| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250817024904.4820-1-hdanton@sina.com>
Date: Sun, 17 Aug 2025 10:49:02 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+abbfd103085885cf16a2@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [usb?] KASAN: slab-out-of-bounds Read in usbtmc_interrupt
> Date: Fri, 15 Aug 2025 20:07:34 -0700 [thread overview]
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 931e46dcbc7e Add linux-next specific files for 20250814
> git tree: linux-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=11ef65a2580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bb7fbecfa2364d1c
> dashboard link: https://syzkaller.appspot.com/bug?extid=abbfd103085885cf16a2
> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14a99842580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17108da2580000
#syz test
--- x/drivers/usb/class/usbtmc.c
+++ y/drivers/usb/class/usbtmc.c
@@ -2365,6 +2365,7 @@ static void usbtmc_free_int(struct usbtm
if (!data->iin_ep_present || !data->iin_urb)
return;
usb_kill_urb(data->iin_urb);
+ usb_kill_urb(data->iin_urb);
kfree(data->iin_buffer);
data->iin_buffer = NULL;
usb_free_urb(data->iin_urb);
--- x/fs/smb/server/transport_rdma.h
+++ y/fs/smb/server/transport_rdma.h
@@ -61,7 +61,7 @@ void init_smbd_max_io_size(unsigned int
unsigned int get_smbd_max_read_write_size(void);
#else
static inline int ksmbd_rdma_init(void) { return 0; }
-static inline void ksmbd_rdma_stop_listening(void) { return };
+static inline void ksmbd_rdma_stop_listening(void) { }
static inline void ksmbd_rdma_destroy(void) { return; }
static inline bool ksmbd_rdma_capable_netdev(struct net_device *netdev) { return false; }
static inline void init_smbd_max_io_size(unsigned int sz) { }
--
Powered by blists - more mailing lists