| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported |
|---|---|---|---|---|---|---|
| WARNING in hso_probe usb fs | C | 17 | 1627d | 1911d |
syzbot |
sign-in | mailing list | source | docs |
| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported |
|---|---|---|---|---|---|---|
| WARNING in hso_probe usb fs | C | 17 | 1627d | 1911d |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| KASAN: use-after-free Read in hso_probe | 1 (2) | 2019/11/19 14:43 |
| Reminder: 45 active syzbot reports in usb subsystem | 1 (1) | 2019/11/19 04:27 |
| Reminder: 67 active syzbot reports in usb subsystem | 1 (1) | 2019/10/04 03:38 |
worker_thread+0x96/0xe20 kernel/workqueue.c:2410 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 hso 3-1:0.0: Failed to find BULK IN ep ================================================================== BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:938 [inline] BUG: KASAN: use-after-free in __mutex_lock+0xf1e/0x1360 kernel/locking/mutex.c:1103 Read of size 8 at addr ffff8881cd9f6158 by task kworker/0:0/5 CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xef/0x16e lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd3/0x314 mm/kasan/report.c:374 __kasan_report.cold+0x37/0x77 mm/kasan/report.c:506 kasan_report+0xe/0x20 mm/kasan/common.c:641 __mutex_lock_common kernel/locking/mutex.c:938 [inline] __mutex_lock+0xf1e/0x1360 kernel/locking/mutex.c:1103 device_lock include/linux/device.h:771 [inline] device_del+0x9e/0xd30 drivers/base/core.c:2627 device_unregister+0x22/0xc0 drivers/base/core.c:2696 device_destroy+0x96/0xd0 drivers/base/core.c:3275 tty_unregister_device+0x7e/0x1a0 drivers/tty/tty_io.c:3192 hso_serial_tty_unregister drivers/net/usb/hso.c:2232 [inline] hso_create_bulk_serial_device drivers/net/usb/hso.c:2678 [inline] hso_probe.cold+0x6e/0x14c drivers/net/usb/hso.c:2944 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374 really_probe+0x290/0xac0 drivers/base/dd.c:551 driver_probe_device+0x223/0x350 drivers/base/dd.c:724 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:831 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431 __device_attach+0x217/0x390 drivers/base/dd.c:897 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0x1459/0x1bf0 drivers/base/core.c:2487 usb_set_configuration+0xe47/0x17d0 drivers/usb/core/message.c:2023 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272 really_probe+0x290/0xac0 drivers/base/dd.c:551 driver_probe_device+0x223/0x350 drivers/base/dd.c:724 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:831 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431 __device_attach+0x217/0x390 drivers/base/dd.c:897 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0x1459/0x1bf0 drivers/base/core.c:2487 usb_new_device.cold+0x540/0xcd0 drivers/usb/core/hub.c:2544 hub_port_connect drivers/usb/core/hub.c:5191 [inline] hub_port_connect_change drivers/usb/core/hub.c:5331 [inline] port_event drivers/usb/core/hub.c:5477 [inline] hub_event+0x21cb/0x4300 drivers/usb/core/hub.c:5559 process_one_work+0x94b/0x1620 kernel/workqueue.c:2264 worker_thread+0x96/0xe20 kernel/workqueue.c:2410 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Allocated by task 1802: save_stack+0x1b/0x80 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] __kasan_kmalloc mm/kasan/common.c:515 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:488 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] tty_register_device_attr+0x1b6/0x6f0 drivers/tty/tty_io.c:3131 hso_serial_common_create+0x113/0x710 drivers/net/usb/hso.c:2266 hso_create_bulk_serial_device drivers/net/usb/hso.c:2648 [inline] hso_probe+0xc93/0x1b7b drivers/net/usb/hso.c:2944 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374 really_probe+0x290/0xac0 drivers/base/dd.c:551 driver_probe_device+0x223/0x350 drivers/base/dd.c:724 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:831 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431 __device_attach+0x217/0x390 drivers/base/dd.c:897 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0x1459/0x1bf0 drivers/base/core.c:2487 usb_set_configuration+0xe47/0x17d0 drivers/usb/core/message.c:2023 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272 really_probe+0x290/0xac0 drivers/base/dd.c:551 driver_probe_device+0x223/0x350 drivers/base/dd.c:724 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:831 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431 __device_attach+0x217/0x390 drivers/base/dd.c:897 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0x1459/0x1bf0 drivers/base/core.c:2487 usb_new_device.cold+0x540/0xcd0 drivers/usb/core/hub.c:2544 hub_port_connect drivers/usb/core/hub.c:5191 [inline] hub_port_connect_change drivers/usb/core/hub.c:5331 [inline] port_event drivers/usb/core/hub.c:5477 [inline] hub_event+0x21cb/0x4300 drivers/usb/core/hub.c:5559 process_one_work+0x94b/0x1620 kernel/workqueue.c:2264 worker_thread+0x96/0xe20 kernel/workqueue.c:2410 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Freed by task 1802: save_stack+0x1b/0x80 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] kasan_set_free_info mm/kasan/common.c:337 [inline] __kasan_slab_free+0x117/0x160 mm/kasan/common.c:476 slab_free_hook mm/slub.c:1444 [inline] slab_free_freelist_hook mm/slub.c:1477 [inline] slab_free mm/slub.c:3024 [inline] kfree+0xd5/0x300 mm/slub.c:3976 device_release+0x71/0x200 drivers/base/core.c:1358 kobject_cleanup lib/kobject.c:693 [inline] kobject_release lib/kobject.c:722 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x256/0x550 lib/kobject.c:739 put_device drivers/base/core.c:2586 [inline] device_unregister+0x34/0xc0 drivers/base/core.c:2697 device_destroy+0x96/0xd0 drivers/base/core.c:3275 tty_unregister_device+0x7e/0x1a0 drivers/tty/tty_io.c:3192 hso_serial_tty_unregister drivers/net/usb/hso.c:2232 [inline] hso_create_bulk_serial_device drivers/net/usb/hso.c:2678 [inline] hso_probe.cold+0x6e/0x14c drivers/net/usb/hso.c:2944 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374 really_probe+0x290/0xac0 drivers/base/dd.c:551 driver_probe_device+0x223/0x350 drivers/base/dd.c:724 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:831 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431 __device_attach+0x217/0x390 drivers/base/dd.c:897 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0x1459/0x1bf0 drivers/base/core.c:2487 usb_set_configuration+0xe47/0x17d0 drivers/usb/core/message.c:2023 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272 really_probe+0x290/0xac0 drivers/base/dd.c:551 driver_probe_device+0x223/0x350 drivers/base/dd.c:724 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:831 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431 __device_attach+0x217/0x390 drivers/base/dd.c:897 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491 device_add+0x1459/0x1bf0 drivers/base/core.c:2487 usb_new_device.cold+0x540/0xcd0 drivers/usb/core/hub.c:2544 hub_port_connect drivers/usb/core/hub.c:5191 [inline] hub_port_connect_change drivers/usb/core/hub.c:5331 [inline] port_event drivers/usb/core/hub.c:5477 [inline] hub_event+0x21cb/0x4300 drivers/usb/core/hub.c:5559 process_one_work+0x94b/0x1620 kernel/workqueue.c:2264 worker_thread+0x96/0xe20 kernel/workqueue.c:2410 kthread+0x318/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 The buggy address belongs to the object at ffff8881cd9f6000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 344 bytes inside of 2048-byte region [ffff8881cd9f6000, ffff8881cd9f6800) The buggy address belongs to the page: page:ffffea0007367c00 refcount:1 mapcount:0 mapping:ffff8881da00c000 index:0x0 compound_mapcount: 0 flags: 0x200000000010200(slab|head) raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c000 raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881cd9f6000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881cd9f6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8881cd9f6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881cd9f6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881cd9f6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/03/17 01:35 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | 749688d2 | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/03/08 15:45 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | 2e9971bb | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/02/27 21:20 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | c88c7b75 | .config | console log | report | syz | C | ci2-upstream-usb | |||
| 2020/07/16 06:45 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 313da01ad524 | ada108d0 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/07/08 19:59 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 768a07412843 | 9f9845eb | .config | console log | report | ci2-upstream-usb | |||||
| 2020/07/06 05:26 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 768a07412843 | 22f87567 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/07/03 10:56 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | 768a07412843 | f30c14bf | .config | console log | report | ci2-upstream-usb | |||||
| 2020/06/27 01:17 | https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing | fb5746826a0c | ffec44b5 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/06/12 09:41 | https://github.com/google/kasan.git usb-fuzzer | 2089c6ed5a17 | 819b58b0 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/06/11 07:32 | https://github.com/google/kasan.git usb-fuzzer | 2089c6ed5a17 | 3ab7a05a | .config | console log | report | ci2-upstream-usb | |||||
| 2020/06/04 01:32 | https://github.com/google/kasan.git usb-fuzzer | 2089c6ed5a17 | b0d1c0d5 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/05/25 13:23 | https://github.com/google/kasan.git usb-fuzzer | 806d8acc2890 | 73964a9b | .config | console log | report | ci2-upstream-usb | |||||
| 2020/05/24 10:15 | https://github.com/google/kasan.git usb-fuzzer | 806d8acc2890 | 96c92ad3 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/05/06 18:47 | https://github.com/google/kasan.git usb-fuzzer | 059e7e0ff26c | 4618eb2d | .config | console log | report | ci2-upstream-usb | |||||
| 2020/04/17 08:21 | https://github.com/google/kasan.git usb-fuzzer | 0fa84af850a4 | 18397578 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/04/17 00:11 | https://github.com/google/kasan.git usb-fuzzer | 0fa84af850a4 | c743fcb3 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/04/10 23:26 | https://github.com/google/kasan.git usb-fuzzer | 0fa84af850a4 | a8c6a3f8 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/04/07 12:21 | https://github.com/google/kasan.git usb-fuzzer | 0fa84af850a4 | 99a96044 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/30 09:09 | https://github.com/google/kasan.git usb-fuzzer | 0fa84af850a4 | c8d1cc20 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/28 01:20 | https://github.com/google/kasan.git usb-fuzzer | e17994d1e7b1 | 831e9a81 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/27 09:54 | https://github.com/google/kasan.git usb-fuzzer | e17994d1e7b1 | 9af8b4b3 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/25 20:42 | https://github.com/google/kasan.git usb-fuzzer | e17994d1e7b1 | e8e6c7d2 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/25 06:25 | https://github.com/google/kasan.git usb-fuzzer | e17994d1e7b1 | 41f049cc | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/19 00:12 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | 2c31c529 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/16 18:28 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | 749688d2 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/05 13:06 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | b655d91b | .config | console log | report | ci2-upstream-usb | |||||
| 2020/03/03 20:03 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | 350a7a26 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/26 23:49 | https://github.com/google/kasan.git usb-fuzzer | d6ff8147a51c | 251aabb7 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/22 14:23 | https://github.com/google/kasan.git usb-fuzzer | 307a2623c9d7 | 2c36e7a7 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/21 05:49 | https://github.com/google/kasan.git usb-fuzzer | 7f0cd6c7c423 | bd2a74a3 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/20 13:56 | https://github.com/google/kasan.git usb-fuzzer | 7f0cd6c7c423 | 81230308 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/12 17:36 | https://github.com/google/kasan.git usb-fuzzer | 7f0cd6c7c423 | 84f4fc8a | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/11 05:46 | https://github.com/google/kasan.git usb-fuzzer | 7f0cd6c7c423 | d9e55b05 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/10 19:17 | https://github.com/google/kasan.git usb-fuzzer | e5cd56e94edd | d9e55b05 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/09 22:44 | https://github.com/google/kasan.git usb-fuzzer | e5cd56e94edd | 35f5e45e | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/08 07:51 | https://github.com/google/kasan.git usb-fuzzer | e5cd56e94edd | 06150bf1 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/07 03:20 | https://github.com/google/kasan.git usb-fuzzer | e5cd56e94edd | 06150bf1 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/06 15:11 | https://github.com/google/kasan.git usb-fuzzer | e5cd56e94edd | 5be3a391 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/02/06 13:49 | https://github.com/google/kasan.git usb-fuzzer | e5cd56e94edd | 5be3a391 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/01/17 13:53 | https://github.com/google/kasan.git usb-fuzzer | 4cc301ee04d9 | 3de7aabb | .config | console log | report | ci2-upstream-usb | |||||
| 2020/01/09 16:19 | https://github.com/google/kasan.git usb-fuzzer | ae1794106b94 | 4de4e9f0 | .config | console log | report | ci2-upstream-usb | |||||
| 2020/01/06 22:22 | https://github.com/google/kasan.git usb-fuzzer | ecdf2214f472 | 53430d97 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/12/31 00:14 | https://github.com/google/kasan.git usb-fuzzer | ecdf2214f472 | 6b36d338 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/12/28 11:05 | https://github.com/google/kasan.git usb-fuzzer | ecdf2214f472 | af6b8ef8 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/11/28 09:52 | https://github.com/google/kasan.git usb-fuzzer | da06441bb485 | 97264cb1 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/11/26 19:45 | https://github.com/google/kasan.git usb-fuzzer | da06441bb485 | 1048481f | .config | console log | report | ci2-upstream-usb | |||||
| 2019/11/20 07:14 | https://github.com/google/kasan.git usb-fuzzer | 46178223c0ca | 432c7650 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/11/15 06:22 | https://github.com/google/kasan.git usb-fuzzer | 3183c03757f8 | 79248ee8 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/10/26 05:16 | https://github.com/google/kasan.git usb-fuzzer | 22be26f76193 | 413926c5 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/10/23 19:44 | https://github.com/google/kasan.git usb-fuzzer | 22be26f76193 | b602d64b | .config | console log | report | ci2-upstream-usb | |||||
| 2019/10/15 08:27 | https://github.com/google/kasan.git usb-fuzzer | 22be26f76193 | 05ad7292 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/10/13 05:08 | https://github.com/google/kasan.git usb-fuzzer | 58d5f26a5584 | 426631dd | .config | console log | report | ci2-upstream-usb | |||||
| 2019/10/08 20:43 | https://github.com/google/kasan.git usb-fuzzer | 58d5f26a5584 | b1ebbfef | .config | console log | report | ci2-upstream-usb | |||||
| 2019/10/08 10:40 | https://github.com/google/kasan.git usb-fuzzer | 58d5f26a5584 | 28ac6e64 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/10/06 02:22 | https://github.com/google/kasan.git usb-fuzzer | 58d5f26a5584 | f3f7d9c8 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/10/05 02:41 | https://github.com/google/kasan.git usb-fuzzer | 58d5f26a5584 | f3f7d9c8 | .config | console log | report | ci2-upstream-usb | |||||
| 2019/09/27 22:14 | https://github.com/google/kasan.git usb-fuzzer | 2994c07743fe | d8074e0b | .config | console log | report | ci2-upstream-usb |