kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: KASAN: use-after-free Read in tty_open
       [not found] <000000000000dd04830598d50133@google.com>
@ 2019-12-04  2:45 ` syzbot
  2019-12-04  6:53   ` Dmitry Vyukov
  2020-04-25  0:23 ` syzbot
  1 sibling, 1 reply; 4+ messages in thread
From: syzbot @ 2019-12-04  2:45 UTC (permalink / raw)
  To: gleb, gregkh, gwshan, hpa, jslaby, kvm, linux-kernel, mingo, mpe,
	pbonzini, ruscur, stewart, syzkaller-bugs, tglx, x86

syzbot has bisected this bug to:

commit 2de50e9674fc4ca3c6174b04477f69eb26b4ee31
Author: Russell Currey <ruscur@russell.cc>
Date:   Mon Feb 8 04:08:20 2016 +0000

     powerpc/powernv: Remove support for p5ioc2

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=15e5fc32e00000
start commit:   76bb8b05 Merge tag 'kbuild-v5.5' of git://git.kernel.org/p..
git tree:       upstream
final crash:    https://syzkaller.appspot.com/x/report.txt?x=17e5fc32e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=13e5fc32e00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=dd226651cb0f364b
dashboard link: https://syzkaller.appspot.com/bug?extid=9af6d43c1beabec8fd05
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16d15061e00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14b69aeae00000

Reported-by: syzbot+9af6d43c1beabec8fd05@syzkaller.appspotmail.com
Fixes: 2de50e9674fc ("powerpc/powernv: Remove support for p5ioc2")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: KASAN: use-after-free Read in tty_open
  2019-12-04  2:45 ` KASAN: use-after-free Read in tty_open syzbot
@ 2019-12-04  6:53   ` Dmitry Vyukov
  0 siblings, 0 replies; 4+ messages in thread
From: Dmitry Vyukov @ 2019-12-04  6:53 UTC (permalink / raw)
  To: syzbot
  Cc: Gleb Natapov, Greg Kroah-Hartman, gwshan, H. Peter Anvin,
	Jiri Slaby, KVM list, LKML, Ingo Molnar, Michael Ellerman,
	Paolo Bonzini, Russell Currey, stewart, syzkaller-bugs,
	Thomas Gleixner, the arch/x86 maintainers

On Wed, Dec 4, 2019 at 3:45 AM syzbot
<syzbot+9af6d43c1beabec8fd05@syzkaller.appspotmail.com> wrote:
>
> syzbot has bisected this bug to:
>
> commit 2de50e9674fc4ca3c6174b04477f69eb26b4ee31
> Author: Russell Currey <ruscur@russell.cc>
> Date:   Mon Feb 8 04:08:20 2016 +0000
>
>      powerpc/powernv: Remove support for p5ioc2
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=15e5fc32e00000
> start commit:   76bb8b05 Merge tag 'kbuild-v5.5' of git://git.kernel.org/p..
> git tree:       upstream
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=17e5fc32e00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=13e5fc32e00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=dd226651cb0f364b
> dashboard link: https://syzkaller.appspot.com/bug?extid=9af6d43c1beabec8fd05
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16d15061e00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14b69aeae00000
>
> Reported-by: syzbot+9af6d43c1beabec8fd05@syzkaller.appspotmail.com
> Fixes: 2de50e9674fc ("powerpc/powernv: Remove support for p5ioc2")
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

This should have been detected as "does not affect binary", but there
is something I don't understand/missing:
This is bisected to 2de50e9674fc4ca3c6174b04477f69eb26b4ee31
and it has this parent:
$ git log -n 1 --format="%P" 2de50e9674fc4ca3c6174b04477f69eb26b4ee31
388f7b1d6e8ca06762e2454d28d6c3c55ad0fe95
But the parent was never tested during bisection... how is this possible?
Mentioned this here:
https://github.com/google/syzkaller/issues/1271#issuecomment-561504032

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: KASAN: use-after-free Read in tty_open
       [not found] <000000000000dd04830598d50133@google.com>
  2019-12-04  2:45 ` KASAN: use-after-free Read in tty_open syzbot
@ 2020-04-25  0:23 ` syzbot
  2020-04-25  2:18   ` Eric Biggers
  1 sibling, 1 reply; 4+ messages in thread
From: syzbot @ 2020-04-25  0:23 UTC (permalink / raw)
  To: dvyukov, ebiggers, gleb, gregkh, gwshan, hpa, jslaby, jslaby,
	kvm, linux-kernel, mingo, mpe, pbonzini, ruscur, stewart,
	syzkaller-bugs, tglx, x86

syzbot suspects this bug was fixed by commit:

commit ca4463bf8438b403596edd0ec961ca0d4fbe0220
Author: Eric Biggers <ebiggers@google.com>
Date:   Sun Mar 22 03:43:04 2020 +0000

    vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=11594fc8100000
start commit:   07c4b9e9 Merge tag 'scsi-fixes' of git://git.kernel.org/pu..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=79f79de2a27d3e3d
dashboard link: https://syzkaller.appspot.com/bug?extid=9af6d43c1beabec8fd05
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=113886fae00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1263520ae00000

If the result looks correct, please mark the bug fixed by replying with:

#syz fix: vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: KASAN: use-after-free Read in tty_open
  2020-04-25  0:23 ` syzbot
@ 2020-04-25  2:18   ` Eric Biggers
  0 siblings, 0 replies; 4+ messages in thread
From: Eric Biggers @ 2020-04-25  2:18 UTC (permalink / raw)
  To: syzbot
  Cc: dvyukov, gleb, gregkh, gwshan, hpa, jslaby, jslaby, kvm,
	linux-kernel, mingo, mpe, pbonzini, ruscur, stewart,
	syzkaller-bugs, tglx, x86

On Fri, Apr 24, 2020 at 05:23:03PM -0700, syzbot wrote:
> syzbot suspects this bug was fixed by commit:
> 
> commit ca4463bf8438b403596edd0ec961ca0d4fbe0220
> Author: Eric Biggers <ebiggers@google.com>
> Date:   Sun Mar 22 03:43:04 2020 +0000
> 
>     vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=11594fc8100000
> start commit:   07c4b9e9 Merge tag 'scsi-fixes' of git://git.kernel.org/pu..
> git tree:       upstream
> kernel config:  https://syzkaller.appspot.com/x/.config?x=79f79de2a27d3e3d
> dashboard link: https://syzkaller.appspot.com/bug?extid=9af6d43c1beabec8fd05
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=113886fae00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1263520ae00000
> 
> If the result looks correct, please mark the bug fixed by replying with:
> 
> #syz fix: vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
> 
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

#syz fix: vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-04-25  2:18 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <000000000000dd04830598d50133@google.com>
2019-12-04  2:45 ` KASAN: use-after-free Read in tty_open syzbot
2019-12-04  6:53   ` Dmitry Vyukov
2020-04-25  0:23 ` syzbot
2020-04-25  2:18   ` Eric Biggers

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).