syzbot

 sign-in | mailing list | source | docs
🐞 Open [1005] Subsystems 🐞 Fixed [5249] 🐞 Invalid [12556] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: slab-out-of-bounds Write in hid_report_raw_event

Status: closed as dup on 2019/09/19 18:28
Subsystems: input usb
[Documentation on labels]
Reported-by: syzbot+54323a55a37ec53f8045@syzkaller.appspotmail.com
First crash: 1712d, last: 1589d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
KMSAN: kernel-usb-infoleak in hid_submit_ctrl input usb C 839 1078d 1686d
Discussions (2)
Title Replies (including bot) Last reply
KASAN: slab-out-of-bounds Write in hid_report_raw_event 1 (2) 2019/09/19 18:28
KMSAN: kernel-usb-infoleak in hid_submit_ctrl 1 (2) 2019/09/19 18:27

Sample crash report:
==================================================================
BUG: KASAN: slab-out-of-bounds in memset include/linux/string.h:365 [inline]
BUG: KASAN: slab-out-of-bounds in hid_report_raw_event+0x13a/0xed0 drivers/hid/hid-core.c:1744
Write of size 4068 at addr ffff8881d035801d by task swapper/1/0

CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.5.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 print_address_description.constprop.0+0x16/0x200 mm/kasan/report.c:374
 __kasan_report.cold+0x37/0x7f mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:639
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x152/0x1c0 mm/kasan/generic.c:192
 memset+0x20/0x40 mm/kasan/common.c:108
 memset include/linux/string.h:365 [inline]
 hid_report_raw_event+0x13a/0xed0 drivers/hid/hid-core.c:1744
 hid_input_report+0x315/0x3f0 drivers/hid/hid-core.c:1824
 hid_irq_in+0x50e/0x690 drivers/hid/usbhid/hid-core.c:284
 __usb_hcd_giveback_urb+0x1f2/0x470 drivers/usb/core/hcd.c:1648
 usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1713
 dummy_timer+0x123d/0x2fdb drivers/usb/gadget/udc/dummy_hcd.c:1966
 ? rcu

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/25 15:42 https://github.com/google/kasan.git usb-fuzzer ecdf2214f472 be5c2c81 .config console log report syz C ci2-upstream-usb
2019/09/23 07:26 https://github.com/google/kasan.git usb-fuzzer e0bd8d794fc9 d96e88f3 .config console log report syz C ci2-upstream-usb
2019/08/25 04:27 https://github.com/google/kasan.git usb-fuzzer eea39f24f4a5 d21c5d9d .config console log report syz C ci2-upstream-usb
* Struck through repros no longer work on HEAD.