syzbot


KASAN: use-after-free Read in usbhid_close (3)
Status: upstream: reported C repro on 2020/04/07 15:26
Reported-by: syzbot+7bf5a7b0f0a1f9446f4c@syzkaller.appspotmail.com
Fix commit: 0ed08fad HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-usb], missing on: [ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci2-upstream-kcsan-gce]
First crash: 56d, last: 29d
similar bugs (3):
Kernel Title Repro Bisected Count Last Reported Patched Status
upstream KASAN: use-after-free Read in usbhid_close 3 260d 273d 0/17 closed as dup on 2019/09/03 12:12
upstream KASAN: use-after-free Read in usbhid_close (2) 1 212d 211d 0/17 auto-closed as invalid on 2020/03/02 09:27
android-54 KASAN: use-after-free Read in usbhid_close syz 1 51d 51d 0/1 upstream: reported syz repro on 2020/04/12 16:51
Patch testing requests:
Created Duration User Patch Repo Result
2020/04/22 15:02 18m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 OK
2020/04/19 01:34 10m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log
2020/04/18 20:20 11m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log
2020/04/18 19:39 11m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log
2020/04/18 01:30 10m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log
2020/04/17 19:15 10m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log

Sample crash report:

Crashes (6):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci2-upstream-usb 2020/04/12 16:37 https://github.com/google/kasan.git usb-fuzzer 0fa84af8 36b0b050 .config log report syz C gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb 2020/05/04 21:56 https://github.com/google/kasan.git usb-fuzzer 059e7e0f 9941337c .config log report gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb 2020/04/29 22:46 https://github.com/google/kasan.git usb-fuzzer 059e7e0f 2dd552a5 .config log report gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb 2020/04/28 06:06 https://github.com/google/kasan.git usb-fuzzer 059e7e0f 0ce7569e .config log report gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb 2020/04/12 15:55 https://github.com/google/kasan.git usb-fuzzer 0fa84af8 36b0b050 .config log report gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb 2020/04/07 15:22 https://github.com/google/kasan.git usb-fuzzer 0fa84af8 99a96044 .config log report gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org