lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <efc7e41c-b4a3-469a-983a-24b167b944e3@rowland.harvard.edu>
Date: Fri, 15 Nov 2024 12:48:22 -0500
From: Alan Stern <stern@...land.harvard.edu>
To: Aleksandr Nogikh <nogikh@...gle.com>
Cc: syzbot <syzbot+e8e879922808870c3437@...kaller.appspotmail.com>,
	gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	linux-usb@...r.kernel.org, syzkaller-bugs@...glegroups.com,
	syzkaller <syzkaller@...glegroups.com>
Subject: Re: [syzbot] [usb?] KASAN: slab-use-after-free Read in ld_usb_release

On Wed, Nov 13, 2024 at 11:46:00AM +0100, Aleksandr Nogikh wrote:
> Hi Alan,
> 
> On Mon, Nov 11, 2024 at 4:45 PM Alan Stern <stern@...land.harvard.edu> wrote:
> >
> > On Mon, Nov 11, 2024 at 01:49:31AM -0800, syzbot wrote:
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit:    2e1b3cc9d7f7 Merge tag 'arm-fixes-6.12-2' of git://git.ker..
> > > git tree:       upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=1650d6a7980000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=b77c8a55ccf1d9e2
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=e8e879922808870c3437
> > > compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> > > userspace arch: i386
> > >
> > > Unfortunately, I don't have any reproducer for this issue yet.
> >
> > Question for the syzbot people:
> >
> > If I have a patch which I think will cause the issue to become
> > reproducible, is there any way to ask syzbot to apply the same test that
> > failed here to a kernel including my patch?
> 
> No, that's unfortunately not supported.
> 
> In this particular case, it's at least evident from `Comm: ` which
> exact program was being executed when the kernel crashed:
> 
> [  178.539707][ T8305] BUG: KASAN: slab-use-after-free in
> do_raw_spin_lock+0x271/0x2c0
> [  178.542477][ T8305] Read of size 4 at addr ffff888022387c0c by task
> syz.3.600/8305
> [  178.546823][ T8305]
> [  178.548202][ T8305] CPU: 3 UID: 0 PID: 8305 Comm: syz.3.600 Not
> tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
> 
> syz.3.600 means procid=3 and id=600, so it's the program that comes
> after the following line in
> https://syzkaller.appspot.com/x/log.txt?x=1650d6a7980000:
> 
> 551.627007ms ago: executing program 3 (id=600):
> <...>
> 
> You may try to treat that program as a normal syz reproducer and run
> it against your patched kernel locally, that should be quite
> straightforward to do (just several commands). See e.g. the
> instructions here:
> https://github.com/google/syzkaller/blob/master/docs/syzbot_assets.md#run-a-syz-reproducer-directly

One of the beauties of syzbot is that it will run potential reproducers 
and test patches for us with very little effort on our part.

Can I request an enhancement of the "#syz test:" email command?  It 
would be great if it would be willing to run a test even if the test 
program isn't considered a bona fide reproducer.

I don't really need it for this particular bug report; the underlying 
cause of the problem in this case is pretty clear.  But having this 
capability in the future could be a big help.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ