| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190703050229.GC633@sol.localdomain>
Date: Tue, 2 Jul 2019 22:02:29 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: devel@...verdev.osuosl.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Arve Hjønnevåg <arve@...roid.com>,
Todd Kjos <tkjos@...roid.com>,
Martijn Coenen <maco@...roid.com>,
Joel Fernandes <joel@...lfernandes.org>,
Christian Brauner <christian@...uner.io>
Cc: linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Reminder: 3 open syzbot bugs in "android/binder" subsystem
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 3 of them as possibly being bugs in the "android/binder" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 3 bugs, 1 was seen in mainline in the last week.
Of these 3 bugs, 1 was bisected to a commit from the following person:
Todd Kjos <tkjos@...roid.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "android/binder" subsystem, please
let me know, and if possible forward the report to the correct people or mailing
list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: kernel BUG at drivers/android/binder_alloc.c:LINE! (4)
Last occurred: 6 days ago
Reported: 14 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=bbf40136a49ffaa8ac60906edcbe77f825b2c406
Original thread: https://lkml.kernel.org/lkml/000000000000b6b25b058b96d5c3@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit bde4a19fc04f5f46298c86b1acb7a4af1d5f138d
Author: Todd Kjos <tkjos@...roid.com>
Date: Fri Feb 8 18:35:20 2019 +0000
binder: use userspace pointer as base of buffer space
The original thread for this bug has received 3 replies; the last was 4 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3ae18325f96190606754@...kaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread, which had activity only 4 days ago. For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/000000000000b6b25b058b96d5c3@google.com
--------------------------------------------------------------------------------
Title: WARNING in binder_transaction_buffer_release
Last occurred: 0 days ago
Reported: 43 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=4e0a6a529aef923a8d61c5d20b8fc0605c730138
Original thread: https://lkml.kernel.org/lkml/000000000000afe2c70589526668@google.com/T/#u
This bug has a syzkaller reproducer only.
The original thread for this bug has received 2 replies; the last was 20 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+8b3c354d33c4ac78bfad@...kaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000afe2c70589526668@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in uprobe_clear_state
Last occurred: 165 days ago
Reported: 202 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=a1ce9b3da349209c5085bb8c4fee753d68c3697f
Original thread: https://lkml.kernel.org/lkml/00000000000010a9fb057cd14174@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
[Note: the uprobe developers think this is a bug in binder, not uprobes.
See https://marc.info/?l=linux-kernel&m=155119805728815&w=2
for a suggested fix for this bug.]
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1068f09c44d151250c33@...kaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000010a9fb057cd14174@google.com
Powered by blists - more mailing lists