Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp1633807ybj; Wed, 6 May 2020 02:17:32 -0700 (PDT) X-Google-Smtp-Source: APiQypKEPbSBSrcH9tPnxI962o1OA0flLyZjG2Gv9UEYWarU1hHDHONv/w+bjgltghhs+VuEl8mL X-Received: by 2002:aa7:d342:: with SMTP id m2mr6143392edr.341.1588756652274; Wed, 06 May 2020 02:17:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588756652; cv=none; d=google.com; s=arc-20160816; b=YsJBcftCQ4wN/nndk9WQ6Z770yi0N+cjoDKwi48Kji+4dHNMtTivIVmQnqeeKYyPUt KD+PRKOkfQr/OGgym4sM0uKriR0MjdZ0XbgsM+niLujGV9dfRuPOAAK8y+fkQO3SsbMR SiwvQX7INAK36+MD0uRCjmdmsHfkPoh+D4jZ+9QZ/diRekbVXXQXQ54F5RIHVqvWEQ5g VF21rWy491/EtpVbEL42AksO7kqCiNUEptmWH8X4OejOJ779V1+gpIv2aQC1EtxbzvSo vXNX+KRMzDOScIFiLQGimGIZuteufCryYiWDz6cSBWEJy1MTBp/l1kRMIPgu6wAx18F6 BweA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to:date :cc:to:from:subject:message-id; bh=kYyQiSk98acJeLhmrzN4adevUBTEoyl1NHxNsSQMijQ=; b=jB61FJPcnMGmC9hshB4SR8c2pD6rqRHwodI5vynIXm3DwhRI5rxu8XAH4ywoKBaxAR /17s2GGO86gjUi0yU4YCmVjDUbw8iDIpk4hY8EelfXqcBqjpKlPqA4OhRuK+9kqLAEOm Yj9/3SFa5eR/w/IEgKZULcDabzz3vn//x9sXBAKCrrZ71LUDs7dW+ynR1lLU4lkUdvt1 qdnDgE8CDANSGLRsucMCD2vn2imu89zmVpYxGVn5S4yTXOHRHkLzXiPVcGT2/jTbGkwn K+wRbJCXCDNoxSfIIirPDYUfU/47+OZM7RFM6o3z+9JZPlX/3YBnBKml//zHqruSC/hf Nsnw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i23si661527ejv.266.2020.05.06.02.17.09; Wed, 06 May 2020 02:17:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728792AbgEFJPP (ORCPT + 99 others); Wed, 6 May 2020 05:15:15 -0400 Received: from mx2.suse.de ([195.135.220.15]:39992 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728559AbgEFJPP (ORCPT ); Wed, 6 May 2020 05:15:15 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id B8440AB89; Wed, 6 May 2020 09:15:15 +0000 (UTC) Message-ID: <1588756482.13662.20.camel@suse.com> Subject: Re: KASAN: use-after-free Read in usblp_bulk_read From: Oliver Neukum To: Alan Stern Cc: syzbot , andreyknvl@google.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, syzkaller-bugs@googlegroups.com, zaitcev@redhat.com Date: Wed, 06 May 2020 11:14:42 +0200 In-Reply-To: References: Content-Type: multipart/mixed; boundary="=-omYoP5MChuR2jajyK4SQ" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-omYoP5MChuR2jajyK4SQ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Am Donnerstag, den 30.04.2020, 11:11 -0400 schrieb Alan Stern: > KASAN is documented. The difficulty is that this race is obviously > hard to trigger, and without the ability to reproduce it we can't run > diagnostics to find the underlying cause. > > We can't even ask syzbot to try running tests for us; without a valid > reproducer it won't agree to rerun the original test program. Very well. We are not going to find it without exceptional luck. Yet there may be a real issue, too. We simply do not know. How about the attached patch? Regards Oliver --=-omYoP5MChuR2jajyK4SQ Content-Disposition: attachment; filename="0001-usblp-poison-URBs-upon-disconnect.patch" Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name="0001-usblp-poison-URBs-upon-disconnect.patch"; charset="UTF-8" RnJvbSA1ZWQyM2UwMDI5Y2YxMGNmOGRiZGQ3OTBhMTkwZDdlMjExMzU2MGFlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBPbGl2ZXIgTmV1a3VtIDxvbmV1a3VtQHN1c2UuY29tPgpEYXRl OiBXZWQsIDYgTWF5IDIwMjAgMTE6MDU6NDEgKzAyMDAKU3ViamVjdDogW1BBVENIXSB1c2JscDog cG9pc29uIFVSQnMgdXBvbiBkaXNjb25uZWN0CgpzeXprYWxsZXIgcmVwb3J0ZWQgYW4gVUIgdGhh dCBzaG91bGQgaGF2ZSBiZWVuIGtpbGxlZCB0byBiZSBhY3RpdmUuCldlIGRvIG5vdCB1bmRlcnN0 YW5kIGl0LCBidXQgdGhpcyBzaG91bGQgZml4IHRoZSBpc3N1ZSBpZiBpdCBpcyByZWFsLgoKU2ln bmVkLW9mZi1ieTogT2xpdmVyIE5ldWt1bSA8b25ldWt1bUBzdXNlLmNvbT4KLS0tCiBkcml2ZXJz L3VzYi9jbGFzcy91c2JscC5jIHwgNSArKysrLQogMSBmaWxlIGNoYW5nZWQsIDQgaW5zZXJ0aW9u cygrKSwgMSBkZWxldGlvbigtKQoKZGlmZiAtLWdpdCBhL2RyaXZlcnMvdXNiL2NsYXNzL3VzYmxw LmMgYi9kcml2ZXJzL3VzYi9jbGFzcy91c2JscC5jCmluZGV4IDBkOGUzZjM4MDRhMy4uMDg0YzQ4 YzU4NDhmIDEwMDY0NAotLS0gYS9kcml2ZXJzL3VzYi9jbGFzcy91c2JscC5jCisrKyBiL2RyaXZl cnMvdXNiL2NsYXNzL3VzYmxwLmMKQEAgLTQ2OCw3ICs0NjgsOCBAQCBzdGF0aWMgaW50IHVzYmxw X3JlbGVhc2Uoc3RydWN0IGlub2RlICppbm9kZSwgc3RydWN0IGZpbGUgKmZpbGUpCiAJdXNiX2F1 dG9wbV9wdXRfaW50ZXJmYWNlKHVzYmxwLT5pbnRmKTsKIAogCWlmICghdXNibHAtPnByZXNlbnQp CQkvKiBmaW5pc2ggY2xlYW51cCBmcm9tIGRpc2Nvbm5lY3QgKi8KLQkJdXNibHBfY2xlYW51cCh1 c2JscCk7CisJCXVzYmxwX2NsZWFudXAodXNibHApOwkvKiBhbnkgVVJCcyBtdXN0IGJlIGRlYWQg Ki8KKwogCW11dGV4X3VubG9jaygmdXNibHBfbXV0ZXgpOwogCXJldHVybiAwOwogfQpAQCAtMTM3 NSw5ICsxMzc2LDExIEBAIHN0YXRpYyB2b2lkIHVzYmxwX2Rpc2Nvbm5lY3Qoc3RydWN0IHVzYl9p bnRlcmZhY2UgKmludGYpCiAKIAl1c2JscF91bmxpbmtfdXJicyh1c2JscCk7CiAJbXV0ZXhfdW5s b2NrKCZ1c2JscC0+bXV0KTsKKwl1c2JfcG9pc29uX2FuY2hvcmVkX3VyYnMoJnVzYmxwLT51cmJz KTsKIAogCWlmICghdXNibHAtPnVzZWQpCiAJCXVzYmxwX2NsZWFudXAodXNibHApOworCiAJbXV0 ZXhfdW5sb2NrKCZ1c2JscF9tdXRleCk7CiB9CiAKLS0gCjIuMTYuNAoK --=-omYoP5MChuR2jajyK4SQ--