Re: KMSAN: kernel-usb-infoleak in pcan_usb_pro_send_req

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 30, 2019 at 4:22 PM 'Andrey Konovalov' via syzkaller-bugs
<syzkaller-bugs@xxxxxxxxxxxxxxxx> wrote:
>
> On Tue, Jul 30, 2019 at 4:20 PM Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
> >
> > On Tue, Jul 30, 2019 at 4:17 PM Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:
> > >
> > > On Tue, 30 Jul 2019, syzbot wrote:
> > >
> > > > Hello,
> > > >
> > > > syzbot found the following crash on:
> > > >
> > > > HEAD commit:    41550654 [UPSTREAM] KVM: x86: degrade WARN to pr_warn_rate..
> > > > git tree:       kmsan
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=13e95183a00000
> > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=40511ad0c5945201
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=513e4d0985298538bf9b
> > > > compiler:       clang version 9.0.0 (/home/glider/llvm/clang
> > > > 80fee25776c2fb61e74c1ecb1a523375c2500b69)
> > > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17eafa1ba00000
> > > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17b87983a00000
> > > >
> > > > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > > > Reported-by: syzbot+513e4d0985298538bf9b@xxxxxxxxxxxxxxxxxxxxxxxxx
> > > >
> > > > usb 1-1: config 0 has no interface number 0
> > > > usb 1-1: New USB device found, idVendor=0c72, idProduct=0014,
> > > > bcdDevice=8b.53
> > > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
> > > > usb 1-1: config 0 descriptor??
> > > > peak_usb 1-1:0.146: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
> > > > ==================================================================
> > > > BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x7ef/0x1f50
> > > > drivers/usb/core/urb.c:405
> > >
> > > What does "kernel-usb-infoleak" mean?
> >
> > That means that the kernel put some uninitialized data into a request
> > that was sent to a USB device.
>
> Here's a better report for this bug:
Yes, for some reason syzkaller lost half of the original report when
reproducing the bug.
> https://syzkaller.appspot.com/text?tag=CrashReport&x=11dae8ec600000
>
> This is a real bug, I was able to reproduce it with a hardware
> reproducer and leak some kernel pointers AFAIR.

> >
> > >
> > > Alan Stern
> > >
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@xxxxxxxxxxxxxxxx.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAAeHK%2Bz50rsvQypF5AivYJh0wQ04XAueC%3DMs2cPt3%2BQuN1%2BKGg%40mail.gmail.com.



-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg




[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux