From: Alexander Potapenko <glider@google.com>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: Alan Stern <stern@rowland.harvard.edu>,
syzbot <syzbot+513e4d0985298538bf9b@syzkaller.appspotmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Kernel development list <linux-kernel@vger.kernel.org>,
USB list <linux-usb@vger.kernel.org>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Subject: Re: KMSAN: kernel-usb-infoleak in pcan_usb_pro_send_req
Date: Tue, 30 Jul 2019 16:28:31 +0200 [thread overview]
Message-ID: <CAG_fn=XOZVRkG+RLRsfn2Y4JNz+ovyjkA=Jf9TK5ttunmuNvmA@mail.gmail.com> (raw)
In-Reply-To: <CAAeHK+z50rsvQypF5AivYJh0wQ04XAueC=Ms2cPt3+QuN1+KGg@mail.gmail.com>
On Tue, Jul 30, 2019 at 4:22 PM 'Andrey Konovalov' via syzkaller-bugs
<syzkaller-bugs@googlegroups.com> wrote:
>
> On Tue, Jul 30, 2019 at 4:20 PM Andrey Konovalov <andreyknvl@google.com> wrote:
> >
> > On Tue, Jul 30, 2019 at 4:17 PM Alan Stern <stern@rowland.harvard.edu> wrote:
> > >
> > > On Tue, 30 Jul 2019, syzbot wrote:
> > >
> > > > Hello,
> > > >
> > > > syzbot found the following crash on:
> > > >
> > > > HEAD commit: 41550654 [UPSTREAM] KVM: x86: degrade WARN to pr_warn_rate..
> > > > git tree: kmsan
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=13e95183a00000
> > > > kernel config: https://syzkaller.appspot.com/x/.config?x=40511ad0c5945201
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=513e4d0985298538bf9b
> > > > compiler: clang version 9.0.0 (/home/glider/llvm/clang
> > > > 80fee25776c2fb61e74c1ecb1a523375c2500b69)
> > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17eafa1ba00000
> > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17b87983a00000
> > > >
> > > > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > > > Reported-by: syzbot+513e4d0985298538bf9b@syzkaller.appspotmail.com
> > > >
> > > > usb 1-1: config 0 has no interface number 0
> > > > usb 1-1: New USB device found, idVendor=0c72, idProduct=0014,
> > > > bcdDevice=8b.53
> > > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
> > > > usb 1-1: config 0 descriptor??
> > > > peak_usb 1-1:0.146: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
> > > > ==================================================================
> > > > BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x7ef/0x1f50
> > > > drivers/usb/core/urb.c:405
> > >
> > > What does "kernel-usb-infoleak" mean?
> >
> > That means that the kernel put some uninitialized data into a request
> > that was sent to a USB device.
>
> Here's a better report for this bug:
Yes, for some reason syzkaller lost half of the original report when
reproducing the bug.
> https://syzkaller.appspot.com/text?tag=CrashReport&x=11dae8ec600000
>
> This is a real bug, I was able to reproduce it with a hardware
> reproducer and leak some kernel pointers AFAIR.
> >
> > >
> > > Alan Stern
> > >
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAAeHK%2Bz50rsvQypF5AivYJh0wQ04XAueC%3DMs2cPt3%2BQuN1%2BKGg%40mail.gmail.com.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
next prev parent reply other threads:[~2019-07-30 14:28 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 9:38 KMSAN: kernel-usb-infoleak in pcan_usb_pro_send_req syzbot
2019-07-30 14:17 ` Alan Stern
2019-07-30 14:20 ` Andrey Konovalov
2019-07-30 14:22 ` Andrey Konovalov
2019-07-30 14:28 ` Alexander Potapenko [this message]
2019-08-06 12:45 ` Oliver Neukum
2019-08-06 12:45 ` syzbot
2019-08-06 12:49 ` Andrey Konovalov
2019-08-06 13:59 ` Alan Stern
2019-08-06 14:00 ` Andrey Konovalov
2019-08-06 13:05 ` Oliver Neukum
2019-08-06 14:44 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG_fn=XOZVRkG+RLRsfn2Y4JNz+ovyjkA=Jf9TK5ttunmuNvmA@mail.gmail.com' \
--to=glider@google.com \
--cc=andreyknvl@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=gustavo@embeddedor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
--cc=syzbot+513e4d0985298538bf9b@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.