syzbot


KASAN: slab-out-of-bounds Write in lg4ff_init

Status: closed as dup on 2019/10/03 19:01
Subsystems: input
[Documentation on labels]
Reported-by: syzbot+94e2b9e9c7d1dd332345@syzkaller.appspotmail.com
First crash: 1698d, last: 1638d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
KASAN: slab-out-of-bounds Write in ga_probe input C 5 1632d 1654d
Discussions (3)
Title Replies (including bot) Last reply
KASAN: slab-out-of-bounds Write in ga_probe 4 (6) 2019/09/19 19:19
Reminder: 52 active syzbot reports in usb subsystem 4 (4) 2019/09/19 19:01
KASAN: slab-out-of-bounds Write in lg4ff_init 4 (7) 2019/08/06 10:49
Last patch testing requests (2)
Created Duration User Patch Repo Result
2019/08/06 10:38 10m oneukum@suse.com patch https://github.com/google/kasan.git e96407b4 report log
2019/08/05 14:34 18m oneukum@suse.com patch https://github.com/google/kasan.git e96407b4 OK

Sample crash report:
usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
usb 1-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
logitech 0003:046D:CA03.0001: unknown main item tag 0x0
logitech 0003:046D:CA03.0001: hidraw0: USB HID v0.00 Device [HID 046d:ca03] on usb-dummy_hcd.0-1/input0
==================================================================
BUG: KASAN: slab-out-of-bounds in set_bit include/asm-generic/bitops-instrumented.h:28 [inline]
BUG: KASAN: slab-out-of-bounds in lg4ff_init+0x89c/0x1800 drivers/hid/hid-lg4ff.c:1331
Write of size 8 at addr ffff8881d59472c0 by task kworker/0:1/12

CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.4.0-rc1+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xca/0x13e lib/dump_stack.c:113
 print_address_description.constprop.0+0x36/0x50 mm/kasan/report.c:374
 __kasan_report.cold+0x1a/0x33 mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:634
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x128/0x190 mm/kasan/generic.c:192
 set_bit include/asm-generic/bitops-instrumented.h:28 [inline]
 lg4ff_init+0x89c/0x1800 drivers/hid/hid-lg4ff.c:1331
 lg_probe+0x3b3/0x8a0 drivers/hid/hid-lg.c:850

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/02 20:30 https://github.com/google/kasan.git usb-fuzzer 58d5f26a5584 2e29b534 .config console log report syz C ci2-upstream-usb
2019/09/27 17:46 https://github.com/google/kasan.git usb-fuzzer 2994c07743fe d8074e0b .config console log report syz C ci2-upstream-usb
2019/09/18 19:09 https://github.com/google/kasan.git usb-fuzzer f0df5c1be1e9 46c0be24 .config console log report syz C ci2-upstream-usb
2019/08/03 15:33 https://github.com/google/kasan.git usb-fuzzer e96407b49762 6affd8e8 .config console log report syz C ci2-upstream-usb
* Struck through repros no longer work on HEAD.