Re: usb/storage/uas: slab-out-of-bounds in uas_probe

On Thu, Sep 21, 2017 at 9:04 PM, Alan Stern wrote: > On Thu, 21 Sep 2017, Andrey Konovalov wrote: > >> On Thu, Sep 21, 2017 at 6:10 PM, Greg Kroah-Hartman >> wrote: >> > On Thu, Sep 21, 2017 at 05:39:05PM +0200, Andrey Konovalov wrote: >> >> Hi! >>

Re: usb/storage/uas: slab-out-of-bounds in uas_probe

On Thu, Sep 21, 2017 at 6:50 PM, Alan Stern wrote: > On Thu, 21 Sep 2017, Andrey Konovalov wrote: > >> Hi! >> >> I've got the following report while fuzzing the kernel with syzkaller. >> >> On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18). &g

usb/storage/uas: slab-out-of-bounds in uas_probe

Hi! I've got the following report while fuzzing the kernel with syzkaller. On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18). The issue occurs when we iterate over interface altsettings, but I don't see the driver doing anything wrong. I might be missing something, or this might be an

Re: [PATCH] scsi: sg: Fix mismatch in sg_get_rq_mark

On Tue, May 16, 2017 at 4:52 PM, wrote: > From: Firo Yang > > This bug was reported by Andrey Konovalov with syzkaller: > > Call Trace: > sg_finish_rem_req+0x2a6/0x320 drivers/scsi/sg.c:1839 > sg_new_read+0x3c/0x430 drivers/scsi/sg.c:567 > sg_read+0x866/0x18

Use-after-free in kobject_put (scsi_host_dev_release)

Hi! While fuzzing the kernel (b8889c4fc6) with KASAN and Trinity I got the following report: (There are a few similar reports after this one, look here: https://gist.github.com/xairy/82746e5a5876d398a88c) == BUG: KASAN: use-after-fre