[syzbot] [media?] INFO: trying to register non-static key in as102_dvb_dmx_start_feed
2 views
Skip to first unread message
syzbot
1:13āÆAMĀ (18 hours ago)Ā 1:13āÆAM
to linux-...@vger.kernel.org, linux...@vger.kernel.org, mch...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bbeb83d3182a Merge tag 'kbuild-fixes-7.0-3' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1749d6da580000
kernel config: https://syzkaller.appspot.com/x/.config?x=45cb3c58fd963c27
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151e5e16580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11334b52580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fed7fabd5bd6/disk-bbeb83d3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3776359aa4d4/vmlinux-bbeb83d3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6ea274e547d3/bzImage-bbeb83d3.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3f395d...@syzkaller.appspotmail.com
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6076 Comm: syz.1.43 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0xcc/0x2e0 kernel/locking/lockdep.c:1299
__lock_acquire+0xad/0x2cf0 kernel/locking/lockdep.c:5112
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/rtmutex_api.c:533 [inline]
mutex_lock_interruptible_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:566
as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760
dvb_demux_do_ioctl+0x473/0x540 drivers/media/dvb-core/dmxdev.c:1083
dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996
dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1201
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xff/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa44073c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffd63530b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa4409b5fa0 RCX: 00007fa44073c799
RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
RBP: 00007fa4407d2c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa4409b5fac R14: 00007fa4409b5fa0 R15: 00007fa4409b5fa0
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bbeb83d3182a Merge tag 'kbuild-fixes-7.0-3' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1749d6da580000
kernel config: https://syzkaller.appspot.com/x/.config?x=45cb3c58fd963c27
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151e5e16580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11334b52580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fed7fabd5bd6/disk-bbeb83d3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3776359aa4d4/vmlinux-bbeb83d3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6ea274e547d3/bzImage-bbeb83d3.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3f395d...@syzkaller.appspotmail.com
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6076 Comm: syz.1.43 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0xcc/0x2e0 kernel/locking/lockdep.c:1299
__lock_acquire+0xad/0x2cf0 kernel/locking/lockdep.c:5112
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/rtmutex_api.c:533 [inline]
mutex_lock_interruptible_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:566
as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760
dvb_demux_do_ioctl+0x473/0x540 drivers/media/dvb-core/dmxdev.c:1083
dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996
dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1201
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xff/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa44073c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffd63530b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa4409b5fa0 RCX: 00007fa44073c799
RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
RBP: 00007fa4407d2c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa4409b5fac R14: 00007fa4409b5fa0 R15: 00007fa4409b5fa0
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Edward Adam Davis
5:29āÆAMĀ (14 hours ago)Ā 5:29āÆAM
to syzbot+3f395d...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/drivers/media/dvb-core/dmxdev.c b/drivers/media/dvb-core/dmxdev.c
index 3c8bc75e4d6c..f35c514a420a 100644
--- a/drivers/media/dvb-core/dmxdev.c
+++ b/drivers/media/dvb-core/dmxdev.c
@@ -1053,6 +1053,11 @@ static int dvb_demux_do_ioctl(struct file *file,
if (mutex_lock_interruptible(&dmxdev->mutex))
return -ERESTARTSYS;
+ if (dmxdev->exit) {
+ mutex_unlock(&dmxdev->mutex);
+ return -ENODEV;
+ }
+
switch (cmd) {
case DMX_START:
if (mutex_lock_interruptible(&dmxdevfilter->mutex)) {
diff --git a/drivers/media/dvb-core/dmxdev.c b/drivers/media/dvb-core/dmxdev.c
index 3c8bc75e4d6c..f35c514a420a 100644
--- a/drivers/media/dvb-core/dmxdev.c
+++ b/drivers/media/dvb-core/dmxdev.c
@@ -1053,6 +1053,11 @@ static int dvb_demux_do_ioctl(struct file *file,
if (mutex_lock_interruptible(&dmxdev->mutex))
return -ERESTARTSYS;
+ if (dmxdev->exit) {
+ mutex_unlock(&dmxdev->mutex);
+ return -ENODEV;
+ }
+
switch (cmd) {
case DMX_START:
if (mutex_lock_interruptible(&dmxdevfilter->mutex)) {
syzbot
6:12āÆAMĀ (13 hours ago)Ā 6:12āÆAM
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in as102_dvb_dmx_start_feed
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 UID: 0 PID: 6751 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996
dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1206
RAX: ffffffffffffffda RBX: 00007f284b3a5fa0 RCX: 00007f284b12c799
</TASK>
Tested on:
commit: 0138af24 Merge tag 'erofs-for-7.0-rc6-fixes' of git://..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=168b2eda580000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in as102_dvb_dmx_start_feed
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0xcc/0x2e0 kernel/locking/lockdep.c:1299
__lock_acquire+0xad/0x2cf0 kernel/locking/lockdep.c:5112
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/rtmutex_api.c:533 [inline]
mutex_lock_interruptible_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:566
as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760
dvb_demux_do_ioctl+0x4b3/0x5a0 drivers/media/dvb-core/dmxdev.c:1088
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0xcc/0x2e0 kernel/locking/lockdep.c:1299
__lock_acquire+0xad/0x2cf0 kernel/locking/lockdep.c:5112
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/rtmutex_api.c:533 [inline]
mutex_lock_interruptible_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:566
as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760
dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996
dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1206
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xff/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f284b12c799
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xff/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f284a78e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f284b3a5fa0 RCX: 00007f284b12c799
RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
RBP: 00007f284b1c2c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f284b3a6038 R14: 00007f284b3a5fa0 R15: 00007ffcb03ec028
</TASK>
Tested on:
commit: 0138af24 Merge tag 'erofs-for-7.0-rc6-fixes' of git://..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=168b2eda580000
kernel config: https://syzkaller.appspot.com/x/.config?x=45cb3c58fd963c27
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=143b5e16580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Edward Adam Davis
7:13āÆAMĀ (12 hours ago)Ā 7:13āÆAM
to syzbot+3f395d...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
index 6b1d3528a0a7..9a6e554ba9d9 100644
--- a/drivers/media/usb/as102/as102_drv.c
+++ b/drivers/media/usb/as102/as102_drv.c
@@ -322,6 +322,9 @@ int as102_dvb_register(struct as102_dev_t *as102_dev)
goto edmxdinit;
}
+ /* init start / stop stream mutex */
+ mutex_init(&as102_dev->sem);
+
/* Attach the frontend */
as102_dev->dvb_fe = dvb_attach(as102_attach, as102_dev->name,
&as102_fe_ops,
@@ -344,9 +347,6 @@ int as102_dvb_register(struct as102_dev_t *as102_dev)
/* init bus mutex for token locking */
mutex_init(&as102_dev->bus_adap.lock);
- /* init start / stop stream mutex */
- mutex_init(&as102_dev->sem);
-
/*
* try to load as102 firmware. If firmware upload failed, we'll be
* able to upload it later.
syzbot
7:44āÆAMĀ (12 hours ago)Ā 7:44āÆAM
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in as102_dvb_dmx_start_feed
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 UID: 0 PID: 6612 Comm: syz.3.20 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in as102_dvb_dmx_start_feed
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0xcc/0x2e0 kernel/locking/lockdep.c:1299
__lock_acquire+0xad/0x2cf0 kernel/locking/lockdep.c:5112
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/rtmutex_api.c:533 [inline]
mutex_lock_interruptible_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:566
as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760
dvb_demux_do_ioctl+0x4b3/0x5a0 drivers/media/dvb-core/dmxdev.c:1088
dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996
dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1206
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xff/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7ddd77c799
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0xcc/0x2e0 kernel/locking/lockdep.c:1299
__lock_acquire+0xad/0x2cf0 kernel/locking/lockdep.c:5112
lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/rtmutex_api.c:533 [inline]
mutex_lock_interruptible_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:566
as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
dvb_dmxdev_filter_start+0xcf4/0x10e0 drivers/media/dvb-core/dmxdev.c:760
dvb_demux_do_ioctl+0x4b3/0x5a0 drivers/media/dvb-core/dmxdev.c:1088
dvb_usercopy+0x199/0x2e0 drivers/media/dvb-core/dvbdev.c:996
dvb_demux_ioctl+0x29/0x40 drivers/media/dvb-core/dmxdev.c:1206
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xff/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7ddcdde028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7ddd9f5fa0 RCX: 00007f7ddd77c799
RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
RBP: 00007f7ddd812c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f7ddd9f6038 R14: 00007f7ddd9f5fa0 R15: 00007fff7d9d6948
</TASK>
Tested on:
commit: 0138af24 Merge tag 'erofs-for-7.0-rc6-fixes' of git://..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17acd06a580000
Tested on:
commit: 0138af24 Merge tag 'erofs-for-7.0-rc6-fixes' of git://..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=45cb3c58fd963c27
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=10e1ecca580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Edward Adam Davis
8:15āÆAMĀ (11 hours ago)Ā 8:15āÆAM
to syzbot+3f395d...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/drivers/media/usb/as102/as102_drv.c b/drivers/media/usb/as102/as102_drv.c
index 6b1d3528a0a7..1823f0ca44df 100644
--- a/drivers/media/usb/as102/as102_drv.c
+++ b/drivers/media/usb/as102/as102_drv.c
@@ -344,9 +344,6 @@ int as102_dvb_register(struct as102_dev_t *as102_dev)
index 8e480ab78f9b..a19b156b635b 100644
--- a/drivers/media/usb/as102/as102_usb_drv.c
+++ b/drivers/media/usb/as102/as102_usb_drv.c
@@ -385,6 +385,8 @@ static int as102_usb_probe(struct usb_interface *intf,
__func__, ret);
goto failed;
diff --git a/drivers/media/usb/as102/as102_drv.c b/drivers/media/usb/as102/as102_drv.c
index 6b1d3528a0a7..1823f0ca44df 100644
--- a/drivers/media/usb/as102/as102_drv.c
+++ b/drivers/media/usb/as102/as102_drv.c
@@ -344,9 +344,6 @@ int as102_dvb_register(struct as102_dev_t *as102_dev)
/* init bus mutex for token locking */
mutex_init(&as102_dev->bus_adap.lock);
- /* init start / stop stream mutex */
- mutex_init(&as102_dev->sem);
-
/*
* try to load as102 firmware. If firmware upload failed, we'll be
* able to upload it later.
diff --git a/drivers/media/usb/as102/as102_usb_drv.c b/drivers/media/usb/as102/as102_usb_drv.c
mutex_init(&as102_dev->bus_adap.lock);
- /* init start / stop stream mutex */
- mutex_init(&as102_dev->sem);
-
/*
* try to load as102 firmware. If firmware upload failed, we'll be
* able to upload it later.
index 8e480ab78f9b..a19b156b635b 100644
--- a/drivers/media/usb/as102/as102_usb_drv.c
+++ b/drivers/media/usb/as102/as102_usb_drv.c
@@ -385,6 +385,8 @@ static int as102_usb_probe(struct usb_interface *intf,
__func__, ret);
goto failed;
}
+ /* init start / stop stream mutex */
+ mutex_init(&as102_dev->sem);
pr_info("%s: device has been detected\n", DRIVER_NAME);
+ /* init start / stop stream mutex */
+ mutex_init(&as102_dev->sem);
syzbot
8:40āÆAMĀ (11 hours ago)Ā 8:40āÆAM
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+3f395d...@syzkaller.appspotmail.com
Tested-by: syzbot+3f395d...@syzkaller.appspotmail.com
Tested on:
commit: 0138af24 Merge tag 'erofs-for-7.0-rc6-fixes' of git://..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=167c8eda580000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+3f395d...@syzkaller.appspotmail.com
Tested-by: syzbot+3f395d...@syzkaller.appspotmail.com
Tested on:
commit: 0138af24 Merge tag 'erofs-for-7.0-rc6-fixes' of git://..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=45cb3c58fd963c27
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=10591cba580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Note: testing is done by a robot and is best-effort only.
Edward Adam Davis
8:45āÆAMĀ (11 hours ago)Ā 8:45āÆAM
to syzbot+3f395d...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/drivers/media/usb/as102/as102_drv.c b/drivers/media/usb/as102/as102_drv.c
index 6b1d3528a0a7..e94828871635 100644
diff --git a/drivers/media/usb/as102/as102_drv.c b/drivers/media/usb/as102/as102_drv.c
--- a/drivers/media/usb/as102/as102_drv.c
+++ b/drivers/media/usb/as102/as102_drv.c
@@ -299,6 +299,8 @@ int as102_dvb_register(struct as102_dev_t *as102_dev)
as102_dev->dvb_dmx.priv = as102_dev;
as102_dev->dvb_dmx.filternum = pid_filtering ? 16 : 256;
as102_dev->dvb_dmx.feednum = 256;
+ /* init start / stop stream mutex */
+ mutex_init(&as102_dev->sem);
as102_dev->dvb_dmx.start_feed = as102_dvb_dmx_start_feed;
+ mutex_init(&as102_dev->sem);
as102_dev->dvb_dmx.stop_feed = as102_dvb_dmx_stop_feed;
@@ -344,9 +346,6 @@ int as102_dvb_register(struct as102_dev_t *as102_dev)
syzbot
9:12āÆAMĀ (10 hours ago)Ā 9:12āÆAM
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+3f395d...@syzkaller.appspotmail.com
Tested-by: syzbot+3f395d...@syzkaller.appspotmail.com
Tested on:
commit: 0138af24 Merge tag 'erofs-for-7.0-rc6-fixes' of git://..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12f28102580000
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+3f395d...@syzkaller.appspotmail.com
Tested-by: syzbot+3f395d...@syzkaller.appspotmail.com
Tested on:
commit: 0138af24 Merge tag 'erofs-for-7.0-rc6-fixes' of git://..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=45cb3c58fd963c27
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=14f90606580000
dashboard link: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Edward Adam Davis
9:18āÆAMĀ (10 hours ago)Ā 9:18āÆAM
to syzbot+3f395d...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, linux...@vger.kernel.org, mch...@kernel.org, syzkall...@googlegroups.com
A user process first connects to the as102 USB device. During the window
of time occurring after the kernel routine for registering the as102
dvb layer device driver has completed its initialization up to the
start_feed stage, but before the sem lock initialization code has been
executed, the user process issues a combined open and ioctl sequence to
invoke the as102_dvb_dmx_start_feed() function. Since the sem lock has
not yet been initialized at this point, the issue reported in [1] is
triggered.
To resolve this, the sem lock initialization procedure has been optimized
by moving it to occur before the start_feed initialization.
[1]
Closes: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
Tested-by: syzbot+3f395d...@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <ead...@qq.com>
---
drivers/media/usb/as102/as102_drv.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--
2.43.0
of time occurring after the kernel routine for registering the as102
dvb layer device driver has completed its initialization up to the
start_feed stage, but before the sem lock initialization code has been
executed, the user process issues a combined open and ioctl sequence to
invoke the as102_dvb_dmx_start_feed() function. Since the sem lock has
not yet been initialized at this point, the issue reported in [1] is
triggered.
To resolve this, the sem lock initialization procedure has been optimized
by moving it to occur before the start_feed initialization.
[1]
INFO: trying to register non-static key.
Call Trace:
mutex_lock_interruptible_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:566
as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
Reported-by: syzbot+3f395d...@syzkaller.appspotmail.com
as102_dvb_dmx_start_feed+0x70/0x290 drivers/media/usb/as102/as102_drv.c:139
dmx_section_feed_start_filtering+0x518/0x6c0 drivers/media/dvb-core/dvb_demux.c:977
Closes: https://syzkaller.appspot.com/bug?extid=3f395d8da879a58fb019
Tested-by: syzbot+3f395d...@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <ead...@qq.com>
---
drivers/media/usb/as102/as102_drv.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
2.43.0
Reply all
Reply to author
Forward
0 new messages