From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E83DAC38A2A for ; Fri, 8 May 2020 09:33:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BEA762070B for ; Fri, 8 May 2020 09:33:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GtAP3h/Z" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727076AbgEHJd0 (ORCPT ); Fri, 8 May 2020 05:33:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725774AbgEHJdZ (ORCPT ); Fri, 8 May 2020 05:33:25 -0400 Received: from mail-qt1-x841.google.com (mail-qt1-x841.google.com [IPv6:2607:f8b0:4864:20::841]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CB7CC05BD43 for ; Fri, 8 May 2020 02:33:25 -0700 (PDT) Received: by mail-qt1-x841.google.com with SMTP id w29so285613qtv.3 for ; Fri, 08 May 2020 02:33:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GqXEjDaG+YGx0nXjgZ4W5HNVqJo925K86iqD302veHY=; b=GtAP3h/Z3PPH676mNtyFuDUd4QaE5wVZcq8hFWKATjr8OQA3NHM4mBIm5tr/e/Wfle tZKpzU4KBXvnm6U0NS6/6xvZh7Fgx0c6DwIGy5767Jz/8WsGfIW5qkCS1hyfJ1ZbadCw GersB2jGOkAqejndKmS66DV6IbmaK92JxrTFROGWp2iqaQkag9RKnVcmL59NzCQV92sO WAM893lT9sOa5/5sMWDdkHv8gY9ior9kh9wFL1hUBe8Sgn6Oni3wAdkBHHOHBXV5q9aR qd8OGJHs/s7fPbDOwxw6lZAh4fSrlSA3Q9+8rK5BMSjvJIX5l55A/Q/+oe8st5oXQFY5 frBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GqXEjDaG+YGx0nXjgZ4W5HNVqJo925K86iqD302veHY=; b=NrSYsBFhDtd2snLeXsrhD+i6tku1STd8Sf0geOGtHdoC8R/arW12NuTVe0t4NldmF+ vd7PKiuiLvXkGq/VTNWx+VO0v+OzLRTObUjUEw14JrstB72fxB364TTj8dMQc+aGeBhz NGWHL8qLZCWgeqeaMmyAB+pu1K/JOGpiN2OZr/NqgBFWl70jfH1m0jXqrkVuNMr2FT4i uku164myv3LC/T6UXj+0hUdrjXPq+FTRR+zGlN/XjmdpZjcDA3KycCnqHA8KIcqDJZx1 xc3Lh6Gvzf7xjPEOenHzSRDReDUF326lZu4Di/JEepVRoBYiDw3ZSHShlNvhZLUHDRt/ 9Cgw== X-Gm-Message-State: AGi0Pub1Z6ygHA6xZJ6nRdkG39WLJmSSddnu5DWw5P+DrfQCnTbV75K9 SL4BoyZVHEeJTrzqvYKUFb0iQTUNlbB6DRe9wrEoTw== X-Google-Smtp-Source: APiQypJBReLlNI1lkKoH4ewz6Q2tA9L1d0ig5UwPjkpDV+PBKuDen+TP7tDZu/7zCfjlmMaE4Q+aq6NmYCbIFlSp4NM= X-Received: by 2002:aed:3668:: with SMTP id e95mr2108070qtb.50.1588930403993; Fri, 08 May 2020 02:33:23 -0700 (PDT) MIME-Version: 1.0 References: <00000000000039420505a14e4951@google.com> <1588755226.13662.17.camel@suse.com> In-Reply-To: From: Dmitry Vyukov Date: Fri, 8 May 2020 11:33:12 +0200 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in hfa384x_usbin_callback To: Andrey Konovalov , syzkaller Cc: Oliver Neukum , syzbot , "open list:ANDROID DRIVERS" , Greg Kroah-Hartman , LKML , USB list , nishkadg.linux@gmail.com, syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 7, 2020 at 5:56 PM 'Andrey Konovalov' via syzkaller-bugs wrote: > > On Wed, May 6, 2020 at 1:50 PM Andrey Konovalov wrote: > > > > On Wed, May 6, 2020 at 10:54 AM Oliver Neukum wrote: > > > > > > Am Freitag, den 20.03.2020, 12:28 -0700 schrieb syzbot: > > > > Hello, > > > > > > > > syzbot found the following crash on: > > > > > > > > HEAD commit: e17994d1 usb: core: kcov: collect coverage from usb comple.. > > > > git tree: https://github.com/google/kasan.git usb-fuzzer > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=11d74573e00000 > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=5d64370c438bc60 > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=7d42d68643a35f71ac8a > > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15fa561de00000 > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15d74573e00000 > > > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > > > Reported-by: syzbot+7d42d68643a35f71ac8a@syzkaller.appspotmail.com > > > > > > > > > > Hi, > > > > > > is this bug still active and can a test be run on it? I requested one > > > yesterday. If my analysis is correct this bug has security > > > implications, so it is kind of important. > > > > I see your request in the queue and it's been registered and > > completed, but for some reason syzbot didn't send an email with a > > response. > > > > Let me try this once again: > > > > #syz test: https://github.com/google/kasan.git e17994d1 > > Still no response. Dmitry, any idea what could be wrong here? I suspect it has something to do with the fact that the bug is already fixed (has a fixing commit). ...right, it was broken by: https://github.com/google/syzkaller/commit/f8368f999a1964df6d39a225cd3f5ab3942dd755 and we lack a test for this scenario. It was supposed to only disable mailing of bisection jobs. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A5D5C47247 for ; Fri, 8 May 2020 09:33:33 +0000 (UTC) Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 477422070B for ; Fri, 8 May 2020 09:33:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="GtAP3h/Z" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 477422070B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=driverdev-devel-bounces@linuxdriverproject.org Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 22E4B885E5; Fri, 8 May 2020 09:33:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Cx5kVQus3Co; Fri, 8 May 2020 09:33:28 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id D06B388548; Fri, 8 May 2020 09:33:28 +0000 (UTC) Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id E8FB91BF852 for ; Fri, 8 May 2020 09:33:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id B4B35203C8 for ; Fri, 8 May 2020 09:33:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3rFZbyMgHTjw for ; Fri, 8 May 2020 09:33:25 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-qt1-f195.google.com (mail-qt1-f195.google.com [209.85.160.195]) by silver.osuosl.org (Postfix) with ESMTPS id 6BA21203B0 for ; Fri, 8 May 2020 09:33:25 +0000 (UTC) Received: by mail-qt1-f195.google.com with SMTP id 4so727463qtb.4 for ; Fri, 08 May 2020 02:33:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GqXEjDaG+YGx0nXjgZ4W5HNVqJo925K86iqD302veHY=; b=GtAP3h/Z3PPH676mNtyFuDUd4QaE5wVZcq8hFWKATjr8OQA3NHM4mBIm5tr/e/Wfle tZKpzU4KBXvnm6U0NS6/6xvZh7Fgx0c6DwIGy5767Jz/8WsGfIW5qkCS1hyfJ1ZbadCw GersB2jGOkAqejndKmS66DV6IbmaK92JxrTFROGWp2iqaQkag9RKnVcmL59NzCQV92sO WAM893lT9sOa5/5sMWDdkHv8gY9ior9kh9wFL1hUBe8Sgn6Oni3wAdkBHHOHBXV5q9aR qd8OGJHs/s7fPbDOwxw6lZAh4fSrlSA3Q9+8rK5BMSjvJIX5l55A/Q/+oe8st5oXQFY5 frBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GqXEjDaG+YGx0nXjgZ4W5HNVqJo925K86iqD302veHY=; b=hjrp5uyAmx3J1Coa774TPfaYJfk+A1ELrLMeSlFuyz8fvVxUTxdzJa1LmJMA0c8A+5 DSTliQaidgZ8WMPvo6Zr9fI6BcLTjktVK2b9uBMLchfICtUVoWLGZm93/pXTiFbQ3s4F heCxQQbV0bhEDladSoDteJZthA+icyfFwb36Po4456Frj0ym49zgiB7u80YMvB9iLixl WkPjxuvYk34RNwDEdJ69rXoFnorhn1VWwaY3no9HWuA+Pgzv3LHsrQspzVvI7kfgvV68 VWplXl8xcdYsTtPeNEUOJJ49L7T+FDGU4cvnk+iU4plHJZ8mdOOhvaYu9B5VJwOyB73s TL2Q== X-Gm-Message-State: AGi0Pubz1LaA4fBRw4QwiMUz206bRoClhlTYW4SBUDc3cKCbQDFQYjoL Fbk/byUe4AGzb2RAYl06gRdLyPaAfkJcl4ijXIwKog== X-Google-Smtp-Source: APiQypJBReLlNI1lkKoH4ewz6Q2tA9L1d0ig5UwPjkpDV+PBKuDen+TP7tDZu/7zCfjlmMaE4Q+aq6NmYCbIFlSp4NM= X-Received: by 2002:aed:3668:: with SMTP id e95mr2108070qtb.50.1588930403993; Fri, 08 May 2020 02:33:23 -0700 (PDT) MIME-Version: 1.0 References: <00000000000039420505a14e4951@google.com> <1588755226.13662.17.camel@suse.com> In-Reply-To: From: Dmitry Vyukov Date: Fri, 8 May 2020 11:33:12 +0200 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in hfa384x_usbin_callback To: Andrey Konovalov , syzkaller X-BeenThere: driverdev-devel@linuxdriverproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Driver Project Developer List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "open list:ANDROID DRIVERS" , USB list , syzbot , Greg Kroah-Hartman , Oliver Neukum , syzkaller-bugs , LKML , nishkadg.linux@gmail.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: driverdev-devel-bounces@linuxdriverproject.org Sender: "devel" On Thu, May 7, 2020 at 5:56 PM 'Andrey Konovalov' via syzkaller-bugs wrote: > > On Wed, May 6, 2020 at 1:50 PM Andrey Konovalov wrote: > > > > On Wed, May 6, 2020 at 10:54 AM Oliver Neukum wrote: > > > > > > Am Freitag, den 20.03.2020, 12:28 -0700 schrieb syzbot: > > > > Hello, > > > > > > > > syzbot found the following crash on: > > > > > > > > HEAD commit: e17994d1 usb: core: kcov: collect coverage from usb comple.. > > > > git tree: https://github.com/google/kasan.git usb-fuzzer > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=11d74573e00000 > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=5d64370c438bc60 > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=7d42d68643a35f71ac8a > > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15fa561de00000 > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15d74573e00000 > > > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > > > Reported-by: syzbot+7d42d68643a35f71ac8a@syzkaller.appspotmail.com > > > > > > > > > > Hi, > > > > > > is this bug still active and can a test be run on it? I requested one > > > yesterday. If my analysis is correct this bug has security > > > implications, so it is kind of important. > > > > I see your request in the queue and it's been registered and > > completed, but for some reason syzbot didn't send an email with a > > response. > > > > Let me try this once again: > > > > #syz test: https://github.com/google/kasan.git e17994d1 > > Still no response. Dmitry, any idea what could be wrong here? I suspect it has something to do with the fact that the bug is already fixed (has a fixing commit). ...right, it was broken by: https://github.com/google/syzkaller/commit/f8368f999a1964df6d39a225cd3f5ab3942dd755 and we lack a test for this scenario. It was supposed to only disable mailing of bisection jobs. _______________________________________________ devel mailing list devel@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel