lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <5703A932-C5B0-4C98-BC5D-133F6E7943B3@m.fudan.edu.cn>
Date: Wed, 7 May 2025 18:03:15 +0800
From: 胡焜 <huk23@...udan.edu.cn>
To: Viacheslav Dubeyko <slava@...eyko.com>
Cc: Viacheslav Dubeyko <Slava.Dubeyko@....com>,
 "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
 "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
 "glaubitz@...sik.fu-berlin.de" <glaubitz@...sik.fu-berlin.de>,
 "frank.li@...o.com" <frank.li@...o.com>,
 "baishuoran@...eu.edu.cn" <baishuoran@...eu.edu.cn>,
 "jjtan24@...udan.edu.cn" <jjtan24@...udan.edu.cn>
Subject: Re: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x268/0x290


> I have the fix and I would like to check it. I am trying to use the C
> reproducer for triggering the issue. Probably, I am doing something
> wrong. I have complied the kernel by using the shared kernel config and
> I have compiled the C reproducer. It works several hours already and I
> still cannot trigger the issue. Am I doing something wrong? How long
> should I wait the issue reproduction? Could you please share the
> correct way of the issue reproduction?
> 
> Thanks,
> Slava. 
> 


Hi Slava,
Thank you for taking your time.

We originally obtained this issue's syz and C reproducers using Syzkaller's repro tool (refer to the URL below). The issue was triggered when we ran the syz reproducer through Syzkaller.

Url: https://github.com/google/syzkaller/blob/master/docs/reproducing_crashes.md

Syzkaller also provides syz-execprog to verify whether the C program can trigger the issue. We are currently in the process of verifying whether the C reproducer can reliably reproduce the issue. Please allow us some time to complete this verification.

We'll follow up with you once we have more concrete results.

Best regards,
Kun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ