lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3a8dd8db-61d6-603e-b270-5faf1be02c6b@gmail.com>
Date:   Wed, 18 Aug 2021 11:55:19 +0300
From:   Pavel Skripkin <paskripkin@...il.com>
To:     Matthieu Baerts <matthieu.baerts@...sares.net>,
        syzbot <syzbot+7b938780d5deeaaf938f@...kaller.appspotmail.com>,
        davem@...emloft.net, johan.hedberg@...il.com, kuba@...nel.org,
        linux-bluetooth@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, luiz.dentz@...il.com,
        marcel@...tmann.org, mathew.j.martineau@...ux.intel.com,
        netdev@...r.kernel.org, pabeni@...hat.com,
        syzkaller-bugs@...glegroups.com, viro@...iv.linux.org.uk
Subject: Re: [syzbot] KFENCE: use-after-free in kvm_fastop_exception

On 8/18/21 11:21 AM, Matthieu Baerts wrote:
> Hi Pavel,
> 
[snip]
>>>
>>> I'm pretty sure the commit c4512c63b119 ("mptcp: fix 'masking a bool'
>>> warning") doesn't introduce the reported bug. This minor fix is specific
>>> to MPTCP which doesn't seem to be used here.
>>>
>>> I'm not sure how I can tell syzbot this is a false positive.
>>>
>> 
>> 
>> looks like it's fs/namei bug. Similar reports:
>> 
>> https://syzkaller.appspot.com/bug?id=517fa734b92b7db404c409b924cf5c997640e324
>> 
>> 
>> https://syzkaller.appspot.com/bug?id=484483daf3652b40dae18531923aa9175d392a4d
> 
> Thank you for having checked!
> Should we mark them as "#syz dup" if you think they have the same root
> cause?
> 

I think, yes, but I want to receive feedback from fs people about this 
bug. There were huge updates last month, and, maybe, I am missing some 
details. Alloc/free calltrace is the same, but anyway, I want some 
confirmation to not close different bugs by mistake :)

If these bugs really have same root case I will close them manually 
after fix posted.

>> It's not false positive. I've suggested the fix here:
>> https://groups.google.com/g/syzkaller-bugs/c/HE3c2fP5nic/m/1Yk17GBeAwAJ
>> I am waiting for author comments about the fix :)
>> 
>> But, yes, syzbot bisection is often wrong, so don't rely on it much :)
> 
> Yes sorry, I wanted to say the bisection picked a wrong commit :)
> 
> All good then if syzbot often blames the wrong modification :)
> 
With regards,
Pavel Skripkin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ