All of lore.kernel.org
 help / color / mirror / Atom feed
From: syzbot <syzbot+6bc35f3913193fe7f0d3@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com, tj@kernel.org
Subject: Re: [syzbot] KASAN: use-after-free Read in kernfs_next_descendant_post (2)
Date: Fri, 21 Oct 2022 00:29:21 -0700	[thread overview]
Message-ID: <000000000000888afd05eb86663d@google.com> (raw)
In-Reply-To: <20221021071306.1535-1-hdanton@sina.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in firmware_fallback_sysfs

------------[ cut here ]------------
sysfs group 'power' not found for kobject 'ueagle-atm!eagleI.fw'
WARNING: CPU: 1 PID: 4102 at fs/sysfs/group.c:278 sysfs_remove_group+0x126/0x170 fs/sysfs/group.c:278
Modules linked in:

CPU: 1 PID: 4102 Comm: kworker/1:5 Not tainted 6.1.0-rc1-syzkaller-00025-gaae703b02f92-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
Workqueue: events request_firmware_work_func

RIP: 0010:sysfs_remove_group+0x126/0x170 fs/sysfs/group.c:278
Code: 48 89 d9 49 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 01 00 75 37 48 8b 33 48 c7 c7 80 bb ff 89 e8 86 43 4a 07 <0f> 0b eb 98 e8 61 b7 c9 ff e9 01 ff ff ff 48 89 df e8 54 b7 c9 ff
RSP: 0018:ffffc90009d479b8 EFLAGS: 00010282

RAX: 0000000000000000 RBX: ffffffff8a62c000 RCX: 0000000000000000
RDX: ffff888024043a80 RSI: ffffffff81620a28 RDI: fffff520013a8f29
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000000 R11: 63656a626f6b2072 R12: ffff88823bdf8808
R13: ffffffff8a62c5a0 R14: 0000000000000000 R15: ffff88823bdf8808
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc1febad0b0 CR3: 00000000747ce000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 dpm_sysfs_remove+0x97/0xb0 drivers/base/power/sysfs.c:837
 device_del+0x20b/0xc80 drivers/base/core.c:3681
 fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:120 [inline]
 fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:158 [inline]
 firmware_fallback_sysfs+0x5b7/0xba0 drivers/base/firmware_loader/fallback.c:234
 _request_firmware+0xbca/0x1190 drivers/base/firmware_loader/main.c:856
 request_firmware_work_func+0xdd/0x230 drivers/base/firmware_loader/main.c:1105
 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>


Tested on:

commit:         aae703b0 Merge tag 'for-6.1-rc1-tag' of git://git.kern..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=16f4dd0c880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=ea03ca45176080bc
dashboard link: https://syzkaller.appspot.com/bug?extid=6bc35f3913193fe7f0d3
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch:          https://syzkaller.appspot.com/x/patch.diff?x=136e3036880000


       reply	other threads:[~2022-10-21  7:29 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20221021071306.1535-1-hdanton@sina.com>
2022-10-21  7:29 ` syzbot [this message]
     [not found] <20221021133530.1693-1-hdanton@sina.com>
2022-10-21 13:59 ` [syzbot] KASAN: use-after-free Read in kernfs_next_descendant_post (2) syzbot
     [not found] <20221021092625.1602-1-hdanton@sina.com>
2022-10-21  9:44 ` syzbot
     [not found] <20221021032341.1481-1-hdanton@sina.com>
2022-10-21  3:45 ` syzbot
     [not found] <20221020105004.1341-1-hdanton@sina.com>
2022-10-20 21:30 ` syzbot
2021-10-04 12:57 syzbot
2022-10-20  7:15 ` syzbot
     [not found]   ` <20221021225228.1750-1-hdanton@sina.com>
2022-10-22  6:55     ` syzbot
2022-10-31 22:53     ` Tejun Heo
2022-11-14 17:34       ` Luis Chamberlain
2022-11-14 18:07         ` Dmitry Torokhov
2022-11-15 19:35           ` Luis Chamberlain
2022-11-15 20:12             ` Dmitry Torokhov
2022-11-15 22:14             ` Tejun Heo
2022-11-15  6:27         ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000888afd05eb86663d@google.com \
    --to=syzbot+6bc35f3913193fe7f0d3@syzkaller.appspotmail.com \
    --cc=hdanton@sina.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.