* Re: [syzbot] KFENCE: use-after-free in kvm_fastop_exception [not found] <00000000000080486305c9a8f818@google.com> @ 2021-08-17 22:21 ` syzbot 2021-08-18 8:02 ` Matthieu Baerts 0 siblings, 1 reply; 6+ messages in thread From: syzbot @ 2021-08-17 22:21 UTC (permalink / raw) To: davem, johan.hedberg, kuba, linux-bluetooth, linux-fsdevel, linux-kernel, luiz.dentz, marcel, mathew.j.martineau, matthieu.baerts, netdev, pabeni, syzkaller-bugs, viro syzbot has bisected this issue to: commit c4512c63b1193c73b3f09c598a6d0a7f88da1dd8 Author: Matthieu Baerts <matthieu.baerts@tessares.net> Date: Fri Jun 25 21:25:22 2021 +0000 mptcp: fix 'masking a bool' warning bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=122b0655300000 start commit: b9011c7e671d Add linux-next specific files for 20210816 git tree: linux-next final oops: https://syzkaller.appspot.com/x/report.txt?x=112b0655300000 console output: https://syzkaller.appspot.com/x/log.txt?x=162b0655300000 kernel config: https://syzkaller.appspot.com/x/.config?x=a245d1aa4f055cc1 dashboard link: https://syzkaller.appspot.com/bug?extid=7b938780d5deeaaf938f syz repro: https://syzkaller.appspot.com/x/repro.syz?x=157a41ee300000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14f78ff9300000 Reported-by: syzbot+7b938780d5deeaaf938f@syzkaller.appspotmail.com Fixes: c4512c63b119 ("mptcp: fix 'masking a bool' warning") For information about bisection process see: https://goo.gl/tpsmEJ#bisection ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [syzbot] KFENCE: use-after-free in kvm_fastop_exception 2021-08-17 22:21 ` [syzbot] KFENCE: use-after-free in kvm_fastop_exception syzbot @ 2021-08-18 8:02 ` Matthieu Baerts 2021-08-18 8:12 ` Pavel Skripkin 0 siblings, 1 reply; 6+ messages in thread From: Matthieu Baerts @ 2021-08-18 8:02 UTC (permalink / raw) To: syzbot, davem, johan.hedberg, kuba, linux-bluetooth, linux-fsdevel, linux-kernel, luiz.dentz, marcel, mathew.j.martineau, netdev, pabeni, syzkaller-bugs, viro Hello, On 18/08/2021 00:21, syzbot wrote: > syzbot has bisected this issue to: > > commit c4512c63b1193c73b3f09c598a6d0a7f88da1dd8 > Author: Matthieu Baerts <matthieu.baerts@tessares.net> > Date: Fri Jun 25 21:25:22 2021 +0000 > > mptcp: fix 'masking a bool' warning > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=122b0655300000 > start commit: b9011c7e671d Add linux-next specific files for 20210816 > git tree: linux-next > final oops: https://syzkaller.appspot.com/x/report.txt?x=112b0655300000 > console output: https://syzkaller.appspot.com/x/log.txt?x=162b0655300000 > kernel config: https://syzkaller.appspot.com/x/.config?x=a245d1aa4f055cc1 > dashboard link: https://syzkaller.appspot.com/bug?extid=7b938780d5deeaaf938f > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=157a41ee300000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14f78ff9300000 I'm pretty sure the commit c4512c63b119 ("mptcp: fix 'masking a bool' warning") doesn't introduce the reported bug. This minor fix is specific to MPTCP which doesn't seem to be used here. I'm not sure how I can tell syzbot this is a false positive. Cheers, Matt -- Tessares | Belgium | Hybrid Access Solutions www.tessares.net ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [syzbot] KFENCE: use-after-free in kvm_fastop_exception 2021-08-18 8:02 ` Matthieu Baerts @ 2021-08-18 8:12 ` Pavel Skripkin 2021-08-18 8:21 ` Matthieu Baerts 0 siblings, 1 reply; 6+ messages in thread From: Pavel Skripkin @ 2021-08-18 8:12 UTC (permalink / raw) To: Matthieu Baerts, syzbot, davem, johan.hedberg, kuba, linux-bluetooth, linux-fsdevel, linux-kernel, luiz.dentz, marcel, mathew.j.martineau, netdev, pabeni, syzkaller-bugs, viro On 8/18/21 11:02 AM, Matthieu Baerts wrote: > Hello, > > On 18/08/2021 00:21, syzbot wrote: >> syzbot has bisected this issue to: >> >> commit c4512c63b1193c73b3f09c598a6d0a7f88da1dd8 >> Author: Matthieu Baerts <matthieu.baerts@tessares.net> >> Date: Fri Jun 25 21:25:22 2021 +0000 >> >> mptcp: fix 'masking a bool' warning >> >> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=122b0655300000 >> start commit: b9011c7e671d Add linux-next specific files for 20210816 >> git tree: linux-next >> final oops: https://syzkaller.appspot.com/x/report.txt?x=112b0655300000 >> console output: https://syzkaller.appspot.com/x/log.txt?x=162b0655300000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=a245d1aa4f055cc1 >> dashboard link: https://syzkaller.appspot.com/bug?extid=7b938780d5deeaaf938f >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=157a41ee300000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14f78ff9300000 > > I'm pretty sure the commit c4512c63b119 ("mptcp: fix 'masking a bool' > warning") doesn't introduce the reported bug. This minor fix is specific > to MPTCP which doesn't seem to be used here. > > I'm not sure how I can tell syzbot this is a false positive. > looks like it's fs/namei bug. Similar reports: https://syzkaller.appspot.com/bug?id=517fa734b92b7db404c409b924cf5c997640e324 https://syzkaller.appspot.com/bug?id=484483daf3652b40dae18531923aa9175d392a4d It's not false positive. I've suggested the fix here: https://groups.google.com/g/syzkaller-bugs/c/HE3c2fP5nic/m/1Yk17GBeAwAJ I am waiting for author comments about the fix :) But, yes, syzbot bisection is often wrong, so don't rely on it much :) With regards, Pavel Skripkin ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [syzbot] KFENCE: use-after-free in kvm_fastop_exception 2021-08-18 8:12 ` Pavel Skripkin @ 2021-08-18 8:21 ` Matthieu Baerts 2021-08-18 8:55 ` Pavel Skripkin 0 siblings, 1 reply; 6+ messages in thread From: Matthieu Baerts @ 2021-08-18 8:21 UTC (permalink / raw) To: Pavel Skripkin, syzbot, davem, johan.hedberg, kuba, linux-bluetooth, linux-fsdevel, linux-kernel, luiz.dentz, marcel, mathew.j.martineau, netdev, pabeni, syzkaller-bugs, viro Hi Pavel, On 18/08/2021 10:12, Pavel Skripkin wrote: > On 8/18/21 11:02 AM, Matthieu Baerts wrote: >> Hello, >> >> On 18/08/2021 00:21, syzbot wrote: >>> syzbot has bisected this issue to: >>> >>> commit c4512c63b1193c73b3f09c598a6d0a7f88da1dd8 >>> Author: Matthieu Baerts <matthieu.baerts@tessares.net> >>> Date: Fri Jun 25 21:25:22 2021 +0000 >>> >>> mptcp: fix 'masking a bool' warning >>> >>> bisection log: >>> https://syzkaller.appspot.com/x/bisect.txt?x=122b0655300000 >>> start commit: b9011c7e671d Add linux-next specific files for 20210816 >>> git tree: linux-next >>> final oops: >>> https://syzkaller.appspot.com/x/report.txt?x=112b0655300000 >>> console output: https://syzkaller.appspot.com/x/log.txt?x=162b0655300000 >>> kernel config: >>> https://syzkaller.appspot.com/x/.config?x=a245d1aa4f055cc1 >>> dashboard link: >>> https://syzkaller.appspot.com/bug?extid=7b938780d5deeaaf938f >>> syz repro: >>> https://syzkaller.appspot.com/x/repro.syz?x=157a41ee300000 >>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14f78ff9300000 >> >> I'm pretty sure the commit c4512c63b119 ("mptcp: fix 'masking a bool' >> warning") doesn't introduce the reported bug. This minor fix is specific >> to MPTCP which doesn't seem to be used here. >> >> I'm not sure how I can tell syzbot this is a false positive. >> > > > looks like it's fs/namei bug. Similar reports: > > https://syzkaller.appspot.com/bug?id=517fa734b92b7db404c409b924cf5c997640e324 > > > https://syzkaller.appspot.com/bug?id=484483daf3652b40dae18531923aa9175d392a4d Thank you for having checked! Should we mark them as "#syz dup" if you think they have the same root cause? > It's not false positive. I've suggested the fix here: > https://groups.google.com/g/syzkaller-bugs/c/HE3c2fP5nic/m/1Yk17GBeAwAJ > I am waiting for author comments about the fix :) > > But, yes, syzbot bisection is often wrong, so don't rely on it much :) Yes sorry, I wanted to say the bisection picked a wrong commit :) All good then if syzbot often blames the wrong modification :) Cheers, Matt -- Tessares | Belgium | Hybrid Access Solutions www.tessares.net ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [syzbot] KFENCE: use-after-free in kvm_fastop_exception 2021-08-18 8:21 ` Matthieu Baerts @ 2021-08-18 8:55 ` Pavel Skripkin 2021-08-18 8:57 ` Matthieu Baerts 0 siblings, 1 reply; 6+ messages in thread From: Pavel Skripkin @ 2021-08-18 8:55 UTC (permalink / raw) To: Matthieu Baerts, syzbot, davem, johan.hedberg, kuba, linux-bluetooth, linux-fsdevel, linux-kernel, luiz.dentz, marcel, mathew.j.martineau, netdev, pabeni, syzkaller-bugs, viro On 8/18/21 11:21 AM, Matthieu Baerts wrote: > Hi Pavel, > [snip] >>> >>> I'm pretty sure the commit c4512c63b119 ("mptcp: fix 'masking a bool' >>> warning") doesn't introduce the reported bug. This minor fix is specific >>> to MPTCP which doesn't seem to be used here. >>> >>> I'm not sure how I can tell syzbot this is a false positive. >>> >> >> >> looks like it's fs/namei bug. Similar reports: >> >> https://syzkaller.appspot.com/bug?id=517fa734b92b7db404c409b924cf5c997640e324 >> >> >> https://syzkaller.appspot.com/bug?id=484483daf3652b40dae18531923aa9175d392a4d > > Thank you for having checked! > Should we mark them as "#syz dup" if you think they have the same root > cause? > I think, yes, but I want to receive feedback from fs people about this bug. There were huge updates last month, and, maybe, I am missing some details. Alloc/free calltrace is the same, but anyway, I want some confirmation to not close different bugs by mistake :) If these bugs really have same root case I will close them manually after fix posted. >> It's not false positive. I've suggested the fix here: >> https://groups.google.com/g/syzkaller-bugs/c/HE3c2fP5nic/m/1Yk17GBeAwAJ >> I am waiting for author comments about the fix :) >> >> But, yes, syzbot bisection is often wrong, so don't rely on it much :) > > Yes sorry, I wanted to say the bisection picked a wrong commit :) > > All good then if syzbot often blames the wrong modification :) > With regards, Pavel Skripkin ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [syzbot] KFENCE: use-after-free in kvm_fastop_exception 2021-08-18 8:55 ` Pavel Skripkin @ 2021-08-18 8:57 ` Matthieu Baerts 0 siblings, 0 replies; 6+ messages in thread From: Matthieu Baerts @ 2021-08-18 8:57 UTC (permalink / raw) To: Pavel Skripkin, syzbot, davem, johan.hedberg, kuba, linux-bluetooth, linux-fsdevel, linux-kernel, luiz.dentz, marcel, mathew.j.martineau, netdev, pabeni, syzkaller-bugs, viro On 18/08/2021 10:55, Pavel Skripkin wrote: > On 8/18/21 11:21 AM, Matthieu Baerts wrote: >> Hi Pavel, >> > [snip] >>>> >>>> I'm pretty sure the commit c4512c63b119 ("mptcp: fix 'masking a bool' >>>> warning") doesn't introduce the reported bug. This minor fix is >>>> specific >>>> to MPTCP which doesn't seem to be used here. >>>> >>>> I'm not sure how I can tell syzbot this is a false positive. >>>> >>> >>> >>> looks like it's fs/namei bug. Similar reports: >>> >>> https://syzkaller.appspot.com/bug?id=517fa734b92b7db404c409b924cf5c997640e324 >>> >>> >>> >>> https://syzkaller.appspot.com/bug?id=484483daf3652b40dae18531923aa9175d392a4d >>> >> >> Thank you for having checked! >> Should we mark them as "#syz dup" if you think they have the same root >> cause? >> > > I think, yes, but I want to receive feedback from fs people about this > bug. There were huge updates last month, and, maybe, I am missing some > details. Alloc/free calltrace is the same, but anyway, I want some > confirmation to not close different bugs by mistake :) > > If these bugs really have same root case I will close them manually > after fix posted. Thank you for the explanation. Sounds good to me! Cheers, Matt -- Tessares | Belgium | Hybrid Access Solutions www.tessares.net ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-08-18 8:57 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <00000000000080486305c9a8f818@google.com>
2021-08-17 22:21 ` [syzbot] KFENCE: use-after-free in kvm_fastop_exception syzbot
2021-08-18 8:02 ` Matthieu Baerts
2021-08-18 8:12 ` Pavel Skripkin
2021-08-18 8:21 ` Matthieu Baerts
2021-08-18 8:55 ` Pavel Skripkin
2021-08-18 8:57 ` Matthieu Baerts
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).