Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp1782677ybc; Wed, 20 Nov 2019 04:07:19 -0800 (PST) X-Google-Smtp-Source: APXvYqwCYax6VVHKKQH3oVhmjeJwqV0KHNHx7UjK9EfOO4DvmbVX6JkZLf3fXwHaipbVY/Oz8v7b X-Received: by 2002:a2e:9e45:: with SMTP id g5mr2244962ljk.58.1574251639221; Wed, 20 Nov 2019 04:07:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574251639; cv=none; d=google.com; s=arc-20160816; b=Ibcj3gK4FVy6SR/JSQuI5oEtL30xVaE4QBWW0oIUjCLwNALQ/uCwqJd+eqHjjXsFFF frqGrDDf20k3EK3z/7Mi9oOrRFZyTSml+UNYwiGJFJA+E6pLB/5LxCI05WlieKMEExs2 l6c6KSy49OiaJpDLAsy6jj13sm31hoK20zFov6R9pHMN7i3o53R5v3km4isG1pzOtum9 P1zWZUJvY/m5CCAWI3+CgRmByjxseUF59RXWbIpzHKRw+hv0EHfoQFerNr4oILlGVe9y 7BkSvlkwhYxGO7CIqHOYQOQOdtDIPdhBAcFUYg4zHC8y2Q8Hbb1122hd9FZp6bxsDfEM i2mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=rJPYiGKXpEMNQLJlyZqBJR8+8IIXsVVFLlcxm67gekc=; b=ze9AIXE+b8qYayb/RfZ/mRlUt5qtSTTsAKqhLc2l5F5MQVxMpK7+zQ06cBr0NI2EIt 1a+XEVg5OQwCf/BDE6QJuyhycXNP9CbegGLlK7dAnBNCNCjK+S/Vgo50A4wTrVikFwUk MBFhiUH1W/zdxD6TS+1qtLCA7Ueu6K1yKtGWVpmVDOQ2sZFVaTElx3Cj4f/9l7lPrtAn B30tPpX7JSVQvrPIvT+HO4zttubCjDCEPeQM14GDt/he4/wExlQqJvarxwFYhI4d0AYB 3PCPfLYZxb2fp94Mjg+eIHCe2TAB562xAE+9GNWj/GTK1vXrYcm2cBaoDr8kwJu8F7iR SDVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pCLRaYgg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u24si19900455edl.447.2019.11.20.04.06.54; Wed, 20 Nov 2019 04:07:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pCLRaYgg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729178AbfKTLZF (ORCPT + 99 others); Wed, 20 Nov 2019 06:25:05 -0500 Received: from mail-qk1-f196.google.com ([209.85.222.196]:43963 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728376AbfKTLZF (ORCPT ); Wed, 20 Nov 2019 06:25:05 -0500 Received: by mail-qk1-f196.google.com with SMTP id p14so955576qkm.10 for ; Wed, 20 Nov 2019 03:25:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=rJPYiGKXpEMNQLJlyZqBJR8+8IIXsVVFLlcxm67gekc=; b=pCLRaYgg3Nv9opD/ko9q/x57IFuehCW8B0R9iex/5I6WfuOqky5d77IUALMAELT9w0 pJc4AMzQ0WmWwsNoIE+6T0FbGI2vwggfY7Fj/IcDyselUqQfocP6+wGxPE9X+qNog/Uo y9iVORvDU5Qqijr6mVptLft/uRq443mEtBSqOKULLQfrHwRWynJGkiRmAwq9I2OfQuoM MpJCf7VpO9CMLZBey4HByRtgDU5qOi9psxPQH/QFCqrvxG1ioo1uqgzbrXjeOHIC1qzk JRqtHgqj3XWLCarXZ9b+K0i/2lb+8PmmEE6SmMWQ3x5qyqyZMQc5XRSNxwNdSJxHhzjD pVUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=rJPYiGKXpEMNQLJlyZqBJR8+8IIXsVVFLlcxm67gekc=; b=M+jfRQjqAR8xea21iMx0aakkPknMEqoCg8NTcjm6fOgwxJ3JVoIKa0aFfnYCqPpjWW CcURtrolYloKaJjsYBgVZ5YPQ4JiO8jd41ZXnZa4vLSu6+RJWniJ5xR3HD8Kj5YM9sD2 ipNHUK4Rotfp4monFvSn2aLOAsoEI49DJ7WUnlj8xixThrEqE6TSA32w1TZTGxcbCU+2 KuEk0eCV1d0tcHbMb8Woe0GFpdTx/hdnwdet9LXCMOmPF/9NpE08Wsk/AOMkHzPwMldm F89IO8oH3QpjTwqnPJ1VhgrZzNCDEV3v32A9vlB1o5pJH6tdWsZZoSlrFgRxjkhf5i/C r4Yw== X-Gm-Message-State: APjAAAVWbAlmfntZPBoFLnXKyW6yiCoPY1M3y4ZQzvYwLinPes45g4An apDyY4EzesKHCIduL6zY0Gq5WVyjRo0QsobaPrHofg== X-Received: by 2002:a37:6156:: with SMTP id v83mr1789842qkb.43.1574249102312; Wed, 20 Nov 2019 03:25:02 -0800 (PST) MIME-Version: 1.0 References: <000000000000d9a391059713dc1f@google.com> <20191111160950.GA870254@kroah.com> <1574248737.14298.33.camel@suse.com> In-Reply-To: <1574248737.14298.33.camel@suse.com> From: Dmitry Vyukov Date: Wed, 20 Nov 2019 12:24:50 +0100 Message-ID: Subject: Re: BUG: bad host security descriptor; not enough data (4 vs 5 left) To: Oliver Neukum Cc: Greg KH , syzbot , Andrey Konovalov , LKML , USB list , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 20, 2019 at 12:19 PM Oliver Neukum wrote: > > Am Montag, den 11.11.2019, 17:09 +0100 schrieb Greg KH: > > On Mon, Nov 11, 2019 at 07:34:08AM -0800, syzbot wrote: > > > Hello, > > > > > > syzbot found the following crash on: > > > > > > HEAD commit: 3183c037 usb: gadget: add raw-gadget interface > > > git tree: https://github.com/google/kasan.git usb-fuzzer > > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D12525dc6e= 00000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D79de80330= 003b5f7 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3Dd934a903634= 6e0215d8f > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D14ac740= 6e00000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D13eea39ae= 00000 > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the co= mmit: > > > Reported-by: syzbot+d934a9036346e0215d8f@syzkaller.appspotmail.com > > > > > > usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors= , > > > different from the interface descriptor's value: 4 > > > usb 1-1: New USB device found, idVendor=3D13dc, idProduct=3D5611, > > > bcdDevice=3D2f.15 > > > usb 1-1: New USB device strings: Mfr=3D0, Product=3D0, SerialNumber= =3D0 > > > usb 1-1: config 0 descriptor?? > > > hwa-hc 1-1:0.0: Wire Adapter v106.52 newer than groked v1.0 > > > hwa-hc 1-1:0.0: FIXME: USB_MAXCHILDREN too low for WUSB adapter (194 = ports) > > > usb 1-1: BUG: bad host security descriptor; not enough data (4 vs 5 l= eft) > > > usb 1-1: supported encryption types: =EF=BF=BDS =D0=81=EF=BF=BD=EF=BF= =BD=EF=BF=BD|c =D0=81=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BDc =D0=81=EF=BF=BD= =EF=BF=BD=EF=BF=BD > > > usb 1-1: E: host doesn't support CCM-1 crypto > > > hwa-hc 1-1:0.0: Wireless USB HWA host controller > > > hwa-hc 1-1:0.0: new USB bus registered, assigned bus number 11 > > > > wusb code, hah. It's about to be deleted from the kernel because no on= e > > uses it and there is no hardware out there. I wouldn't spend a ton of > > time fuzzing it. > > > > One more good reason to just delete it soon... > > Unfortunately that is not an option for the stable trees. Before I try > something quick and dirty here, I have a question for the testing team. > > What exactly crashed? There is nothing in the logs? Did you undergo > an absolute freeze of the machine? Or do you tested for the word "BUG" > in the logs? Hi Oliver, Yes, it's the "BUG:" on the console that's detected as kernel bug (what's being produced by BUG_ON). There are only 2 special bug types in syzkaller that are detected based not on kernel output matching: "lost connection to test machine": https://syzkaller.appspot.com/bug?id=3Db97ec15bfe317ac1ddccb41f2a913d4f7a31= c6d7 and "no output from test machine": https://syzkaller.appspot.com/bug?id=3D0b210638616bb68109e9642158d4c0072770= ae1c (hopefully self-explanatory from the title). The rest are based on output matching and what's matched is pretty much the bug title/email subject.