Re: KASAN: use-after-free Read in usbhid_power

On Fri, Aug 9, 2019 at 8:12 PM syzbot wrote: > > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger > crash: > > Reported-and-tested-by: > syzbot+ef5de9c4f99c4edb4...@syzkaller.appspotmail.com OK, I'm duping this BUG to the similar one that Hillf fixed: #syz dup:

Re: KASAN: use-after-free Read in usbhid_power

Am Donnerstag, den 08.08.2019, 20:54 +0200 schrieb Andrey Konovalov: > On Thu, Jul 25, 2019 at 5:09 PM Alan Stern wrote: > > > > On Thu, 25 Jul 2019, Oliver Neukum wrote: > > > > > Am Mittwoch, den 24.07.2019, 17:02 -0400 schrieb Alan Stern: > > > > On Wed, 24 Jul 2019, Oliver Neukum wrote: > >

Re: KASAN: use-after-free Read in usbhid_power

Hello, syzbot has tested the proposed patch and the reproducer did not trigger crash: Reported-and-tested-by: syzbot+ef5de9c4f99c4edb4...@syzkaller.appspotmail.com Tested on: commit: 6a3599ce usb-fuzzer: main usb gadget fuzzer driver git tree: https://github.com/google/kasa

Re: KASAN: use-after-free Read in usbhid_power

On Thu, Aug 8, 2019 at 9:37 PM Alan Stern wrote: > > On Thu, 8 Aug 2019, Andrey Konovalov wrote: > > > On Thu, Jul 25, 2019 at 5:09 PM Alan Stern > > wrote: > > > > > > On Thu, 25 Jul 2019, Oliver Neukum wrote: > > > > > > > Am Mittwoch, den 24.07.2019, 17:02 -0400 schrieb Alan Stern: > > > > >

Re: KASAN: use-after-free Read in usbhid_power

On Fri, Aug 09, 2019 at 07:35:32AM +, Schmid, Carsten wrote: > Hi all having use-after-free issues in USB shutdowns: > I hunted for a similar case in the intel_xhci_usb_sw driver. > What i have found and proposed is (from yesterday): > --- > [PATCH] kernel/resource.c: invalidate parent when fre

Re: KASAN: use-after-free Read in usbhid_power

On Thu, 8 Aug 2019, Andrey Konovalov wrote: > On Thu, Jul 25, 2019 at 5:09 PM Alan Stern wrote: > > > > On Thu, 25 Jul 2019, Oliver Neukum wrote: > > > > > Am Mittwoch, den 24.07.2019, 17:02 -0400 schrieb Alan Stern: > > > > On Wed, 24 Jul 2019, Oliver Neukum wrote: > > > > > > > > > drivers/hid

Re: KASAN: use-after-free Read in usbhid_power

On Thu, Jul 25, 2019 at 5:09 PM Alan Stern wrote: > > On Thu, 25 Jul 2019, Oliver Neukum wrote: > > > Am Mittwoch, den 24.07.2019, 17:02 -0400 schrieb Alan Stern: > > > On Wed, 24 Jul 2019, Oliver Neukum wrote: > > > > > > > drivers/hid/usbhid/hid-core.c | 13 + > > > > 1 file changed

Re: KASAN: use-after-free Read in usbhid_power

On Thu, 25 Jul 2019, Oliver Neukum wrote: > Am Mittwoch, den 24.07.2019, 17:02 -0400 schrieb Alan Stern: > > On Wed, 24 Jul 2019, Oliver Neukum wrote: > > > > > drivers/hid/usbhid/hid-core.c | 13 + > > > 1 file changed, 13 insertions(+) > > > > > > diff --git a/drivers/hid/usbhid/h

Re: KASAN: use-after-free Read in usbhid_power

Hello, syzbot has tested the proposed patch but the reproducer still triggered crash: KASAN: use-after-free Read in usbhid_power == BUG: KASAN: use-after-free in __lock_acquire+0x3a5d/0x5340 kernel/locking/lockdep.c:3665 Read

Re: KASAN: use-after-free Read in usbhid_power

Am Dienstag, den 23.07.2019, 05:48 -0700 schrieb syzbot: > Hello, > > syzbot found the following crash on: > > HEAD commit:6a3599ce usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git usb-fuzzer > console output: https://syzkaller.appspot.com/x/log.

Re: KASAN: use-after-free Read in usbhid_power

On Wed, Jul 24, 2019 at 11:16 PM syzbot wrote: > > Hello, > > syzbot tried to test the proposed patch but build/boot failed: 5.3-rc1 has a boot time bug, so the usb-fuzzer branch is broken right now. Could you try using the usb-fuzzer-usb-testing-2019.07.11 branch instead for testing your patches

Re: KASAN: use-after-free Read in usbhid_power

Am Mittwoch, den 24.07.2019, 17:02 -0400 schrieb Alan Stern: > On Wed, 24 Jul 2019, Oliver Neukum wrote: > > > drivers/hid/usbhid/hid-core.c | 13 + > > 1 file changed, 13 insertions(+) > > > > diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c > > index c7bc9

Re: KASAN: use-after-free Read in usbhid_power

Hello, syzbot tried to test the proposed patch but build/boot failed: T1] devtmpfs: initialized [2.873454][T1] clocksource: jiffies: mask: 0x max_cycles: 0x, max_idle_ns: 1911260446275 ns [2.873454][T1] futex hash table entries: 512 (order: 4, 65536 byt

Re: KASAN: use-after-free Read in usbhid_power

On Wed, 24 Jul 2019, Oliver Neukum wrote: > Am Dienstag, den 23.07.2019, 05:48 -0700 schrieb syzbot: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit:6a3599ce usb-fuzzer: main usb gadget fuzzer driver > > git tree: https://github.com/google/kasan.git usb-fuzz

Re: KASAN: use-after-free Read in usbhid_power

Am Dienstag, den 23.07.2019, 05:48 -0700 schrieb syzbot: > Hello, > > syzbot found the following crash on: > > HEAD commit:6a3599ce usb-fuzzer: main usb gadget fuzzer driver > git tree: https://github.com/google/kasan.git usb-fuzzer > console output: https://syzkaller.appspot.com/x/log.

Re: KASAN: use-after-free Read in usbhid_power

On Wed, Jul 24, 2019 at 4:17 PM Oliver Neukum wrote: > > Am Dienstag, den 23.07.2019, 05:48 -0700 schrieb syzbot: > > > > Freed by task 243: > > save_stack+0x1b/0x80 /mm/kasan/common.c:71 > > set_track /mm/kasan/common.c:79 [inline] > > __kasan_slab_free+0x130/0x180 /mm/kasan/common.c:451 >

Re: KASAN: use-after-free Read in usbhid_power

Am Dienstag, den 23.07.2019, 05:48 -0700 schrieb syzbot: > > Freed by task 243: > save_stack+0x1b/0x80 /mm/kasan/common.c:71 > set_track /mm/kasan/common.c:79 [inline] > __kasan_slab_free+0x130/0x180 /mm/kasan/common.c:451 > slab_free_hook /mm/slub.c:1421 [inline] > slab_free_freelist_ho