Re: [syzbot] KASAN: out-of-bounds Read in ath9k_hif_usb_rx_cb (3)

From: Linus Torvalds <torvalds@linux-foundation.org>
Date: 2022-03-15 17:09:02
Also in: linux-kbuild, linux-usb, linux-wireless, lkml

On Tue, Mar 15, 2022 at 2:36 AM syzbot
[off-list ref] wrote:

syzbot suspects this issue was fixed by commit
09688c0166e7 ("Linux 5.17-rc8")

No, I'm afraid that means that the bisection is broken:

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=140283ad700000

and yeah, looking at that log it looks like every single run has

  testing commit [...]
  run #0: crashed: KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
  ...
  # git bisect good [...]

and you never saw a "bad" commit that didn't have the issue, so the
top-of-tree gets marked "good" (and I suspect you intentionally mark
the broken case "good" in order to find where it got fixed, so you're
using "git bisect" in a reverse way).

I didn't look closer, but it does seem to not reproduce very reliably,
maybe that is what confused the bot originally.

                   Linus

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help