WARNING in ieee802154_del_seclevel
10 views
Skip to first unread message
syzbot
Feb 22, 2021, 4:44:21 AM2/22/21
to alex....@gmail.com, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, net...@vger.kernel.org, ste...@datenfreihafen.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f40ddce8 Linux 5.11
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1032cfacd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=67894355b1dbeb07
dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b
userspace arch: arm
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fbf4fc...@syzkaller.appspotmail.com
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 0 PID: 18095 at kernel/locking/mutex.c:938 __mutex_lock_common kernel/locking/mutex.c:938 [inline]
WARNING: CPU: 0 PID: 18095 at kernel/locking/mutex.c:938 __mutex_lock+0x428/0x99c kernel/locking/mutex.c:1103
Modules linked in:
CPU: 0 PID: 18095 Comm: syz-executor.1 Not tainted 5.11.0-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
pc : __mutex_lock_common kernel/locking/mutex.c:938 [inline]
pc : __mutex_lock+0x428/0x99c kernel/locking/mutex.c:1103
lr : __mutex_lock_common kernel/locking/mutex.c:938 [inline]
lr : __mutex_lock+0x428/0x99c kernel/locking/mutex.c:1103
sp : ffff00003ce07150
x29: ffff00003ce07150 x28: ffff80001aa29cc0
x27: ffff80001ba7e000 x26: ffff800019180000
x25: 0000000000000000 x24: 0000000000000000
x23: ffff8000167ed574 x22: 0000000000000002
x21: ffff800016b3d720 x20: 1fffe000079c0e3a
x19: ffff000032e08c90 x18: 0000000000000001
x17: 0000000000000000 x16: 0000000000000000
x15: 0000000000000000 x14: 0000000000000000
x13: 0000000000000000 x12: ffff60000d44eb84
x11: 1fffe0000d44eb83 x10: ffff60000d44eb83
x9 : dfff800000000000 x8 : ffff00006a275c1b
x7 : 0000000000000001 x6 : 00009ffff2bb147d
x5 : ffff00006a275c18 x4 : 1fffe00001ec5001
x3 : dfff800000000000 x2 : 0000000000000000
x1 : 0000000000000000 x0 : ffff00000f628000
Call trace:
__mutex_lock_common kernel/locking/mutex.c:938 [inline]
__mutex_lock+0x428/0x99c kernel/locking/mutex.c:1103
mutex_lock_nested+0x78/0x100 kernel/locking/mutex.c:1118
ieee802154_del_seclevel+0x44/0x84 net/mac802154/cfg.c:382
rdev_del_seclevel net/ieee802154/rdev-ops.h:284 [inline]
nl802154_del_llsec_seclevel+0x14c/0x200 net/ieee802154/nl802154.c:2093
genl_family_rcv_msg_doit+0x1b8/0x2a0 net/netlink/genetlink.c:739
genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
genl_rcv_msg+0x24c/0x430 net/netlink/genetlink.c:800
netlink_rcv_skb+0x198/0x34c net/netlink/af_netlink.c:2494
genl_rcv+0x38/0x50 net/netlink/genetlink.c:811
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x3e0/0x670 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x610/0xa20 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xc0/0xf4 net/socket.c:672
____sys_sendmsg+0x548/0x6d0 net/socket.c:2345
___sys_sendmsg+0xf4/0x170 net/socket.c:2399
__sys_sendmsg+0xbc/0x14c net/socket.c:2432
__compat_sys_sendmsg net/compat.c:347 [inline]
__do_compat_sys_sendmsg net/compat.c:354 [inline]
__se_compat_sys_sendmsg net/compat.c:351 [inline]
__arm64_compat_sys_sendmsg+0x74/0xac net/compat.c:351
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0x110/0x3c0 arch/arm64/kernel/syscall.c:159
do_el0_svc_compat+0x40/0x80 arch/arm64/kernel/syscall.c:204
el0_svc_compat+0x20/0x30 arch/arm64/kernel/entry-common.c:442
el0_sync_compat_handler+0x90/0x140 arch/arm64/kernel/entry-common.c:451
el0_sync_compat+0x178/0x180 arch/arm64/kernel/entry.S:708
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: f40ddce8 Linux 5.11
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1032cfacd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=67894355b1dbeb07
dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b
userspace arch: arm
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fbf4fc...@syzkaller.appspotmail.com
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 0 PID: 18095 at kernel/locking/mutex.c:938 __mutex_lock_common kernel/locking/mutex.c:938 [inline]
WARNING: CPU: 0 PID: 18095 at kernel/locking/mutex.c:938 __mutex_lock+0x428/0x99c kernel/locking/mutex.c:1103
Modules linked in:
CPU: 0 PID: 18095 Comm: syz-executor.1 Not tainted 5.11.0-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
pc : __mutex_lock_common kernel/locking/mutex.c:938 [inline]
pc : __mutex_lock+0x428/0x99c kernel/locking/mutex.c:1103
lr : __mutex_lock_common kernel/locking/mutex.c:938 [inline]
lr : __mutex_lock+0x428/0x99c kernel/locking/mutex.c:1103
sp : ffff00003ce07150
x29: ffff00003ce07150 x28: ffff80001aa29cc0
x27: ffff80001ba7e000 x26: ffff800019180000
x25: 0000000000000000 x24: 0000000000000000
x23: ffff8000167ed574 x22: 0000000000000002
x21: ffff800016b3d720 x20: 1fffe000079c0e3a
x19: ffff000032e08c90 x18: 0000000000000001
x17: 0000000000000000 x16: 0000000000000000
x15: 0000000000000000 x14: 0000000000000000
x13: 0000000000000000 x12: ffff60000d44eb84
x11: 1fffe0000d44eb83 x10: ffff60000d44eb83
x9 : dfff800000000000 x8 : ffff00006a275c1b
x7 : 0000000000000001 x6 : 00009ffff2bb147d
x5 : ffff00006a275c18 x4 : 1fffe00001ec5001
x3 : dfff800000000000 x2 : 0000000000000000
x1 : 0000000000000000 x0 : ffff00000f628000
Call trace:
__mutex_lock_common kernel/locking/mutex.c:938 [inline]
__mutex_lock+0x428/0x99c kernel/locking/mutex.c:1103
mutex_lock_nested+0x78/0x100 kernel/locking/mutex.c:1118
ieee802154_del_seclevel+0x44/0x84 net/mac802154/cfg.c:382
rdev_del_seclevel net/ieee802154/rdev-ops.h:284 [inline]
nl802154_del_llsec_seclevel+0x14c/0x200 net/ieee802154/nl802154.c:2093
genl_family_rcv_msg_doit+0x1b8/0x2a0 net/netlink/genetlink.c:739
genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
genl_rcv_msg+0x24c/0x430 net/netlink/genetlink.c:800
netlink_rcv_skb+0x198/0x34c net/netlink/af_netlink.c:2494
genl_rcv+0x38/0x50 net/netlink/genetlink.c:811
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x3e0/0x670 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x610/0xa20 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xc0/0xf4 net/socket.c:672
____sys_sendmsg+0x548/0x6d0 net/socket.c:2345
___sys_sendmsg+0xf4/0x170 net/socket.c:2399
__sys_sendmsg+0xbc/0x14c net/socket.c:2432
__compat_sys_sendmsg net/compat.c:347 [inline]
__do_compat_sys_sendmsg net/compat.c:354 [inline]
__se_compat_sys_sendmsg net/compat.c:351 [inline]
__arm64_compat_sys_sendmsg+0x74/0xac net/compat.c:351
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0x110/0x3c0 arch/arm64/kernel/syscall.c:159
do_el0_svc_compat+0x40/0x80 arch/arm64/kernel/syscall.c:204
el0_svc_compat+0x20/0x30 arch/arm64/kernel/entry-common.c:442
el0_sync_compat_handler+0x90/0x140 arch/arm64/kernel/entry-common.c:451
el0_sync_compat+0x178/0x180 arch/arm64/kernel/entry.S:708
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 30, 2021, 5:08:24 PM3/30/21
to alex....@gmail.com, da...@davemloft.net, in...@sophiescuban.com, ku...@kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, net...@vger.kernel.org, ste...@datenfreihafen.org, syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 37f368d8 lan743x: remove redundant intializations of point..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11ede3bed00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7eff0f22b8563a5f
dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d31a11d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ca3611d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fbf4fc...@syzkaller.appspotmail.com
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 1 PID: 8394 at kernel/locking/mutex.c:931 __mutex_lock_common kernel/locking/mutex.c:931 [inline]
WARNING: CPU: 1 PID: 8394 at kernel/locking/mutex.c:931 __mutex_lock+0xc0b/0x1120 kernel/locking/mutex.c:1096
Modules linked in:
CPU: 1 PID: 8394 Comm: syz-executor533 Not tainted 5.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:931 [inline]
RIP: 0010:__mutex_lock+0xc0b/0x1120 kernel/locking/mutex.c:1096
Code: 08 84 d2 0f 85 a3 04 00 00 8b 05 18 cb be 04 85 c0 0f 85 12 f5 ff ff 48 c7 c6 20 8b 6b 89 48 c7 c7 e0 88 6b 89 e8 b2 3b bd ff <0f> 0b e9 f8 f4 ff ff 65 48 8b 1c 25 00 f0 01 00 be 08 00 00 00 48
RSP: 0018:ffffc90002a2f3f8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888020b554c0 RSI: ffffffff815c51f5 RDI: fffff52000545e71
RBP: ffff8880195a4c90 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815bdf8e R11: 0000000000000000 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc90002a2f5a8 R15: ffff888014580014
FS: 0000000001f49300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc43046ba8 CR3: 0000000011a5a000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_del_seclevel+0x3f/0x70 net/mac802154/cfg.c:382
rdev_del_seclevel net/ieee802154/rdev-ops.h:284 [inline]
nl802154_del_llsec_seclevel+0x1a7/0x250 net/ieee802154/nl802154.c:2093
genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x440909
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc43047c38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000440909
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffc43047dd8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403c10
R13: 431bde82d7b634db R14: 00000000004ae018 R15: 00000000004004a0
HEAD commit: 37f368d8 lan743x: remove redundant intializations of point..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11ede3bed00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7eff0f22b8563a5f
dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d31a11d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ca3611d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fbf4fc...@syzkaller.appspotmail.com
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 1 PID: 8394 at kernel/locking/mutex.c:931 __mutex_lock+0xc0b/0x1120 kernel/locking/mutex.c:1096
Modules linked in:
CPU: 1 PID: 8394 Comm: syz-executor533 Not tainted 5.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:931 [inline]
RIP: 0010:__mutex_lock+0xc0b/0x1120 kernel/locking/mutex.c:1096
Code: 08 84 d2 0f 85 a3 04 00 00 8b 05 18 cb be 04 85 c0 0f 85 12 f5 ff ff 48 c7 c6 20 8b 6b 89 48 c7 c7 e0 88 6b 89 e8 b2 3b bd ff <0f> 0b e9 f8 f4 ff ff 65 48 8b 1c 25 00 f0 01 00 be 08 00 00 00 48
RSP: 0018:ffffc90002a2f3f8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888020b554c0 RSI: ffffffff815c51f5 RDI: fffff52000545e71
RBP: ffff8880195a4c90 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815bdf8e R11: 0000000000000000 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc90002a2f5a8 R15: ffff888014580014
FS: 0000000001f49300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc43046ba8 CR3: 0000000011a5a000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_del_seclevel+0x3f/0x70 net/mac802154/cfg.c:382
rdev_del_seclevel net/ieee802154/rdev-ops.h:284 [inline]
nl802154_del_llsec_seclevel+0x1a7/0x250 net/ieee802154/nl802154.c:2093
genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x440909
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc43047c38 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000440909
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffc43047dd8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403c10
R13: 431bde82d7b634db R14: 00000000004ae018 R15: 00000000004004a0
syzbot
Mar 31, 2021, 5:03:11 PM3/31/21
to a...@unstable.cc, alex....@gmail.com, b.a.t...@lists.open-mesh.org, da...@davemloft.net, in...@sophiescuban.com, jko...@suse.cz, ku...@kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, marekl...@neomailbox.ch, net...@vger.kernel.org, ste...@datenfreihafen.org, st...@rowland.harvard.edu, s...@simonwunderlich.de, syzkall...@googlegroups.com
syzbot has bisected this issue to:
commit 416dacb819f59180e4d86a5550052033ebb6d72c
Author: Alan Stern <st...@rowland.harvard.edu>
Date: Wed Aug 21 17:27:12 2019 +0000
HID: hidraw: Fix invalid read in hidraw_ioctl
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd00000
start commit: 6e5a03bc ethernet/netronome/nfp: Fix a use after free in n..
git tree: net
final oops: https://syzkaller.appspot.com/x/report.txt?x=117430fcd00000
console output: https://syzkaller.appspot.com/x/log.txt?x=167430fcd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=daeff30c2474a60f
dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bfe45ed00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1188e31ad00000
Reported-by: syzbot+fbf4fc...@syzkaller.appspotmail.com
Fixes: 416dacb819f5 ("HID: hidraw: Fix invalid read in hidraw_ioctl")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 416dacb819f59180e4d86a5550052033ebb6d72c
Author: Alan Stern <st...@rowland.harvard.edu>
Date: Wed Aug 21 17:27:12 2019 +0000
HID: hidraw: Fix invalid read in hidraw_ioctl
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd00000
start commit: 6e5a03bc ethernet/netronome/nfp: Fix a use after free in n..
git tree: net
final oops: https://syzkaller.appspot.com/x/report.txt?x=117430fcd00000
console output: https://syzkaller.appspot.com/x/log.txt?x=167430fcd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=daeff30c2474a60f
dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bfe45ed00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1188e31ad00000
Reported-by: syzbot+fbf4fc...@syzkaller.appspotmail.com
Fixes: 416dacb819f5 ("HID: hidraw: Fix invalid read in hidraw_ioctl")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Alan Stern
Apr 1, 2021, 9:30:39 AM4/1/21
to syzbot, a...@unstable.cc, alex....@gmail.com, b.a.t...@lists.open-mesh.org, da...@davemloft.net, in...@sophiescuban.com, jko...@suse.cz, ku...@kernel.org, linux-...@vger.kernel.org, linux...@vger.kernel.org, marekl...@neomailbox.ch, net...@vger.kernel.org, ste...@datenfreihafen.org, s...@simonwunderlich.de, syzkall...@googlegroups.com
could not have caused a problem, although it may have revealed a
pre-existing problem that previously was hidden.
By the way, what happened to the annotated stack dumps that syzkaller
used to provide in its bug reports?
Alan Stern
Dmitry Vyukov
Apr 13, 2021, 4:33:01 AM4/13/21
to Alan Stern, syzbot, a...@unstable.cc, alex....@gmail.com, b.a.t...@lists.open-mesh.org, David Miller, in...@sophiescuban.com, Jiri Kosina, Jakub Kicinski, LKML, linux...@vger.kernel.org, marekl...@neomailbox.ch, netdev, ste...@datenfreihafen.org, s...@simonwunderlich.de, syzkaller-bugs
Yes, bisection log shows it was derailed by:
KASAN: use-after-free Read in batadv_iv_ogm_queue_add
and:
BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd00000
> By the way, what happened to the annotated stack dumps that syzkaller
> used to provide in its bug reports?
https://lore.kernel.org/lkml/00000000000073...@google.com/
Reply all
Reply to author
Forward
0 new messages