On Wed, Nov 20, 2019 at 12:19 PM Oliver Neukum <oneukum@xxxxxxxx> wrote: > > Am Montag, den 11.11.2019, 17:09 +0100 schrieb Greg KH: > > On Mon, Nov 11, 2019 at 07:34:08AM -0800, syzbot wrote: > > > Hello, > > > > > > syzbot found the following crash on: > > > > > > HEAD commit: 3183c037 usb: gadget: add raw-gadget interface > > > git tree: https://github.com/google/kasan.git usb-fuzzer > > > console output: https://syzkaller.appspot.com/x/log.txt?x=12525dc6e00000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=79de80330003b5f7 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=d934a9036346e0215d8f > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14ac7406e00000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13eea39ae00000 > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > > Reported-by: syzbot+d934a9036346e0215d8f@xxxxxxxxxxxxxxxxxxxxxxxxx > > > > > > usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, > > > different from the interface descriptor's value: 4 > > > usb 1-1: New USB device found, idVendor=13dc, idProduct=5611, > > > bcdDevice=2f.15 > > > usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 > > > usb 1-1: config 0 descriptor?? > > > hwa-hc 1-1:0.0: Wire Adapter v106.52 newer than groked v1.0 > > > hwa-hc 1-1:0.0: FIXME: USB_MAXCHILDREN too low for WUSB adapter (194 ports) > > > usb 1-1: BUG: bad host security descriptor; not enough data (4 vs 5 left) > > > usb 1-1: supported encryption types: �S Ё���|c Ё����c Ё��� > > > usb 1-1: E: host doesn't support CCM-1 crypto > > > hwa-hc 1-1:0.0: Wireless USB HWA host controller > > > hwa-hc 1-1:0.0: new USB bus registered, assigned bus number 11 > > > > wusb code, hah. It's about to be deleted from the kernel because no one > > uses it and there is no hardware out there. I wouldn't spend a ton of > > time fuzzing it. > > > > One more good reason to just delete it soon... > > Unfortunately that is not an option for the stable trees. Before I try > something quick and dirty here, I have a question for the testing team. > > What exactly crashed? There is nothing in the logs? Did you undergo > an absolute freeze of the machine? Or do you tested for the word "BUG" > in the logs? Hi Oliver, Yes, it's the "BUG:" on the console that's detected as kernel bug (what's being produced by BUG_ON). There are only 2 special bug types in syzkaller that are detected based not on kernel output matching: "lost connection to test machine": https://syzkaller.appspot.com/bug?id=b97ec15bfe317ac1ddccb41f2a913d4f7a31c6d7 and "no output from test machine": https://syzkaller.appspot.com/bug?id=0b210638616bb68109e9642158d4c0072770ae1c (hopefully self-explanatory from the title). The rest are based on output matching and what's matched is pretty much the bug title/email subject.