Re: [syzbot] KASAN: use-after-free Read in r871xu_dev_remove

From: Pavel Skripkin <hidden>
Date: 2021-07-21 10:11:27
Also in: lkml

On Mon, 12 Jul 2021 20:14:24 -0700
syzbot [off-list ref] wrote:

Hello,

syzbot found the following issue on:

HEAD commit:    92510a7f Add linux-next specific files for 20210709
git tree:       linux-next
console output:
https://syzkaller.appspot.com/x/log.txt?x=16c50180300000 kernel
config:  https://syzkaller.appspot.com/x/.config?x=505de2716f052686
dashboard link:
https://syzkaller.appspot.com/bug?extid=5872a520e0ce0a7c7230 syz
repro:
https://syzkaller.appspot.com/x/repro.syz?x=1639a73c300000 C
reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15fcd5e4300000

IMPORTANT: if you fix the issue, please add the following tag to the
commit: Reported-by:
syzbot+5872a520e0ce0a7c7230@syzkaller.appspotmail.com

usb 1-1: USB disconnect, device number 14
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0
kernel/locking/lockdep.c:4885 Read of size 8 at addr ffff888038bbce28
by task kworker/1:2/4393

And let's test it with this repro as well.


#syz test
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master


With regards,
Pavel Skripkin

Attachments

2patches.patch [text/x-patch] 7388 bytes · preview

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help