syzbot


KASAN: use-after-free Read in usbhid_close (3)
Status: fixed on 2020/07/17 17:58
Reported-by: syzbot+7bf5a7b0f0a1f9446f4c@syzkaller.appspotmail.com
Fix commit: 0ed08faded1d HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
First crash: 610d, last: 582d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in usbhid_close 3 813d 827d 0/22 closed as dup on 2019/09/03 12:12
upstream KASAN: use-after-free Read in usbhid_close (2) 1 766d 765d 0/22 auto-closed as invalid on 2020/03/02 09:27
android-54 KASAN: use-after-free Read in usbhid_close syz 1 605d 605d 1/1 fixed on 2021/10/13 19:27
Patch testing requests:
Created Duration User Patch Repo Result
2020/04/22 15:02 18m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 OK
2020/04/19 01:34 10m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log
2020/04/18 20:20 11m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log
2020/04/18 19:39 11m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log
2020/04/18 01:30 10m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log
2020/04/17 19:15 10m stern@rowland.harvard.edu patch https://github.com/google/kasan.git 0fa84af8 report log

Sample crash report:

Crashes (6):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-usb 2020/04/12 16:37 https://github.com/google/kasan.git usb-fuzzer 0fa84af850a4 36b0b050 .config log report syz C
ci2-upstream-usb 2020/05/04 21:56 https://github.com/google/kasan.git usb-fuzzer 059e7e0ff26c 9941337c .config log report
ci2-upstream-usb 2020/04/29 22:46 https://github.com/google/kasan.git usb-fuzzer 059e7e0ff26c 2dd552a5 .config log report
ci2-upstream-usb 2020/04/28 06:06 https://github.com/google/kasan.git usb-fuzzer 059e7e0ff26c 0ce7569e .config log report
ci2-upstream-usb 2020/04/12 15:55 https://github.com/google/kasan.git usb-fuzzer 0fa84af850a4 36b0b050 .config log report
ci2-upstream-usb 2020/04/07 15:22 https://github.com/google/kasan.git usb-fuzzer 0fa84af850a4 99a96044 .config log report