| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [input?] KASAN: null-ptr-deref Read in input_event | 2 (5) | 2025/01/06 13:14 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [input?] KASAN: null-ptr-deref Read in input_event | 2 (5) | 2025/01/06 13:14 |
================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline] BUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395 Read of size 8 at addr 0000000000000028 by task kworker/1:6/6395 CPU: 1 UID: 0 PID: 6395 Comm: kworker/1:6 Not tainted 6.13.0-rc4-syzkaller-00080-gf1a2241778d9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events legacy_dvb_usb_read_remote_control Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 kasan_report+0xd9/0x110 mm/kasan/report.c:602 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] is_event_supported drivers/input/input.c:67 [inline] input_event+0x42/0xa0 drivers/input/input.c:395 input_report_key include/linux/input.h:439 [inline] key_down drivers/hid/hid-appleir.c:159 [inline] appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232 __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111 hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484 __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734 dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993 __run_hrtimer kernel/time/hrtimer.c:1739 [inline] __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820 handle_softirqs+0x206/0x8d0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire.part.0+0x155/0x380 kernel/locking/lockdep.c:5814 Code: b8 ff ff ff ff 65 0f c1 05 90 3a ca 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7 RSP: 0018:ffffc900139d7be0 EFLAGS: 00000206 RAX: 0000000000000046 RBX: 1ffff9200273af7d RCX: ffffffff813756de RDX: 0000000000000001 RSI: ffffffff872801e0 RDI: ffffffff874735a0 RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff1f57bc7 R10: ffffffff8fabde3f R11: 0000000000000000 R12: 0000000000000000 R13: ffff888100080948 R14: 0000000000000000 R15: 0000000000000000 process_one_work+0x12e6/0x1ba0 kernel/workqueue.c:3204 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> ================================================================== ---------------- Code disassembly (best guess): 0: b8 ff ff ff ff mov $0xffffffff,%eax 5: 65 0f c1 05 90 3a ca xadd %eax,%gs:0x7eca3a90(%rip) # 0x7eca3a9d c: 7e d: 83 f8 01 cmp $0x1,%eax 10: 0f 85 d0 01 00 00 jne 0x1e6 16: 9c pushf 17: 58 pop %rax 18: f6 c4 02 test $0x2,%ah 1b: 0f 85 e5 01 00 00 jne 0x206 21: 48 85 ed test %rbp,%rbp 24: 0f 85 b6 01 00 00 jne 0x1e0 * 2a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax <-- trapping instruction 31: fc ff df 34: 48 01 c3 add %rax,%rbx 37: 48 c7 03 00 00 00 00 movq $0x0,(%rbx) 3e: 48 rex.W 3f: c7 .byte 0xc7
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/01/09 16:09 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f1a2241778d9 | 9220929f | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | ||
| 2025/01/07 11:26 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f1a2241778d9 | f3558dbf | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | ||
| 2025/01/02 12:34 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f097a36ef88d | d3ccff63 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | ||
| 2025/01/02 09:17 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f097a36ef88d | d3ccff63 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | ||
| 2025/01/02 05:01 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f097a36ef88d | d3ccff63 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | ||
| 2025/01/01 12:19 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f097a36ef88d | d3ccff63 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | |
| 2025/01/01 11:25 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f097a36ef88d | d3ccff63 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | |
| 2025/01/01 10:29 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f097a36ef88d | d3ccff63 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | |
| 2025/01/01 09:30 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f097a36ef88d | d3ccff63 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event | |
| 2025/01/01 08:23 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | f097a36ef88d | d3ccff63 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-usb | KASAN: null-ptr-deref Read in input_event |