| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e064a3e4-ae70-4a24-ba5e-1bb8c7971f23@rowland.harvard.edu>
Date: Wed, 9 Jul 2025 10:27:22 -0400
From: Alan Stern <stern@...land.harvard.edu>
To: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc: syzbot <syzbot+592e2ab8775dbe0bf09a@...kaller.appspotmail.com>,
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
USB list <linux-usb@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [syzbot] [kernel?] INFO: task hung in uevent_show (2)
On Wed, Jul 09, 2025 at 11:13:29PM +0900, Tetsuo Handa wrote:
> Hello.
>
> I tried below change (in case somebody is by error passing
> out-of-range values) and hit this BUG_ON().
>
> Did I use wrong boundary condition?
> Are there exceptions where out-of-range values make sense?
>
> diff --git a/include/linux/usb.h b/include/linux/usb.h
> index 92c752f5446f..baf536c56c21 100644
> --- a/include/linux/usb.h
> +++ b/include/linux/usb.h
> @@ -1985,6 +1985,9 @@ void usb_sg_wait(struct usb_sg_request *io);
> static inline unsigned int __create_pipe(struct usb_device *dev,
> unsigned int endpoint)
> {
> + BUG_ON(dev->devnum < 0);
> + BUG_ON(dev->devnum > 0x7F);
> + BUG_ON(endpoint > 0xF);
> return (dev->devnum << 8) | (endpoint << 15);
> }
Which of these three BUG_ON's did you hit, and where did you hit it?
Alan Stern
Powered by blists - more mailing lists