WARNING in input_register_device
21 views
Skip to first unread message
syzbot
Nov 6, 2020, 7:43:18 AM11/6/20
to andre...@google.com, gre...@linuxfoundation.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 9e39aef3 usb: misc: brcmstb-usb-pinmap: Make sync_all_pins..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=145ffa8a500000
kernel config: https://syzkaller.appspot.com/x/.config?x=a05f5efbb00b1465
dashboard link: https://syzkaller.appspot.com/bug?extid=92340f7b2b4789907fdb
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172ae7a8500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13b24746500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+92340f...@syzkaller.appspotmail.com
microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
HID 045e:07da: Invalid code 65791 type 1
------------[ cut here ]------------
init_uevent_argv: buffer size too small
WARNING: CPU: 0 PID: 5 at lib/kobject_uevent.c:259 init_uevent_argv lib/kobject_uevent.c:259 [inline]
WARNING: CPU: 0 PID: 5 at lib/kobject_uevent.c:259 kobject_uevent_env+0x1640/0x1680 lib/kobject_uevent.c:608
Modules linked in:
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:init_uevent_argv lib/kobject_uevent.c:259 [inline]
RIP: 0010:kobject_uevent_env+0x1640/0x1680 lib/kobject_uevent.c:608
Code: 87 e8 24 af fe ff e9 cf f8 ff ff 48 8b 3c 24 e8 06 33 68 ff e9 a9 f8 ff ff e8 cc 9e 3c ff 48 c7 c7 e0 68 00 86 e8 59 b9 71 03 <0f> 0b 41 bf f4 ff ff ff e9 51 ec ff ff 4c 89 ff e8 5b 32 68 ff e9
RSP: 0018:ffffc9000005e8e0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
RDX: ffff88810022e500 RSI: ffffffff8128fe63 RDI: fffff5200000bd0e
RBP: 00000000000007fb R08: 0000000000000001 R09: ffff8881f6a1febb
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005
R13: 00000000000007fb R14: 0000000000000005 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006d0090 CR3: 0000000103ed4000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
device_add+0xb47/0x1ce0 drivers/base/core.c:2919
input_register_device+0x73a/0xce0 drivers/input/input.c:2212
hidinput_connect+0x5056/0x9d50 drivers/hid/hid-input.c:1949
hid_connect+0x958/0xbc0 drivers/hid/hid-core.c:1949
hid_hw_start drivers/hid/hid-core.c:2053 [inline]
hid_hw_start+0xa2/0x130 drivers/hid/hid-core.c:2044
ms_probe+0x159/0x4b0 drivers/hid/hid-microsoft.c:391
hid_device_probe+0x2bd/0x3f0 drivers/hid/hid-core.c:2281
really_probe+0x291/0xde0 drivers/base/dd.c:554
driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738
__device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x4a0 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xbb2/0x1ce0 drivers/base/core.c:2938
hid_add_device+0x344/0x9d0 drivers/hid/hid-core.c:2437
usbhid_probe+0xaae/0xfc0 drivers/hid/usbhid/hid-core.c:1407
usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
really_probe+0x291/0xde0 drivers/base/dd.c:554
driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738
__device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x4a0 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xbb2/0x1ce0 drivers/base/core.c:2938
usb_set_configuration+0x113c/0x1910 drivers/usb/core/message.c:2168
usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
really_probe+0x291/0xde0 drivers/base/dd.c:554
driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738
__device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x4a0 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xbb2/0x1ce0 drivers/base/core.c:2938
usb_new_device.cold+0x71d/0xfe9 drivers/usb/core/hub.c:2555
hub_port_connect drivers/usb/core/hub.c:5223 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
port_event drivers/usb/core/hub.c:5509 [inline]
hub_event+0x2348/0x42d0 drivers/usb/core/hub.c:5591
process_one_work+0x933/0x1520 kernel/workqueue.c:2272
worker_thread+0x64c/0x1120 kernel/workqueue.c:2418
kthread+0x38c/0x460 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 9e39aef3 usb: misc: brcmstb-usb-pinmap: Make sync_all_pins..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=145ffa8a500000
kernel config: https://syzkaller.appspot.com/x/.config?x=a05f5efbb00b1465
dashboard link: https://syzkaller.appspot.com/bug?extid=92340f7b2b4789907fdb
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172ae7a8500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13b24746500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+92340f...@syzkaller.appspotmail.com
microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
HID 045e:07da: Invalid code 65791 type 1
------------[ cut here ]------------
init_uevent_argv: buffer size too small
WARNING: CPU: 0 PID: 5 at lib/kobject_uevent.c:259 init_uevent_argv lib/kobject_uevent.c:259 [inline]
WARNING: CPU: 0 PID: 5 at lib/kobject_uevent.c:259 kobject_uevent_env+0x1640/0x1680 lib/kobject_uevent.c:608
Modules linked in:
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:init_uevent_argv lib/kobject_uevent.c:259 [inline]
RIP: 0010:kobject_uevent_env+0x1640/0x1680 lib/kobject_uevent.c:608
Code: 87 e8 24 af fe ff e9 cf f8 ff ff 48 8b 3c 24 e8 06 33 68 ff e9 a9 f8 ff ff e8 cc 9e 3c ff 48 c7 c7 e0 68 00 86 e8 59 b9 71 03 <0f> 0b 41 bf f4 ff ff ff e9 51 ec ff ff 4c 89 ff e8 5b 32 68 ff e9
RSP: 0018:ffffc9000005e8e0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
RDX: ffff88810022e500 RSI: ffffffff8128fe63 RDI: fffff5200000bd0e
RBP: 00000000000007fb R08: 0000000000000001 R09: ffff8881f6a1febb
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005
R13: 00000000000007fb R14: 0000000000000005 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006d0090 CR3: 0000000103ed4000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
device_add+0xb47/0x1ce0 drivers/base/core.c:2919
input_register_device+0x73a/0xce0 drivers/input/input.c:2212
hidinput_connect+0x5056/0x9d50 drivers/hid/hid-input.c:1949
hid_connect+0x958/0xbc0 drivers/hid/hid-core.c:1949
hid_hw_start drivers/hid/hid-core.c:2053 [inline]
hid_hw_start+0xa2/0x130 drivers/hid/hid-core.c:2044
ms_probe+0x159/0x4b0 drivers/hid/hid-microsoft.c:391
hid_device_probe+0x2bd/0x3f0 drivers/hid/hid-core.c:2281
really_probe+0x291/0xde0 drivers/base/dd.c:554
driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738
__device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x4a0 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xbb2/0x1ce0 drivers/base/core.c:2938
hid_add_device+0x344/0x9d0 drivers/hid/hid-core.c:2437
usbhid_probe+0xaae/0xfc0 drivers/hid/usbhid/hid-core.c:1407
usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
really_probe+0x291/0xde0 drivers/base/dd.c:554
driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738
__device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x4a0 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xbb2/0x1ce0 drivers/base/core.c:2938
usb_set_configuration+0x113c/0x1910 drivers/usb/core/message.c:2168
usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
really_probe+0x291/0xde0 drivers/base/dd.c:554
driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:738
__device_attach_driver+0x1d1/0x290 drivers/base/dd.c:844
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
__device_attach+0x228/0x4a0 drivers/base/dd.c:912
bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
device_add+0xbb2/0x1ce0 drivers/base/core.c:2938
usb_new_device.cold+0x71d/0xfe9 drivers/usb/core/hub.c:2555
hub_port_connect drivers/usb/core/hub.c:5223 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
port_event drivers/usb/core/hub.c:5509 [inline]
hub_event+0x2348/0x42d0 drivers/usb/core/hub.c:5591
process_one_work+0x933/0x1520 kernel/workqueue.c:2272
worker_thread+0x64c/0x1120 kernel/workqueue.c:2418
kthread+0x38c/0x460 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Greg KH
Nov 6, 2020, 9:02:53 AM11/6/20
to syzbot, andre...@google.com, linux-...@vger.kernel.org, linu...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
On Fri, Nov 06, 2020 at 04:43:17AM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 9e39aef3 usb: misc: brcmstb-usb-pinmap: Make sync_all_pins..
> git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> console output: https://syzkaller.appspot.com/x/log.txt?x=145ffa8a500000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a05f5efbb00b1465
> dashboard link: https://syzkaller.appspot.com/bug?extid=92340f7b2b4789907fdb
> compiler: gcc (GCC) 10.1.0-syz 20200507
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172ae7a8500000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13b24746500000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+92340f...@syzkaller.appspotmail.com
>
> microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
> HID 045e:07da: Invalid code 65791 type 1
> ------------[ cut here ]------------
> init_uevent_argv: buffer size too small
> WARNING: CPU: 0 PID: 5 at lib/kobject_uevent.c:259 init_uevent_argv lib/kobject_uevent.c:259 [inline]
> WARNING: CPU: 0 PID: 5 at lib/kobject_uevent.c:259 kobject_uevent_env+0x1640/0x1680 lib/kobject_uevent.c:608
You gave it a device with a buffer that was "too small", and it rejected
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 9e39aef3 usb: misc: brcmstb-usb-pinmap: Make sync_all_pins..
> git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
> console output: https://syzkaller.appspot.com/x/log.txt?x=145ffa8a500000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a05f5efbb00b1465
> dashboard link: https://syzkaller.appspot.com/bug?extid=92340f7b2b4789907fdb
> compiler: gcc (GCC) 10.1.0-syz 20200507
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172ae7a8500000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13b24746500000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+92340f...@syzkaller.appspotmail.com
>
> microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
> HID 045e:07da: Invalid code 65791 type 1
> ------------[ cut here ]------------
> init_uevent_argv: buffer size too small
> WARNING: CPU: 0 PID: 5 at lib/kobject_uevent.c:259 init_uevent_argv lib/kobject_uevent.c:259 [inline]
> WARNING: CPU: 0 PID: 5 at lib/kobject_uevent.c:259 kobject_uevent_env+0x1640/0x1680 lib/kobject_uevent.c:608
it.
Which, aside from the huge warning message, is to be expected, so I
don't think this is really a bug here.
thanks,
greg k-h
Alan Stern
Nov 6, 2020, 12:01:23 PM11/6/20
to Greg KH, syzbot, andre...@google.com, linux-...@vger.kernel.org, linu...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
kernel. If the problem is really in the device then the message should
say "Warning" instead (not all caps).
Alan Stern
Eric Biggers
Nov 6, 2020, 12:03:18 PM11/6/20
to Greg KH, syzbot, andre...@google.com, linux-...@vger.kernel.org, linu...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
On Fri, Nov 06, 2020 at 03:03:36PM +0100, Greg KH wrote:
WARN is a bug. Either it is reporting one, or the bug is that the use of WARN
is wrong.
- Eric
Greg KH
Nov 7, 2020, 3:22:12 AM11/7/20
to Eric Biggers, syzbot, andre...@google.com, linux-...@vger.kernel.org, linu...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
are a "recoverable bug but someone better do something about it". Now
that we can fake hardware devices so easily, it's probably better to
just knock this down to a dev_warn() and keep on moving.
If I get a chance, I'll write up a patch today, but anyone else should
feel free to also do it.
thanks,
greg k-h
syzbot
Jan 17, 2021, 8:41:13 PM1/17/21
to andre...@google.com, ebig...@kernel.org, gre...@linuxfoundation.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, raf...@kernel.org, st...@rowland.harvard.edu, syzkall...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit c318840fb2a42ce25febc95c4c19357acf1ae5ca
Author: Alan Stern <st...@rowland.harvard.edu>
Date: Wed Dec 30 16:20:44 2020 +0000
USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10be15d7500000
start commit: 2c85ebc5 Linux 5.10
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=8aff533d6c635e6
dashboard link: https://syzkaller.appspot.com/bug?extid=92340f7b2b4789907fdb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1763d433500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ef12cb500000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit c318840fb2a42ce25febc95c4c19357acf1ae5ca
Author: Alan Stern <st...@rowland.harvard.edu>
Date: Wed Dec 30 16:20:44 2020 +0000
USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10be15d7500000
start commit: 2c85ebc5 Linux 5.10
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=8aff533d6c635e6
dashboard link: https://syzkaller.appspot.com/bug?extid=92340f7b2b4789907fdb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1763d433500000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ef12cb500000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages