Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp687700ybl;
        Wed, 14 Aug 2019 04:33:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyIrSXrazCtos/I0LLSsFp4EagOIF4LWTofiJBO3fCa9XYcHHjeUnHrTDtvTuQF06PVr4sG
X-Received: by 2002:a63:1c22:: with SMTP id c34mr38343345pgc.56.1565782409663;
        Wed, 14 Aug 2019 04:33:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565782409; cv=none;
        d=google.com; s=arc-20160816;
        b=yqGgfMkM+JGjhwSt3WMNCO743ghQAZ7aLPlfSQ8vEfLT+gcI7901Q+d421El2omWY7
         UAqHV1ydHfzlzcSzoGeThqd9WoGjbr+b7+YbaGGsgkJOIcVa3J9+OYCOej+RzKhGh/yt
         XNnKCtt/Z3dYK7cwqCF8vooVzhX9NpUrY8wyoep4Agys9N8hAaJgqKVQqkyMec3PgVvn
         AbIBYK6Y15BfvU0C43mUaPrlYTfDBe7HhKXX5qbSZ21FaVUAIU96cqfvcwcyLTZIb4wc
         WuLnAD/zYM8PfefTmjJeLQl/ailBIOiTWRQXhg5CIF3zBOguei85EljJdDeADRkoT3EG
         3zjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=MF7jMNepz1wdVPgQ1SCooo7k7btOrltx/wKQg+y/GsA=;
        b=XE1mf0I19k0e2s6Sp2bQQ5Fsh4EZB676o9tgLpcu6UWUDTpl/qqdpCePWEsszXE7s6
         h+D9yMF8sN8nObqqcqi2oUU+X4j90yo/PWIhK4LKAZ3MBy6UxlC6CIlu06uTXk9ExCRM
         Bs33vVKNyyLmmootI8p12LdY+CKEegq8TT2ete9j1PhA2qDwWGMiyjN8p5H8MXNH100+
         NHjVC+50OYTYL1ZsZwg5fLfZ1aoJpyvajpjCAQ0v0Q9T1Iyqwwtv4mtPmRcqs/SZAHmG
         4J3Sd/9FBGxHPLZwfowv+Xj4saZaFeuVTNWNFCcOy85Lj+5JRJ44QG4wY94R4jLe/mjn
         XYdA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=cUSmaBFd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t19si2800861pjr.68.2019.08.14.04.33.13;
        Wed, 14 Aug 2019 04:33:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=cUSmaBFd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727628AbfHNLcf (ORCPT <rfc822;israelpgz17@gmail.com>
        + 99 others); Wed, 14 Aug 2019 07:32:35 -0400
Received: from mail-pg1-f194.google.com ([209.85.215.194]:42976 "EHLO
        mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726585AbfHNLce (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Aug 2019 07:32:34 -0400
Received: by mail-pg1-f194.google.com with SMTP id p3so2638985pgb.9
        for <linux-kernel@vger.kernel.org>; Wed, 14 Aug 2019 04:32:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=MF7jMNepz1wdVPgQ1SCooo7k7btOrltx/wKQg+y/GsA=;
        b=cUSmaBFdYOwqXrkSpi2SHCWiWNzTtlXihjcmXOVqkDl+X3n5d6peoCGvuYwgX64MqL
         3w2UzzDyfZu0hfAU0lFABuw+Jx2QQySxZ8wFRwIlGIY7OxsvXkuM24aClrgd5BDVkt3S
         WZWQjzicuFTY2WaLJVE4TowEXGrnoyST9NVe8UpN5Hq+5g9Y7NTDxGNJ9pj82Xev2xou
         ImULti9r2uMXMeGwdPlBd119/jITjOHMHvdG6iACS1VVifw2mwiInWCMfp4BhMf/hxoH
         fysDbWyizAW+Mp9h1asFijLvf66MdVAAiwQXyIBRQB6ViWm+rix8TlfWqFOBiu6f24pG
         vriw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=MF7jMNepz1wdVPgQ1SCooo7k7btOrltx/wKQg+y/GsA=;
        b=afuZ4kzJdOx2+40HlyVRTVHXa6RnEcuQEwcfve+s/kh9g3pr0w8dVZZ1t3fb9Aq8fp
         ++igqtOzaLUukAzZFi8oQI6csj2ojxjibg/CbsODdSLLcqhSJm3mTIxbnPmPnpeeQ6Er
         iZG+HmPGfp8ZJlH6xtzJcmNtXBj/ZSpIEbBHWG6zm/xtTAEsKgFZoPmchso1eLD+2jXi
         PSNJPehNxP6m14ankr350hMKK3KYb1nTN4qZmaU4Y3YSd5jcyZTnAWh+ZT11Yz+lMi79
         vqvnbBfLJsx8+n5Smoia4U+d9WVT6fra3VpD3VMN31tA3ntL6K3xUIuTopPlNWrb/sVa
         Kv5A==
X-Gm-Message-State: APjAAAU1AxVJ9hrIlxc+NRa1Wrvci4bvVfv7ku9bHrc+HkXt8IA0XGwu
        8o6jZaGVJhEPjG9ipyHL0Hd68w2Vxeg0Pnc1C1A2Lw==
X-Received: by 2002:a17:90a:858c:: with SMTP id m12mr6772187pjn.129.1565782353721;
 Wed, 14 Aug 2019 04:32:33 -0700 (PDT)
MIME-Version: 1.0
References: <CAAeHK+zPDgvDr_Bao9dz_7hGEg+Ud6-tj7pZaihKeYHJ8M386Q@mail.gmail.com>
 <00000000000054f8bd058ddfa341@google.com> <CAAeHK+xZRH9-ue0QyEdiWmbFJF6P3RXMud+tE6t3x6Orcxnbkg@mail.gmail.com>
 <20190813205104.pnyan3kafz26wsse@gofer.mess.org>
In-Reply-To: <20190813205104.pnyan3kafz26wsse@gofer.mess.org>
From:   Andrey Konovalov <andreyknvl@google.com>
Date:   Wed, 14 Aug 2019 13:32:22 +0200
Message-ID: <CAAeHK+y3MHoeAgOtAW0pTaTBFeVzXmNpCnazsYT0wJMqhmzd0w@mail.gmail.com>
Subject: Re: KASAN: global-out-of-bounds Read in dvb_pll_attach
To:     Sean Young <sean@mess.org>
Cc:     syzbot <syzbot+8a8f48672560c8ca59dd@syzkaller.appspotmail.com>,
        bnvandana@gmail.com, allison@lohutok.net, hverkuil-cisco@xs4all.nl,
        LKML <linux-kernel@vger.kernel.org>, linux-media@vger.kernel.org,
        USB list <linux-usb@vger.kernel.org>,
        Mauro Carvalho Chehab <mchehab@kernel.org>,
        rfontana@redhat.com,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
        Thomas Gleixner <tglx@linutronix.de>, tskd08@gmail.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Aug 13, 2019 at 10:51 PM Sean Young <sean@mess.org> wrote:
>
> On Tue, Aug 13, 2019 at 03:22:49PM +0200, Andrey Konovalov wrote:
> > On Wed, Jul 17, 2019 at 2:29 PM syzbot
> > <syzbot+8a8f48672560c8ca59dd@syzkaller.appspotmail.com> wrote:
> > >
> > > Hello,
> > >
> > > syzbot has tested the proposed patch and the reproducer did not trigger
> > > crash:
> > >
> > > Reported-and-tested-by:
> > > syzbot+8a8f48672560c8ca59dd@syzkaller.appspotmail.com
> > >
> > > Tested on:
> > >
> > > commit:         6a3599ce usb-fuzzer: main usb gadget fuzzer driver
> > > git tree:       https://github.com/google/kasan.git usb-fuzzer
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=d90745bdf884fc0a
> > > compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> > > patch:          https://syzkaller.appspot.com/x/patch.diff?x=1454f4d0600000
> > >
> > > Note: testing is done by a robot and is best-effort only.
> >
> > Hi bnvandana,
> >
> > Could you submit this patch? Syzbot testing shows that is fixes the issue.
>
> The patch had issues (see discussion in the thread). I created this patch
> but I see now I did not include the correct Reported-by: tag.
>
> https://www.mail-archive.com/linux-media@vger.kernel.org/msg148889.html

No problem, we can mark the fix manually:

#syz fix: media: dvb-frontends: use ida for pll number

Thanks!