lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 16 Dec 2022 13:01:22 +0000
From:   Lee Jones <lee@...nel.org>
To:     Theodore Ts'o <tytso@....edu>
Cc:     syzbot <syzbot+15cd994e273307bf5cfa@...kaller.appspotmail.com>,
        adilger.kernel@...ger.ca, gregkh@...uxfoundation.org,
        lczerner@...hat.com, linux-ext4@...r.kernel.org,
        linux-kernel@...r.kernel.org, sashal@...nel.org,
        stable@...r.kernel.org, syzkaller-android-bugs@...glegroups.com,
        tadeusz.struk@...aro.org
Subject: Re: kernel BUG in ext4_free_blocks (2)

On Thu, 15 Dec 2022, Theodore Ts'o wrote:

> On Thu, Dec 15, 2022 at 08:34:35AM -0800, syzbot wrote:
> > This bug is marked as fixed by commit:
> > ext4: block range must be validated before use in ext4_mb_clear_bb()
> > But I can't find it in any tested tree for more than 90 days.
> > Is it a correct commit? Please update it by replying:
> > #syz fix: exact-commit-title
> > Until then the bug is still considered open and
> > new crashes with the same signature are ignored.
> 
> I don't know what is going on with syzkaller's commit detection, but
> commit 1e1c2b86ef86 ("ext4: block range must be validated before use
> in ext4_mb_clear_bb()") is an exact match for the commit title, and
> it's been in the upstream kernel since v6.0.
> 
> How do we make syzkaller accept this?  I'll try this again, but I
> don't hold out much hope.

I don't see the original bug report (was it posted to a lore
associated list?), so there is no way to tell what branch syzbot was
fuzzing at the time.  My assumption is that it was !Mainline.

Although this does appear to be a Stable candidate, I do not see it
in any of the Stable branches yet.  So I suspect the answer here is to
wait for the fix to filter down.

In the mean time, I guess we should discuss whether syzbot should
really be posting scans of downstream trees to upstream lists.

> #syz fix: ext4: block range must be validated before use in ext4_mb_clear_bb()
> 
> Syzkaller, go home, you're drunk.

=:-)

-- 
Lee Jones [李琼斯]

Powered by blists - more mailing lists