107451 – xbox one controller xpad kernel NULL pointer dereference

Bug 107451 - xbox one controller xpad kernel NULL pointer dereference

Summary: xbox one controller xpad kernel NULL pointer dereference

Status:	NEW

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	Input Devices (show other bugs)
Hardware:	All Linux

Importance:	P1 high
Assignee:	drivers_input-devices

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-11-08 00:45 UTC by Rob
Modified:	2016-10-01 22:38 UTC (History)
CC List:	5 users (show)

See Also:
Kernel Version:	4.2.0-16-generic
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
xpad xbox one dmesg (8.29 KB, text/plain) 2015-11-08 00:48 UTC, Rob	Details
Add an attachment (proposed patch, testcase, etc.)

Description Rob 2015-11-08 00:45:17 UTC

Hello, I managed to trigger the following message twice when I plug a Xbox One Controller (the one w/ the 3.5mm audio connector):

Nov  7 14:08:54 cg-Latitude-E6440 kernel: [  241.205188] usb 1-3: new full-speed USB device number 5 using xhci_hcd
Nov  7 14:08:54 cg-Latitude-E6440 kernel: [  241.334964] usb 1-3: New USB device found, idVendor=045e, idProduct=02dd
Nov  7 14:08:54 cg-Latitude-E6440 kernel: [  241.334967] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Nov  7 14:08:54 cg-Latitude-E6440 kernel: [  241.334968] usb 1-3: Product: Controller
Nov  7 14:08:54 cg-Latitude-E6440 kernel: [  241.334969] usb 1-3: Manufacturer: Microsoft
Nov  7 14:08:54 cg-Latitude-E6440 kernel: [  241.334970] usb 1-3: SerialNumber: 7EED8BBFA632
Nov  7 14:08:54 cg-Latitude-E6440 mtp-probe: checking bus 1, device 5: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-3"
Nov  7 14:08:54 cg-Latitude-E6440 mtp-probe: bus: 1, device: 5 was not an MTP device
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.860612] input: Generic X-Box pad as /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.0/input/input21
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.860796] BUG: unable to handle kernel NULL pointer dereference at 000000000000004e
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.860835] IP: [<ffffffffc0c0758a>] xpad_probe+0x37a/0x9eb [xpad]
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.860865] PGD 0
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.860875] Oops: 0000 [#1] SMP
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.860890] Modules linked in: xpad(+) ff_memless nvram msr ctr ccm rfcomm ipt_REJECT nf_reject_ipv4 uhid bnep ebtable_filter ebtables ip6table_filter ip6_tables xt_addrtype btusb btrtl btbcm btintel bluetooth xt_conntrack uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core v4l2_common videodev media aufs pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp bridge stp vboxdrv(OE) llc iptable_filter ip_tables x_tables binfmt_misc nls_iso8859_1 arc4 dell_wmi sparse_keymap dell_laptop dcdbas dell_smm_hwmon intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp iwlmvm joydev input_leds mac80211 serio_raw snd_hda_codec_hdmi snd_soc_rt5640 snd_soc_rl6231 iwlwifi snd_soc_core snd_compress snd_hda_codec_realtek lpc_ich ac97_bus snd_hda_codec_generic cfg80211 snd_pcm_dmaengine snd_seq_midi snd_seq_midi_event snd_hda_intel snd_rawmidi snd_hda_codec snd_hda_core mei_me snd_hwdep snd_seq mei snd_pcm shpchp ie31200_edac snd_seq_device edac_core snd_timer 8250_fintek snd dell_smo8800 soundcore kvm_intel dw_dmac snd_soc_sst_acpi dw_dmac_core kvm 8250_dw i2c_designware_platform spi_pxa2xx_platform i2c_designware_core intel_rst dell_rbtn mac_hid coretemp parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq drbg ansi_cprng algif_skcipher af_alg dm_crypt hid_logitech_hidpp hid_logitech_dj uas usb_storage hid_generic usbhid mmc_block crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw i915 gf128mul glue_helper ablk_helper cryptd psmouse i2c_algo_bit drm_kms_helper ahci libahci e1000e drm sdhci_pci ptp pps_core wmi sdhci_acpi video sdhci i2c_hid hid
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861633] CPU: 0 PID: 4953 Comm: systemd-udevd Tainted: G           OE   4.2.0-16-generic #19-Ubuntu
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861673] Hardware name: Dell Inc. Latitude E6440/0YX2X3, BIOS A12 05/19/2015
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861705] task: ffff8802a9860dc0 ti: ffff8802651a8000 task.ti: ffff8802651a8000
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861735] RIP: 0010:[<ffffffffc0c0758a>]  [<ffffffffc0c0758a>] xpad_probe+0x37a/0x9eb [xpad]
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861774] RSP: 0018:ffff8802651aba78  EFLAGS: 00010206
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861797] RAX: ffff8803136983c0 RBX: ffff8802b6ec0890 RCX: 0000000000000000
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861825] RDX: 0000000000000048 RSI: 0000000000000008 RDI: ffff8802b6ec0800
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861854] RBP: ffff8802651abac8 R08: ffff8802b66dc060 R09: ffffffff815def49
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861881] R10: ffff8803136983c0 R11: ffff8804092af4d7 R12: ffff880088df6800
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861912] R13: 000000000000005e R14: ffff880088df6830 R15: ffff88034952fe00
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861941] FS:  00007f4ebeae28c0(0000) GS:ffff88041ea00000(0000) knlGS:0000000000000000
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861972] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.861995] CR2: 000000000000004e CR3: 00000002b58ca000 CR4: 00000000001406f0
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862024] Stack:
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862033]  ffff8802651abac8 ffffffff0000ffff ffff8802b6ec0800 ffff8803184fb400
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862066]  ffffffffc0c0a088 ffff8802b6ec0890 ffff8802b6ec0800 ffffffffc0c0a088
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862085]  ffff8803184fb430 ffffffffc0c0a1c0 ffff8802651abb18 ffffffff815e4562
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862103] Call Trace:
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862115]  [<ffffffff815e4562>] usb_probe_interface+0x1b2/0x2d0
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862131]  [<ffffffff81520b0a>] driver_probe_device+0x21a/0x490
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862145]  [<ffffffff81520e10>] __driver_attach+0x90/0xa0
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862159]  [<ffffffff81520d80>] ? driver_probe_device+0x490/0x490
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862175]  [<ffffffff8151e6ac>] bus_for_each_dev+0x6c/0xc0
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862190]  [<ffffffff815202ae>] driver_attach+0x1e/0x20
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862203]  [<ffffffff8151fddb>] bus_add_driver+0x1eb/0x280
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862216]  [<ffffffff815216b0>] driver_register+0x60/0xe0
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862230]  [<ffffffff815e2e74>] usb_register_driver+0x84/0x140
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862245]  [<ffffffffc0c0d000>] ? 0xffffffffc0c0d000
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862259]  [<ffffffffc0c0d01e>] xpad_driver_init+0x1e/0x1000 [xpad]
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862275]  [<ffffffff81002123>] do_one_initcall+0xb3/0x200
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862290]  [<ffffffff811de027>] ? kmem_cache_alloc_trace+0x187/0x1f0
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862305]  [<ffffffff817e66c8>] ? do_init_module+0x28/0x1e7
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862319]  [<ffffffff817e6700>] do_init_module+0x60/0x1e7
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862333]  [<ffffffff81102876>] load_module+0x1676/0x1c10
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862346]  [<ffffffff810fe9c0>] ? __symbol_put+0x60/0x60
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862361]  [<ffffffff81202f80>] ? kernel_read+0x50/0x80
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862374]  [<ffffffff81103069>] SyS_finit_module+0xb9/0xf0
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862388]  [<ffffffff817ef9f2>] entry_SYSCALL_64_fastpath+0x16/0x75
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862403] Code: d2 41 83 bf d4 00 00 00 03 4d 8b 47 50 48 8b 4f 08 49 8b 7f 08 0f 95 c2 48 8d 34 d5 00 00 00 00 48 8b 49 18 48 01 f2 48 8d 14 d1 <0f> b6 72 06 0f b6 52 02 c1 e2 0f 89 d1 8b 17 48 89 78 48 81 c9
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862474] RIP  [<ffffffffc0c0758a>] xpad_probe+0x37a/0x9eb [xpad]
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862490]  RSP <ffff8802651aba78>
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.862498] CR2: 000000000000004e
Nov  7 14:08:55 cg-Latitude-E6440 kernel: [  241.867564] ---[ end trace 57607b5340c47173 ]---
Nov  7 14:08:55 cg-Latitude-E6440 systemd-udevd[448]: worker [4953] terminated by signal 9 (Killed)
Nov  7 14:08:55 cg-Latitude-E6440 systemd-udevd[448]: worker [4953] failed while handling '/devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.1'
 
I have to force a reboot when it happens.

Comment 1 Rob 2015-11-08 00:48:05 UTC

Created attachment 192371 [details]
xpad xbox one dmesg

Comment 2 Rob 2015-11-08 00:48:39 UTC

I'm using Ubuntu 15.10, stock kernel.

Comment 3 Sebastien 2015-11-12 17:16:56 UTC

hi,
i have the same problem with newer kernel:
Linux localhost 4.3.0-gentoo #1 SMP Wed Nov 11 13:05:13 2015 x86_64 Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz GenuineIntel GNU/Linux

the whole system freeze immediatly when i connect the controller (the one with 3.5" jack controller) , with a "normal" controller (withous jack) it's working fine

Comment 4 Dmitry Torokhov 2015-11-14 18:43:09 UTC

Support for 0x045e/0x02d device has been added in commit 39a7a88872df98f0c3c50fe278fd1a1f597afd95, can you please try it?

Comment 5 Sebastien 2015-11-15 18:14:36 UTC

hi,
just tried: it s seems to be working fine

nov. 15 19:12:41 localhost kernel: usb 3-12: new full-speed USB device number 5 using xhci_hcd
nov. 15 19:12:41 localhost kernel: usb 3-12: New USB device found, idVendor=045e, idProduct=02dd
nov. 15 19:12:41 localhost kernel: usb 3-12: New USB device strings: Mfr=1, Product=2, SerialNumber=3
nov. 15 19:12:41 localhost kernel: usb 3-12: Product: Controller
nov. 15 19:12:41 localhost kernel: usb 3-12: Manufacturer: Microsoft
nov. 15 19:12:41 localhost kernel: usb 3-12: SerialNumber: 7EED89F4AFCE
nov. 15 19:12:41 localhost kernel: input: Microsoft X-Box One pad (Covert Forces) as /devices/pci0000:00/0000:00:14.0/usb3/3-12/3-12:1.0/input/input19
nov. 15 19:12:41 localhost kernel: usbcore: registered new interface driver xpad


( i used the file from : https://raw.githubusercontent.com/torvalds/linux/master/drivers/input/joystick/xpad.c )
(copied into my 4.3.0 kernel in replacement of the other xpad.c )

thanks a lot

Comment 6 Sebastien 2015-11-15 18:26:14 UTC

hum after testing to play with the controller: it's not working, just no crash anymore, the old controler type is still working fine, the newer (jack port) still don't

Comment 7 dan.g.tob 2015-12-28 15:08:22 UTC

New controllers and old controllers with updated firmware have a new usb id. This is fixed with the master branch from here https://github.com/paroj/xpad but has not made its way upstream yet

Comment 8 Cameron Gutman 2016-10-01 22:38:04 UTC

This bug is fixed by c7f1429389ec1aa25e042bb13451385fbb596f8c.

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/input/joystick/xpad.c?id=c7f1429389ec1aa25e042bb13451385fbb596f8c

Note You need to log in before you can comment on or make changes to this bug.