:	e8 c8 c3 6b fc       	callq  0xfc6bc3cf
   7:	48 85 ed             	test   %rbp,%rbp
   a:	0f 84 cb 01 00 00    	je     0x1db
  10:	e8 ba c3 6b fc       	callq  0xfc6bc3cf
  15:	48 8d 7d 50          	lea    0x50(%rbp),%rdi
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 d7 01 00 00    	jne    0x20b
  34:	48 8b 5d 50          	mov    0x50(%rbp),%rbx
  38:	48 85 db             	test   %rbx,%rbx
  3b:	0f                   	.byte 0xf
  3c:	84                   	.byte 0x84
  3d:	b5 00                	mov    $0x0,%ch

Crashes (24):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/04/29 13:47 linux-next 92e815cf07ed 62df2017 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/03 10:54 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/03 10:30 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/03 02:54 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/03 02:54 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/03 00:24 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/03 00:23 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/03 00:15 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/02 23:37 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/02 23:37 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/02 23:29 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/02 23:13 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/02 23:11 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/02 23:08 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/05/02 23:03 linux-next 92e815cf07ed 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/29 23:36 linux-next 92e815cf07ed 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/29 13:18 linux-next 92e815cf07ed 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/28 19:50 linux-next 84e2893b4573 457a6e0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/28 19:49 linux-next 84e2893b4573 457a6e0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/28 17:47 linux-next 84e2893b4573 457a6e0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/16 00:35 linux-next d3f2cd248191 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/15 14:13 linux-next d3f2cd248191 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/14 05:39 linux-next e3342532ecd3 3cfcaa1b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
2023/04/04 11:35 linux-next 6a53bda3aaf3 928dd177 .config console log report info ci-upstream-linux-next-kasan-gce-root general protection fault in xpad_probe
* Struck through repros no longer work on HEAD.