linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* KASAN: slab-out-of-bounds Write in ga_probe
@ 2019-09-16 13:29 syzbot
  2019-09-17 18:24 ` Alan Stern
  0 siblings, 1 reply; 6+ messages in thread
From: syzbot @ 2019-09-16 13:29 UTC (permalink / raw)
  To: andreyknvl, benjamin.tissoires, jikos, linux-input, linux-kernel,
	linux-usb, syzkaller-bugs

Hello,

syzbot found the following crash on:

HEAD commit:    f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
git tree:       https://github.com/google/kasan.git usb-fuzzer
console output: https://syzkaller.appspot.com/x/log.txt?x=14045831600000
kernel config:  https://syzkaller.appspot.com/x/.config?x=5c6633fa4ed00be5
dashboard link: https://syzkaller.appspot.com/bug?extid=403741a091bf41d4ae79
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13c1e62d600000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=166a3a95600000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+403741a091bf41d4ae79@syzkaller.appspotmail.com

usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor,  
different from the interface descriptor's value: 9
usb 1-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice=  
0.00
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
greenasia 0003:0E8F:0012.0001: unknown main item tag 0x0
greenasia 0003:0E8F:0012.0001: hidraw0: USB HID v0.00 Device [HID  
0e8f:0012] on usb-dummy_hcd.0-1/input0
==================================================================
BUG: KASAN: slab-out-of-bounds in set_bit  
include/asm-generic/bitops-instrumented.h:28 [inline]
BUG: KASAN: slab-out-of-bounds in gaff_init drivers/hid/hid-gaff.c:97  
[inline]
BUG: KASAN: slab-out-of-bounds in ga_probe+0x1fd/0x6f0  
drivers/hid/hid-gaff.c:146
Write of size 8 at addr ffff8881d9acafc0 by task kworker/1:1/78

CPU: 1 PID: 78 Comm: kworker/1:1 Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0xca/0x13e lib/dump_stack.c:113
  print_address_description+0x6a/0x32c mm/kasan/report.c:351
  __kasan_report.cold+0x1a/0x33 mm/kasan/report.c:482
  kasan_report+0xe/0x12 mm/kasan/common.c:618
  check_memory_region_inline mm/kasan/generic.c:185 [inline]
  check_memory_region+0x128/0x190 mm/kasan/generic.c:192
  set_bit include/asm-generic/bitops-instrumented.h:28 [inline]
  gaff_init drivers/hid/hid-gaff.c:97 [inline]
  ga_probe+0x1fd/0x6f0 drivers/hid/hid-gaff.c:146
  hid_device_probe+0x2be/0x3f0 drivers/hid/hid-core.c:2209
  really_probe+0x281/0x6d0 drivers/base/dd.c:548
  driver_probe_device+0x101/0x1b0 drivers/base/dd.c:721
  __device_attach_driver+0x


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2019-09-19 19:19 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-16 13:29 KASAN: slab-out-of-bounds Write in ga_probe syzbot
2019-09-17 18:24 ` Alan Stern
2019-09-18 11:26   ` Andrey Konovalov
2019-09-18 12:07     ` syzbot
2019-09-19 17:05   ` Andrey Konovalov
2019-09-19 19:19     ` Alan Stern

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).