| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191124193035.GA4203@ZenIV.linux.org.uk>
Date: Sun, 24 Nov 2019 19:30:35 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: syzbot <syzbot+eaeb616d85c9a0afec7d@...kaller.appspotmail.com>
Cc: cmetcalf@...hip.com, coreteam@...filter.org, davem@...emloft.net,
dvyukov@...gle.com, gang.chen.5i5j@...il.com, kaber@...sh.net,
kadlec@...ckhole.kfki.hu, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
netfilter-devel@...r.kernel.org, pablo@...filter.org,
syzkaller-bugs@...glegroups.com
Subject: Re: KASAN: use-after-free Read in blkdev_get
On Sun, Nov 24, 2019 at 11:07:00AM -0800, syzbot wrote:
> syzbot has bisected this bug to:
>
> commit 77ef8f5177599efd0cedeb52c1950c1bd73fa5e3
> Author: Chris Metcalf <cmetcalf@...hip.com>
> Date: Mon Jan 25 20:05:34 2016 +0000
>
> tile kgdb: fix bug in copy to gdb regs, and optimize memset
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1131bc0ee00000
> start commit: f5b7769e Revert "debugfs: inode: debugfs_create_dir uses m..
> git tree: upstream
> final crash: https://syzkaller.appspot.com/x/report.txt?x=1331bc0ee00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1531bc0ee00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=709f8187af941e84
> dashboard link: https://syzkaller.appspot.com/bug?extid=eaeb616d85c9a0afec7d
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=177f898f800000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=147eb85f800000
>
> Reported-by: syzbot+eaeb616d85c9a0afec7d@...kaller.appspotmail.com
> Fixes: 77ef8f517759 ("tile kgdb: fix bug in copy to gdb regs, and optimize
> memset")
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Seriously? How can the commit in question (limited to arch/tile/kernel/kgdb.c)
possibly affect a bug that manages to produce a crash report with
RSP: 0018:ffffffff82e03eb8 EFLAGS: 00000282
RAX: 0000000000000000 RBX: ffffffff82e00000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81088779
RBP: ffffffff82e03eb8 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff82e00000
FS: 0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c420447ff8 CR3: 0000000213184000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
in it? Unless something very odd has happened to tile, this crash has
been observed on 64bit x86; the names of registers alone are enough
to be certain of that.
And the binaries produced by an x86 build should not be affected by any
changes in arch/tile; not unless something is very wrong with the build
system. It's not even that this commit has fixed an earlier bug that
used to mask the one manifested here - it really should have had zero
impact on x86 builds, period.
So I'm sorry, but I'm calling bullshit. Something's quite wrong with
the bot - either its build system or the bisection process.
Powered by blists - more mailing lists