| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <107dbdd1-4e45-836f-7f8f-85bc63374e4f@molgen.mpg.de>
Date: Mon, 23 Jul 2018 13:23:41 +0200
From: Paul Menzel <pmenzel+linux-usb@...gen.mpg.de>
To: Greg KH <greg@...ah.com>
Cc: Mathias Nyman <mathias.nyman@...el.com>, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: BUG: KASAN: use-after-free in
xhci_trb_virt_to_dma.part.24+0x1c/0x80
Dear Greg,
On 07/20/18 11:54, Greg KH wrote:
> On Fri, Jul 20, 2018 at 11:44:49AM +0200, Paul Menzel wrote:
>> Using Linux 4.18-rc5+ with kmemleak enabled on a MSI B350M MORTAR (MS-7A37)
>> with an AMD Ryzen 3 2200G, the memory leak below is suspected.
>>
>> ```
>> $ sudo less /sys/kernel/debug/kmemleak
>> unreferenced object 0xffff894f8874a2b8 (size 8):
>> comm "systemd-udevd", pid 119, jiffies 4294893109 (age 908.348s)
>> hex dump (first 8 bytes):
>> 34 01 05 00 00 00 00 00 4.......
>> backtrace:
>> [<00000000308e4456>] xhci_init+0x81/0x170 [xhci_hcd]
>> [<00000000269aa18f>] xhci_gen_setup+0x2cb/0x510 [xhci_hcd]
>> [<000000007b70d85f>] xhci_pci_setup+0x4d/0x120 [xhci_pci]
>> [<0000000059f49127>] usb_add_hcd+0x2b6/0x800 [usbcore]
>> [<000000009a16d67c>] usb_hcd_pci_probe+0x1f3/0x460 [usbcore]
>> [<0000000001295c2e>] xhci_pci_probe+0x27/0x1d7 [xhci_pci]
>> [<00000000395bd8f9>] local_pci_probe+0x41/0x90
>> [<00000000a344e362>] pci_device_probe+0x189/0x1a0
>> [<00000000318999e5>] driver_probe_device+0x2b9/0x460
>> [<00000000c29d8a55>] __driver_attach+0xdd/0x110
>> [<00000000975b7f46>] bus_for_each_dev+0x76/0xc0
>> [<000000006bc40955>] bus_add_driver+0x152/0x230
>> [<00000000840ed63c>] driver_register+0x6b/0xb0
>> [<00000000123908c4>] do_one_initcall+0x46/0x1c3
>> [<00000000ce69c793>] do_init_module+0x5a/0x210
>> [<0000000091d4aef2>] load_module+0x21c4/0x2410
>> […]
>> ```
>
> That's really vague. Any chance for a reproducer or some other types of
> hints as to what you feel the problem is here?
Unfortunately, not really. I have a SanDisk USB storage medium attached.
```
$ lsusb
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 005 Device 002: ID 413c:3012 Dell Computer Corp. Optical Wheel Mouse
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 002: ID 0781:558b SanDisk Corp.
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 413c:2105 Dell Computer Corp. Model L100 Keyboard
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
```
After ten or eleven minutes after boot, systemd-udevd gets triggered
and causes the kmemleak message.
```
[ 82.196740] calling fuse_init+0x0/0x1a6 [fuse] @ 4455
[ 82.196741] fuse init (API version 7.27)
[ 82.201779] initcall fuse_init+0x0/0x1a6 [fuse] returned 0 after 4925 usecs
[ 677.532745] kmemleak: 3 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
```
Please note, that there could be memory corruption issues [1] with AMD
Raven devices. But as I can reproduce the kmemleak messages, I thought
that this is unrelated and that you might have an idea.
Please tell me, if I can provide more information. Sorry for
forgetting to attach the Linux messages.
Kind regards,
Paul
[1]: https://bugs.freedesktop.org/show_bug.cgi?id=105684
"Loading amdgpu hits general protection fault: 0000 [#1] SMP NOPTI"
View attachment "20180723–linux-messages.txt" of type "text/plain" (150055 bytes)
Download attachment "smime.p7s" of type "application/pkcs7-signature" (5174 bytes)
Powered by blists - more mailing lists