From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-il1-f200.google.com (mail-il1-f200.google.com [209.85.166.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 24A8B2CA8 for ; Mon, 6 Jan 2025 11:10:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.200 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736161805; cv=none; b=m0tZyBXGlW3412R84pBrIWtC2+BoU0O0UpQ2FFSvSFVi4VDXzMFU9jNiIoU88rMvbAC1DZTo49NoGf/R1UeCTe+Fc4tE/vNidbUHp7ae8q02AuhIeTskmmdlerGGh3BSv+Og2rt2qPMEgX/Az4UNjCoCDIsW83tKAu/Qj3eKJ4E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736161805; c=relaxed/simple; bh=KLXnZaIswu/C1jbd9XcZpGRgFUi2HwAd1UsINnHfuTQ=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=LT/B20vPKEdhFvaOgrvYJXEl7VHcXj24gyvOa3O8Jwno2LAJ9pSOJNTHHrM+tm8UjjBWGyVoiDNnKzblD41jInynebdOcUCVzaXxS4VbmYSaffMeHImGBQdjbgBs8eRGPyXTGDg3auHkI/eRoVkxeW09FdT3R40BG6O/fKM1Nug= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.166.200 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-il1-f200.google.com with SMTP id e9e14a558f8ab-3a9d303a5ccso292987975ab.3 for ; Mon, 06 Jan 2025 03:10:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736161803; x=1736766603; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OeJOsgjfokBgc7bS0zG1f1RebK3zxcnxsxFv8aLzgOc=; b=nbQaXfTtmpFDYK/BYsLOApXUaRqu+Zi/VHawC03ZW+/m751MK16xBAK7xzLNDBxvUz 6WDbeHgvvtE7C2qiy4cUs/tHeMLIEp2EdWMwYOvO5dyYNWqE6127QiiVqcXvzTUEtHbg pqpvwMFGK2FXJT1VU0/k9vyMc3YnCO2nneEn4OR3c3jGjsx5p8pjguNoDx4fgfAGgvzF RwQ4KlBDPMJ8TiuqNe2N7zNzu+Ftu7UrVKLr7rFUw6cnHRotx3StmirkSOOjDdNGgVq3 M2HE8ZVavVpn4gFAkb/kNsFP9B7xRHUArcZq1og/VniRqNGwIU5E4efanBmXcuEIGYYA DjPA== X-Forwarded-Encrypted: i=1; AJvYcCUi28QRQ2dP0IjzzGP3Gnn+HGKJXKsGx7BcB1pPHJj5eIWy37UV53aYGika9Ih6ZgHGfK+lzxnnyT78t6c=@vger.kernel.org X-Gm-Message-State: AOJu0YyLOE//cJjlhd7EcbXfMjVJXfDo1Q0fIZb2/6bQSfqY3sKh2s0H SMYT3B43k//uuID6pYIASJIfc/j4V3hkhTle7tHDsZgxWdjec0ipCGLE/ksQffHK49+Ge1NiA6n wQ/EJD5vCsz98ij/ehRy3xmg1tc0UCNwa3OtQHhyWgEaeG9pPKx1URWU= X-Google-Smtp-Source: AGHT+IGyczHwx7DrxkAo9JC3VQO45BZ1r+wiljC7g791ZgUbROURLPjdrYGNSlrwWYF6iP6Rkw2crdYCJLIJVxvSeyvRIQrHdr8R Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6e02:20c1:b0:3a7:e3e3:bd57 with SMTP id e9e14a558f8ab-3c2d533e943mr443144675ab.15.1736161803202; Mon, 06 Jan 2025 03:10:03 -0800 (PST) Date: Mon, 06 Jan 2025 03:10:03 -0800 In-Reply-To: <20250106104948.1404-1-hdanton@sina.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <677bba0b.050a0220.a40f5.000c.GAE@google.com> Subject: Re: [syzbot] [input?] KASAN: null-ptr-deref Read in input_event From: syzbot To: hdanton@sina.com, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: KASAN: null-ptr-deref Read in input_event ================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline] BUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395 Read of size 8 at addr 0000000000000030 by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc4-syzkaller-00080-gf1a2241778d9-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 kasan_report+0xd9/0x110 mm/kasan/report.c:602 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] is_event_supported drivers/input/input.c:67 [inline] input_event+0x42/0xa0 drivers/input/input.c:395 input_report_key include/linux/input.h:439 [inline] key_down drivers/hid/hid-appleir.c:159 [inline] appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232 __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111 hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484 __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734 dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993 __run_hrtimer kernel/time/hrtimer.c:1739 [inline] __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820 handle_softirqs+0x206/0x8d0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:finish_task_switch.isra.0+0x1e5/0xa40 kernel/sched/core.c:5243 Code: 0f 85 ad 07 00 00 8b 0d 9d ce 28 09 85 c9 0f 85 cb 02 00 00 48 89 df e8 f9 f1 c5 05 e8 44 ae 35 00 fb 65 48 8b 1d ab 69 d6 7e <48> 8d bb 30 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 RSP: 0018:ffffffff88c07c80 EFLAGS: 00000206 RAX: 00000000000d375f RBX: ffffffff88c2c780 RCX: 1ffffffff14abb89 RDX: 0000000000000000 RSI: ffffffff8727fee0 RDI: ffffffff874735a0 RBP: ffffffff88c07cc8 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff8a561557 R11: 0000000000000000 R12: ffff8881f583d318 R13: ffff888101f357c0 R14: 0000000000000000 R15: ffff8881f583d318 context_switch kernel/sched/core.c:5372 [inline] __schedule+0x1034/0x34b0 kernel/sched/core.c:6756 schedule_idle+0x5c/0x90 kernel/sched/core.c:6874 do_idle+0x284/0x3f0 kernel/sched/idle.c:353 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:423 rest_init+0x16b/0x2b0 init/main.c:747 start_kernel+0x3df/0x4c0 init/main.c:1102 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:488 common_startup_64+0x12c/0x138 ================================================================== ---------------- Code disassembly (best guess): 0: 0f 85 ad 07 00 00 jne 0x7b3 6: 8b 0d 9d ce 28 09 mov 0x928ce9d(%rip),%ecx # 0x928cea9 c: 85 c9 test %ecx,%ecx e: 0f 85 cb 02 00 00 jne 0x2df 14: 48 89 df mov %rbx,%rdi 17: e8 f9 f1 c5 05 call 0x5c5f215 1c: e8 44 ae 35 00 call 0x35ae65 21: fb sti 22: 65 48 8b 1d ab 69 d6 mov %gs:0x7ed669ab(%rip),%rbx # 0x7ed669d5 29: 7e * 2a: 48 8d bb 30 15 00 00 lea 0x1530(%rbx),%rdi <-- trapping instruction 31: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 38: fc ff df 3b: 48 89 fa mov %rdi,%rdx 3e: 48 rex.W 3f: c1 .byte 0xc1 Tested on: commit: f1a22417 usb: typec: ucsi: Implement ChromeOS UCSI dri.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing console output: https://syzkaller.appspot.com/x/log.txt?x=12ab3418580000 kernel config: https://syzkaller.appspot.com/x/.config?x=e27867f71e8bc406 dashboard link: https://syzkaller.appspot.com/bug?extid=fddd3aa6dfcfe50c760d compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=11b33418580000