Re: BUG: bad host security descriptor; not enough data (3 vs 5 left)

From: Andrey Konovalov
Date: Tue Dec 17 2019 - 08:15:42 EST


On Tue, Dec 17, 2019 at 2:15 PM syzbot
<syzbot+7b2f76fab6cdba59689b@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: 4cc037ec usb: gadget: add raw-gadget interface
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=17597049e00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a2d3f61a19fd0cf1
> dashboard link: https://syzkaller.appspot.com/bug?extid=7b2f76fab6cdba59689b
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1724ae99e00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17ed23a6e00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+7b2f76fab6cdba59689b@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors,
> different from the interface descriptor's value: 4
> usb 1-1: New USB device found, idVendor=13dc, idProduct=5611,
> bcdDevice=2f.15
> usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
> usb 1-1: config 0 descriptor??
> hwa-hc 1-1:0.0: Wire Adapter v106.52 newer than groked v1.0
> hwa-hc 1-1:0.0: FIXME: USB_MAXCHILDREN too low for WUSB adapter (194 ports)
> usb 1-1: BUG: bad host security descriptor; not enough data (3 vs 5 left)
> usb 1-1: supported encryption types:
> usb 1-1: E: host doesn't support CCM-1 crypto
> hwa-hc 1-1:0.0: Wireless USB HWA host controller
> hwa-hc 1-1:0.0: new USB bus registered, assigned bus number 11
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxxx
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches

#syz dup: BUG: bad host security descriptor; not enough data (4 vs 5 left)