* KASAN reporting: general protection fault in flexcop_usb_probe
@ 2019-07-30 7:48 Oliver Neukum
2019-07-30 8:30 ` syzbot
0 siblings, 1 reply; 10+ messages in thread
From: Oliver Neukum @ 2019-07-30 7:48 UTC (permalink / raw)
To: syzbot+d93dff37e6a89431c158; +Cc: linux-media, linux-usb
Reacting to this:
Title: general protection fault in flexcop_usb_probe
Last occurred: 0 days ago
Reported: 102 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=c0203bd72037d0
7493f4b7562411e4f5f4553a8f
Original thread: https://lkml.kernel.org/lkml/00000000000010fe260586
536e86@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
This looks like a bug in a media USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
#syz test: https://github.com/google/kasan.git 9a33b369
From 5a34ecc6c75479a9f245a867e1ce37e6e28f58f8 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@suse.com>
Date: Mon, 29 Jul 2019 16:21:11 +0200
Subject: [PATCH] b2c2-flexcop-usb: add sanity checking
The driver needs an isochronous endpoint to be present. It will
oops in its absence. Add checking for it.
Reported-by: syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
---
drivers/media/usb/b2c2/flexcop-usb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c
index 1826ff825c2e..1a801dc286f8 100644
--- a/drivers/media/usb/b2c2/flexcop-usb.c
+++ b/drivers/media/usb/b2c2/flexcop-usb.c
@@ -538,6 +538,9 @@ static int flexcop_usb_probe(struct usb_interface *intf,
struct flexcop_device *fc = NULL;
int ret;
+ if (intf->cur_altsetting->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
if ((fc = flexcop_device_kmalloc(sizeof(struct flexcop_usb))) == NULL) {
err("out of memory\n");
return -ENOMEM;
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: general protection fault in flexcop_usb_probe
2019-07-30 7:48 KASAN reporting: general protection fault in flexcop_usb_probe Oliver Neukum
@ 2019-07-30 8:30 ` syzbot
2019-09-20 16:01 ` Andrey Konovalov
0 siblings, 1 reply; 10+ messages in thread
From: syzbot @ 2019-07-30 8:30 UTC (permalink / raw)
To: linux-media, linux-usb, oneukum, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
Tested on:
commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver
git tree: https://github.com/google/kasan.git
kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
patch: https://syzkaller.appspot.com/x/patch.diff?x=1226c2d8600000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in flexcop_usb_probe
2019-07-30 8:30 ` syzbot
@ 2019-09-20 16:01 ` Andrey Konovalov
2019-09-23 9:06 ` Oliver Neukum
0 siblings, 1 reply; 10+ messages in thread
From: Andrey Konovalov @ 2019-09-20 16:01 UTC (permalink / raw)
To: syzbot; +Cc: linux-media, USB list, Oliver Neukum, syzkaller-bugs
On Tue, Jul 30, 2019 at 10:30 AM syzbot
<syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger
> crash:
>
> Reported-and-tested-by:
> syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
>
> Tested on:
>
> commit: 9a33b369 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git
> kernel config: https://syzkaller.appspot.com/x/.config?x=23e37f59d94ddd15
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> patch: https://syzkaller.appspot.com/x/patch.diff?x=1226c2d8600000
>
> Note: testing is done by a robot and is best-effort only.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/00000000000081a9c1058ee1d06a%40google.com.
Hi Oliver,
I was wondering if you've submitted this patch anywhere? The bug is
still happening.
https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f
Thanks!
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in flexcop_usb_probe
2019-09-20 16:01 ` Andrey Konovalov
@ 2019-09-23 9:06 ` Oliver Neukum
2019-09-23 12:46 ` Andrey Konovalov
0 siblings, 1 reply; 10+ messages in thread
From: Oliver Neukum @ 2019-09-23 9:06 UTC (permalink / raw)
To: Andrey Konovalov, syzbot; +Cc: syzkaller-bugs, linux-media, USB list
Am Freitag, den 20.09.2019, 18:01 +0200 schrieb Andrey Konovalov:
> > Reported-and-tested-by:
> > syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
[..]
> Hi Oliver,
>
> I was wondering if you've submitted this patch anywhere? The bug is
> still happening.
>
> https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f
Hi,
I definitely did submit it:
https://www.mail-archive.com/linux-media@vger.kernel.org/msg148850.html
Regards
Oliver
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in flexcop_usb_probe
2019-09-23 9:06 ` Oliver Neukum
@ 2019-09-23 12:46 ` Andrey Konovalov
2019-09-23 12:51 ` Hans Verkuil
0 siblings, 1 reply; 10+ messages in thread
From: Andrey Konovalov @ 2019-09-23 12:46 UTC (permalink / raw)
To: Mauro Carvalho Chehab
Cc: syzbot, syzkaller-bugs, linux-media, USB list, Oliver Neukum
On Mon, Sep 23, 2019 at 11:21 AM Oliver Neukum <oneukum@suse.com> wrote:
>
> Am Freitag, den 20.09.2019, 18:01 +0200 schrieb Andrey Konovalov:
>
> > > Reported-and-tested-by:
> > > syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
>
> [..]
> > Hi Oliver,
> >
> > I was wondering if you've submitted this patch anywhere? The bug is
> > still happening.
> >
> > https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f
>
> Hi,
>
> I definitely did submit it:
> https://www.mail-archive.com/linux-media@vger.kernel.org/msg148850.html
Hi Mauro,
Do you know what happened to this patch? Did it get lost?
Thanks!
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in flexcop_usb_probe
2019-09-23 12:46 ` Andrey Konovalov
@ 2019-09-23 12:51 ` Hans Verkuil
2019-11-07 15:02 ` Oliver Neukum
0 siblings, 1 reply; 10+ messages in thread
From: Hans Verkuil @ 2019-09-23 12:51 UTC (permalink / raw)
To: Andrey Konovalov, Mauro Carvalho Chehab
Cc: syzbot, syzkaller-bugs, linux-media, USB list, Oliver Neukum
On 9/23/19 2:46 PM, Andrey Konovalov wrote:
> On Mon, Sep 23, 2019 at 11:21 AM Oliver Neukum <oneukum@suse.com> wrote:
>>
>> Am Freitag, den 20.09.2019, 18:01 +0200 schrieb Andrey Konovalov:
>>
>>>> Reported-and-tested-by:
>>>> syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
>>
>> [..]
>>> Hi Oliver,
>>>
>>> I was wondering if you've submitted this patch anywhere? The bug is
>>> still happening.
>>>
>>> https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f
>>
>> Hi,
>>
>> I definitely did submit it:
>> https://www.mail-archive.com/linux-media@vger.kernel.org/msg148850.html
>
> Hi Mauro,
>
> Do you know what happened to this patch? Did it get lost?
>
> Thanks!
>
Still sitting unreviewed in patchwork: https://patchwork.linuxtv.org/patch/57785/
Not sure why this wasn't picked up.
Regards,
Hans
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in flexcop_usb_probe
2019-09-23 12:51 ` Hans Verkuil
@ 2019-11-07 15:02 ` Oliver Neukum
2019-11-07 15:47 ` Hans Verkuil
0 siblings, 1 reply; 10+ messages in thread
From: Oliver Neukum @ 2019-11-07 15:02 UTC (permalink / raw)
To: Hans Verkuil, Andrey Konovalov, Mauro Carvalho Chehab
Cc: syzkaller-bugs, syzbot, linux-media, USB list
Am Montag, den 23.09.2019, 14:51 +0200 schrieb Hans Verkuil:
> On 9/23/19 2:46 PM, Andrey Konovalov wrote:
> > On Mon, Sep 23, 2019 at 11:21 AM Oliver Neukum <oneukum@suse.com> wrote:
> > >
> > > Am Freitag, den 20.09.2019, 18:01 +0200 schrieb Andrey Konovalov:
> > >
> > > > > Reported-and-tested-by:
> > > > > syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
> > >
> > > [..]
> > > > Hi Oliver,
> > > >
> > > > I was wondering if you've submitted this patch anywhere? The bug is
> > > > still happening.
> > > >
> > > > https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f
> > >
> > > Hi,
> > >
> > > I definitely did submit it:
> > > https://www.mail-archive.com/linux-media@vger.kernel.org/msg148850.html
> >
> > Hi Mauro,
> >
> > Do you know what happened to this patch? Did it get lost?
> >
> > Thanks!
> >
>
> Still sitting unreviewed in patchwork: https://patchwork.linuxtv.org/patch/57785/
>
> Not sure why this wasn't picked up.
Hi,
AFAICT it is still in the state new. What should I do?
Regards
Oliver
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in flexcop_usb_probe
2019-11-07 15:02 ` Oliver Neukum
@ 2019-11-07 15:47 ` Hans Verkuil
2019-11-08 9:07 ` Sean Young
0 siblings, 1 reply; 10+ messages in thread
From: Hans Verkuil @ 2019-11-07 15:47 UTC (permalink / raw)
To: Oliver Neukum, Andrey Konovalov, Mauro Carvalho Chehab, Sean Young
Cc: syzkaller-bugs, syzbot, linux-media, USB list
Hi Sean,
Mauro is very busy, so can you pick this up? And perhaps check patchwork for more
trivial DVB patches that can be included in a pull request?
Regards,
Hans
On 11/7/19 4:02 PM, Oliver Neukum wrote:
> Am Montag, den 23.09.2019, 14:51 +0200 schrieb Hans Verkuil:
>> On 9/23/19 2:46 PM, Andrey Konovalov wrote:
>>> On Mon, Sep 23, 2019 at 11:21 AM Oliver Neukum <oneukum@suse.com> wrote:
>>>>
>>>> Am Freitag, den 20.09.2019, 18:01 +0200 schrieb Andrey Konovalov:
>>>>
>>>>>> Reported-and-tested-by:
>>>>>> syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
>>>>
>>>> [..]
>>>>> Hi Oliver,
>>>>>
>>>>> I was wondering if you've submitted this patch anywhere? The bug is
>>>>> still happening.
>>>>>
>>>>> https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f
>>>>
>>>> Hi,
>>>>
>>>> I definitely did submit it:
>>>> https://www.mail-archive.com/linux-media@vger.kernel.org/msg148850.html
>>>
>>> Hi Mauro,
>>>
>>> Do you know what happened to this patch? Did it get lost?
>>>
>>> Thanks!
>>>
>>
>> Still sitting unreviewed in patchwork: https://patchwork.linuxtv.org/patch/57785/
>>
>> Not sure why this wasn't picked up.
>
> Hi,
>
> AFAICT it is still in the state new. What should I do?
>
> Regards
> Oliver
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in flexcop_usb_probe
2019-11-07 15:47 ` Hans Verkuil
@ 2019-11-08 9:07 ` Sean Young
0 siblings, 0 replies; 10+ messages in thread
From: Sean Young @ 2019-11-08 9:07 UTC (permalink / raw)
To: Hans Verkuil
Cc: Oliver Neukum, Andrey Konovalov, Mauro Carvalho Chehab,
syzkaller-bugs, syzbot, linux-media, USB list
Hi Hans, Oliver,
My bad, it slipped between the cracks. I am preparing a pull request now.
Sorry about this.
Sean
On Thu, Nov 07, 2019 at 04:47:50PM +0100, Hans Verkuil wrote:
> Hi Sean,
>
> Mauro is very busy, so can you pick this up? And perhaps check patchwork for more
> trivial DVB patches that can be included in a pull request?
>
> Regards,
>
> Hans
>
> On 11/7/19 4:02 PM, Oliver Neukum wrote:
> > Am Montag, den 23.09.2019, 14:51 +0200 schrieb Hans Verkuil:
> >> On 9/23/19 2:46 PM, Andrey Konovalov wrote:
> >>> On Mon, Sep 23, 2019 at 11:21 AM Oliver Neukum <oneukum@suse.com> wrote:
> >>>>
> >>>> Am Freitag, den 20.09.2019, 18:01 +0200 schrieb Andrey Konovalov:
> >>>>
> >>>>>> Reported-and-tested-by:
> >>>>>> syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
> >>>>
> >>>> [..]
> >>>>> Hi Oliver,
> >>>>>
> >>>>> I was wondering if you've submitted this patch anywhere? The bug is
> >>>>> still happening.
> >>>>>
> >>>>> https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f
> >>>>
> >>>> Hi,
> >>>>
> >>>> I definitely did submit it:
> >>>> https://www.mail-archive.com/linux-media@vger.kernel.org/msg148850.html
> >>>
> >>> Hi Mauro,
> >>>
> >>> Do you know what happened to this patch? Did it get lost?
> >>>
> >>> Thanks!
> >>>
> >>
> >> Still sitting unreviewed in patchwork: https://patchwork.linuxtv.org/patch/57785/
> >>
> >> Not sure why this wasn't picked up.
> >
> > Hi,
> >
> > AFAICT it is still in the state new. What should I do?
> >
> > Regards
> > Oliver
> >
^ permalink raw reply [flat|nested] 10+ messages in thread
* KASAN reporting: general protection fault in flexcop_usb_probe
@ 2019-07-29 14:26 Oliver Neukum
0 siblings, 0 replies; 10+ messages in thread
From: Oliver Neukum @ 2019-07-29 14:26 UTC (permalink / raw)
To: syzbot+d93dff37e6a89431c158; +Cc: linux-media, linux-usb
Reacting to this:
Title: general protection fault in flexcop_usb_probe
Last occurred: 0 days ago
Reported: 102 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=c0203bd72037d0
7493f4b7562411e4f5f4553a8f
Original thread: https://lkml.kernel.org/lkml/00000000000010fe260586
536e86@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
This looks like a bug in a media USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
#syz test: https://github.com/google/kasan.git usb-fuzzer-usb-testing-2019.07.11
From 5a34ecc6c75479a9f245a867e1ce37e6e28f58f8 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@suse.com>
Date: Mon, 29 Jul 2019 16:21:11 +0200
Subject: [PATCH] b2c2-flexcop-usb: add sanity checking
The driver needs an isochronous endpoint to be present. It will
oops in its absence. Add checking for it.
Reported-by: syzbot+d93dff37e6a89431c158@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
---
drivers/media/usb/b2c2/flexcop-usb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c
index 1826ff825c2e..1a801dc286f8 100644
--- a/drivers/media/usb/b2c2/flexcop-usb.c
+++ b/drivers/media/usb/b2c2/flexcop-usb.c
@@ -538,6 +538,9 @@ static int flexcop_usb_probe(struct usb_interface *intf,
struct flexcop_device *fc = NULL;
int ret;
+ if (intf->cur_altsetting->desc.bNumEndpoints < 1)
+ return -ENODEV;
+
if ((fc = flexcop_device_kmalloc(sizeof(struct flexcop_usb))) == NULL) {
err("out of memory\n");
return -ENOMEM;
--
2.16.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
end of thread, other threads:[~2019-11-08 9:07 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-30 7:48 KASAN reporting: general protection fault in flexcop_usb_probe Oliver Neukum
2019-07-30 8:30 ` syzbot
2019-09-20 16:01 ` Andrey Konovalov
2019-09-23 9:06 ` Oliver Neukum
2019-09-23 12:46 ` Andrey Konovalov
2019-09-23 12:51 ` Hans Verkuil
2019-11-07 15:02 ` Oliver Neukum
2019-11-07 15:47 ` Hans Verkuil
2019-11-08 9:07 ` Sean Young
-- strict thread matches above, loose matches on Subject: below --
2019-07-29 14:26 KASAN reporting: " Oliver Neukum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).