syzbot

 sign-in | mailing list | source | docs
🐞 Open [1492]
Subsystems
🐞 Fixed [6684]
🐞 Invalid [17149]
Missing Backports [215]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-out-of-bounds Write in ga_probe

Status: fixed on 2019/11/06 12:39
Subsystems: input
[Documentation on labels]
Reported-by: syzbot+403741a091bf41d4ae79@syzkaller.appspotmail.com
Fix commit: d9d4b1e46d95 HID: Fix assumption that devices have inputs
First crash: 2236d, last: 2212d
Duplicate bugs (2)
duplicates (2):
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
KASAN: slab-out-of-bounds Write in lg4ff_init input 23 C 4 2217d 2276d 0/29 closed as dup on 2019/10/03 19:01
KASAN: slab-out-of-bounds Write in ax_probe input usb 23 C 70 2185d 2269d 0/29 closed as dup on 2019/10/03 19:01
Discussions (11)
Title Replies (including bot) Last reply
[PATCH 3.16 00/72] 3.16.79-rc1 review 87 (87) 2019/12/14 18:44
[PATCH] HID: hid-lg4ff: Fix uninit-value set_autocenter_default 4 (4) 2019/11/25 15:14
[PATCH 4.19 000/149] 4.19.82-stable review 169 (169) 2019/11/11 09:36
[PATCH 4.9 00/62] 4.9.199-stable review 72 (72) 2019/11/06 11:17
[PATCH 5.3 000/163] 5.3.9-stable review 174 (174) 2019/11/06 10:49
[PATCH 4.14 00/95] 4.14.152-stable review 102 (102) 2019/11/05 23:37
[PATCH 4.4 00/46] 4.4.199-stable review 52 (52) 2019/11/05 23:36
[PATCH] HID: Fix assumption that devices have inputs 2 (2) 2019/10/04 15:47
Reminder: 67 active syzbot reports in usb subsystem 1 (1) 2019/10/04 03:38
KASAN: slab-out-of-bounds Write in ga_probe 4 (6) 2019/09/19 19:19
Reminder: 52 active syzbot reports in usb subsystem 4 (4) 2019/09/19 19:01
Last patch testing requests (1)
Created Duration User Patch Repo Result
2019/09/18 11:26 18m andreyknvl@google.com patch https://github.com/google/kasan.git f0df5c1b OK

Sample crash report:
usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
usb 1-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
greenasia 0003:0E8F:0012.0001: unknown main item tag 0x0
greenasia 0003:0E8F:0012.0001: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.0-1/input0
==================================================================
BUG: KASAN: slab-out-of-bounds in set_bit include/asm-generic/bitops-instrumented.h:28 [inline]
BUG: KASAN: slab-out-of-bounds in gaff_init drivers/hid/hid-gaff.c:97 [inline]
BUG: KASAN: slab-out-of-bounds in ga_probe+0x1fd/0x6f0 drivers/hid/hid-gaff.c:146
Write of size 8 at addr ffff8881d7c4c3c0 by task kworker/0:1/12

CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.4.0-rc1+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xca/0x13e lib/dump_stack.c:113
 print_address_description.constprop.0+0x36/0x50 mm/kasan/report.c:374
 __kasan_report.cold+0x1a/0x33 mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:634
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x128/0x190 mm/kasan/generic.c:192
 set_bit include/asm-generic/bitops-instrumented.h:28 [inline]
 gaff_init drivers/hid/hid-gaff.c:97 [inline]
 ga_probe+0x1fd/0x6f0 drivers/hid/hid-gaff.c:146
 hid_device_probe+0x2be/0x3f0 drivers/hid/hid-core.c:2209
 really_probe+0x281/0x6d0 drivers/base/dd.c:548
 driver_probe_device+0x104/0x210 drivers/base/dd.c:721
 _

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/08 10:07 https://github.com/google/kasan.git usb-fuzzer 58d5f26a5584 28ac6e64 .config console log report syz C ci2-upstream-usb
2019/09/25 02:19 https://github.com/google/kasan.git usb-fuzzer d9e63adcd16e e38a6630 .config console log report syz C ci2-upstream-usb
2019/09/18 23:37 https://github.com/google/kasan.git usb-fuzzer f0df5c1be1e9 46c0be24 .config console log report syz C ci2-upstream-usb
2019/09/18 15:11 https://github.com/google/kasan.git usb-fuzzer f0df5c1be1e9 1037b424 .config console log report syz C ci2-upstream-usb
2019/09/14 07:26 https://github.com/google/kasan.git usb-fuzzer f0df5c1be1e9 32d59357 .config console log report syz C ci2-upstream-usb
* Struck through repros no longer work on HEAD.