Re: general protection fault in usb_find_alt_setting

From: Vladis Dronov
Date: Sun Sep 23 2018 - 17:15:33 EST

Next message: Thomas Gleixner: "Re: AMD Athlon bogus performance value causing RCU stalls?"
Previous message: kys: "[PATCH 4/4] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask"
In reply to: Dmitry Vyukov: "Re: general protection fault in usb_find_alt_setting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, Dmitry,

Thank you for the reply. I probably do not properly understand how
syzcaller works then. Can you please, have a look at my reasoning.

The bug:

https://syzkaller.appspot.com/bug?id=4b88ff5aa6aa88f9283a45cc62f16e55b0722131
(Reported-by: syzbot+c99ecc8a2c68eb7e06cf2f652e60d63d6fbe2f31@xxxxxxxxxxxxxxxxxxxxxxxxx,
"[upstream] general protection fault in usb_find_alt_setting")

was not fixed. it was closed as invalid, so, afaiu, all the work has stopped for it.

So syzbot did not wait until the fixing commit reached all tested trees, and the
crash was not spotted again _after_ that.

Then I look at the bug:

https://syzkaller.appspot.com/bug?id=a0ec6260a1d37288a4508250fe30a5604ceec666
(Reported-by: syzbot+19c3aaef85a89d451eac@xxxxxxxxxxxxxxxxxxxxxxxxx,
"[upstream] general protection fault in usb_find_alt_setting (2)")

And I see the crash happens at the same place _and_ at the same code:

(bug id=a0ec6260a1d3)
RIP: 0010:usb_find_alt_setting+0x38/0x310 drivers/usb/core/usb.c:231
Code: ... fd 48 8d 7b 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 02 00 00
(bug id=4b88ff5aa6aa)
Code: ... fd 48 8d 7b 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a1 02 00
RIP: usb_find_alt_setting+0x38/0x310 drivers/usb/core/usb.c:231 RSP: ffff88005893f610

This makes me be sure these are the same bug (dup) which are fixed by the same
commit "USB: handle NULL config in usb_find_alt_setting()".

As I'm kinda a perfectionist, I would like to mark (bug id=4b88ff5aa6aa) as
fixed by this commit and not closed as invalid.

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

----- Original Message -----
> From: "Dmitry Vyukov" <dvyukov@xxxxxxxxxx>
> To: "Vladis Dronov" <vdronov@xxxxxxxxxx>
> Cc: "syzbot" <bot+c99ecc8a2c68eb7e06cf2f652e60d63d6fbe2f31@xxxxxxxxxxxxxxxxxxxxxxxxx>, "syzkaller-bugs"
> <syzkaller-bugs@xxxxxxxxxxxxxxxx>, "Greg Kroah-Hartman" <gregkh@xxxxxxxxxxxxxxxxxxx>, "Johan Hovold"
> <johan@xxxxxxxxxx>, "kai heng feng" <kai.heng.feng@xxxxxxxxxxxxx>, "LKML" <linux-kernel@xxxxxxxxxxxxxxx>, "USB list"
> <linux-usb@xxxxxxxxxxxxxxx>
> Sent: Sunday, September 23, 2018 6:27:24 PM
> Subject: Re: general protection fault in usb_find_alt_setting
>
> On Sun, Sep 23, 2018 at 11:11 AM, Vladis Dronov <vdronov@xxxxxxxxxx> wrote:
> > #syz fix: USB: handle NULL config in usb_find_alt_setting()
> > #syz dup: general protection fault in usb_find_alt_setting (2)
>
> Same here.
> syzbot process designed in such way that it will not open second
> version of the bug (2) for the same bug. syzbot waits until the fixing
> commit reaches all tested tree and only then closes a bug. If the
> crash is spotted again _after_ that, then syzbot creates second
> version of the bug (2). But at that point it has to be a different bug
> requiring a different fix.
> So this should not be a dup, and should not fixed with the same commit
> as the first version.

Next message: Thomas Gleixner: "Re: AMD Athlon bogus performance value causing RCU stalls?"
Previous message: kys: "[PATCH 4/4] Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask"
In reply to: Dmitry Vyukov: "Re: general protection fault in usb_find_alt_setting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]