| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Sep 2019 10:51:47 -0400 (EDT)
From: Alan Stern <stern@...land.harvard.edu>
To: Dmitry Vyukov <dvyukov@...gle.com>
cc: syzbot <syzbot+e1d1a6e595adbd2458f1@...kaller.appspotmail.com>,
Alexander Potapenko <glider@...gle.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
kai heng feng <kai.heng.feng@...onical.com>,
Kernel development list <linux-kernel@...r.kernel.org>,
USB list <linux-usb@...r.kernel.org>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
<yuehaibing@...wei.com>
Subject: Re: KMSAN: uninit-value in usb_autopm_put_interface
On Tue, 17 Sep 2019, Dmitry Vyukov wrote:
> On Mon, Sep 16, 2019 at 10:31 PM Alan Stern <stern@...land.harvard.edu> wrote:
> >
> > On Mon, 16 Sep 2019, syzbot wrote:
> >
> > > Hello,
> > >
> > > syzbot found the following crash on:
> > >
> > > HEAD commit: 014077b5 DO-NOT-SUBMIT: usb-fuzzer: main usb gadget fuzzer..
> > > git tree: https://github.com/google/kmsan.git master
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=16a7dde1600000
> > > kernel config: https://syzkaller.appspot.com/x/.config?x=f03c659d0830ab8d
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=e1d1a6e595adbd2458f1
> > > compiler: clang version 9.0.0 (/home/glider/llvm/clang
> > > 80fee25776c2fb61e74c1ecb1a523375c2500b69)
> > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=176303e1600000
> > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10e8f23e600000
> > This is probably the same problem that was fixed in the Logitech driver
> > earlier. The fix still appears to be in linux-next (commit
> > 5f9242775bb6).
> >
> > Shouldn't syzbot wait until after the merge window before running tests
> > like this?
>
>
> Merge window is a weak notion and may be not enough either (all trees
> do not necessary update at that point and syzbot does not necessary
> rebuild all of them successfully). syzbot uses another criteria: if
> you say a bug is fixed by commit X, it will wait until commit X
> reaches all of tested trees and will report the same crash signature
> again only after that. This procedure was specifically designed to not
> produce duplicate reports about the same bug.
> So either the bug wasn't really fixed, or this is another bug, or
> syzbot was given a wrong commit.
Hmmm. Which are the "tested trees"?
This bug (e1d1a6e595adbd2458f1) is marked as a duplicate of
3cbe5cd105d2ad56a1df. The dashboard link says that bug was fixed by
commit "HID: logitech: Fix general protection fault caused by Logitech
driver" -- which is correct, as far as I know.
That commit is present in linux-next, as mentioned above. As of 10:44
EDT today, it is not present in Linus's tree, according to
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/hid/hid-lg.c
(in fact, no commits affecting drivers/hid/hid-lg.c in that tree are
dated after 2019-07-10).
Furthermore, according to
https://github.com/google/kmsan/blob/master/drivers/hid/hid-lg.c?h=014077b5
the source code actually used by syzbot for this test doesn't have that
commit either. (BTW, is there any way to get a git log out of github?
It would be nice not to have to download the whole source file -- and
I'm not certain that this URL really does point to the version of the
file that syzbot used.)
So what's really going on?
Alan Stern
Powered by blists - more mailing lists