I look forward to hearing your perspective on this patch :)
With regards,
Pavel Skripkin
Hi!
On Mon, 2021-04-12 at 07:45 -0400, Alexander Aring wrote:
> Hi,
>
> On Mon, 12 Apr 2021 at 06:58, Pavel Skripkin
> wrote:
> >
> > syzbot reported WARNING in ieee802154_del_device. The problem
> > was in uninitialized mutex. In case of NL802154_IFTYPE_MONITOR
syzbot reported WARNING in ieee802154_del_device. The problem
was in uninitialized mutex. In case of NL802154_IFTYPE_MONITOR
mutex won't be initialized, but ieee802154_del_device() accessing it.
Reported-by: syzbot+bf8b5834b7ec22948...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
On Tue, 2021-04-06 at 08:21 -0400, Alexander Aring wrote:
> Hi,
>
> On Mon, 5 Apr 2021 at 15:58, Pavel Skripkin
> wrote:
> >
> > syzbot reported shift-out-of-bounds in nl802154_new_interface.
> > The problem was in signed representation of enum nl802154_iftype
of this type
will be represented as signed integer.
type = nla_get_u32(info->attrs[NL802154_ATTR_IFTYPE]);
u32 will be casted to signed, which can cause negative value type.
Reported-by: syzbot+7bf7b22759195c9a2...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
net/ieee802154/nl802
Hi!
On Sun, 2021-04-04 at 20:43 -0400, Alexander Aring wrote:
> Hi,
>
> On Thu, 4 Mar 2021 at 10:25, Pavel Skripkin
> wrote:
> >
> > syzbot found general protection fault in crypto_destroy_tfm()[1].
> > It was caused by wrong clean up loop in llsec_key_alloc(
Hi!
On Sat, 2021-04-03 at 18:26 +0200, Johannes Berg wrote:
> On Sat, 2021-04-03 at 15:13 +0000, Pavel Skripkin wrote:
> > genl_family_rcv_msg_attrs_parse() can return NULL
> > pointer:
> >
> > if (!ops->maxattr)
> > return NULL;
>
328/0x580 net/netlink/genetlink.c:800
Reported-by: syzbot+ac5c11d2959a8b3c4...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
net/ieee802154/nl802154.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
in
genl_family_rcv_msg_attrs_parse() can return NULL
pointer:
if (!ops->maxattr)
return NULL;
But this condition doesn't cause an error in
genl_family_rcv_msg_doit
Signed-off-by: Pavel Skripkin
---
net/netlink/genetlink.c | 2 ++
1 file changed, 2 insertions(+)
d
can_usb_core.c:851 [inline] [1]
[<c09f9057>] peak_usb_probe+0x389/0x490
drivers/net/can/usb/peak_usb/pcan_usb_core.c:949
Reported-by: syzbot+91adee8d9ebb9193d...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
drivers/net/can/usb/peak_usb/pcan_usb_core.c | 6 +-
1 file
[] atusb_alloc_urbs drivers/net/ieee802154/atusb.c:362
[inline][2]
[] atusb_probe+0x158/0x820
drivers/net/ieee802154/atusb.c:1038 [1]
Reported-by: syzbot+28a246747e0a46512...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
drivers/net/ieee802154/atusb.c | 1 +
1 file changed, 1
t;urb).
Can You explain please, I believe this will help me or somebody to fix this
ussue :)
With regards,
Pavel Skripkin
is message because you are subscribed to the Google
> Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to syzkaller+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller/CAM1DhOjWgN_0GVBeX%2Bpf%2B9mk_ysaN9pF4agAFUNEkzhxpFR4%3Dw%40mail.gmail.com
> .
With regards,
Pavel Skripkin
adapter_exit() relies on it:
for (n = 0; n < d->num_adapters_initialized; n++)
So, allocated objects won't be freed.
Signed-off-by: Pavel Skripkin
Reported-by: syzbot+3c2be7424cea3b932...@syzkaller.appspotmail.com
---
drivers/media/usb/dvb-usb/dvb-usb-init.c | 20
Hi!
On Sun, 2021-03-28 at 10:45 +0200, Greg KH wrote:
> On Sun, Mar 28, 2021 at 12:44:43AM +0300, Pavel Skripkin wrote:
> > syzbot reported memory leak in tty/vt.
> > The problem was in VT_DISALLOCATE ioctl cmd.
> > After allocating unimap with PIO_UNIMAP it wasn't
> &g
syzbot reported memory leak in tty/vt.
The problem was in VT_DISALLOCATE ioctl cmd.
After allocating unimap with PIO_UNIMAP it wasn't
freed via VT_DISALLOCATE, but vc_cons[currcons].d was
zeroed.
Signed-off-by: Pavel Skripkin
Reported-by: syzbot+bcc922b19ccc64240...@syzkaller.appspotmail.com
[inline]
[] em28xx_alloc_urbs+0x102/0x550
drivers/media/usb/em28xx/em28xx-core.c:930 [2]
[] em28xx_dvb_init
drivers/media/usb/em28xx/em28xx-dvb.c:1517 [inline] [1]
Reported-by: syzbot+889397c820fa56adf...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
drivers/media/usb
Hi!
On Sat, 2021-03-27 at 11:01 +0200, Andy Shevchenko wrote:
>
>
> On Saturday, March 27, 2021, Pavel Skripkin
> wrote:
> > syzbot reported memory leak in em28xx_dvb_init()[1]
> > The problem was in wrong error handling after
> > em28xx_alloc_urbs()[2]
> >
/workqueue.c:2426
[] kthread+0x178/0x1b0 kernel/kthread.c:292
[] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Reported-by: syzbot+889397c820fa56adf...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
drivers/media/usb/em28xx/em28xx-dvb.c | 1 +
1 file changed, 1 insertion
etval = ctx.status;
...
if (actual_length)
*actual_length = urb->actual_length;
I believe, that this info might be useful.
Im not sure about it, i didn't found any examples of this log and have
no idea how to reproduce it, it's just my thoughts. Maybe, one of the
maintainers will correct me
--
With regards,
Pavel Skripkin
Hi! Thanks for the review.
On Tue, 2021-03-23 at 17:13 +0100, Mauro Carvalho Chehab wrote:
> Em Sat, 27 Feb 2021 02:37:31 +0300
> Pavel Skripkin escreveu:
>
> > Syzbot reported memory leak in hdcs_probe_1x00()[1].
> > hdcs_probe_1x00() allocates memory for struct hdcs,
Hi!
On Fri, 2021-03-26 at 08:40 +0100, Dmitry Vyukov wrote:
> On Fri, Mar 26, 2021 at 8:24 AM Pavel Skripkin
> wrote:
> >
> > Hi!
> >
> > On Fri, 2021-03-26 at 08:14 +0100, 'Dmitry Vyukov' via syzkaller
> > wrote:
> > > On Fri, Mar 2
, I already send patch for that, but it was
marked as obsoleted.
--
With regards,
Pavel Skripkin
sybot reported uninit value in sq905_read_data().
The problem was in the error conditions in usb_bulk_msg()
before act_len initialization.
Reported-by: syzbot+a4e309017a5f3a24c...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
drivers/media/usb/gspca/sq905.c | 2 +-
1 file changed
The problem was in wrong "if" placement. chip->quirk_type is freed
in snd_card_free_when_closed(), but inside if statement it's accesed.
Fixes: 9799110825db ("ALSA: usb-audio: Disable USB autosuspend properly in
setup_disable_autosuspend()"
Signed-off-by: Pavel Skripkin
e USB autosuspend properly in
setup_disable_autosuspend()")
Signed-off-by: Pavel Skripkin
---
sound/usb/card.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/usb/card.c b/sound/usb/card.c
index 08c794883299..3fd1743513b5 100644
--- a/sound/usb/card.c
+++ b/sound/
This small patch series fixes 2 errors from commit 9799110825db
("ALSA: usb-audio: Disable USB autosuspend properly in
setup_disable_autosuspend()").
One of them was reported by syzbot, but second one appeared while testing fixes
for the first one.
Pavel Skripkin (2):
sound: usb: fi
net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
Signed-off-by: Pavel Skripkin
Reported-by: syzbot+9ec037722d2603a9f...@syzkaller.appspotmail.com
Hi, thanks for your reply!
On Wed, 2021-03-03 at 21:40 -0500, Alexander Aring wrote:
> Hi,
>
> On Wed, 3 Mar 2021 at 11:28, Pavel Skripkin
> wrote:
> > syzbot found general protection fault in crypto_destroy_tfm()[1].
> > It was caused by wrong clean up loop in llsec
/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
Signed-off-by: Pavel Skripkin
Reported-by: syzbot+12cf5fbfdeba210a8...@syzkaller.appspotmail.com
---
net
sysbot found memory leak in edge_startup().
The problem was that when an error was received from the usb_submit_urb(),
nothing was cleaned up.
Reported-by: syzbot+59f777bdcbdd7eea5...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
drivers/usb/serial/io_edgeport.c | 26
syzbot reported memory leak in zr364xx_probe()[1].
The problem was in invalid error handling order.
All error conditions rigth after v4l2_ctrl_handler_init()
must call v4l2_ctrl_handler_free().
Reported-by: syzbot+efe9aefc31ae1e6f7...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
Hi, thanks for your reply!
On Mon, 2021-03-01 at 14:09 +0100, Eric Dumazet wrote:
>
> On 2/26/21 8:11 PM, Pavel Skripkin wrote:
> > syzbot found WARNING in __alloc_pages_nodemask()[1] when order >=
> > MAX_ORDER.
> > It was caused by __netdev_alloc_skb(), which doesn'
:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported-by: syzbot+80dccaee7c6630fa9...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
net/qrtr/qrtr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c
index b34358282f37..82d2eb8c21d1 100
> From: Pavel Skripkin
> Date: Sun, 28 Feb 2021 22:28:13 +0300
>
> > Hi, thanks for reply!
> >
> > > From: Pavel Skripkin
> > > Date: Sat, 27 Feb 2021 20:51:14 +0300
> > >
> > > Hi,
> > >
> > > > syzbot found
Hi, thanks for reply!
> From: Pavel Skripkin
> Date: Sat, 27 Feb 2021 20:51:14 +0300
>
> Hi,
>
> > syzbot found WARNING in __alloc_pages_nodemask()[1] when order >=
> > MAX_ORDER.
> > It was caused by __netdev_alloc_skb(), which doesn't check len
> >
7c6630fa9...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
---
Changes from v3:
* Removed Change-Id and extra tabs in net/core/skbuff.c
Changes from v2:
* Added length check to __napi_alloc_skb
* Added unlikely() in checks
Change from v1:
* Added length check to __netdev_alloc_skb
---
7c6630fa9...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
Change-Id: I480a6d6f818a4c0a387db0cd3f230b68a7daeb16
---
net/core/skbuff.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 785daff48030..a35ba145a060 100644
--- a/net/core/skbuf
7c6630fa9...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
Change-Id: I480a6d6f818a4c0a387db0cd3f230b68a7daeb16
---
net/core/skbuff.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 785daff48030..a35ba145a060 100644
--- a/net/core/skbuf
return ret;
}
Reported-by: syzbot+e7f4c64a4248a0340...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
Change-Id: Ia198671177ee346de61780813025110c7c491d7a
---
drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/driv
return ret;
}
Reported-by: syzbot+e7f4c64a4248a0340...@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin
Change-Id: Ia198671177ee346de61780813025110c7c491d7a
---
drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/driv
om
Signed-off-by: Pavel Skripkin
Change-Id: I480a6d6f818a4c0a387db0cd3f230b68a7daeb16
---
net/core/skbuff.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 785daff48030..dc28c8f7bf5f 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -443
43 matches
Mail list logo