From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8C5BC43603 for ; Sat, 7 Dec 2019 07:23:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6C78621835 for ; Sat, 7 Dec 2019 07:23:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TSgkeFFj" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725978AbfLGHXI (ORCPT ); Sat, 7 Dec 2019 02:23:08 -0500 Received: from mail-qt1-f194.google.com ([209.85.160.194]:46298 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725923AbfLGHXH (ORCPT ); Sat, 7 Dec 2019 02:23:07 -0500 Received: by mail-qt1-f194.google.com with SMTP id 38so9569952qtb.13 for ; Fri, 06 Dec 2019 23:23:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WKRU5pSG2PRY1i50C6ckRyYjlPu0mkUgyvtTtKKNwF4=; b=TSgkeFFjw9IXx/DReyCPlEeIMmu0k9IyhNUDT03zvwWvvnOt4VzeW6knY8j/T4K5zc JMzRL2mIa03FbkvOn3Wq+DnFMm1HZiqVi23oZL63A1ZKFBqOZ942cxk6h3ZDSTnP+6mb tJx2BEfefiTerW4vzKLvOLGzyU6N27A0nDi0mFMcMM5BJwmnGDf7DdbI1yg1NozpJxft Ven48GSQ08+cKs07SJsnB7OVl7W6S0QJhBBgsgZKtiqKZfNnd6W9v0Rf/3Y9s/dEDHRC khXrqNPdvJnIgOAV8r8/cTFE+mCQ/KGb4nkhTKqU3htoekizxTxrYC5GouMtlWrdWiPg 5YrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WKRU5pSG2PRY1i50C6ckRyYjlPu0mkUgyvtTtKKNwF4=; b=ptU3/ezzVK/jHgrONAUpOIoK5TN80crDOU/K4PPasAFgWT/W6PE6ZqTNYzoMIpbHVI litJVipZ5rNuKFrF8NFqO+94JdSu5/tn2pGeImVdVR3+Y5ixiCuwASwmHglrndvhCnnC M1hW+nw6cQTmk0uKv8U7hf0Lgpg4X6RSucq2MFaTr2k4ojSyAyi/iXXZT62EmXJxrIuM +U2z+qMo+vJidaPfWGl63N3BtOuTofi2MQ0Ih/LWg6qVMiEw+zW1cpY2fsEj6SZPFXkb PzCRGcOGc4dyTMQGWAz3zvVaZw1MhLbdFIAMtbjNsfUsvnjmHzMZYKweQ7TaUhiRuJ/E nH/Q== X-Gm-Message-State: APjAAAXv3ky+/q4ZeD6BeTCDjmOTDaXBM7kw0SKs5xepExEF1/33t5AJ jJPuDK0H+zoZlCS1055kLgZQcR6EQ1zJkJsqbhAN5Q== X-Google-Smtp-Source: APXvYqzADYcdsyMtAGfTGhS9VBKWgLIVQ8HeiaaMSQTOXcfnjmm1OYt8/HHEC3dw5lwpNOgSzkdKcfJ7rQeL88sn7Ro= X-Received: by 2002:ac8:3905:: with SMTP id s5mr16470924qtb.158.1575703386571; Fri, 06 Dec 2019 23:23:06 -0800 (PST) MIME-Version: 1.0 References: <000000000000e1d639059908223b@google.com> <000000000000fdd04105990b9c93@google.com> In-Reply-To: <000000000000fdd04105990b9c93@google.com> From: Dmitry Vyukov Date: Sat, 7 Dec 2019 08:22:55 +0100 Message-ID: Subject: Re: KASAN: use-after-free Read in soft_cursor To: syzbot Cc: Bartlomiej Zolnierkiewicz , coreteam@netfilter.org, David Miller , DRI , gwshan@linux.vnet.ibm.com, Patrick McHardy , Jozsef Kadlecsik , Linux Fbdev development list , LKML , Michael Ellerman , netdev , NetFilter , Pablo Neira Ayuso , Russell Currey , stewart@linux.vnet.ibm.com, syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 6, 2019 at 5:34 PM syzbot wrote: > > syzbot has bisected this bug to: > > commit 2de50e9674fc4ca3c6174b04477f69eb26b4ee31 > Author: Russell Currey > Date: Mon Feb 8 04:08:20 2016 +0000 > > powerpc/powernv: Remove support for p5ioc2 Another weird one, I must be missing something obvious about how git bisect works... I keep adding these to: https://github.com/google/syzkaller/issues/1527 > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1512d1bce00000 > start commit: b0d4beaa Merge branch 'next.autofs' of git://git.kernel.or.. > git tree: upstream > final crash: https://syzkaller.appspot.com/x/report.txt?x=1712d1bce00000 > console output: https://syzkaller.appspot.com/x/log.txt?x=1312d1bce00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=f07a23020fd7d21a > dashboard link: https://syzkaller.appspot.com/bug?extid=cf43fb300aa142fb024b > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1745a90ee00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1361042ae00000 > > Reported-by: syzbot+cf43fb300aa142fb024b@syzkaller.appspotmail.com > Fixes: 2de50e9674fc ("powerpc/powernv: Remove support for p5ioc2") > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000fdd04105990b9c93%40google.com. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dmitry Vyukov Date: Sat, 07 Dec 2019 07:22:55 +0000 Subject: Re: KASAN: use-after-free Read in soft_cursor Message-Id: List-Id: References: <000000000000e1d639059908223b@google.com> <000000000000fdd04105990b9c93@google.com> In-Reply-To: <000000000000fdd04105990b9c93@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: syzbot Cc: stewart@linux.vnet.ibm.com, Linux Fbdev development list , Bartlomiej Zolnierkiewicz , LKML , Russell Currey , syzkaller-bugs , gwshan@linux.vnet.ibm.com, DRI , David Miller , coreteam@netfilter.org, NetFilter , Michael Ellerman , Jozsef Kadlecsik , netdev , Patrick McHardy , Pablo Neira Ayuso On Fri, Dec 6, 2019 at 5:34 PM syzbot wrote: > > syzbot has bisected this bug to: > > commit 2de50e9674fc4ca3c6174b04477f69eb26b4ee31 > Author: Russell Currey > Date: Mon Feb 8 04:08:20 2016 +0000 > > powerpc/powernv: Remove support for p5ioc2 Another weird one, I must be missing something obvious about how git bisect works... I keep adding these to: https://github.com/google/syzkaller/issues/1527 > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1512d1bce000= 00 > start commit: b0d4beaa Merge branch 'next.autofs' of git://git.kernel.o= r.. > git tree: upstream > final crash: https://syzkaller.appspot.com/x/report.txt?x=1712d1bce000= 00 > console output: https://syzkaller.appspot.com/x/log.txt?x=1312d1bce00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=F07a23020fd7d21a > dashboard link: https://syzkaller.appspot.com/bug?extid=CF43fb300aa142fb0= 24b > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1745a90ee00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1361042ae00000 > > Reported-by: syzbot+cf43fb300aa142fb024b@syzkaller.appspotmail.com > Fixes: 2de50e9674fc ("powerpc/powernv: Remove support for p5ioc2") > > For information about bisection process see: https://goo.gl/tpsmEJ#bisect= ion > > -- > You received this message because you are subscribed to the Google Groups= "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an= email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgi= d/syzkaller-bugs/000000000000fdd04105990b9c93%40google.com. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=3.0 tests=DKIM_ADSP_CUSTOM_MED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 142E5C2BD09 for ; Mon, 9 Dec 2019 09:47:32 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DB7D1206D5 for ; Mon, 9 Dec 2019 09:47:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DB7D1206D5 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id C2E846E39B; Mon, 9 Dec 2019 09:47:03 +0000 (UTC) Received: from mail-qt1-x842.google.com (mail-qt1-x842.google.com [IPv6:2607:f8b0:4864:20::842]) by gabe.freedesktop.org (Postfix) with ESMTPS id E7A8A6FAF4 for ; Sat, 7 Dec 2019 07:23:07 +0000 (UTC) Received: by mail-qt1-x842.google.com with SMTP id 38so9569951qtb.13 for ; Fri, 06 Dec 2019 23:23:07 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WKRU5pSG2PRY1i50C6ckRyYjlPu0mkUgyvtTtKKNwF4=; b=NCldiHXK8Zx2BKg3f2mQs6OW1AyvR/Oyvnb9njCknZXd/sCstc5um6emA3Y9FWEtn5 skLfc5od26R9yKiw5pSg/hCsj7AZX9tX3Ac7/C7qQUHXJSIqtdBOl5Epicj8b/B0cDl0 AP8AqYuIsm9B3i7i2oKhclAzF33JAxg8trqpmRgSBzjxRwEqNlcF0487j2hG1sRNHSep VSx0wk33oGu+ffXGMDgYKwof0GrqNfbxUk1/iGhjXScELzSBs8XJV70pDzjd/Y2k/a86 9u7F75uOQ85f295tTw3UVXrgCG3bjHelTWqSIFCYaNURuJnIbwSYPnrejF+/uIHO2HNm mtew== X-Gm-Message-State: APjAAAWX44ax4B05vp/zsjWa8uJoYjI52I7YnIu3HVVNQw0d4/a0wmSK RuVyHGd7HLNjA9G2wz1AHyb6nkHb4FZo5eajJ8h1Zw== X-Google-Smtp-Source: APXvYqzADYcdsyMtAGfTGhS9VBKWgLIVQ8HeiaaMSQTOXcfnjmm1OYt8/HHEC3dw5lwpNOgSzkdKcfJ7rQeL88sn7Ro= X-Received: by 2002:ac8:3905:: with SMTP id s5mr16470924qtb.158.1575703386571; Fri, 06 Dec 2019 23:23:06 -0800 (PST) MIME-Version: 1.0 References: <000000000000e1d639059908223b@google.com> <000000000000fdd04105990b9c93@google.com> In-Reply-To: <000000000000fdd04105990b9c93@google.com> From: Dmitry Vyukov Date: Sat, 7 Dec 2019 08:22:55 +0100 Message-ID: Subject: Re: KASAN: use-after-free Read in soft_cursor To: syzbot X-Mailman-Approved-At: Mon, 09 Dec 2019 09:46:36 +0000 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WKRU5pSG2PRY1i50C6ckRyYjlPu0mkUgyvtTtKKNwF4=; b=TSgkeFFjw9IXx/DReyCPlEeIMmu0k9IyhNUDT03zvwWvvnOt4VzeW6knY8j/T4K5zc JMzRL2mIa03FbkvOn3Wq+DnFMm1HZiqVi23oZL63A1ZKFBqOZ942cxk6h3ZDSTnP+6mb tJx2BEfefiTerW4vzKLvOLGzyU6N27A0nDi0mFMcMM5BJwmnGDf7DdbI1yg1NozpJxft Ven48GSQ08+cKs07SJsnB7OVl7W6S0QJhBBgsgZKtiqKZfNnd6W9v0Rf/3Y9s/dEDHRC khXrqNPdvJnIgOAV8r8/cTFE+mCQ/KGb4nkhTKqU3htoekizxTxrYC5GouMtlWrdWiPg 5YrA== X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stewart@linux.vnet.ibm.com, Linux Fbdev development list , Bartlomiej Zolnierkiewicz , LKML , Russell Currey , syzkaller-bugs , gwshan@linux.vnet.ibm.com, DRI , David Miller , coreteam@netfilter.org, NetFilter , Michael Ellerman , Jozsef Kadlecsik , netdev , Patrick McHardy , Pablo Neira Ayuso Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" T24gRnJpLCBEZWMgNiwgMjAxOSBhdCA1OjM0IFBNIHN5emJvdAo8c3l6Ym90K2NmNDNmYjMwMGFh MTQyZmIwMjRiQHN5emthbGxlci5hcHBzcG90bWFpbC5jb20+IHdyb3RlOgo+Cj4gc3l6Ym90IGhh cyBiaXNlY3RlZCB0aGlzIGJ1ZyB0bzoKPgo+IGNvbW1pdCAyZGU1MGU5Njc0ZmM0Y2EzYzYxNzRi MDQ0NzdmNjllYjI2YjRlZTMxCj4gQXV0aG9yOiBSdXNzZWxsIEN1cnJleSA8cnVzY3VyQHJ1c3Nl bGwuY2M+Cj4gRGF0ZTogICBNb24gRmViIDggMDQ6MDg6MjAgMjAxNiArMDAwMAo+Cj4gICAgICBw b3dlcnBjL3Bvd2VybnY6IFJlbW92ZSBzdXBwb3J0IGZvciBwNWlvYzIKCkFub3RoZXIgd2VpcmQg b25lLCBJIG11c3QgYmUgbWlzc2luZyBzb21ldGhpbmcgb2J2aW91cyBhYm91dCBob3cgZ2l0CmJp c2VjdCB3b3Jrcy4uLiBJIGtlZXAgYWRkaW5nIHRoZXNlIHRvOgpodHRwczovL2dpdGh1Yi5jb20v Z29vZ2xlL3N5emthbGxlci9pc3N1ZXMvMTUyNwoKPiBiaXNlY3Rpb24gbG9nOiAgaHR0cHM6Ly9z eXprYWxsZXIuYXBwc3BvdC5jb20veC9iaXNlY3QudHh0P3g9MTUxMmQxYmNlMDAwMDAKPiBzdGFy dCBjb21taXQ6ICAgYjBkNGJlYWEgTWVyZ2UgYnJhbmNoICduZXh0LmF1dG9mcycgb2YgZ2l0Oi8v Z2l0Lmtlcm5lbC5vci4uCj4gZ2l0IHRyZWU6ICAgICAgIHVwc3RyZWFtCj4gZmluYWwgY3Jhc2g6 ICAgIGh0dHBzOi8vc3l6a2FsbGVyLmFwcHNwb3QuY29tL3gvcmVwb3J0LnR4dD94PTE3MTJkMWJj ZTAwMDAwCj4gY29uc29sZSBvdXRwdXQ6IGh0dHBzOi8vc3l6a2FsbGVyLmFwcHNwb3QuY29tL3gv bG9nLnR4dD94PTEzMTJkMWJjZTAwMDAwCj4ga2VybmVsIGNvbmZpZzogIGh0dHBzOi8vc3l6a2Fs bGVyLmFwcHNwb3QuY29tL3gvLmNvbmZpZz94PWYwN2EyMzAyMGZkN2QyMWEKPiBkYXNoYm9hcmQg bGluazogaHR0cHM6Ly9zeXprYWxsZXIuYXBwc3BvdC5jb20vYnVnP2V4dGlkPWNmNDNmYjMwMGFh MTQyZmIwMjRiCj4gc3l6IHJlcHJvOiAgICAgIGh0dHBzOi8vc3l6a2FsbGVyLmFwcHNwb3QuY29t L3gvcmVwcm8uc3l6P3g9MTc0NWE5MGVlMDAwMDAKPiBDIHJlcHJvZHVjZXI6ICAgaHR0cHM6Ly9z eXprYWxsZXIuYXBwc3BvdC5jb20veC9yZXByby5jP3g9MTM2MTA0MmFlMDAwMDAKPgo+IFJlcG9y dGVkLWJ5OiBzeXpib3QrY2Y0M2ZiMzAwYWExNDJmYjAyNGJAc3l6a2FsbGVyLmFwcHNwb3RtYWls LmNvbQo+IEZpeGVzOiAyZGU1MGU5Njc0ZmMgKCJwb3dlcnBjL3Bvd2VybnY6IFJlbW92ZSBzdXBw b3J0IGZvciBwNWlvYzIiKQo+Cj4gRm9yIGluZm9ybWF0aW9uIGFib3V0IGJpc2VjdGlvbiBwcm9j ZXNzIHNlZTogaHR0cHM6Ly9nb28uZ2wvdHBzbUVKI2Jpc2VjdGlvbgo+Cj4gLS0KPiBZb3UgcmVj ZWl2ZWQgdGhpcyBtZXNzYWdlIGJlY2F1c2UgeW91IGFyZSBzdWJzY3JpYmVkIHRvIHRoZSBHb29n bGUgR3JvdXBzICJzeXprYWxsZXItYnVncyIgZ3JvdXAuCj4gVG8gdW5zdWJzY3JpYmUgZnJvbSB0 aGlzIGdyb3VwIGFuZCBzdG9wIHJlY2VpdmluZyBlbWFpbHMgZnJvbSBpdCwgc2VuZCBhbiBlbWFp bCB0byBzeXprYWxsZXItYnVncyt1bnN1YnNjcmliZUBnb29nbGVncm91cHMuY29tLgo+IFRvIHZp ZXcgdGhpcyBkaXNjdXNzaW9uIG9uIHRoZSB3ZWIgdmlzaXQgaHR0cHM6Ly9ncm91cHMuZ29vZ2xl LmNvbS9kL21zZ2lkL3N5emthbGxlci1idWdzLzAwMDAwMDAwMDAwMGZkZDA0MTA1OTkwYjljOTMl NDBnb29nbGUuY29tLgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXwpkcmktZGV2ZWwgbWFpbGluZyBsaXN0CmRyaS1kZXZlbEBsaXN0cy5mcmVlZGVza3RvcC5v cmcKaHR0cHM6Ly9saXN0cy5mcmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0aW5mby9kcmktZGV2 ZWw=