Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1057114ybl; Wed, 21 Aug 2019 09:27:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqyC5qPd/fmkelOdGniXdg0sO9QXJQ0G9hUk+cMfkSchzL19WUXGn7YwsH6NKDAb9H9SCbN+ X-Received: by 2002:a17:902:e48d:: with SMTP id cj13mr11884340plb.177.1566404874145; Wed, 21 Aug 2019 09:27:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566404874; cv=none; d=google.com; s=arc-20160816; b=arAzs0Vmfq4T5ycARoyGbl/mkFh4RoZU9lsRir0R6LrY0e5/ZreOLykQCzZLuDJDBg O54qBzn2oK9rPO1hNPyxFRFhHoRkVloldxWP05xQDM8JaL22SO0UROQM1jZLgtF2bm/a OfEoJWLKomF2XVI+XoW3stR86ZBUA6tcPQBnTlVnHjMda2bNqLv84ZgQNLIPr5nx//oh xFr+Pa+MglLF/rvysoc6kN3HCQluYRLpkHFG14eznu2ah261pD+Kw2MOjcOS8sWW5+G3 07C+W0gTo8yzjzcgf3GT/TIIkZVFJ9sgLEpvxPs0Ahn8q32QgURzQhgDuoSgAShBo4vc +F0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=/lziEAnWIs7T/IMh7pvLAYKgxF1M/6L6xhkZk+PTzZo=; b=Kqeg75spQ895Q+tAL8BJ7az3Dsisee/Kxg/ihsSLU9pR/MPToYbDkb7RSNDzfA1yf1 ZzIC5u+KxqAhgZGsDzkMrswYwxMtx76VBNyGWE4Sl6Nw2fnKvGqlzW4fpI1BTtfmiYjG tC8I3ndQdW+bFvsI7g13oAKhDm+xTn1mQgUU7S31AfqLyjRxqgvNhFGwDcPJz1r4L3bP oEDw+X/K+Iwc9LmS4wlaTh58vzMxzPEFdfHWlxgzW0njOnMwWC3Uj6Gne26dxwcvS91J CUTq5pII4Orp1td9ios7438MQkhv4kxM0bUIYBJXprbzcRFsx+tW7i2m6Ch90XZD6Lfx ghtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=AF+IIIeH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l10si15222095plb.314.2019.08.21.09.27.38; Wed, 21 Aug 2019 09:27:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=AF+IIIeH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728637AbfHUQ0p (ORCPT + 99 others); Wed, 21 Aug 2019 12:26:45 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:44370 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727222AbfHUQ0p (ORCPT ); Wed, 21 Aug 2019 12:26:45 -0400 Received: by mail-pl1-f194.google.com with SMTP id t14so1580242plr.11 for ; Wed, 21 Aug 2019 09:26:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/lziEAnWIs7T/IMh7pvLAYKgxF1M/6L6xhkZk+PTzZo=; b=AF+IIIeHIq+dPK6gk+aCsHN2vKnAjqwvZuihG7Jet3NEoV5OgjEnchuWOGClLLH3iq Y4Jnmi7hlWG/Dn3ztrc+tWsOnALWnOX5vVTc1NtSiBX9F+jscmLYIJAQKZ5aQuAVYUG4 0pRL70xnZAqBDUxRuuiTOIoV5mxKFMBLMtgYBwhHD/J2P/q3YXL66kEZXDdcTTLVlCf3 HD4U4ZX4KkNuDt4YoJUbWJjJUOjBsfecG7bJFG/0BfxboCKOMO8unm3Y0oMLn27x/LOK BJgmeln/fKlN1V1JE43IY+76dixpXtcEDvQb7zOeu7A6BMVZ8Ayzq3Q9hyDlGxGu8Y04 dffg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/lziEAnWIs7T/IMh7pvLAYKgxF1M/6L6xhkZk+PTzZo=; b=Bxn4XlRiCgS8jpQC3/TQCquAVWW2Gtczoos7pBgwM5qsmQyEWOwNDpFkwPSBGvFuqK EOHLwx+DBUr13OzsHwbxcyrM8K5vy26xjLp2Gwp4jKdjGMZBTYu7ii+mJh/3dV7/+0ek s/MWJzbVvUHIWCv0hNfBFVdp5xXA/8DwET2O4CAp7/hoQLNalxCkx6pubxJQpNoh0VOV 0oIVRi5JSG91VwFe9EEE695TM/m/C4a+OPv4x7ts3U1VPYjA3wYYdmM0IizYL6R72Mtj gT4UgPbkhCwwTjit/cU9k5PaYmSONdsYT5tg+q6+j0TTqSvCAB9iY2YQU4CCGbtKJsC0 E0cw== X-Gm-Message-State: APjAAAVEyxwR6lin4fxn9eKryLZmbFo9LrlHJ2zM6xqB7hQo69UcYDIa dSqCjyn5QRGEMdIHLW2pz+gyBFWz+73VnUwCTB23V/NIcD0HWA== X-Received: by 2002:a17:902:bb94:: with SMTP id m20mr34062684pls.336.1566404804399; Wed, 21 Aug 2019 09:26:44 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Andrey Konovalov Date: Wed, 21 Aug 2019 18:26:33 +0200 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in hidraw_ioctl To: Alan Stern Cc: syzbot , Benjamin Tissoires , Jiri Kosina , linux-input@vger.kernel.org, LKML , USB list , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 21, 2019 at 6:24 PM Alan Stern wrote: > > On Wed, 21 Aug 2019, Andrey Konovalov wrote: > > > On Wed, Aug 21, 2019 at 3:37 PM syzbot > > wrote: > > > > > > Hello, > > > > > > syzbot has tested the proposed patch but the reproducer still triggered > > > crash: > > > KASAN: slab-out-of-bounds Read in hidraw_ioctl > > > > Same here, a different bug. > > It looks like I've got the fix for both these bugs. Testing now... Great! Do you think "BUG: bad usercopy in hidraw_ioctl" can also be fixed by one of those fixes? > > > > Tested on: > > > > > > commit: e96407b4 usb-fuzzer: main usb gadget fuzzer driver > > > git tree: https://github.com/google/kasan.git > > > console output: https://syzkaller.appspot.com/x/log.txt?x=14f14a1e600000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=cfa2c18fb6a8068e > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > patch: https://syzkaller.appspot.com/x/patch.diff?x=171cd95a600000 > > Why don't these patch-test reports include the dashboard link? It sure > would be handy to have a copy of it here. > > Alan Stern >