From nobody Mon Oct 6 13:41:20 2025 Received: from plesk.hostmyservers.fr (plesk.hostmyservers.fr [45.145.164.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E77B5376 for ; Sun, 20 Jul 2025 19:16:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.145.164.37 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753039018; cv=none; b=or8FEZUF1JdO5V2j1A9kEdfSdfyqQlDbmWkxsFbNhpmyQPBmI5ZmDyH4F7jjy99FGdDrKYj6ZGrRzWevbQFmVlzyrF5ZJ1XADvplF/CM7gEzUrXKzT2LMznTXDWdET0Oopzj3qn+9og32RAoeMk92WChb2VBpDn19OoYrHBT9S4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753039018; c=relaxed/simple; bh=vPmF1Fs/GjyeIaxxnO7OOCkhOFAwW4eaXYi+1ftcxbo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZNrLuY+6kJAQFilZZT5oySHmlswqfvgy0El/1AKqniQQlokPKG7Xl5BcwWpLS2oxpgd15fpfpdw/bqxK2K60LdkoK6Jnmc01BNL9+3jCF+FKMr8Xu/8e2JYqcUjNUF7jZfBxSkxF2k0E/xw3UUWYHRc1eUDOULUpE78LCNPVZxo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=arnaud-lcm.com; spf=pass smtp.mailfrom=arnaud-lcm.com; arc=none smtp.client-ip=45.145.164.37 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=arnaud-lcm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arnaud-lcm.com Received: from arnaudlcm-X570-UD.. (unknown [IPv6:2a02:8084:255b:aa00:2685:4e7b:cbf0:7870]) by plesk.hostmyservers.fr (Postfix) with ESMTPSA id ADA0C4081E; Sun, 20 Jul 2025 19:16:47 +0000 (UTC) Authentication-Results: Plesk; spf=pass (sender IP is 2a02:8084:255b:aa00:2685:4e7b:cbf0:7870) smtp.mailfrom=contact@arnaud-lcm.com smtp.helo=arnaudlcm-X570-UD.. Received-SPF: pass (Plesk: connection is authenticated) From: Arnaud Lecomte To: syzbot+86b6d7c8bcc66747c505@syzkaller.appspotmail.com Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: syztest Date: Sun, 20 Jul 2025 20:16:42 +0100 Message-ID: <20250720191642.14512-1-contact@arnaud-lcm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <68665197.a70a0220.2b31f5.0019.GAE@google.com> References: <68665197.a70a0220.2b31f5.0019.GAE@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-PPP-Message-ID: <175303900811.21000.16461581606215600176@Plesk> X-PPP-Vhost: arnaud-lcm.com Content-Type: text/plain; charset="utf-8" #syz test Reported-by: syzbot+86b6d7c8bcc66747c505@syzkaller.appspotmail.com Tested-by: syzbot+86b6d7c8bcc66747c505@syzkaller.appspotmail.com --- a/drivers/usb/mon/mon_bin.c +++ b/drivers/usb/mon/mon_bin.c @@ -249,7 +249,11 @@ static unsigned int mon_copy_to_buff(const struct mon_= reader_bin *this, * Copy data and advance pointers. */ buf =3D this->b_vec[off / CHUNK_SIZE].ptr + off % CHUNK_SIZE; - memcpy(buf, from, step_len); + + if (copy_from_kernel_nofault(buf, from, step_len)) { + pr_warn("Failed to copy URB transfer buffer content into mon bin."); + return -EFAULT; + } if ((off +=3D step_len) >=3D this->b_size) off =3D 0; from +=3D step_len; length -=3D step_len; @@ -413,11 +417,13 @@ static unsigned int mon_bin_get_data(const struct mon= _reader_bin *rp, =20 *flag =3D 0; if (urb->num_sgs =3D=3D 0) { - if (urb->transfer_buffer =3D=3D NULL) { + if ( + urb->transfer_buffer =3D=3D NULL || + mon_copy_to_buff(rp, offset, urb->transfer_buffer, length) < 0 + ) { *flag =3D 'Z'; return length; } - mon_copy_to_buff(rp, offset, urb->transfer_buffer, length); length =3D 0; =20 } else { @@ -434,6 +440,10 @@ static unsigned int mon_bin_get_data(const struct mon_= reader_bin *rp, this_len =3D min_t(unsigned int, sg->length, length); offset =3D mon_copy_to_buff(rp, offset, sg_virt(sg), this_len); + if (offset < 0) { + *flag =3D 'Z'; + return length; + } length -=3D this_len; } if (i =3D=3D 0)