Hello,
kernel test robot noticed "BUG:KASAN:null-ptr-deref_in_input_ff_create" on:
commit: 5203b3a18c1bbf50ec5fff27489da8e9bce48ddb ("Input: ff-core - make use of __free() cleanup facility")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master 8155b4ef3466f0e289e8fcc9e6e62f3f4dceeac2]
in testcase: kernel-selftests-bpf
version:
with following parameters:
group: hid
config: x86_64-rhel-9.4-bpf
compiler: gcc-12
test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz (Kaby Lake) with 32G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202412301341.9f8a9fe-lkp@xxxxxxxxx
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241230/202412301341.9f8a9fe-lkp@xxxxxxxxx
[ 391.529031][ T81] input: Sony PLAYSTATION(R)3 Controller Motion Sensors as /devices/virtual/misc/uhid/0003:054C:0268.03D6/input/input2376
[ 391.557504][ T81] ==================================================================
[ 391.565433][ T81] BUG: KASAN: null-ptr-deref in input_ff_create+0x11e/0x1f0
[ 391.572577][ T81] Write of size 8 at addr 0000000000000040 by task kworker/1:1/81
[ 391.580239][ T81]
[ 391.582428][ T81] CPU: 1 UID: 0 PID: 81 Comm: kworker/1:1 Tainted: G S 6.13.0-rc3-00005-g5203b3a18c1b #1
[ 391.593476][ T81] Tainted: [S]=CPU_OUT_OF_SPEC
[ 391.598097][ T81] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS 1.2.0 12/22/2016
[ 391.606203][ T81] Workqueue: events uhid_device_add_worker
[ 391.611880][ T81] Call Trace:
[ 391.615051][ T81] <TASK>
[ 391.617853][ T81] dump_stack_lvl+0x62/0x90
[ 391.622227][ T81] kasan_report+0xb9/0xf0
[ 391.626428][ T81] ? input_ff_create+0x11e/0x1f0
[ 391.631234][ T81] kasan_check_range+0xfc/0x1b0
[ 391.635946][ T81] input_ff_create+0x11e/0x1f0
[ 391.640573][ T81] ? __pfx_sony_play_effect+0x10/0x10
[ 391.645806][ T81] input_ff_create_memless+0xe4/0x250
[ 391.651037][ T81] sony_input_configured+0x6f8/0x9d0
[ 391.656183][ T81] ? __pfx_sony_input_configured+0x10/0x10
[ 391.661854][ T81] hidinput_connect+0x919/0xcd0
[ 391.666571][ T81] hid_connect+0x417/0x5d0
[ 391.670851][ T81] ? __pfx_hid_connect+0x10/0x10
[ 391.675650][ T81] ? lockdep_hardirqs_on_prepare+0x131/0x200
[ 391.681494][ T81] ? _raw_spin_unlock_irqrestore+0x30/0x50
[ 391.687161][ T81] hid_hw_start+0x5e/0x90
[ 391.691353][ T81] sony_probe+0x137/0x3a0
[ 391.695544][ T81] __hid_device_probe+0x104/0x230
[ 391.700429][ T81] hid_device_probe+0xcb/0xe0
[ 391.704966][ T81] really_probe+0x13e/0x4e0
[ 391.709329][ T81] ? __pfx___device_attach_driver+0x10/0x10
[ 391.715082][ T81] __driver_probe_device+0xc8/0x1e0
[ 391.720139][ T81] driver_probe_device+0x4a/0xf0
[ 391.724947][ T81] __device_attach_driver+0xc6/0x160
[ 391.730093][ T81] bus_for_each_drv+0xe4/0x150
[ 391.734717][ T81] ? __pfx_bus_for_each_drv+0x10/0x10
[ 391.739950][ T81] ? lockdep_hardirqs_on_prepare+0x131/0x200
[ 391.745790][ T81] ? _raw_spin_unlock_irqrestore+0x30/0x50
[ 391.751458][ T81] __device_attach+0x134/0x280
[ 391.756080][ T81] ? __pfx___device_attach+0x10/0x10
[ 391.761225][ T81] ? do_raw_spin_unlock+0x83/0xf0
[ 391.766109][ T81] bus_probe_device+0xc8/0xe0
[ 391.770648][ T81] device_add+0x6d4/0x9d0
[ 391.774840][ T81] ? __pfx_device_add+0x10/0x10
[ 391.779549][ T81] ? __debugfs_create_file+0x209/0x2f0
[ 391.784899][ T81] hid_add_device+0x1f5/0x450
[ 391.789440][ T81] ? __pfx_hid_add_device+0x10/0x10
[ 391.794498][ T81] ? lock_is_held_type+0x9a/0x110
[ 391.799383][ T81] ? process_one_work+0x6c4/0xa00
[ 391.804268][ T81] uhid_device_add_worker+0x27/0x90
[ 391.809326][ T81] process_one_work+0x735/0xa00
[ 391.814036][ T81] ? process_one_work+0x6c4/0xa00
[ 391.818928][ T81] ? process_one_work+0x6c4/0xa00
[ 391.823814][ T81] ? __pfx_process_one_work+0x10/0x10
[ 391.829043][ T81] ? __list_add_valid_or_report+0x33/0xc0
[ 391.834626][ T81] worker_thread+0x2e1/0x550
[ 391.839074][ T81] ? __kthread_parkme+0xcd/0xf0
[ 391.843790][ T81] ? __pfx_worker_thread+0x10/0x10
[ 391.848767][ T81] kthread+0x19e/0x1e0
[ 391.852700][ T81] ? kthread+0xf0/0x1e0
[ 391.856722][ T81] ? __pfx_kthread+0x10/0x10
[ 391.861176][ T81] ret_from_fork+0x30/0x50
[ 391.865460][ T81] ? __pfx_kthread+0x10/0x10
[ 391.869915][ T81] ret_from_fork_asm+0x1a/0x30
[ 391.874545][ T81] </TASK>
[ 391.877427][ T81] ==================================================================
[ 391.885382][ T81] Disabling lock debugging due to kernel taint
[ 391.891486][ T81] BUG: kernel NULL pointer dereference, address: 0000000000000040
[ 391.899147][ T81] #PF: supervisor write access in kernel mode
[ 391.905071][ T81] #PF: error_code(0x0002) - not-present page
[ 391.910909][ T81] PGD 0 P4D 0
[ 391.914156][ T81] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[ 391.920082][ T81] CPU: 1 UID: 0 PID: 81 Comm: kworker/1:1 Tainted: G S B 6.13.0-rc3-00005-g5203b3a18c1b #1
[ 391.931133][ T81] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE
[ 391.936969][ T81] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS 1.2.0 12/22/2016
[ 391.945062][ T81] Workqueue: events uhid_device_add_worker
[ 391.950728][ T81] RIP: 0010:input_ff_create+0x11e/0x1f0
[ 391.956132][ T81] Code: 6d 28 15 4c 8d a5 b8 00 00 00 31 db eb 28 4c 63 eb be 08 00 00 00 4c 89 e8 48 c1 e8 06 48 8d 3c c5 38 00 00 00 e8 12 31 39 ff <4c> 0f ab 2c 25 38 00 00 00 83 c3 01 48 63 d3 be 80 00 00 00 4c 89
[ 391.975600][ T81] RSP: 0018:ffff888101b17598 EFLAGS: 00010246
[ 391.981524][ T81] RAX: 0000000000000000 RBX: 0000000000000050 RCX: ffffffff81144e56
[ 391.989356][ T81] RDX: fffffbfff0cf85f1 RSI: 0000000000000008 RDI: ffffffff867c2f80
[ 391.997191][ T81] RBP: ffff88833b573000 R08: 0000000000000001 R09: fffffbfff0cf85f0
[ 392.005026][ T81] R10: ffffffff867c2f87 R11: 0000000000000001 R12: ffff88833b5730b8
[ 392.012863][ T81] R13: 0000000000000050 R14: ffff88833b5730c0 R15: ffff88811b2ddea8
[ 392.020716][ T81] FS: 0000000000000000(0000) GS:ffff888733680000(0000) knlGS:0000000000000000
[ 392.029505][ T81] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 392.035953][ T81] CR2: 0000000000000040 CR3: 000000081946e005 CR4: 00000000003726f0
[ 392.043786][ T81] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 392.051618][ T81] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 392.059450][ T81] Call Trace:
[ 392.062599][ T81] <TASK>
[ 392.065398][ T81] ? __die+0x1f/0x60
[ 392.069152][ T81] ? page_fault_oops+0x8d/0xc0
[ 392.073775][ T81] ? exc_page_fault+0x57/0xe0
[ 392.078313][ T81] ? asm_exc_page_fault+0x22/0x30
[ 392.083203][ T81] ? add_taint+0x26/0x90
[ 392.087314][ T81] ? input_ff_create+0x11e/0x1f0
[ 392.092117][ T81] ? input_ff_create+0x11e/0x1f0
[ 392.096922][ T81] ? __pfx_sony_play_effect+0x10/0x10
[ 392.102170][ T81] input_ff_create_memless+0xe4/0x250
[ 392.107411][ T81] sony_input_configured+0x6f8/0x9d0
[ 392.112560][ T81] ? __pfx_sony_input_configured+0x10/0x10
[ 392.118229][ T81] hidinput_connect+0x919/0xcd0
[ 392.122943][ T81] hid_connect+0x417/0x5d0
[ 392.127219][ T81] ? __pfx_hid_connect+0x10/0x10
[ 392.132018][ T81] ? lockdep_hardirqs_on_prepare+0x131/0x200
[ 392.137857][ T81] ? _raw_spin_unlock_irqrestore+0x30/0x50
[ 392.143542][ T81] hid_hw_start+0x5e/0x90
[ 392.147733][ T81] sony_probe+0x137/0x3a0
[ 392.151923][ T81] __hid_device_probe+0x104/0x230
[ 392.156819][ T81] hid_device_probe+0xcb/0xe0
[ 392.161359][ T81] really_probe+0x13e/0x4e0
[ 392.165721][ T81] ? __pfx___device_attach_driver+0x10/0x10
[ 392.171471][ T81] __driver_probe_device+0xc8/0x1e0
[ 392.176529][ T81] driver_probe_device+0x4a/0xf0
[ 392.181326][ T81] __device_attach_driver+0xc6/0x160
[ 392.186468][ T81] bus_for_each_drv+0xe4/0x150
[ 392.191092][ T81] ? __pfx_bus_for_each_drv+0x10/0x10
[ 392.196322][ T81] ? lockdep_hardirqs_on_prepare+0x131/0x200
[ 392.202162][ T81] ? _raw_spin_unlock_irqrestore+0x30/0x50
[ 392.207827][ T81] __device_attach+0x134/0x280
[ 392.212450][ T81] ? __pfx___device_attach+0x10/0x10
[ 392.217594][ T81] ? do_raw_spin_unlock+0x83/0xf0
[ 392.222479][ T81] bus_probe_device+0xc8/0xe0
[ 392.227016][ T81] device_add+0x6d4/0x9d0
[ 392.231204][ T81] ? __pfx_device_add+0x10/0x10
[ 392.235915][ T81] ? __debugfs_create_file+0x209/0x2f0
[ 392.241249][ T81] hid_add_device+0x1f5/0x450
[ 392.245789][ T81] ? __pfx_hid_add_device+0x10/0x10
[ 392.250851][ T81] ? lock_is_held_type+0x9a/0x110
[ 392.255736][ T81] ? process_one_work+0x6c4/0xa00
[ 392.260619][ T81] uhid_device_add_worker+0x27/0x90
[ 392.265676][ T81] process_one_work+0x735/0xa00
[ 392.270387][ T81] ? process_one_work+0x6c4/0xa00
[ 392.275268][ T81] ? process_one_work+0x6c4/0xa00
[ 392.280155][ T81] ? __pfx_process_one_work+0x10/0x10
[ 392.285386][ T81] ? __list_add_valid_or_report+0x33/0xc0
[ 392.290968][ T81] worker_thread+0x2e1/0x550
[ 392.295416][ T81] ? __kthread_parkme+0xcd/0xf0
[ 392.300126][ T81] ? __pfx_worker_thread+0x10/0x10
[ 392.305095][ T81] kthread+0x19e/0x1e0
[ 392.309028][ T81] ? kthread+0xf0/0x1e0
[ 392.313048][ T81] ? __pfx_kthread+0x10/0x10
[ 392.317498][ T81] ret_from_fork+0x30/0x50
[ 392.321775][ T81] ? __pfx_kthread+0x10/0x10
[ 392.326230][ T81] ret_from_fork_asm+0x1a/0x30
[ 392.330865][ T81] </TASK>
[ 392.333775][ T81] Modules linked in: joydev openvswitch nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 psample snd_hda_codec_hdmi snd_ctl_led intel_rapl_msr snd_hda_codec_realtek intel_rapl_common intel_uncore_frequency snd_hda_codec_generic intel_uncore_frequency_common snd_hda_scodec_component btrfs blake2b_generic xor zstd_compress raid6_pq x86_pkg_temp_thermal libcrc32c intel_powerclamp snd_soc_avs snd_soc_hda_codec i915 snd_hda_ext_core coretemp snd_soc_core sd_mod snd_compress dell_wmi dell_pc cec sg kvm_intel snd_hda_intel drm_buddy snd_intel_dspcfg ttm dell_smbios snd_intel_sdw_acpi drm_display_helper kvm snd_hda_codec ipmi_devintf crct10dif_pclmul drm_kms_helper ipmi_msghandler crc32_pclmul snd_hda_core crc32c_intel ghash_clmulni_intel intel_gtt dell_wmi_aio snd_hwdep mei_wdt rapl wmi_bmof sparse_keymap i2c_designware_platform ahci agpgart dell_wmi_descriptor snd_pcm video i2c_designware_core libahci intel_cstate platform_profile dcdbas snd_timer intel_uncore mei_me snd i2c_i801 pcspkr libata mei
[ 392.333958][ T81] i2c_smbus soundcore intel_lpss_pci intel_pmc_core intel_lpss pinctrl_sunrisepoint intel_vsec idma64 pmt_telemetry wmi pmt_class acpi_pad binfmt_misc drm dm_mod ip_tables x_tables sch_fq_codel
[ 392.443447][ T81] CR2: 0000000000000040
[ 392.447461][ T81] ---[ end trace 0000000000000000 ]---
[ 392.452777][ T81] RIP: 0010:input_ff_create+0x11e/0x1f0
[ 392.458183][ T81] Code: 6d 28 15 4c 8d a5 b8 00 00 00 31 db eb 28 4c 63 eb be 08 00 00 00 4c 89 e8 48 c1 e8 06 48 8d 3c c5 38 00 00 00 e8 12 31 39 ff <4c> 0f ab 2c 25 38 00 00 00 83 c3 01 48 63 d3 be 80 00 00 00 4c 89
[ 392.477653][ T81] RSP: 0018:ffff888101b17598 EFLAGS: 00010246
[ 392.483580][ T81] RAX: 0000000000000000 RBX: 0000000000000050 RCX: ffffffff81144e56
[ 392.491415][ T81] RDX: fffffbfff0cf85f1 RSI: 0000000000000008 RDI: ffffffff867c2f80
[ 392.499249][ T81] RBP: ffff88833b573000 R08: 0000000000000001 R09: fffffbfff0cf85f0
[ 392.507082][ T81] R10: ffffffff867c2f87 R11: 0000000000000001 R12: ffff88833b5730b8
[ 392.514916][ T81] R13: 0000000000000050 R14: ffff88833b5730c0 R15: ffff88811b2ddea8
[ 392.522762][ T81] FS: 0000000000000000(0000) GS:ffff888733680000(0000) knlGS:0000000000000000
[ 392.531551][ T81] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 392.537999][ T81] CR2: 0000000000000040 CR3: 000000081946e005 CR4: 00000000003726f0
[ 392.545835][ T81] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 392.553670][ T81] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 392.561504][ T81] Kernel panic - not syncing: Fatal exception
[ 392.567476][ T81] Kernel Offset: disabled
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
