syzbot


KASAN: slab-out-of-bounds Read in edge_interrupt_callback

Status: fixed on 2020/05/10 10:41
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+37ba33391ad5f3935bbd@syzkaller.appspotmail.com
Fix commit: 57aa9f294b09 USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
First crash: 1518d, last: 1518d
Discussions (9)
Title Replies (including bot) Last reply
[PATCH 4.9 000/102] 4.9.218-rc1 review 112 (112) 2020/04/07 06:05
[PATCH 5.6 00/23] 5.6.1-rc1 review 47 (47) 2020/04/04 08:41
[PATCH 4.14 000/148] 4.14.175-rc1 review 153 (153) 2020/04/02 22:47
[PATCH 4.19 000/116] 4.19.114-rc1 review 129 (129) 2020/04/02 20:04
[PATCH 5.5 000/170] 5.5.14-rc1 review 180 (180) 2020/04/02 17:40
[PATCH 4.4 00/91] 4.4.218-rc1 review 97 (97) 2020/04/02 14:13
[PATCH 5.4 000/155] 5.4.29-rc1 review 156 (156) 2020/03/31 08:59
[PATCH] USB: io_edgeport: fix slab-out-of-bounds Read in edge_interrupt_callback 5 (5) 2020/03/26 09:29
KASAN: slab-out-of-bounds Read in edge_interrupt_callback 1 (3) 2020/03/25 07:44
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/03/25 07:26 17m anenbupt@gmail.com patch https://github.com/google/kasan.git e17994d1 OK

Sample crash report:
==================================================================
BUG: KASAN: slab-out-of-bounds in edge_interrupt_callback+0x8be/0x9d0 drivers/usb/serial/io_edgeport.c:715
Read of size 1 at addr ffff8881d2920c67 by task swapper/0/0

CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0xd3/0x314 mm/kasan/report.c:374
 __kasan_report.cold+0x37/0x77 mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:641
 edge_interrupt_callback+0x8be/0x9d0 drivers/usb/serial/io_edgeport.c:715
 __usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650
 usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716
 dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
 call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/22 13:54 https://github.com/google/kasan.git usb-fuzzer e17994d1e7b1 78267cec .config console log report syz C ci2-upstream-usb
* Struck through repros no longer work on HEAD.