lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 17 Dec 2019 14:17:34 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Alan Stern <stern@...land.harvard.edu>
Cc:     Andrey Konovalov <andreyknvl@...gle.com>,
        syzbot <syzbot+7fa38a608b1075dfd634@...kaller.appspotmail.com>,
        LKML <linux-kernel@...r.kernel.org>,
        USB list <linux-usb@...r.kernel.org>, mans@...sr.com,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: Re: general protection fault in usb_set_interface

On Mon, Dec 16, 2019 at 4:05 PM Alan Stern <stern@...land.harvard.edu> wrote:
>
> On Mon, 16 Dec 2019, Andrey Konovalov wrote:
>
> > On Fri, Dec 13, 2019 at 8:51 PM Alan Stern <stern@...land.harvard.edu> wrote:
> > >
> > > On Fri, 13 Dec 2019, Andrey Konovalov wrote:
> > >
> > > > > > Let's retry here:
> > > > >
> > > > > > #syz test: https://github.com/google/kasan.git f0df5c1b
> > > > >
> > > > > This bug is already marked as fixed. No point in testing.
> > > > >
> > > >
> > > > Hm, that explains some of the weirdness. It doesn't explain though
> > > > neither why the patch was actually tested when Alan requested it nor
> > > > why syzbot sent no reply.
> > >
> > > In the meantime, is there any way to get syzbot to test the new patch
> > > with the old reproducer?  Perhaps tell it to re-open this bug?
> >
> > No, we can only test this manually now. I can run the reproducer for
> > you. Should I revert the fix for this bug and then apply your patch?
> > What's the expected result?
>
> Please simply run the patch as it is, with no other changes.  The
> expected result is a use-after-free Read in usbvision_v4l2_open, just
> as with c7b0ec009a216143df30.

I can't figure this out now.
According to the database, there was a test job for that bug from you
on Dec 10, it finished with some error and the result was mailed. But
I can't find it anywhere as well.

I've filed https://github.com/google/syzkaller/issues/1547
"dashboard/app: show jobs on bug page", which I think will be useful
and will shed some light on such cases and make it more transparent
for you, it will also show the result even if you did not receive it
over email.
Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ