From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9D85C76194 for ; Wed, 24 Jul 2019 01:48:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A7AF82238C for ; Wed, 24 Jul 2019 01:48:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563932887; bh=swVgtFN+N+57MIxtPbpUxhThwcqA6m1zMkmEwNud0b8=; h=Date:From:To:Cc:Subject:List-ID:From; b=EvbMuuL5ga5Gl8PVIueqLIuWzHtSFh+MtOc7sZ9QNcl1P4N77rpaMXh/jqkvTnn33 taFUw2SvPGsz4EDjxISu7wacZieJiVaUq6OuzwrbGGuU6zRRLRxzovwfXvF0+ybITg sJ6HISBGqPojtUnG2LNBiD0iyEF+9k/cZvl/Uh5g= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728709AbfGXBsD (ORCPT ); Tue, 23 Jul 2019 21:48:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:57648 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728005AbfGXBsC (ORCPT ); Tue, 23 Jul 2019 21:48:02 -0400 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 48F012238C; Wed, 24 Jul 2019 01:48:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563932880; bh=swVgtFN+N+57MIxtPbpUxhThwcqA6m1zMkmEwNud0b8=; h=Date:From:To:Cc:Subject:From; b=wJ6qqVEAlW18jHfiBc9NaHLahLMuGG8Fle+Af3Lsvodt1jN/iXkCpn0POf7ynFKpU XCKrHLyzfKHaYyeGHDgVB+BVhx98fG7t0OuXFUXdy3W2irlEEEStsqZgzJuK9B66O+ 3rQI6bNLkt+LGYG70UXke4+qyqDsmwmTTEEPcgLk= Date: Tue, 23 Jul 2019 18:47:58 -0700 From: Eric Biggers To: linux-wireless@vger.kernel.org, netdev@vger.kernel.org, Johannes Berg , "David S. Miller" Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Reminder: 11 open syzbot bugs in "net/wireless" subsystem Message-ID: <20190724014758.GK643@sol.localdomain> Mail-Followup-To: linux-wireless@vger.kernel.org, netdev@vger.kernel.org, Johannes Berg , "David S. Miller" , linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org [This email was generated by a script. Let me know if you have any suggestions to make it better, or if you want it re-generated with the latest status.] Of the currently open syzbot reports against the upstream kernel, I've manually marked 11 of them as possibly being bugs in the "net/wireless" subsystem. I've listed these reports below, sorted by an algorithm that tries to list first the reports most likely to be still valid, important, and actionable. Of these 11 bugs, 9 were seen in mainline in the last week. If you believe a bug is no longer valid, please close the syzbot report by sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the original thread, as explained at https://goo.gl/tpsmEJ#status If you believe I misattributed a bug to the "net/wireless" subsystem, please let me know, and if possible forward the report to the correct people or mailing list. Here are the bugs: -------------------------------------------------------------------------------- Title: general protection fault in ath6kl_usb_alloc_urb_from_pipe Last occurred: 0 days ago Reported: 102 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=cd8b9cfe50a0bf36ee19eda2d7e2e06843dfbeaf Original thread: https://lkml.kernel.org/lkml/0000000000008e825105865615e3@google.com/T/#u This bug has a C reproducer. No one replied to the original thread for this bug. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+ead4037ec793e025e66f@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000008e825105865615e3@google.com -------------------------------------------------------------------------------- Title: WARNING: ODEBUG bug in rsi_probe Last occurred: 0 days ago Reported: 100 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=3b35267abf182bd98ba95c0943bc0f957e021101 Original thread: https://lkml.kernel.org/lkml/00000000000024bbd7058682eda1@google.com/T/#u This bug has a C reproducer. No one replied to the original thread for this bug. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+1d1597a5aa3679c65b9f@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/00000000000024bbd7058682eda1@google.com -------------------------------------------------------------------------------- Title: INFO: trying to register non-static key in del_timer_sync (2) Last occurred: 0 days ago Reported: 102 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=26525f643f454dd7be0078423e3cdb0d57744959 Original thread: https://lkml.kernel.org/lkml/000000000000927a7b0586561537@google.com/T/#u This bug has a C reproducer. The original thread for this bug received 5 replies; the last was 41 days ago. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+dc4127f950da51639216@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000927a7b0586561537@google.com -------------------------------------------------------------------------------- Title: WARNING in zd_mac_clear Last occurred: 0 days ago Reported: 102 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=46e5ae5074764b5f0eed428a8c4989d9efbe9146 Original thread: https://lkml.kernel.org/lkml/00000000000075a7a6058653d977@google.com/T/#u This bug has a C reproducer. No one replied to the original thread for this bug. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/00000000000075a7a6058653d977@google.com -------------------------------------------------------------------------------- Title: KASAN: invalid-free in rsi_91x_deinit Last occurred: 0 days ago Reported: 91 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=426fbebc1eac728afa08e52b1bcf8171c9413e29 Original thread: https://lkml.kernel.org/lkml/0000000000005ae4cd058731d407@google.com/T/#u This bug has a C reproducer. No one replied to the original thread for this bug. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+7c72edfb407b2bd866ce@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000005ae4cd058731d407@google.com -------------------------------------------------------------------------------- Title: KMSAN: uninit-value in rt2500usb_bbp_read Last occurred: 0 days ago Reported: 47 days ago Branches: Mainline (with KMSAN patches) Dashboard link: https://syzkaller.appspot.com/bug?id=f35d123de7d393019c1ed4d4e60dc66596ed62cd Original thread: https://lkml.kernel.org/lkml/000000000000cf6a70058aa48695@google.com/T/#u This bug has a C reproducer. The original thread for this bug has received 1 reply, 47 days ago. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+a106a5b084a6890d2607@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000cf6a70058aa48695@google.com -------------------------------------------------------------------------------- Title: WARNING in submit_rx_urb/usb_submit_urb Last occurred: 0 days ago Reported: 55 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=97fff2c33c48264fba4d185f5f0f0961bdcd2ae2 Original thread: https://lkml.kernel.org/lkml/0000000000004da71e058a06318b@google.com/T/#u This bug has a C reproducer. The original thread for this bug has received 1 reply, 55 days ago. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+c2a1fa67c02faa0de723@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000004da71e058a06318b@google.com -------------------------------------------------------------------------------- Title: WARNING in ar5523_submit_rx_cmd/usb_submit_urb Last occurred: 0 days ago Reported: 50 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=d4cdc65d1db112b294b568e0cff47bca7cd3edbd Original thread: https://lkml.kernel.org/lkml/000000000000f4900f058a69d6c5@google.com/T/#u This bug has a C reproducer. The original thread for this bug has received 1 reply, 50 days ago. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+6101b0c732dea13ea55b@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000f4900f058a69d6c5@google.com -------------------------------------------------------------------------------- Title: KASAN: slab-out-of-bounds Read in p54u_load_firmware_cb Last occurred: 3 days ago Reported: 78 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=a7d7aec13ac4d6981c15814acb900348d340dd70 Original thread: https://lkml.kernel.org/lkml/00000000000001de810588363aaf@google.com/T/#u This bug has a syzkaller reproducer only. The original thread for this bug has received 4 replies; the last was 29 days ago. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+6d237e74cdc13f036473@syzkaller.appspotmail.com If you send any email or patch for this bug, please consider replying to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/00000000000001de810588363aaf@google.com -------------------------------------------------------------------------------- Title: WARNING in i2400mu_bus_bm_wait_for_ack/usb_submit_urb Last occurred: 0 days ago Reported: 13 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=78aca5360820e5e91ba12dec842dabeb5349b431 Original thread: https://lkml.kernel.org/lkml/0000000000009b6e7f058d51adba@google.com/T/#u This bug has a C reproducer. No one has replied to the original thread for this bug yet. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+7886801de1cc3958a0d1@syzkaller.appspotmail.com If you send any email or patch for this bug, please reply to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/0000000000009b6e7f058d51adba@google.com -------------------------------------------------------------------------------- Title: KASAN: global-out-of-bounds Read in load_next_firmware_from_table Last occurred: 18 days ago Reported: 14 days ago Branches: Mainline (with usb-fuzzer patches) Dashboard link: https://syzkaller.appspot.com/bug?id=9e4fafb6fbc53782278754488801c0bbe1fd2a85 Original thread: https://lkml.kernel.org/lkml/000000000000df0913058d3ead47@google.com/T/#u This bug has a C reproducer. No one has replied to the original thread for this bug yet. This looks like a bug in a net/wireless USB driver. If you fix this bug, please add the following tag to the commit: Reported-by: syzbot+98156c174c5a2cad9f8f@syzkaller.appspotmail.com If you send any email or patch for this bug, please reply to the original thread. For the git send-email command to use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply instructions" at https://lkml.kernel.org/r/000000000000df0913058d3ead47@google.com