[v6.1] KASAN: use-after-free Read in skb_release_data
0 views
Skip to first unread message
syzbot
Apr 17, 2024, 2:13:25 PMApr 17
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6741e066ec76 Linux 6.1.87
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1693206f180000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d37120947ebed5a
dashboard link: https://syzkaller.appspot.com/bug?extid=4b49d6561fa01e744179
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e09aa9dab3c8/disk-6741e066.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4176a4f5a4d5/vmlinux-6741e066.xz
kernel image: https://storage.googleapis.com/syzbot-assets/970367753980/Image-6741e066.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b49d6...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in skb_end_pointer include/linux/skbuff.h:1594 [inline]
BUG: KASAN: use-after-free in skb_zcopy include/linux/skbuff.h:1655 [inline]
BUG: KASAN: use-after-free in skb_release_data+0xb0/0x6b0 net/core/skbuff.c:776
Read of size 8 at addr ffff0000ee3af210 by task syz-executor.1/4241
CPU: 0 PID: 4241 Comm: syz-executor.1 Not tainted 6.1.87-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x174/0x4c0 mm/kasan/report.c:395
kasan_report+0xd4/0x130 mm/kasan/report.c:495
__asan_report_load8_noabort+0x2c/0x38 mm/kasan/report_generic.c:351
skb_end_pointer include/linux/skbuff.h:1594 [inline]
skb_zcopy include/linux/skbuff.h:1655 [inline]
skb_release_data+0xb0/0x6b0 net/core/skbuff.c:776
skb_release_all net/core/skbuff.c:856 [inline]
__kfree_skb net/core/skbuff.c:870 [inline]
kfree_skb_reason+0x1a4/0x47c net/core/skbuff.c:893
kfree_skb include/linux/skbuff.h:1220 [inline]
__hci_req_sync+0x4fc/0x7ac net/bluetooth/hci_request.c:184
hci_req_sync+0xa4/0xd0 net/bluetooth/hci_request.c:206
hci_dev_cmd+0x330/0x90c net/bluetooth/hci_core.c:790
hci_sock_ioctl+0x4b8/0x82c net/bluetooth/hci_sock.c:1096
sock_do_ioctl+0x134/0x2dc net/socket.c:1204
sock_ioctl+0x4ec/0x858 net/socket.c:1321
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Allocated by task 4243:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
__kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:328
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook+0x74/0x458 mm/slab.h:737
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x230/0x37c mm/slub.c:3422
skb_clone+0x19c/0x304 net/core/skbuff.c:1660
hci_send_cmd_sync net/bluetooth/hci_core.c:4179 [inline]
hci_cmd_work+0x174/0x568 net/bluetooth/hci_core.c:4199
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
Freed by task 4239:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
kasan_save_free_info+0x38/0x5c mm/kasan/generic.c:516
____kasan_slab_free+0x144/0x1c0 mm/kasan/common.c:236
__kasan_slab_free+0x18/0x28 mm/kasan/common.c:244
kasan_slab_free include/linux/kasan.h:177 [inline]
slab_free_hook mm/slub.c:1724 [inline]
slab_free_freelist_hook mm/slub.c:1750 [inline]
slab_free mm/slub.c:3661 [inline]
kmem_cache_free+0x2f0/0x588 mm/slub.c:3683
kfree_skbmem+0x10c/0x19c
__kfree_skb net/core/skbuff.c:871 [inline]
kfree_skb_reason+0x1ac/0x47c net/core/skbuff.c:893
kfree_skb include/linux/skbuff.h:1220 [inline]
hci_req_sync_complete+0xcc/0x258 net/bluetooth/hci_request.c:109
hci_event_packet+0xbd4/0x109c net/bluetooth/hci_event.c:7601
hci_rx_work+0x318/0xa68 net/bluetooth/hci_core.c:4130
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
The buggy address belongs to the object at ffff0000ee3af140
which belongs to the cache skbuff_head_cache of size 240
The buggy address is located 208 bytes inside of
240-byte region [ffff0000ee3af140, ffff0000ee3af230)
The buggy address belongs to the physical page:
page:00000000eab62cc8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12e3af
flags: 0x5ffe00000000200(slab|node=0|zone=2|lastcpupid=0xfff)
raw: 05ffe00000000200 0000000000000000 dead000000000122 ffff0000c0870000
raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000ee3af100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
ffff0000ee3af180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff0000ee3af200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
^
ffff0000ee3af280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff0000ee3af300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
==================================================================
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
team0: Port device team_slave_0 added
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
debugfs: Directory 'hsr0' with parent 'hsr' already present!
Cannot create hsr debugfs directory
netdevsim netdevsim1 netdevsim0: renamed from eth0
netdevsim netdevsim1 netdevsim1: renamed from eth1
netdevsim netdevsim1 netdevsim2: renamed from eth2
netdevsim netdevsim1 netdevsim3: renamed from eth3
8021q: adding VLAN 0 to HW filter on device bond0
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
device veth0_macvtap entered promiscuous mode
device veth1_macvtap entered promiscuous mode
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_1
netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
syz-executor.1: attempt to access beyond end of device
loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
XFS (loop1): Unmounting Filesystem
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 6741e066ec76 Linux 6.1.87
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1693206f180000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d37120947ebed5a
dashboard link: https://syzkaller.appspot.com/bug?extid=4b49d6561fa01e744179
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e09aa9dab3c8/disk-6741e066.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4176a4f5a4d5/vmlinux-6741e066.xz
kernel image: https://storage.googleapis.com/syzbot-assets/970367753980/Image-6741e066.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b49d6...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in skb_end_pointer include/linux/skbuff.h:1594 [inline]
BUG: KASAN: use-after-free in skb_zcopy include/linux/skbuff.h:1655 [inline]
BUG: KASAN: use-after-free in skb_release_data+0xb0/0x6b0 net/core/skbuff.c:776
Read of size 8 at addr ffff0000ee3af210 by task syz-executor.1/4241
CPU: 0 PID: 4241 Comm: syz-executor.1 Not tainted 6.1.87-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x174/0x4c0 mm/kasan/report.c:395
kasan_report+0xd4/0x130 mm/kasan/report.c:495
__asan_report_load8_noabort+0x2c/0x38 mm/kasan/report_generic.c:351
skb_end_pointer include/linux/skbuff.h:1594 [inline]
skb_zcopy include/linux/skbuff.h:1655 [inline]
skb_release_data+0xb0/0x6b0 net/core/skbuff.c:776
skb_release_all net/core/skbuff.c:856 [inline]
__kfree_skb net/core/skbuff.c:870 [inline]
kfree_skb_reason+0x1a4/0x47c net/core/skbuff.c:893
kfree_skb include/linux/skbuff.h:1220 [inline]
__hci_req_sync+0x4fc/0x7ac net/bluetooth/hci_request.c:184
hci_req_sync+0xa4/0xd0 net/bluetooth/hci_request.c:206
hci_dev_cmd+0x330/0x90c net/bluetooth/hci_core.c:790
hci_sock_ioctl+0x4b8/0x82c net/bluetooth/hci_sock.c:1096
sock_do_ioctl+0x134/0x2dc net/socket.c:1204
sock_ioctl+0x4ec/0x858 net/socket.c:1321
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Allocated by task 4243:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
__kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:328
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook+0x74/0x458 mm/slab.h:737
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x230/0x37c mm/slub.c:3422
skb_clone+0x19c/0x304 net/core/skbuff.c:1660
hci_send_cmd_sync net/bluetooth/hci_core.c:4179 [inline]
hci_cmd_work+0x174/0x568 net/bluetooth/hci_core.c:4199
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
Freed by task 4239:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
kasan_save_free_info+0x38/0x5c mm/kasan/generic.c:516
____kasan_slab_free+0x144/0x1c0 mm/kasan/common.c:236
__kasan_slab_free+0x18/0x28 mm/kasan/common.c:244
kasan_slab_free include/linux/kasan.h:177 [inline]
slab_free_hook mm/slub.c:1724 [inline]
slab_free_freelist_hook mm/slub.c:1750 [inline]
slab_free mm/slub.c:3661 [inline]
kmem_cache_free+0x2f0/0x588 mm/slub.c:3683
kfree_skbmem+0x10c/0x19c
__kfree_skb net/core/skbuff.c:871 [inline]
kfree_skb_reason+0x1ac/0x47c net/core/skbuff.c:893
kfree_skb include/linux/skbuff.h:1220 [inline]
hci_req_sync_complete+0xcc/0x258 net/bluetooth/hci_request.c:109
hci_event_packet+0xbd4/0x109c net/bluetooth/hci_event.c:7601
hci_rx_work+0x318/0xa68 net/bluetooth/hci_core.c:4130
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
The buggy address belongs to the object at ffff0000ee3af140
which belongs to the cache skbuff_head_cache of size 240
The buggy address is located 208 bytes inside of
240-byte region [ffff0000ee3af140, ffff0000ee3af230)
The buggy address belongs to the physical page:
page:00000000eab62cc8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12e3af
flags: 0x5ffe00000000200(slab|node=0|zone=2|lastcpupid=0xfff)
raw: 05ffe00000000200 0000000000000000 dead000000000122 ffff0000c0870000
raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000ee3af100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
ffff0000ee3af180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff0000ee3af200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
^
ffff0000ee3af280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff0000ee3af300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
==================================================================
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
team0: Port device team_slave_0 added
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
device hsr_slave_0 entered promiscuous mode
device hsr_slave_1 entered promiscuous mode
debugfs: Directory 'hsr0' with parent 'hsr' already present!
Cannot create hsr debugfs directory
netdevsim netdevsim1 netdevsim0: renamed from eth0
netdevsim netdevsim1 netdevsim1: renamed from eth1
netdevsim netdevsim1 netdevsim2: renamed from eth2
netdevsim netdevsim1 netdevsim3: renamed from eth3
8021q: adding VLAN 0 to HW filter on device bond0
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
device veth0_macvtap entered promiscuous mode
device veth1_macvtap entered promiscuous mode
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_1
netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
syz-executor.1: attempt to access beyond end of device
loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
XFS (loop1): Unmounting Filesystem
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages