Re: KASAN: use-after-free Write in hci_sock

public inbox for linux-kbuild@vger.kernel.org
 help / color / mirror / Atom feed

* Re: KASAN: use-after-free Write in hci_sock_release
       [not found] <0000000000003692760578e651dd@google.com>
@ 2019-03-22 12:04 ` syzbot
  2019-03-22 12:16   ` Dmitry Vyukov
  2020-05-16 21:27 ` syzbot
  1 sibling, 1 reply; 5+ messages in thread
From: syzbot @ 2019-03-22 12:04 UTC (permalink / raw)
  To: davem, johan.hedberg, linux-bluetooth, linux-kbuild, linux-kernel,
	marcel, mmarek, netdev, syzkaller-bugs, torvalds

syzbot has bisected this bug to:

commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Sun Feb 19 22:34:00 2017 +0000

     Linux 4.10

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1664c6df200000
start commit:   c470abd4 Linux 4.10
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=7308e68273924137
dashboard link: https://syzkaller.appspot.com/bug?extid=b364ed862aa07c74bc62
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=152532bb400000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13f73320c00000

Reported-by: syzbot+b364ed862aa07c74bc62@syzkaller.appspotmail.com
Fixes: c470abd4fde4 ("Linux 4.10")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: KASAN: use-after-free Write in hci_sock_release
  2019-03-22 12:04 ` KASAN: use-after-free Write in hci_sock_release syzbot
@ 2019-03-22 12:16   ` Dmitry Vyukov
  2019-03-23 20:25     ` Cong Wang
  0 siblings, 1 reply; 5+ messages in thread
From: Dmitry Vyukov @ 2019-03-22 12:16 UTC (permalink / raw)
  To: syzbot
  Cc: David Miller, Johan Hedberg, linux-bluetooth,
	open list:KERNEL BUILD + fi..., LKML, Marcel Holtmann,
	Michal Marek, netdev, syzkaller-bugs, Linus Torvalds

On Fri, Mar 22, 2019 at 1:04 PM syzbot
<syzbot+b364ed862aa07c74bc62@syzkaller.appspotmail.com> wrote:
>
> syzbot has bisected this bug to:
>
> commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
> Author: Linus Torvalds <torvalds@linux-foundation.org>
> Date:   Sun Feb 19 22:34:00 2017 +0000
>
>      Linux 4.10
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1664c6df200000
> start commit:   c470abd4 Linux 4.10
> git tree:       upstream
> kernel config:  https://syzkaller.appspot.com/x/.config?x=7308e68273924137
> dashboard link: https://syzkaller.appspot.com/bug?extid=b364ed862aa07c74bc62
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=152532bb400000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13f73320c00000
>
> Reported-by: syzbot+b364ed862aa07c74bc62@syzkaller.appspotmail.com
> Fixes: c470abd4fde4 ("Linux 4.10")
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

The same story of HCI being broken before v4.10, so this is bisected
to the release.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: KASAN: use-after-free Write in hci_sock_release
  2019-03-22 12:16   ` Dmitry Vyukov
@ 2019-03-23 20:25     ` Cong Wang
  2019-03-25  8:04       ` Dmitry Vyukov
  0 siblings, 1 reply; 5+ messages in thread
From: Cong Wang @ 2019-03-23 20:25 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: syzbot, David Miller, Johan Hedberg, linux-bluetooth,
	open list:KERNEL BUILD + fi..., LKML, Marcel Holtmann,
	Michal Marek, netdev, syzkaller-bugs, Linus Torvalds

On Fri, Mar 22, 2019 at 5:19 AM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Fri, Mar 22, 2019 at 1:04 PM syzbot
> <syzbot+b364ed862aa07c74bc62@syzkaller.appspotmail.com> wrote:
> >
> > syzbot has bisected this bug to:
> >
> > commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
> > Author: Linus Torvalds <torvalds@linux-foundation.org>
> > Date:   Sun Feb 19 22:34:00 2017 +0000
> >
> >      Linux 4.10
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1664c6df200000
> > start commit:   c470abd4 Linux 4.10
> > git tree:       upstream
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=7308e68273924137
> > dashboard link: https://syzkaller.appspot.com/bug?extid=b364ed862aa07c74bc62
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=152532bb400000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13f73320c00000
> >
> > Reported-by: syzbot+b364ed862aa07c74bc62@syzkaller.appspotmail.com
> > Fixes: c470abd4fde4 ("Linux 4.10")
> >
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
>
> The same story of HCI being broken before v4.10, so this is bisected
> to the release.

Does syzbot test the latest upstream? Isn't this supposed to be fixed by

commit e20a2e9c42c9e4002d9e338d74e7819e88d77162
Author: Myungho Jung <mhjungk@gmail.com>
Date:   Sat Feb 2 16:56:36 2019 -0800

    Bluetooth: Fix decrementing reference count twice in releasing socket

?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: KASAN: use-after-free Write in hci_sock_release
  2019-03-23 20:25     ` Cong Wang
@ 2019-03-25  8:04       ` Dmitry Vyukov
  0 siblings, 0 replies; 5+ messages in thread
From: Dmitry Vyukov @ 2019-03-25  8:04 UTC (permalink / raw)
  To: Cong Wang
  Cc: syzbot, David Miller, Johan Hedberg, linux-bluetooth,
	open list:KERNEL BUILD + fi..., LKML, Marcel Holtmann,
	Michal Marek, netdev, syzkaller-bugs, Linus Torvalds

On Sat, Mar 23, 2019 at 9:25 PM Cong Wang <xiyou.wangcong@gmail.com> wrote:
>
> On Fri, Mar 22, 2019 at 5:19 AM Dmitry Vyukov <dvyukov@google.com> wrote:
> >
> > On Fri, Mar 22, 2019 at 1:04 PM syzbot
> > <syzbot+b364ed862aa07c74bc62@syzkaller.appspotmail.com> wrote:
> > >
> > > syzbot has bisected this bug to:
> > >
> > > commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
> > > Author: Linus Torvalds <torvalds@linux-foundation.org>
> > > Date:   Sun Feb 19 22:34:00 2017 +0000
> > >
> > >      Linux 4.10
> > >
> > > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1664c6df200000
> > > start commit:   c470abd4 Linux 4.10
> > > git tree:       upstream
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=7308e68273924137
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=b364ed862aa07c74bc62
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=152532bb400000
> > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13f73320c00000
> > >
> > > Reported-by: syzbot+b364ed862aa07c74bc62@syzkaller.appspotmail.com
> > > Fixes: c470abd4fde4 ("Linux 4.10")
> > >
> > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> >
> > The same story of HCI being broken before v4.10, so this is bisected
> > to the release.
>
> Does syzbot test the latest upstream?

Yes, it does.

> Isn't this supposed to be fixed by
>
> commit e20a2e9c42c9e4002d9e338d74e7819e88d77162
> Author: Myungho Jung <mhjungk@gmail.com>
> Date:   Sat Feb 2 16:56:36 2019 -0800
>
>     Bluetooth: Fix decrementing reference count twice in releasing socket
>
> ?

I and syzbot have no idea. You may know better. Is it? If yes, please
tell syzbot about the fix.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: KASAN: use-after-free Write in hci_sock_release
       [not found] <0000000000003692760578e651dd@google.com>
  2019-03-22 12:04 ` KASAN: use-after-free Write in hci_sock_release syzbot
@ 2020-05-16 21:27 ` syzbot
  1 sibling, 0 replies; 5+ messages in thread
From: syzbot @ 2020-05-16 21:27 UTC (permalink / raw)
  To: bigeasy, davem, dvyukov, jack, johan.hedberg, linux-bluetooth,
	linux-kbuild, linux-kernel, marcel, mmarek, netdev,
	syzkaller-bugs, tglx, torvalds, xiyou.wangcong

syzbot suspects this bug was fixed by commit:

commit f1e67e355c2aafeddf1eac31335709236996d2fe
Author: Thomas Gleixner <tglx@linutronix.de>
Date:   Mon Nov 18 13:28:24 2019 +0000

    fs/buffer: Make BH_Uptodate_Lock bit_spin_lock a regular spinlock_t

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1761ce06100000
start commit:   645ff1e8 Merge branch 'for-linus' of git://git.kernel.org/..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=7308e68273924137
dashboard link: https://syzkaller.appspot.com/bug?extid=b364ed862aa07c74bc62
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=152532bb400000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13f73320c00000

If the result looks correct, please mark the bug fixed by replying with:

#syz fix: fs/buffer: Make BH_Uptodate_Lock bit_spin_lock a regular spinlock_t

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-05-16 21:27 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <0000000000003692760578e651dd@google.com>
2019-03-22 12:04 ` KASAN: use-after-free Write in hci_sock_release syzbot
2019-03-22 12:16   ` Dmitry Vyukov
2019-03-23 20:25     ` Cong Wang
2019-03-25  8:04       ` Dmitry Vyukov
2020-05-16 21:27 ` syzbot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox