Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp6791073ybh; Thu, 8 Aug 2019 05:47:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqysJbE0UtIYzsnkyYHqZDYzmuvouig5mciYJRqSHrjF6Ov+jbNQeVc7fkgN9GVU6hgROhsW X-Received: by 2002:a17:902:1107:: with SMTP id d7mr13334347pla.184.1565268477015; Thu, 08 Aug 2019 05:47:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565268477; cv=none; d=google.com; s=arc-20160816; b=S4e9zjAOFgUdu3LIQr37nKjT9WA8AnAUX6uEvJEn5xTrrGJrjaMYOky7a5EV9bVJKL 7OOqRuEqzoR0sGA8yzdCG9DQmV2nNjkDMZjkyoEZz/939iPWjfVjg9NmwfGmR3h/mplw 0MfK2Led/VBojclkUdNYtKgOLfQ1DMveX4zuPDoi0SWWJRZcYyA59yWkqbzidQ0iuOi1 xq0c1coK6qzND9IBIBrvpDjQ9ezvSQlEjRXIWFtta0QgR8H4F/SB2Jt7z9FhuOhPhwTu x9J32OTLE0u033idLG0QhDZUwleRABGuM3bS3XFefhLmUuKRcEFEeLd3gFezFgoIhfAn ODFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=8nd7iiRR2uDJxy8k3TMvF7GQaePD1T7jKUgr9+0/pqE=; b=KpChGBiPXlSzdEyfXeJbolUrt69fk/5sKT9oAvOzi2PsJQasG0IWzidQ9eRzvUrsW+ lGA/5crolhrP/sBMyEXaY0zlWFtBRiThPNUpV7faR/moN4pnymh6ClTlXD9pupri336J jBm2ypNipHPfQNEJduPm5eUb9spjOA3p0MuYFCcMK4mELLu31T/BoqSe5TSzxYm/Yq0f fzpqwRQdKV4sxK0kQv9BUOP24Xj3vOX24x89xv4J+ybv4S6KzCsyK+bKznSnlgq3Bl0P hYpi6V1EmLJElk+J/+XWyWZgkg4MCjDsRdR1S0pRlmCg6ur4bekF4tnN96y27Kc8lhjw nH+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DHc3hfWr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h27si45794758pgh.388.2019.08.08.05.47.41; Thu, 08 Aug 2019 05:47:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=DHc3hfWr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732623AbfHHMq5 (ORCPT + 99 others); Thu, 8 Aug 2019 08:46:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:50750 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732239AbfHHMq5 (ORCPT ); Thu, 8 Aug 2019 08:46:57 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CA5FA2171F; Thu, 8 Aug 2019 12:46:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565268416; bh=K4KvFbUOjG4sKLOZlXNsxRufBtA9Jpgu03DPyml6ddU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DHc3hfWr4bSGlQa/A+RlbktFUpzSLW9GPuQTZz+6DFTeL0IPl6c3JKu4pGx2SI7Kg sf/8g3CF0hFbFXstDKmpYfiw8U2q1QD71McN3tHjxydMbjjGjNXwUZ1SBOy9BMhNAy Zn6q81aHbBGVhGcalPXQPTnpnUYNokYiD7ymf3K8= Date: Thu, 8 Aug 2019 14:46:54 +0200 From: Greg KH To: syzbot , Michael Hund Cc: akpm@linux-foundation.org, andreyknvl@google.com, cai@lca.pw, keescook@chromium.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-usb@vger.kernel.org, syzkaller-bugs@googlegroups.com, tglx@linutronix.de Subject: Re: BUG: bad usercopy in ld_usb_read Message-ID: <20190808124654.GB32144@kroah.com> References: <0000000000005c056c058f9a5437@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0000000000005c056c058f9a5437@google.com> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 08, 2019 at 05:38:06AM -0700, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: e96407b4 usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git usb-fuzzer > console output: https://syzkaller.appspot.com/x/log.txt?x=13aeaece600000 > kernel config: https://syzkaller.appspot.com/x/.config?x=cfa2c18fb6a8068e > dashboard link: https://syzkaller.appspot.com/bug?extid=45b2f40f0778cfa7634e > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > Unfortunately, I don't have any reproducer for this crash yet. > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+45b2f40f0778cfa7634e@syzkaller.appspotmail.com > > ldusb 6-1:0.124: Read buffer overflow, -131383996186150 bytes dropped That's a funny number :) Nice overflow found, I see you are now starting to fuzz the char device nodes of usb drivers... Michael, care to fix this up? thanks, greg k-h