[lvc-project] On #syz test glitch

Aleksandr Nogikh nogikh at google.com
Tue Oct 29 14:02:11 MSK 2024


Hi Dmitry,

On Fri, Oct 25, 2024 at 7:52 AM Dmitry Antipov <dmantipov at yandex.ru> wrote:
>
> Recently I've sent the following:
>
> To: syzbot+93cbd5fbb85814306ba1 at syzkaller.appspotmail.com
> From: Dmitry Antipov <dmantipov at yandex.ru>
> Subject: Re: UBSAN: array-index-out-of-bounds in htc_issue_send
>
> #syz test https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next eaed5fc0c322d75cfcdbc7a16c0c5023d9e4f6fe
>
> diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
> index eb631fd3336d..a5bc0a5dfe7c 100644
> --- a/drivers/net/wireless/ath/ath9k/htc_hst.c
> +++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
> @@ -294,6 +294,9 @@ int htc_connect_service(struct htc_target *target,
>                  return -ETIMEDOUT;
>          }
>
> +       if (unlikely(target->conn_rsp_epid == ENDPOINT_UNUSED))
> +               return -ENODEV;
> +
>          *conn_rsp_epid = target->conn_rsp_epid;
>          return 0;
>    err:
>
> And this is what I'm seeing at https://syzkaller.appspot.com/text?tag=Patch&x=10caa8a7980000:
>
> diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
> index eb631fd3336d..a5bc0a5dfe7c 100644
> --- a/drivers/net/wireless/ath/ath9k/htc_hst.c
> +++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
> @@ -294,6 +294,9 @@ int htc_connect_service(struct htc_target *target,
>                 return -ETIMEDOUT;
>         }
>
> Since the patch is truncated, it can't be applied and the rest of the pipeline is obviously broken.
> Why this is so, and how should I handle this?

In git patches, an empty line is normally not exactly empty -- it
contains a single whitespace character. So syzbot, when it parses an
email message, treats really empty lines as the end of the patch.

You can avoid the problem by making sure that the patch is copy-pasted as is.

-- 
Aleksandr

>
> Thanks,
> Dmitry



More information about the lvc-project mailing list