Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1140780ybl; Wed, 21 Aug 2019 10:44:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqyyoMZwqqKqRxTaITDjk5ZZH+oChZV7OsbJWaP+LZcJjhlZatzq0sU5hGjZa+f465XM74B8 X-Received: by 2002:a62:2603:: with SMTP id m3mr38222320pfm.163.1566409440682; Wed, 21 Aug 2019 10:44:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566409440; cv=none; d=google.com; s=arc-20160816; b=UgZbX7PiUa1T2xR1pez0awItMOSj5qQGt2fy4QShy8jgm8zV8HMY+xAf7/7Cxy78c+ 71wVBApKugnL3Iehoc17oTiP70kxEuO+eBCJ62wLRV1sBZY0vnAa9psg5LO9YthBRxMk AAXSf1EeEhbBwOXq8a5HvEeGKTPvZk5cinHsHxAjRVw5MNSSKQTYFDxPUxDdgTZT34v6 5WK8KStHPY/U9uzIgGSfe8Y06pJJ2xC3HLAec2yBHWhheCydLpZVC+cjMRByApzZKU+T o8BwYpyIVllOPlBPzLCY9L3sN+ELNnCYpnpwO/kIQ4QlHfnEOKtxITkvowWOLnVL8dm1 fQeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=VUVIcvKRAxchzzIboABzY4R0ISYxco2N8kvTRtaX2No=; b=sN+39DG15CBInUxo1uUhyi86c4fIWSaTUZim9OlFBERM3hbwFjmFo+diDBpjRD6VXl +zrz0ktnotqDnNi3iNx1xoW/ExHpGz09goOY13VMyNI/77mBNRJPDi/MGUguwA8MV0PV 7DNhQkP3toGx88IAI+7bwOQrjfqZ9oEZYMZOBhRbn3mu4xwwY+UFm6vfdx4Aw2g+SWJZ TCPIc/UweLJTSIJkZ9vMmO3UcnW8XTmpI3uvlpWMaDT2d26m3H/ghPFWjMig6b0Ce/2v sykpHsodr9ZGwCEqyN+D1A2IL2WIgAqTUG0dL/3C3iQS/oXfv6aTWy9H6aBZdx5PvPTv FSVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qNUYZ3ay; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x6si15179586pgq.473.2019.08.21.10.43.45; Wed, 21 Aug 2019 10:44:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qNUYZ3ay; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729608AbfHUQkD (ORCPT + 99 others); Wed, 21 Aug 2019 12:40:03 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:41180 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729380AbfHUQkD (ORCPT ); Wed, 21 Aug 2019 12:40:03 -0400 Received: by mail-pf1-f193.google.com with SMTP id 196so1774518pfz.8 for ; Wed, 21 Aug 2019 09:40:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VUVIcvKRAxchzzIboABzY4R0ISYxco2N8kvTRtaX2No=; b=qNUYZ3ayTlf/+efR18tsC2cdgYlaL+V64+bHpwBKeAOvUI02sHoSgR9WQ8Ndc6QwuZ qX7mv+wHlSrKxF8S48uzMfYMzp+1x5EtPKNuSZFj2GaEwfDZ9ILYpf8PaUwlxinG6vEC n+TEXB6jCJPemwoDI+JzRsitP8jtHNO0JACKuMZ9gyHRadCl4kqtPhau02Jx96LDLsW0 aT6gDNIPoQ4asedEhowXd03uvdJVk9ycdLTekzxhbRamYUgSH27n8D6psoMw/96X8toL VgUWELVs8RBmBu0SlA7rqY0ZOdljucwYL0q2/E838xRQ1UvdR1JpgcMIas1wDj3AmoD6 0UHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VUVIcvKRAxchzzIboABzY4R0ISYxco2N8kvTRtaX2No=; b=a3HjzwDPDddXudxA8OyqcJGkyxsN7vqyJQb1i1kFWOR786vs4M591yP25Qi9wzzKRG fMxTvxt8CPbKZeq5bmvFZAWMPL07tqhY5Yr/RJdod4HtYZWnIOSrsK1NpCfpjku9x3cT 84Juy3wz93RfmgSBmd+4t4u69GGWEvXPg3wXSEfXHhuMmTf+meFyo4t1+e5Gdei/KX+v h2aqGyXVUwQOj9lCWcKZaZOqQ9WynfHuBq8lavzBUHTY0egk1si+adv0bmyvTE/RsBgB VYnwozDHHC6gr2djsPqvAPUX6MkbERrVSuoxYY6z+eQ889oQs9gAjDz+Puupwy+k1hzn gNOg== X-Gm-Message-State: APjAAAWg3v5/SCYoJdDN5ThmPe53M3wvFSdWhe1p1ZrtnypgAu+sSBTb esr9qD16GaH3g8uUiAVcw8bEr40LtpLXhGeUwJiZHaJQEQPsvA== X-Received: by 2002:a65:4b8b:: with SMTP id t11mr29817121pgq.130.1566405602118; Wed, 21 Aug 2019 09:40:02 -0700 (PDT) MIME-Version: 1.0 References: <00000000000040fec90590a33230@google.com> In-Reply-To: <00000000000040fec90590a33230@google.com> From: Andrey Konovalov Date: Wed, 21 Aug 2019 18:39:50 +0200 Message-ID: Subject: Re: KASAN: use-after-free Read in hidraw_ioctl To: syzbot Cc: LKML , USB list , Alan Stern , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 21, 2019 at 6:38 PM syzbot wrote: > > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger > crash: > > Reported-and-tested-by: > syzbot+ded1794a717e3b235226@syzkaller.appspotmail.com > > Tested on: > > commit: e96407b4 usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git > kernel config: https://syzkaller.appspot.com/x/.config?x=792eb47789f57810 > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > patch: https://syzkaller.appspot.com/x/patch.diff?x=126b9da6600000 > > Note: testing is done by a robot and is best-effort only. Let's dup this bug into the other one: #syz dup: KASAN: slab-out-of-bounds Read in hidraw_ioctl