[PATCH] driver core: fix general protection fault in del_gendisk
4 views
Skip to first unread message
Tadeusz Struk
May 24, 2022, 6:31:07 PM5/24/22
to syzbot+7308a6...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test: https://android.googlesource.com/kernel/common android12-5.10-lts
======================================================
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 4dbe8276f579..38f76847ae11 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -3358,7 +3358,7 @@ bool kill_device(struct device *dev)
*/
lockdep_assert_held(&dev->mutex);
- if (dev->p->dead)
+ if (!dev->p || dev->p->dead)
return false;
dev->p->dead = true;
return true;
@@ -3382,6 +3382,7 @@ void device_del(struct device *dev)
{
struct device *parent = dev->parent;
struct kobject *glue_dir = NULL;
+ struct kobject *kobj = &dev->kobj;
struct class_interface *class_intf;
unsigned int noio_flag;
@@ -3400,7 +3401,8 @@ void device_del(struct device *dev)
blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
BUS_NOTIFY_DEL_DEVICE, dev);
- dpm_sysfs_remove(dev);
+ if (kobj->sd)
+ dpm_sysfs_remove(dev);
if (parent)
klist_del(&dev->p->knode_parent);
if (MAJOR(dev->devt)) {
@@ -3408,7 +3410,7 @@ void device_del(struct device *dev)
device_remove_sys_dev_entry(dev);
device_remove_file(dev, &dev_attr_dev);
}
- if (dev->class) {
+ if (dev->class && dev->p) {
device_remove_class_symlinks(dev);
mutex_lock(&dev->class->p->mutex);
@@ -3421,11 +3423,13 @@ void device_del(struct device *dev)
klist_del(&dev->p->knode_class);
mutex_unlock(&dev->class->p->mutex);
}
- device_remove_file(dev, &dev_attr_uevent);
+ if (kobj->sd)
+ device_remove_file(dev, &dev_attr_uevent);
device_remove_attrs(dev);
bus_remove_device(dev);
device_pm_remove(dev);
- driver_deferred_probe_del(dev);
+ if (dev->p)
+ driver_deferred_probe_del(dev);
device_platform_notify(dev, KOBJ_REMOVE);
device_remove_properties(dev);
device_links_purge(dev);
--
2.36.1
======================================================
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 4dbe8276f579..38f76847ae11 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -3358,7 +3358,7 @@ bool kill_device(struct device *dev)
*/
lockdep_assert_held(&dev->mutex);
- if (dev->p->dead)
+ if (!dev->p || dev->p->dead)
return false;
dev->p->dead = true;
return true;
@@ -3382,6 +3382,7 @@ void device_del(struct device *dev)
{
struct device *parent = dev->parent;
struct kobject *glue_dir = NULL;
+ struct kobject *kobj = &dev->kobj;
struct class_interface *class_intf;
unsigned int noio_flag;
@@ -3400,7 +3401,8 @@ void device_del(struct device *dev)
blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
BUS_NOTIFY_DEL_DEVICE, dev);
- dpm_sysfs_remove(dev);
+ if (kobj->sd)
+ dpm_sysfs_remove(dev);
if (parent)
klist_del(&dev->p->knode_parent);
if (MAJOR(dev->devt)) {
@@ -3408,7 +3410,7 @@ void device_del(struct device *dev)
device_remove_sys_dev_entry(dev);
device_remove_file(dev, &dev_attr_dev);
}
- if (dev->class) {
+ if (dev->class && dev->p) {
device_remove_class_symlinks(dev);
mutex_lock(&dev->class->p->mutex);
@@ -3421,11 +3423,13 @@ void device_del(struct device *dev)
klist_del(&dev->p->knode_class);
mutex_unlock(&dev->class->p->mutex);
}
- device_remove_file(dev, &dev_attr_uevent);
+ if (kobj->sd)
+ device_remove_file(dev, &dev_attr_uevent);
device_remove_attrs(dev);
bus_remove_device(dev);
device_pm_remove(dev);
- driver_deferred_probe_del(dev);
+ if (dev->p)
+ driver_deferred_probe_del(dev);
device_platform_notify(dev, KOBJ_REMOVE);
device_remove_properties(dev);
device_links_purge(dev);
--
2.36.1
syzbot
May 24, 2022, 7:09:10 PM5/24/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
general protection fault in kernfs_name_hash
RAX: ffffffffffffffda RBX: 00007f7b40727f60 RCX: 00007f7b406150e9
RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004
RBP: 00007f7b4066f08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe49b7879f R14: 00007f7b4058b300 R15: 0000000000022000
---[ end trace fff670522229a294 ]---
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 425 Comm: syz-executor.0 Tainted: G W 5.10.117-syzkaller-986967-g0974b8411a58-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:strlen+0x3a/0x80 lib/string.c:568
Code: c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01
RSP: 0018:ffffc90000ee7b68 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881002d4f00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000ee7b88 R08: ffffffff81d136dc R09: fffff520001dcf75
R10: fffff520001dcf75 R11: 1ffff920001dcf74 R12: ffffffffffffffff
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007f7b4058b700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7b40569ff8 CR3: 000000010e48a000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
kernfs_name_hash+0x21/0x240 fs/kernfs/dir.c:302
kernfs_find_ns+0x72/0x280 fs/kernfs/dir.c:841
kernfs_remove_by_name_ns+0x36/0x90 fs/kernfs/dir.c:1514
kernfs_remove_by_name include/linux/kernfs.h:608 [inline]
sysfs_remove_link+0x50/0x60 fs/sysfs/symlink.c:152
del_gendisk+0xbe0/0xe20 block/genhd.c:951
loop_remove+0x46/0xb0 drivers/block/loop.c:2185
loop_control_ioctl+0x67f/0x740 drivers/block/loop.c:2284
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f7b406150e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7b4058b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7b40727f60 RCX: 00007f7b406150e9
RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004
RBP: 00007f7b4066f08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe49b7879f R14: 00007f7b4058b300 R15: 0000000000022000
Modules linked in:
---[ end trace fff670522229a295 ]---
RIP: 0010:strlen+0x3a/0x80 lib/string.c:568
Code: c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01
RSP: 0018:ffffc90000ee7b68 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881002d4f00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000ee7b88 R08: ffffffff81d136dc R09: fffff520001dcf75
R10: fffff520001dcf75 R11: 1ffff920001dcf74 R12: ffffffffffffffff
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007f7b4058b700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7b40569ff8 CR3: 000000010e48a000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 5 bytes skipped:
0: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15
7: fc ff df
a: 48 89 fb mov %rdi,%rbx
d: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
14: 00 00 00 00
18: 0f 1f 00 nopl (%rax)
1b: 49 89 c4 mov %rax,%r12
1e: 48 89 d8 mov %rbx,%rax
21: 48 c1 e8 03 shr $0x3,%rax
* 25: 42 0f b6 04 38 movzbl (%rax,%r15,1),%eax <-- trapping instruction
2a: 84 c0 test %al,%al
2c: 75 12 jne 0x40
2e: 48 ff c3 inc %rbx
31: 49 8d 44 24 01 lea 0x1(%r12),%rax
36: 43 rex.XB
37: 80 .byte 0x80
38: 7c 26 jl 0x60
3a: 01 .byte 0x1
Tested on:
commit: 0974b841 Merge 5.10.117 into android12-5.10-lts
git tree: android12-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=11a697c3f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=89bdb361ba397fca
dashboard link: https://syzkaller.appspot.com/bug?extid=7308a6f9b7c24d5cf1d5
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=16a64b9df00000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
general protection fault in kernfs_name_hash
RAX: ffffffffffffffda RBX: 00007f7b40727f60 RCX: 00007f7b406150e9
RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004
RBP: 00007f7b4066f08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe49b7879f R14: 00007f7b4058b300 R15: 0000000000022000
---[ end trace fff670522229a294 ]---
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 425 Comm: syz-executor.0 Tainted: G W 5.10.117-syzkaller-986967-g0974b8411a58-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:strlen+0x3a/0x80 lib/string.c:568
Code: c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01
RSP: 0018:ffffc90000ee7b68 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881002d4f00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000ee7b88 R08: ffffffff81d136dc R09: fffff520001dcf75
R10: fffff520001dcf75 R11: 1ffff920001dcf74 R12: ffffffffffffffff
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007f7b4058b700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7b40569ff8 CR3: 000000010e48a000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
kernfs_name_hash+0x21/0x240 fs/kernfs/dir.c:302
kernfs_find_ns+0x72/0x280 fs/kernfs/dir.c:841
kernfs_remove_by_name_ns+0x36/0x90 fs/kernfs/dir.c:1514
kernfs_remove_by_name include/linux/kernfs.h:608 [inline]
sysfs_remove_link+0x50/0x60 fs/sysfs/symlink.c:152
del_gendisk+0xbe0/0xe20 block/genhd.c:951
loop_remove+0x46/0xb0 drivers/block/loop.c:2185
loop_control_ioctl+0x67f/0x740 drivers/block/loop.c:2284
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f7b406150e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7b4058b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7b40727f60 RCX: 00007f7b406150e9
RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004
RBP: 00007f7b4066f08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe49b7879f R14: 00007f7b4058b300 R15: 0000000000022000
Modules linked in:
---[ end trace fff670522229a295 ]---
RIP: 0010:strlen+0x3a/0x80 lib/string.c:568
Code: c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01
RSP: 0018:ffffc90000ee7b68 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881002d4f00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000ee7b88 R08: ffffffff81d136dc R09: fffff520001dcf75
R10: fffff520001dcf75 R11: 1ffff920001dcf74 R12: ffffffffffffffff
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007f7b4058b700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7b40569ff8 CR3: 000000010e48a000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 5 bytes skipped:
0: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15
7: fc ff df
a: 48 89 fb mov %rdi,%rbx
d: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
14: 00 00 00 00
18: 0f 1f 00 nopl (%rax)
1b: 49 89 c4 mov %rax,%r12
1e: 48 89 d8 mov %rbx,%rax
21: 48 c1 e8 03 shr $0x3,%rax
* 25: 42 0f b6 04 38 movzbl (%rax,%r15,1),%eax <-- trapping instruction
2a: 84 c0 test %al,%al
2c: 75 12 jne 0x40
2e: 48 ff c3 inc %rbx
31: 49 8d 44 24 01 lea 0x1(%r12),%rax
36: 43 rex.XB
37: 80 .byte 0x80
38: 7c 26 jl 0x60
3a: 01 .byte 0x1
Tested on:
commit: 0974b841 Merge 5.10.117 into android12-5.10-lts
git tree: android12-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=11a697c3f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=89bdb361ba397fca
dashboard link: https://syzkaller.appspot.com/bug?extid=7308a6f9b7c24d5cf1d5
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=16a64b9df00000
Tadeusz Struk
May 24, 2022, 7:25:53 PM5/24/22
to syzbot+7308a6...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test: https://android.googlesource.com/kernel/common android12-5.10-lts
======================================================
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 3d6430eb0c6a..b8637c4c4048 100644
======================================================
diff --git a/drivers/base/core.c b/drivers/base/core.c
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -3524,7 +3524,7 @@ bool kill_device(struct device *dev)
*/
device_lock_assert(dev);
- if (dev->p->dead)
+ if (!dev->p || dev->p->dead)
return false;
dev->p->dead = true;
return true;
{
struct device *parent = dev->parent;
struct kobject *glue_dir = NULL;
+ struct kobject *kobj = &dev->kobj;
struct class_interface *class_intf;
unsigned int noio_flag;
@@ -3566,7 +3567,8 @@ void device_del(struct device *dev)
struct device *parent = dev->parent;
struct kobject *glue_dir = NULL;
+ struct kobject *kobj = &dev->kobj;
struct class_interface *class_intf;
unsigned int noio_flag;
blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
BUS_NOTIFY_DEL_DEVICE, dev);
- dpm_sysfs_remove(dev);
+ if (kobj->sd)
+ dpm_sysfs_remove(dev);
if (parent)
klist_del(&dev->p->knode_parent);
if (MAJOR(dev->devt)) {
@@ -3574,7 +3576,7 @@ void device_del(struct device *dev)
BUS_NOTIFY_DEL_DEVICE, dev);
- dpm_sysfs_remove(dev);
+ if (kobj->sd)
+ dpm_sysfs_remove(dev);
if (parent)
klist_del(&dev->p->knode_parent);
if (MAJOR(dev->devt)) {
device_remove_sys_dev_entry(dev);
device_remove_file(dev, &dev_attr_dev);
}
- if (dev->class) {
+ if (dev->class && dev->p) {
device_remove_class_symlinks(dev);
mutex_lock(&dev->class->p->mutex);
@@ -3587,11 +3589,15 @@ void device_del(struct device *dev)
device_remove_file(dev, &dev_attr_dev);
}
- if (dev->class) {
+ if (dev->class && dev->p) {
device_remove_class_symlinks(dev);
mutex_lock(&dev->class->p->mutex);
klist_del(&dev->p->knode_class);
mutex_unlock(&dev->class->p->mutex);
}
- device_remove_file(dev, &dev_attr_uevent);
+ if (kobj->sd)
+ device_remove_file(dev, &dev_attr_uevent);
+
mutex_unlock(&dev->class->p->mutex);
}
- device_remove_file(dev, &dev_attr_uevent);
+ if (kobj->sd)
+ device_remove_file(dev, &dev_attr_uevent);
device_remove_attrs(dev);
bus_remove_device(dev);
device_pm_remove(dev);
- driver_deferred_probe_del(dev);
+ if (dev->p)
+ driver_deferred_probe_del(dev);
+
bus_remove_device(dev);
device_pm_remove(dev);
- driver_deferred_probe_del(dev);
+ if (dev->p)
+ driver_deferred_probe_del(dev);
device_platform_notify_remove(dev);
device_links_purge(dev);
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index e205fde7163a..7b33f2dfb7d1 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -1565,6 +1565,11 @@ int kernfs_remove_by_name_ns(struct kernfs_node *parent, const char *name,
struct kernfs_node *kn;
struct kernfs_root *root;
+ if (!name) {
+ WARN(1, KERN_WARNING "kernfs: can not remove directory. Name is NULL\n");
+ return -ENOENT;
+ }
+
if (!parent) {
WARN(1, KERN_WARNING "kernfs: can not remove '%s', no directory\n",
name);
--
2.36.1
syzbot
May 24, 2022, 7:27:15 PM5/24/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file drivers/base/core.c
Hunk #1 succeeded at 3358 with fuzz 2 (offset -166 lines).
Hunk #2 succeeded at 3382 (offset -166 lines).
Hunk #3 succeeded at 3401 (offset -166 lines).
Hunk #4 succeeded at 3410 (offset -166 lines).
Hunk #5 FAILED at 3589.
1 out of 5 hunks FAILED
checking file fs/kernfs/dir.c
Hunk #1 succeeded at 1503 with fuzz 2 (offset -62 lines).
Tested on:
commit: 0974b841 Merge 5.10.117 into android12-5.10-lts
git tree: android12-5.10-lts
patch: https://syzkaller.appspot.com/x/patch.diff?x=16c76c51f00000
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file drivers/base/core.c
Hunk #1 succeeded at 3358 with fuzz 2 (offset -166 lines).
Hunk #2 succeeded at 3382 (offset -166 lines).
Hunk #3 succeeded at 3401 (offset -166 lines).
Hunk #4 succeeded at 3410 (offset -166 lines).
Hunk #5 FAILED at 3589.
1 out of 5 hunks FAILED
checking file fs/kernfs/dir.c
Hunk #1 succeeded at 1503 with fuzz 2 (offset -62 lines).
Tested on:
commit: 0974b841 Merge 5.10.117 into android12-5.10-lts
git tree: android12-5.10-lts
Tadeusz Struk
May 24, 2022, 7:32:27 PM5/24/22
to syzbot+7308a6...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test: https://android.googlesource.com/kernel/common android12-5.10-lts
======================================================
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 4dbe8276f579..38f76847ae11 100644
======================================================
diff --git a/drivers/base/core.c b/drivers/base/core.c
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -3358,7 +3358,7 @@ bool kill_device(struct device *dev)
*/
lockdep_assert_held(&dev->mutex);
- if (dev->p->dead)
+ if (!dev->p || dev->p->dead)
return false;
dev->p->dead = true;
return true;
{
struct device *parent = dev->parent;
struct kobject *glue_dir = NULL;
+ struct kobject *kobj = &dev->kobj;
struct class_interface *class_intf;
unsigned int noio_flag;
@@ -3400,7 +3401,8 @@ void device_del(struct device *dev)
struct device *parent = dev->parent;
struct kobject *glue_dir = NULL;
+ struct kobject *kobj = &dev->kobj;
struct class_interface *class_intf;
unsigned int noio_flag;
blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
BUS_NOTIFY_DEL_DEVICE, dev);
- dpm_sysfs_remove(dev);
+ if (kobj->sd)
+ dpm_sysfs_remove(dev);
if (parent)
klist_del(&dev->p->knode_parent);
if (MAJOR(dev->devt)) {
@@ -3408,7 +3410,7 @@ void device_del(struct device *dev)
BUS_NOTIFY_DEL_DEVICE, dev);
- dpm_sysfs_remove(dev);
+ if (kobj->sd)
+ dpm_sysfs_remove(dev);
if (parent)
klist_del(&dev->p->knode_parent);
if (MAJOR(dev->devt)) {
device_remove_sys_dev_entry(dev);
device_remove_file(dev, &dev_attr_dev);
}
- if (dev->class) {
+ if (dev->class && dev->p) {
device_remove_class_symlinks(dev);
mutex_lock(&dev->class->p->mutex);
@@ -3421,11 +3423,13 @@ void device_del(struct device *dev)
device_remove_file(dev, &dev_attr_dev);
}
- if (dev->class) {
+ if (dev->class && dev->p) {
device_remove_class_symlinks(dev);
mutex_lock(&dev->class->p->mutex);
klist_del(&dev->p->knode_class);
mutex_unlock(&dev->class->p->mutex);
}
- device_remove_file(dev, &dev_attr_uevent);
+ if (kobj->sd)
+ device_remove_file(dev, &dev_attr_uevent);
mutex_unlock(&dev->class->p->mutex);
}
- device_remove_file(dev, &dev_attr_uevent);
+ if (kobj->sd)
+ device_remove_file(dev, &dev_attr_uevent);
device_remove_attrs(dev);
bus_remove_device(dev);
device_pm_remove(dev);
- driver_deferred_probe_del(dev);
+ if (dev->p)
+ driver_deferred_probe_del(dev);
device_platform_notify(dev, KOBJ_REMOVE);
bus_remove_device(dev);
device_pm_remove(dev);
- driver_deferred_probe_del(dev);
+ if (dev->p)
+ driver_deferred_probe_del(dev);
device_remove_properties(dev);
device_links_purge(dev);
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index 9aec80b9d7c6..dd269ea39eb8 100644
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -1503,6 +1503,11 @@ int kernfs_remove_by_name_ns(struct kernfs_node *parent, const char *name,
{
struct kernfs_node *kn;
+ if (!name) {
+ WARN(1, KERN_WARNING "kernfs: can not remove directory. Name is NULL\n");
syzbot
May 24, 2022, 7:43:21 PM5/24/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
general protection fault in device_get_devnode
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
RBP: 00007fa740b7b08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffdf5c37bf R14: 00007fa740a97300 R15: 0000000000022000
---[ end trace 5dbc6bf4f09d0156 ]---
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 436 Comm: syz-executor.0 Tainted: G W 5.10.117-syzkaller-986967-g0974b8411a58-dirty #0
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:strchr+0x23/0xa0 lib/string.c:435
Code: 41 5f 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00 00 00 fc ff df 44 0f be e6 48 89 f8 48 c1 e8 03 <42> 8a 04 38 84 c0 75 5d 41 0f be 06 41 39 c4 74 48 49 8d 5e 01 0f
RSP: 0018:ffffc90000ef79a0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881067d93c0
RDX: 0000000000000000 RSI: 0000000000000021 RDI: 0000000000000000
RBP: ffffc90000ef79c0 R08: ffffc90000ef7a60 R09: ffffc90000ef7a80
R10: fffff520001def5a R11: 1ffff920001def50 R12: 0000000000000021
R13: ffff88810e8e8068 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007fa740a97700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff74106e08 CR3: 000000010ece6000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
device_get_devnode+0x23f/0x2b0 drivers/base/core.c:3528
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
devtmpfs_delete_node+0xdd/0x2e0 drivers/base/devtmpfs.c:152
device_del+0x351/0xf90 drivers/base/core.c:3409
del_gendisk+0xbf2/0xe20 block/genhd.c:953
loop_remove+0x46/0xb0 drivers/block/loop.c:2185
loop_control_ioctl+0x67f/0x740 drivers/block/loop.c:2284
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fa740b210e9
loop_control_ioctl+0x67f/0x740 drivers/block/loop.c:2284
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa740a97168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa740c33f60 RCX: 00007fa740b210e9
RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004
RBP: 00007fa740b7b08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffdf5c37bf R14: 00007fa740a97300 R15: 0000000000022000
Modules linked in:
---[ end trace 5dbc6bf4f09d0157 ]---
RIP: 0010:strchr+0x23/0xa0 lib/string.c:435
Code: 41 5f 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00 00 00 fc ff df 44 0f be e6 48 89 f8 48 c1 e8 03 <42> 8a 04 38 84 c0 75 5d 41 0f be 06 41 39 c4 74 48 49 8d 5e 01 0f
RSP: 0018:ffffc90000ef79a0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881067d93c0
RDX: 0000000000000000 RSI: 0000000000000021 RDI: 0000000000000000
RBP: ffffc90000ef79c0 R08: ffffc90000ef7a60 R09: ffffc90000ef7a80
R10: fffff520001def5a R11: 1ffff920001def50 R12: 0000000000000021
R13: ffff88810e8e8068 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007fa740a97700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff74106e08 CR3: 000000010ece6000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
0: 41 5f pop %r15
2: 5d pop %rbp
3: c3 retq
4: 0f 1f 00 nopl (%rax)
7: 55 push %rbp
8: 48 89 e5 mov %rsp,%rbp
b: 41 57 push %r15
d: 41 56 push %r14
f: 41 54 push %r12
11: 53 push %rbx
12: 49 89 fe mov %rdi,%r14
15: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15
1c: fc ff df
1f: 44 0f be e6 movsbl %sil,%r12d
23: 48 89 f8 mov %rdi,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 8a 04 38 mov (%rax,%r15,1),%al <-- trapping instruction
2e: 84 c0 test %al,%al
30: 75 5d jne 0x8f
32: 41 0f be 06 movsbl (%r14),%eax
36: 41 39 c4 cmp %eax,%r12d
39: 74 48 je 0x83
3b: 49 8d 5e 01 lea 0x1(%r14),%rbx
3f: 0f .byte 0xf
Tested on:
commit: 0974b841 Merge 5.10.117 into android12-5.10-lts
git tree: android12-5.10-lts
kernel config: https://syzkaller.appspot.com/x/.config?x=89bdb361ba397fca
dashboard link: https://syzkaller.appspot.com/bug?extid=7308a6f9b7c24d5cf1d5
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=11e01fc3f00000
Tadeusz Struk
May 25, 2022, 1:11:24 PM5/25/22
to syzbot+7308a6...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
syzbot
May 25, 2022, 1:23:08 PM5/25/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
general protection fault in device_get_devnode
RAX: ffffffffffffffda RBX: 00007f13f9114f60 RCX: 00007f13f90020e9
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
general protection fault in device_get_devnode
RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004
RBP: 00007f13f905c08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeaa5c990f R14: 00007f13f8f78300 R15: 0000000000022000
---[ end trace 6c6362f4614ace13 ]---
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 415 Comm: syz-executor.0 Tainted: G W 5.10.117-syzkaller-986967-g0974b8411a58-dirty #0
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:strchr+0x23/0xa0 lib/string.c:435
Code: 41 5f 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00 00 00 fc ff df 44 0f be e6 48 89 f8 48 c1 e8 03 <42> 8a 04 38 84 c0 75 5d 41 0f be 06 41 39 c4 74 48 49 8d 5e 01 0f
RSP: 0018:ffffc90000f079a0 EFLAGS: 00010246
RIP: 0010:strchr+0x23/0xa0 lib/string.c:435
Code: 41 5f 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00 00 00 fc ff df 44 0f be e6 48 89 f8 48 c1 e8 03 <42> 8a 04 38 84 c0 75 5d 41 0f be 06 41 39 c4 74 48 49 8d 5e 01 0f
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88810c9a13c0
RDX: 0000000000000000 RSI: 0000000000000021 RDI: 0000000000000000
RBP: ffffc90000f079c0 R08: ffffc90000f07a60 R09: ffffc90000f07a80
R10: fffff520001e0f5a R11: 1ffff920001e0f50 R12: 0000000000000021
R13: ffff88810d687068 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007f13f8f78700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f13f8f56ff8 CR3: 000000010b2af000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
device_get_devnode+0x23f/0x2b0 drivers/base/core.c:3528
devtmpfs_delete_node+0xdd/0x2e0 drivers/base/devtmpfs.c:152
device_del+0x351/0xf90 drivers/base/core.c:3409
del_gendisk+0xbf2/0xe20 block/genhd.c:953
loop_remove+0x46/0xb0 drivers/block/loop.c:2185
loop_control_ioctl+0x67f/0x740 drivers/block/loop.c:2284
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f13f90020e9
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
device_get_devnode+0x23f/0x2b0 drivers/base/core.c:3528
devtmpfs_delete_node+0xdd/0x2e0 drivers/base/devtmpfs.c:152
device_del+0x351/0xf90 drivers/base/core.c:3409
del_gendisk+0xbf2/0xe20 block/genhd.c:953
loop_remove+0x46/0xb0 drivers/block/loop.c:2185
loop_control_ioctl+0x67f/0x740 drivers/block/loop.c:2284
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
__x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f13f8f78168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f13f9114f60 RCX: 00007f13f90020e9
RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004
RBP: 00007f13f905c08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeaa5c990f R14: 00007f13f8f78300 R15: 0000000000022000
Modules linked in:
---[ end trace 6c6362f4614ace14 ]---
RIP: 0010:strchr+0x23/0xa0 lib/string.c:435
Code: 41 5f 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00 00 00 fc ff df 44 0f be e6 48 89 f8 48 c1 e8 03 <42> 8a 04 38 84 c0 75 5d 41 0f be 06 41 39 c4 74 48 49 8d 5e 01 0f
RSP: 0018:ffffc90000f079a0 EFLAGS: 00010246
Code: 41 5f 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00 00 00 fc ff df 44 0f be e6 48 89 f8 48 c1 e8 03 <42> 8a 04 38 84 c0 75 5d 41 0f be 06 41 39 c4 74 48 49 8d 5e 01 0f
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88810c9a13c0
RDX: 0000000000000000 RSI: 0000000000000021 RDI: 0000000000000000
RBP: ffffc90000f079c0 R08: ffffc90000f07a60 R09: ffffc90000f07a80
R10: fffff520001e0f5a R11: 1ffff920001e0f50 R12: 0000000000000021
R13: ffff88810d687068 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007f13f8f78700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f13f8f56ff8 CR3: 000000010b2af000 CR4: 00000000003506b0
kernel config: https://syzkaller.appspot.com/x/.config?x=89bdb361ba397fca
dashboard link: https://syzkaller.appspot.com/bug?extid=7308a6f9b7c24d5cf1d5
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1267fcb9f00000
dashboard link: https://syzkaller.appspot.com/bug?extid=7308a6f9b7c24d5cf1d5
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
Tadeusz Struk
May 25, 2022, 1:24:55 PM5/25/22
to syzbot+7308a6...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
============================================================================
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 4dbe8276f579..0fea53f41e0c 100644
+ if (MAJOR(dev->devt) && dev_name(dev)) {
devtmpfs_delete_node(dev);
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 4dbe8276f579..0fea53f41e0c 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -3358,7 +3358,7 @@ bool kill_device(struct device *dev)
*/
lockdep_assert_held(&dev->mutex);
- if (dev->p->dead)
+ if (!dev->p || dev->p->dead)
return false;
dev->p->dead = true;
return true;
@@ -3382,6 +3382,7 @@ void device_del(struct device *dev)
{
struct device *parent = dev->parent;
struct kobject *glue_dir = NULL;
+ struct kobject *kobj = &dev->kobj;
struct class_interface *class_intf;
unsigned int noio_flag;
@@ -3400,15 +3401,16 @@ void device_del(struct device *dev)
+++ b/drivers/base/core.c
@@ -3358,7 +3358,7 @@ bool kill_device(struct device *dev)
*/
lockdep_assert_held(&dev->mutex);
- if (dev->p->dead)
+ if (!dev->p || dev->p->dead)
return false;
dev->p->dead = true;
return true;
@@ -3382,6 +3382,7 @@ void device_del(struct device *dev)
{
struct device *parent = dev->parent;
struct kobject *glue_dir = NULL;
+ struct kobject *kobj = &dev->kobj;
struct class_interface *class_intf;
unsigned int noio_flag;
blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
BUS_NOTIFY_DEL_DEVICE, dev);
- dpm_sysfs_remove(dev);
+ if (kobj->sd)
+ dpm_sysfs_remove(dev);
if (parent)
klist_del(&dev->p->knode_parent);
- if (MAJOR(dev->devt)) {
BUS_NOTIFY_DEL_DEVICE, dev);
- dpm_sysfs_remove(dev);
+ if (kobj->sd)
+ dpm_sysfs_remove(dev);
if (parent)
klist_del(&dev->p->knode_parent);
+ if (MAJOR(dev->devt) && dev_name(dev)) {
devtmpfs_delete_node(dev);
syzbot
May 25, 2022, 1:43:13 PM5/25/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+7308a6...@syzkaller.appspotmail.com
Tested on:
commit: 0974b841 Merge 5.10.117 into android12-5.10-lts
git tree: android12-5.10-lts
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+7308a6...@syzkaller.appspotmail.com
Tested on:
commit: 0974b841 Merge 5.10.117 into android12-5.10-lts
git tree: android12-5.10-lts
kernel config: https://syzkaller.appspot.com/x/.config?x=89bdb361ba397fca
dashboard link: https://syzkaller.appspot.com/bug?extid=7308a6f9b7c24d5cf1d5
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=10cb88f3f00000
dashboard link: https://syzkaller.appspot.com/bug?extid=7308a6f9b7c24d5cf1d5
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages