syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in __device_attach

Status: upstream: reported C repro on 2020/12/11 04:31
Reported-by: syzbot+c1735a005a1a1966f79e@syzkaller.appspotmail.com
First crash: 1232d, last: 424d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 general protection fault in __device_attach (2) C 5 35d 479d 0/2 upstream: reported C repro on 2023/01/03 03:10
upstream general protection fault in __device_attach kernel C done done 2 137d 774d 0/26 auto-obsoleted due to no activity on 2024/03/19 23:28
android-5-10 general protection fault in __device_attach (2) C error inconclusive 10 23d 478d 0/2 upstream: reported C repro on 2023/01/03 15:59
android-6-1 general protection fault in __device_attach origin:upstream C error 3 17d 330d 0/2 upstream: reported C repro on 2023/06/01 06:12
android-5-10 general protection fault in __device_attach 1 726d 726d 0/2 auto-closed as invalid on 2022/07/29 21:17
android-5-15 general protection fault in __device_attach origin:upstream C error 7 10d 479d 0/2 upstream: reported C repro on 2023/01/03 07:29
android-54 general protection fault in __device_attach 8 917d 1173d 0/2 auto-closed as invalid on 2022/02/18 18:30

Sample crash report:
R13: 00007ffde84862b0 R14: 00007ffde84862a0 R15: 00007ffde8486248
usb usb5: device_add((null)) --> -22
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8332 Comm: syz-executor844 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:__device_attach+0xaa/0x470 drivers/base/dd.c:798
Code: e8 03 42 80 3c 20 00 0f 85 77 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 65 08 49 8d bc 24 d0 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 42 03 00 00 45 0f b6 b4 24 d0 00 00
RSP: 0018:ffff888098ef7a40 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 1ffff110131def49 RCX: 0000000000000000
RDX: 000000000000001a RSI: 0000000000000008 RDI: 00000000000000d0
RBP: ffff88809440ed30 R08: 0000000000000000 R09: ffffed1012881db2
R10: ffff88809440ed97 R11: 0000000000000000 R12: 0000000000000000
R13: ffff888098ef7c0c R14: 00000000fffffff0 R15: ffff88809440ed90
FS:  0000555556f6e300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa878691124 CR3: 00000000b31f8000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 proc_ioctl+0x526/0x630 drivers/usb/core/devio.c:2192
 proc_ioctl_default drivers/usb/core/devio.c:2227 [inline]
 usbdev_do_ioctl+0x2773/0x3030 drivers/usb/core/devio.c:2541
 usbdev_ioctl+0x21/0x30 drivers/usb/core/devio.c:2585
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fa87862ae79
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde8486228 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa87867c2d4 RCX: 00007fa87862ae79
RDX: 0000000020000040 RSI: 00000000c0105512 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffde8485ca0 R11: 0000000000000246 R12: 0000000000008825
R13: 00007ffde84862b0 R14: 00007ffde84862a0 R15: 00007ffde8486248
Modules linked in:
---[ end trace 3b4fcf496d5a18bf ]---
RIP: 0010:__device_attach+0xaa/0x470 drivers/base/dd.c:798
Code: e8 03 42 80 3c 20 00 0f 85 77 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 65 08 49 8d bc 24 d0 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 06 0f 8e 42 03 00 00 45 0f b6 b4 24 d0 00 00
RSP: 0018:ffff888098ef7a40 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 1ffff110131def49 RCX: 0000000000000000
RDX: 000000000000001a RSI: 0000000000000008 RDI: 00000000000000d0
RBP: ffff88809440ed30 R08: 0000000000000000 R09: ffffed1012881db2
R10: ffff88809440ed97 R11: 0000000000000000 R12: 0000000000000000
R13: ffff888098ef7c0c R14: 00000000fffffff0 R15: ffff88809440ed90
FS:  0000555556f6e300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa878691124 CR3: 00000000b31f8000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e8 03 42 80 3c       	callq  0x3c804208
   5:	20 00                	and    %al,(%rax)
   7:	0f 85 77 03 00 00    	jne    0x384
   d:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  14:	fc ff df
  17:	4c 8b 65 08          	mov    0x8(%rbp),%r12
  1b:	49 8d bc 24 d0 00 00 	lea    0xd0(%r12),%rdi
  22:	00
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	74 06                	je     0x38
  32:	0f 8e 42 03 00 00    	jle    0x37a
  38:	45                   	rex.RB
  39:	0f                   	.byte 0xf
  3a:	b6 b4                	mov    $0xb4,%dh
  3c:	24 d0                	and    $0xd0,%al

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/17 07:25 linux-4.19.y 3f8a27f9e27b a63719e7 .config console log report syz C [disk image] [vmlinux] ci2-linux-4-19 general protection fault in __device_attach
2022/10/08 10:19 linux-4.19.y 3f8a27f9e27b aea5da89 .config console log report syz C [disk image] [vmlinux] ci2-linux-4-19 general protection fault in __device_attach
2022/05/04 03:57 linux-4.19.y 3f8a27f9e27b dc9e5259 .config console log report syz C ci2-linux-4-19 general protection fault in __device_attach
2021/09/30 22:04 linux-4.19.y c2276d585654 0f01403d .config console log report syz C ci2-linux-4-19 general protection fault in __device_attach
2021/09/28 11:31 linux-4.19.y c2276d585654 78494d16 .config console log report syz C ci2-linux-4-19 general protection fault in __device_attach
2023/02/26 22:50 linux-4.19.y 3f8a27f9e27b ee50e71c .config console log report info [disk image] [vmlinux] ci2-linux-4-19 general protection fault in __device_attach
2023/01/08 23:27 linux-4.19.y 3f8a27f9e27b 1dac8c7a .config console log report info [disk image] [vmlinux] ci2-linux-4-19 general protection fault in __device_attach
2022/09/16 01:13 linux-4.19.y 3f8a27f9e27b dd9a85ff .config console log report info [disk image] [vmlinux] ci2-linux-4-19 general protection fault in __device_attach
2022/08/07 11:15 linux-4.19.y 3f8a27f9e27b 88e3a122 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2022/06/20 15:34 linux-4.19.y 3f8a27f9e27b b9406563 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2022/06/06 10:44 linux-4.19.y 3f8a27f9e27b c8857892 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2022/05/25 09:39 linux-4.19.y 3f8a27f9e27b 647c0e27 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2022/03/07 01:48 linux-4.19.y 3f8a27f9e27b 7bdd8b2c .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2022/01/25 03:31 linux-4.19.y 3f8a27f9e27b 2cbffd88 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/12/16 20:23 linux-4.19.y 3f8a27f9e27b 8dd6a5e3 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/11/23 07:31 linux-4.19.y 3f8a27f9e27b 545ab074 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/11/20 11:20 linux-4.19.y 3f8a27f9e27b 4eb20a4e .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/10/28 17:02 linux-4.19.y 3f8a27f9e27b be531bb4 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/10/16 19:11 linux-4.19.y 3f8a27f9e27b 0c5d9412 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/10/02 23:08 linux-4.19.y c2276d585654 db0f5787 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/09/27 13:10 linux-4.19.y c2276d585654 78494d16 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/09/14 03:08 linux-4.19.y b172b44fcb17 58d09404 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/09/12 02:06 linux-4.19.y b172b44fcb17 3ce60af8 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/09/03 03:18 linux-4.19.y e23d55af0e1f f62a5829 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/09/01 09:00 linux-4.19.y e23d55af0e1f 7eb7e152 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/08/30 13:20 linux-4.19.y e23d55af0e1f 8f58a0ef .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/08/18 22:40 linux-4.19.y 59456c9cc40c a2fe1cb5 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/08/07 08:55 linux-4.19.y 6ca2f514c578 6972b106 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/08/04 15:29 linux-4.19.y 6ca2f514c578 6c236867 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/06/20 16:43 linux-4.19.y eb575cd5d7f6 aba2b2fb .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/04/22 17:09 linux-4.19.y 2965db2e004c 33c28d03 .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/04/02 09:10 linux-4.19.y 2034d6f0838e 6a81331a .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/01/27 04:49 linux-4.19.y 2263955bf7e7 55a7d4df .config console log report info ci2-linux-4-19 general protection fault in __device_attach
2021/01/08 08:39 linux-4.19.y 4143d798313f c104d4a3 .config console log report info ci2-linux-4-19
2020/12/11 04:30 linux-4.19.y 4abf26854aad f900b48c .config console log report info ci2-linux-4-19
* Struck through repros no longer work on HEAD.