KASAN: stack-out-of-bounds Read in string

Title	Replies (including bot)	Last reply
[PATCH 3.16 000/157] 3.16.72-rc1 review	162 (162)	2019/08/11 15:25
[PATCH 4.4 000/266] 4.4.180-stable review	282 (282)	2019/05/17 09:42
[PATCH 3.18 00/86] 3.18.140-stable review	93 (93)	2019/05/16 14:59
[PATCH 5.0 000/122] 5.0.14-stable review	134 (134)	2019/05/08 06:36
[PATCH 4.19 00/99] 4.19.41-stable review	111 (111)	2019/05/08 06:35
[PATCH 4.14 00/75] 4.14.117-stable review	81 (81)	2019/05/07 22:47
[PATCH 4.9 00/62] 4.9.174-stable review	73 (73)	2019/05/07 20:34
USB: core: Fix unterminated string returned by usb_string()	1 (1)	2019/04/15 15:51
KASAN: stack-out-of-bounds Read in string	0 (1)	2019/04/12 11:46

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-49	KASAN: stack-out-of-bounds Read in string	C			202	2131d	2449d	0/3	closed as invalid on 2019/01/01 20:10

android-49

202

2131d

2449d

0/3

closed as invalid on 2019/01/01 20:10

Created	Duration	User	Patch	Repo	Result
2019/04/13 15:36	36m	stern@rowland.harvard.edu	patch	https://github.com/google/kasan.git usb-fuzzer	OK
2019/04/13 14:34	37m	dvyukov@google.com	patch	https://github.com/google/kasan.git usb-fuzzer	OK
2019/04/13 14:32	30m	dvyukov@google.com		https://github.com/google/kasan.git usb-fuzzer	report log
2019/04/13 09:33	35m	dvyukov@google.com		https://github.com/google/kasan.git usb-fuzzer	report log
2019/04/12 20:33	0m	stern@rowland.harvard.edu		https://github.com/google/kasan/tree/usb-fuzzer 9a33b369	error OK

Created

Duration

User

Patch

Repo

Result

2019/04/13 15:36

36m

stern@rowland.harvard.edu

patch

https://github.com/google/kasan.git usb-fuzzer

2019/04/13 14:34

37m

dvyukov@google.com

patch

https://github.com/google/kasan.git usb-fuzzer

2019/04/13 14:32

30m

dvyukov@google.com

https://github.com/google/kasan.git usb-fuzzer

report log

2019/04/13 09:33

35m

dvyukov@google.com

https://github.com/google/kasan.git usb-fuzzer

report log

2019/04/12 20:33

stern@rowland.harvard.edu

https://github.com/google/kasan/tree/usb-fuzzer 9a33b369

error OK

usb 1-1: config 0 interface 213 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 usb 1-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=6c.23 usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 usb 1-1: config 0 descriptor?? ================================================================== BUG: KASAN: stack-out-of-bounds in string+0x1f6/0x220 lib/vsprintf.c:606 Read of size 1 at addr ffff88809ec17260 by task kworker/0:2/533 CPU: 0 PID: 533 Comm: kworker/0:2 Not tainted 5.1.0-rc4-319354-g9a33b36 #3 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe8/0x16e lib/dump_stack.c:113 print_address_description+0x6c/0x236 mm/kasan/report.c:187 kasan_report.cold+0x1a/0x3c mm/kasan/report.c:317 string+0x1f6/0x220 lib/vsprintf.c:606 vsnprintf+0xa14/0x16b0 lib/vsprintf.c:2396 pointer+0x60b/0x910 lib/vsprintf.c:2038 vsnprintf+0x5a0/0x16b0 lib/vsprintf.c:2400 vscnprintf+0x29/0x80 lib/vsprintf.c:2499 vprintk_store+0x45/0x4a0 kernel/printk/printk.c:1900 vprintk_emit+0x210/0x5a0 kernel/printk/printk.c:1957 dev_vprintk_emit+0x50e/0x553 drivers/base/core.c:3185 dev_printk_emit+0xbf/0xf6 drivers/base/core.c:3196 __dev_printk+0x1ed/0x215 drivers/base/core.c:3208 _dev_info+0xdc/0x10e drivers/base/core.c:3254 vub300_probe+0x25e/0xd80 drivers/mmc/host/vub300.c:2109 usb_probe_interface+0x31d/0x820 drivers/usb/core/driver.c:361 really_probe+0x2da/0xb10 drivers/base/dd.c:509 driver_probe_device+0x21d/0x350 drivers/base/dd.c:671 __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:778 bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454 __device_attach+0x223/0x3a0 drivers/base/dd.c:844 bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:514 device_add+0xad2/0x16e0 drivers/base/core.c:2106 usb_set_configuration+0xdf7/0x1740 drivers/usb/core/message.c:2021 generic_probe+0xa2/0xda drivers/usb/core/generic.c:210 usb_probe_device+0xc0/0x150 drivers/usb/core/driver.c:266 really_probe+0x2da/0xb10 drivers/base/dd.c:509 driver_probe_device+0x21d/0x350 drivers/base/dd.c:671 __device_attach_driver+0x1d8/0x290 drivers/base/dd.c:778 bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:454 __device_attach+0x223/0x3a0 drivers/base/dd.c:844 bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:514 device_add+0xad2/0x16e0 drivers/base/core.c:2106 usb_new_device.cold+0x537/0xccf drivers/usb/core/hub.c:2534 hub_port_connect drivers/usb/core/hub.c:5089 [inline] hub_port_connect_change drivers/usb/core/hub.c:5204 [inline] port_event drivers/usb/core/hub.c:5350 [inline] hub_event+0x138e/0x3b00 drivers/usb/core/hub.c:5432 process_one_work+0x90f/0x1580 kernel/workqueue.c:2269 worker_thread+0x9b/0xe20 kernel/workqueue.c:2415 kthread+0x313/0x420 kernel/kthread.c:253 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 The buggy address belongs to the page: page:ffffea00027b05c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0xfff00000000000() raw: 00fff00000000000 ffffea00027b05c8 ffffea00027b05c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88809ec17100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88809ec17180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88809ec17200: 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 f2 f2 f2 f2 ^ ffff88809ec17280: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 f3 f3 ffff88809ec17300: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================

Crashes (46):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/04/17 17:14	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	b0e8efcb	.config	console log	report	syz	C	ci2-upstream-usb
2019/04/14 11:26	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	505ab413	.config	console log	report	syz	C	ci2-upstream-usb
2019/04/12 02:18	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	13030ef8	.config	console log	report	syz	C	ci2-upstream-usb
2019/04/24 01:29	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	2398edea	.config	console log	report			ci2-upstream-usb
2019/04/23 19:47	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	2398edea	.config	console log	report			ci2-upstream-usb
2019/04/23 04:15	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	53199d6e	.config	console log	report			ci2-upstream-usb
2019/04/23 01:21	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	53199d6e	.config	console log	report			ci2-upstream-usb
2019/04/22 07:52	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/22 05:57	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/21 23:04	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/21 21:24	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/21 21:12	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/21 17:48	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/21 17:46	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/21 15:06	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/21 01:20	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/21 01:15	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/20 21:34	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/20 10:22	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/20 07:17	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/20 03:35	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/20 03:17	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/19 23:04	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/19 08:02	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/19 07:48	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/19 07:17	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/19 05:48	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/19 02:48	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/18 21:14	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/18 20:39	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/18 18:14	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/18 15:07	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/18 14:38	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/18 14:08	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/18 03:20	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/17 23:51	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/17 22:11	https://github.com/google/kasan.git usb-fuzzer	d34f9519daaa	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/17 14:50	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/17 08:31	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/17 07:38	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	b0e8efcb	.config	console log	report			ci2-upstream-usb
2019/04/13 15:10	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	c402d8f1	.config	console log	report			ci2-upstream-usb
2019/04/13 11:39	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	c402d8f1	.config	console log	report			ci2-upstream-usb
2019/04/13 08:03	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	c402d8f1	.config	console log	report			ci2-upstream-usb
2019/04/12 00:42	https://github.com/google/kasan.git usb-fuzzer	9a33b36996cb	13030ef8	.config	console log	report			ci2-upstream-usb

Crashes (46):

Assets (help?)

2019/04/17 17:14

https://github.com/google/kasan.git usb-fuzzer