| Title | Replies (including bot) | Last reply |
|---|---|---|
| linux-next boot error: KASAN: slab-out-of-bounds Read in post_usb_notification | 3 (4) | 2020/01/20 13:37 |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [978] ≡ Subsystems 🐞 Fixed [5235] 🐞 Invalid [12492] ⬇ Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| linux-next boot error: KASAN: slab-out-of-bounds Read in post_usb_notification | 3 (4) | 2020/01/20 13:37 |
usbcore: registered new interface driver usb-storage usbcore: registered new interface driver ums-realtek usbcore: registered new interface driver usbserial_generic usbserial: USB Serial support registered for generic usbcore: registered new interface driver ch341 usbserial: USB Serial support registered for ch341-uart usbcore: registered new interface driver cp210x usbserial: USB Serial support registered for cp210x usbcore: registered new interface driver ftdi_sio usbserial: USB Serial support registered for FTDI USB Serial Device usbcore: registered new interface driver keyspan usbserial: USB Serial support registered for Keyspan - (without firmware) usbserial: USB Serial support registered for Keyspan 1 port adapter usbserial: USB Serial support registered for Keyspan 2 port adapter usbserial: USB Serial support registered for Keyspan 4 port adapter usbcore: registered new interface driver option usbserial: USB Serial support registered for GSM modem (1-port) usbcore: registered new interface driver oti6858 usbserial: USB Serial support registered for oti6858 usbcore: registered new interface driver pl2303 usbserial: USB Serial support registered for pl2303 usbcore: registered new interface driver qcserial usbserial: USB Serial support registered for Qualcomm USB modem usbcore: registered new interface driver sierra usbserial: USB Serial support registered for Sierra USB modem usbcore: registered new interface driver usb_serial_simple usbserial: USB Serial support registered for carelink usbserial: USB Serial support registered for zio usbserial: USB Serial support registered for funsoft usbserial: USB Serial support registered for flashloader usbserial: USB Serial support registered for google usbserial: USB Serial support registered for libtransistor usbserial: USB Serial support registered for vivopay usbserial: USB Serial support registered for moto_modem usbserial: USB Serial support registered for motorola_tetra usbserial: USB Serial support registered for novatel_gps usbserial: USB Serial support registered for hp4x usbserial: USB Serial support registered for suunto usbserial: USB Serial support registered for siemens_mpi dummy_hcd dummy_hcd.0: USB Host+Gadget Emulator, driver 02 May 2005 dummy_hcd dummy_hcd.0: Dummy host controller dummy_hcd dummy_hcd.0: new USB bus registered, assigned bus number 1 usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.05 usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 usb usb1: Product: Dummy host controller usb usb1: Manufacturer: Linux 5.5.0-next-20200131-syzkaller dummy_hcd usb usb1: SerialNumber: dummy_hcd.0 hub 1-0:1.0: USB hub found hub 1-0:1.0: 1 port detected ================================================================== BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:426 [inline] BUG: KASAN: slab-out-of-bounds in post_usb_notification+0xe5/0x170 drivers/usb/core/devio.c:2771 Read of size 21 at addr ffff888218710e40 by task swapper/0/1 CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.5.0-next-20200131-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x32 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:641 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 memcpy+0x24/0x50 mm/kasan/common.c:127 memcpy include/linux/string.h:426 [inline] post_usb_notification+0xe5/0x170 drivers/usb/core/devio.c:2771 post_usb_device_notification drivers/usb/core/devio.c:2785 [inline] usbdev_notify+0x2c0/0x4a0 drivers/usb/core/devio.c:2800 notifier_call_chain+0xc2/0x230 kernel/notifier.c:83 __blocking_notifier_call_chain kernel/notifier.c:284 [inline] __blocking_notifier_call_chain kernel/notifier.c:271 [inline] blocking_notifier_call_chain kernel/notifier.c:295 [inline] blocking_notifier_call_chain+0x94/0xb0 kernel/notifier.c:292 usb_notify_add_device+0x22/0x30 drivers/usb/core/notify.c:51 generic_probe+0x8c/0xde drivers/usb/core/generic.c:220 usb_probe_device+0xa0/0xf0 drivers/usb/core/driver.c:266 really_probe+0x291/0x700 drivers/base/dd.c:551 driver_probe_device+0x110/0x220 drivers/base/dd.c:724 __device_attach_driver+0x1c9/0x230 drivers/base/dd.c:831 bus_for_each_drv+0x172/0x1f0 drivers/base/bus.c:431 __device_attach+0x237/0x390 drivers/base/dd.c:897 device_initial_probe+0x1b/0x20 drivers/base/dd.c:944 bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:491 device_add+0x14fe/0x1d00 drivers/base/core.c:2487 usb_new_device.cold+0x74c/0x1063 drivers/usb/core/hub.c:2539 register_root_hub drivers/usb/core/hcd.c:1008 [inline] usb_add_hcd.cold+0x10f8/0x1496 drivers/usb/core/hcd.c:2790 dummy_hcd_probe+0x1ae/0x32c drivers/usb/gadget/udc/dummy_hcd.c:2639 platform_drv_probe+0x8d/0x140 drivers/base/platform.c:727 really_probe+0x291/0x700 drivers/base/dd.c:551 driver_probe_device+0x110/0x220 drivers/base/dd.c:724 __device_attach_driver+0x1c9/0x230 drivers/base/dd.c:831 bus_for_each_drv+0x172/0x1f0 drivers/base/bus.c:431 __device_attach+0x237/0x390 drivers/base/dd.c:897 device_initial_probe+0x1b/0x20 drivers/base/dd.c:944 bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:491 device_add+0x14fe/0x1d00 drivers/base/core.c:2487 platform_device_add+0x34e/0x6c0 drivers/base/platform.c:564 init+0x534/0xab8 arch/x86/crypto/chacha_glue.c:293 do_one_initcall+0x120/0x820 init/main.c:1109 do_initcall_level init/main.c:1182 [inline] do_initcalls init/main.c:1198 [inline] do_basic_setup init/main.c:1218 [inline] kernel_init_freeable+0x522/0x5d0 init/main.c:1402 kernel_init+0x12/0x1bf init/main.c:1309 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Allocated by task 1: save_stack+0x23/0x90 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] __kasan_kmalloc mm/kasan/common.c:515 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:488 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:529 __do_kmalloc mm/slab.c:3656 [inline] __kmalloc_track_caller+0x15f/0x760 mm/slab.c:3671 kvasprintf+0xc8/0x170 lib/kasprintf.c:25 kvasprintf_const+0x65/0x190 lib/kasprintf.c:49 kobject_set_name_vargs+0x5b/0x150 lib/kobject.c:289 dev_set_name+0xbb/0xf0 drivers/base/core.c:2265 usb_alloc_dev+0xcc4/0xf86 drivers/usb/core/usb.c:641 usb_add_hcd.cold+0x3c1/0x1496 drivers/usb/core/hcd.c:2697 dummy_hcd_probe+0x1ae/0x32c drivers/usb/gadget/udc/dummy_hcd.c:2639 platform_drv_probe+0x8d/0x140 drivers/base/platform.c:727 really_probe+0x291/0x700 drivers/base/dd.c:551 driver_probe_device+0x110/0x220 drivers/base/dd.c:724 __device_attach_driver+0x1c9/0x230 drivers/base/dd.c:831 bus_for_each_drv+0x172/0x1f0 drivers/base/bus.c:431 __device_attach+0x237/0x390 drivers/base/dd.c:897 device_initial_probe+0x1b/0x20 drivers/base/dd.c:944 bus_probe_device+0x1f1/0x2a0 drivers/base/bus.c:491 device_add+0x14fe/0x1d00 drivers/base/core.c:2487 platform_device_add+0x34e/0x6c0 drivers/base/platform.c:564 init+0x534/0xab8 arch/x86/crypto/chacha_glue.c:293 do_one_initcall+0x120/0x820 init/main.c:1109 do_initcall_level init/main.c:1182 [inline] do_initcalls init/main.c:1198 [inline] do_basic_setup init/main.c:1218 [inline] kernel_init_freeable+0x522/0x5d0 init/main.c:1402 kernel_init+0x12/0x1bf init/main.c:1309 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff888218710e40 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 0 bytes inside of 32-byte region [ffff888218710e40, ffff888218710e60) The buggy address belongs to the page: page:ffffea000861c400 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888218710fc1 flags: 0x57ffe0000000200(slab) raw: 057ffe0000000200 ffffea0008610a48 ffff88821bc00248 ffff8880aa4001c0 raw: ffff888218710fc1 ffff888218710000 000000010000003f 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888218710d00: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc ffff888218710d80: 00 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc >ffff888218710e00: 06 fc fc fc fc fc fc fc 05 fc fc fc fc fc fc fc ^ ffff888218710e80: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc ffff888218710f00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/02/02 13:58 | linux-next | c8e31a0fc397 | 93e5e335 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/02/01 20:30 | linux-next | c8e31a0fc397 | 2274ad39 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/02/01 08:26 | linux-next | c8e31a0fc397 | 0eb59c27 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/31 18:41 | linux-next | c8e31a0fc397 | c30117b2 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/31 04:26 | linux-next | c8e31a0fc397 | 5ed23f9a | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/31 04:26 | linux-next | c8e31a0fc397 | 5ed23f9a | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/30 05:59 | linux-next | c32e1d01a152 | 5ed23f9a | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/30 05:59 | linux-next | c32e1d01a152 | 5ed23f9a | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/30 05:59 | linux-next | c32e1d01a152 | 5ed23f9a | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/29 15:35 | linux-next | 335e1cb5b8c0 | 5ed23f9a | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/29 15:35 | linux-next | 335e1cb5b8c0 | 5ed23f9a | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/29 15:35 | linux-next | 335e1cb5b8c0 | 5ed23f9a | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/29 09:57 | linux-next | 335e1cb5b8c0 | c8e81ce4 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/29 09:57 | linux-next | 335e1cb5b8c0 | c8e81ce4 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/29 09:57 | linux-next | 335e1cb5b8c0 | c8e81ce4 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/28 16:50 | linux-next | eb9ebdceaadc | c8e81ce4 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/28 16:50 | linux-next | eb9ebdceaadc | c8e81ce4 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/28 16:50 | linux-next | eb9ebdceaadc | c8e81ce4 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/28 06:29 | linux-next | eb9ebdceaadc | 56cd6c9b | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/28 06:29 | linux-next | eb9ebdceaadc | 56cd6c9b | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/28 06:29 | linux-next | eb9ebdceaadc | 56cd6c9b | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/27 19:36 | linux-next | 702ccea170f0 | 56cd6c9b | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/27 19:36 | linux-next | 702ccea170f0 | 56cd6c9b | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/27 19:36 | linux-next | 702ccea170f0 | 56cd6c9b | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/21 14:30 | linux-next | bc80e6ad8ee1 | 8eda0b95 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/21 14:30 | linux-next | bc80e6ad8ee1 | 8eda0b95 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/21 14:30 | linux-next | bc80e6ad8ee1 | 8eda0b95 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/21 05:03 | linux-next | ccf0726b5c8e | 8eda0b95 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/21 05:03 | linux-next | ccf0726b5c8e | 8eda0b95 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/21 05:03 | linux-next | ccf0726b5c8e | 8eda0b95 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/20 13:29 | linux-next | ccf0726b5c8e | d2557fb5 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/20 13:29 | linux-next | ccf0726b5c8e | d2557fb5 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/20 13:29 | linux-next | ccf0726b5c8e | d2557fb5 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/20 07:52 | linux-next | ccf0726b5c8e | 0342f8c7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/20 07:52 | linux-next | ccf0726b5c8e | 0342f8c7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/20 07:52 | linux-next | ccf0726b5c8e | 0342f8c7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/19 15:22 | linux-next | de970dffa7d1 | 0342f8c7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/19 15:22 | linux-next | de970dffa7d1 | 0342f8c7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/19 15:22 | linux-next | de970dffa7d1 | 0342f8c7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/18 22:47 | linux-next | de970dffa7d1 | bc8bc756 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/18 22:47 | linux-next | de970dffa7d1 | bc8bc756 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/18 22:47 | linux-next | de970dffa7d1 | bc8bc756 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/17 09:24 | linux-next | de970dffa7d1 | 3de7aabb | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/17 09:24 | linux-next | de970dffa7d1 | 3de7aabb | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2020/01/17 09:24 | linux-next | de970dffa7d1 | 3de7aabb | .config | console log | report | ci-upstream-linux-next-kasan-gce-root |