lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAHRSSExd8bKR01010QLcWSotXXeVS5QC7iWvt7Qdz4VRyd-wCA@mail.gmail.com>
Date:   Wed, 3 Jul 2019 11:46:20 -0700
From:   Todd Kjos <tkjos@...gle.com>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     "open list:ANDROID DRIVERS" <devel@...verdev.osuosl.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Arve Hjønnevåg <arve@...roid.com>,
        Todd Kjos <tkjos@...roid.com>,
        Martijn Coenen <maco@...roid.com>,
        Joel Fernandes <joel@...lfernandes.org>,
        Christian Brauner <christian@...uner.io>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: Reminder: 3 open syzbot bugs in "android/binder" subsystem

On Tue, Jul 2, 2019 at 10:03 PM Eric Biggers <ebiggers@...nel.org> wrote:
>
> [This email was generated by a script.  Let me know if you have any suggestions
> to make it better, or if you want it re-generated with the latest status.]
>
> Of the currently open syzbot reports against the upstream kernel, I've manually
> marked 3 of them as possibly being bugs in the "android/binder" subsystem.  I've
> listed these reports below, sorted by an algorithm that tries to list first the
> reports most likely to be still valid, important, and actionable.
>
> Of these 3 bugs, 1 was seen in mainline in the last week.
>
> Of these 3 bugs, 1 was bisected to a commit from the following person:
>
>         Todd Kjos <tkjos@...roid.com>
>
> If you believe a bug is no longer valid, please close the syzbot report by
> sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
> original thread, as explained at https://goo.gl/tpsmEJ#status
>
> If you believe I misattributed a bug to the "android/binder" subsystem, please
> let me know, and if possible forward the report to the correct people or mailing
> list.
>
> Here are the bugs:
>
> --------------------------------------------------------------------------------
> Title:              kernel BUG at drivers/android/binder_alloc.c:LINE! (4)
> Last occurred:      6 days ago
> Reported:           14 days ago
> Branches:           Mainline and others
> Dashboard link:     https://syzkaller.appspot.com/bug?id=bbf40136a49ffaa8ac60906edcbe77f825b2c406
> Original thread:    https://lkml.kernel.org/lkml/000000000000b6b25b058b96d5c3@google.com/T/#u
>
> This bug has a C reproducer.
>
> This bug was bisected to:
>
>         commit bde4a19fc04f5f46298c86b1acb7a4af1d5f138d
>         Author: Todd Kjos <tkjos@...roid.com>
>         Date:   Fri Feb 8 18:35:20 2019 +0000
>
>           binder: use userspace pointer as base of buffer space
>
> The original thread for this bug has received 3 replies; the last was 4 days
> ago.

Fix posted: https://lore.kernel.org/lkml/20190628165012.4841-1-tkjos@google.com/

>
> If you fix this bug, please add the following tag to the commit:
>     Reported-by: syzbot+3ae18325f96190606754@...kaller.appspotmail.com
>
> If you send any email or patch for this bug, please reply to the original
> thread, which had activity only 4 days ago.  For the git send-email command to
> use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
> instructions" at https://lkml.kernel.org/r/000000000000b6b25b058b96d5c3@google.com
>
> --------------------------------------------------------------------------------
> Title:              WARNING in binder_transaction_buffer_release
> Last occurred:      0 days ago
> Reported:           43 days ago
> Branches:           Mainline and others
> Dashboard link:     https://syzkaller.appspot.com/bug?id=4e0a6a529aef923a8d61c5d20b8fc0605c730138
> Original thread:    https://lkml.kernel.org/lkml/000000000000afe2c70589526668@google.com/T/#u

Assigned to Hridya Valsaraju (b/134585943)

>
> This bug has a syzkaller reproducer only.
>
> The original thread for this bug has received 2 replies; the last was 20 days
> ago.
>
> If you fix this bug, please add the following tag to the commit:
>     Reported-by: syzbot+8b3c354d33c4ac78bfad@...kaller.appspotmail.com
>
> If you send any email or patch for this bug, please consider replying to the
> original thread.  For the git send-email command to use, or tips on how to reply
> if the thread isn't in your mailbox, see the "Reply instructions" at
> https://lkml.kernel.org/r/000000000000afe2c70589526668@google.com
>
> --------------------------------------------------------------------------------
> Title:              possible deadlock in uprobe_clear_state
> Last occurred:      165 days ago
> Reported:           202 days ago
> Branches:           Mainline
> Dashboard link:     https://syzkaller.appspot.com/bug?id=a1ce9b3da349209c5085bb8c4fee753d68c3697f
> Original thread:    https://lkml.kernel.org/lkml/00000000000010a9fb057cd14174@google.com/T/#u
>
> Unfortunately, this bug does not have a reproducer.
>
> [Note: the uprobe developers think this is a bug in binder, not uprobes.
>  See https://marc.info/?l=linux-kernel&m=155119805728815&w=2
>  for a suggested fix for this bug.]

Just learned about this, but looks like a straightforward fix.

>
> If you fix this bug, please add the following tag to the commit:
>     Reported-by: syzbot+1068f09c44d151250c33@...kaller.appspotmail.com
>
> If you send any email or patch for this bug, please consider replying to the
> original thread.  For the git send-email command to use, or tips on how to reply
> if the thread isn't in your mailbox, see the "Reply instructions" at
> https://lkml.kernel.org/r/00000000000010a9fb057cd14174@google.com
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ