regards,
Dae R. Jeong
> On Fri, 27 Jul 2018 06:13:22 +0200,
> Dae R. Jeong wrote:
> >
> > I tested it and it worked.
> > Thanks a lot!
>
> Good to hear. Below is the final patch with a proper comment (and
> with syzbot reported-by, too) I'm going to queue
Reporting the crash: BUG: soft lockup in snd_virmidi_output_trigger
This crash has been found in v4.18-rc3 using RaceFuzzer (a modified
version of Syzkaller), which we describe more at the end of this
report.
Note that this bug is previously reported by Syzkaller a few month ago.
On Thu, Jul 26, 2018 at 02:50:25PM +0200, Takashi Iwai wrote:
> On Thu, 26 Jul 2018 07:53:26 +0200,
> Dae R. Jeong wrote:
> >
> > Reporting the crash: BUG: soft lockup in snd_virmidi_output_trigger
> >
> > This crash has been found in v4.18-rc3 using Race
Reporting the crash: KASAN: null-ptr-deref Write in binder_update_page_range
This crash has been found in v4.18-rc3 using RaceFuzzer (a modified
version of Syzkaller), which we describe more at the end of this
report.
Our analysis shows that the race occurs when invoking two syscalls
> Could you test this patch? I found that bug a month ago but didn't submit
> yet.
I don't have a reproducer now. I manually analzed a root cause of the
crash using a fuzzer's log. The log reported a race on 'alloc->vma'.
Because I don't have a reproducer, I can't test the patch. I'm sorry.
Reporting the crash: WARNING in port_delete
This crash has been found in v4.18-rc3 using RaceFuzzer (a modified
version of Syzkaller), which we descrbie more at the end of this
report. Our analysis shows that the race occurs when invoking two close
syscalls concurrently.
The executed program is
Reporting the crash: KASAN: use-after-free Read in link_path_walk
This crash has been found in v4.17-rc1 using RaceFuzzer (a modified
version of Syzkaller), which we describe more at the end of this
report. Our analysis shows that the race occurs when invoking two
syscalls concurrently, open()
ck(>open_mutex);
> > > sync_blockdev(bdev);
> > >
>
> Good catch! The fix looks good. Would you like to submit a patch for it?
Sure. I will send a patch soon.
Best regards,
Dae R. Jeong.
returning immediately if the MD_CLOSING bit is set
in >flags which indicates that the array is being closed.
Fixes: 065e519e71b2 ("md: MD_CLOSING needs to be cleared after called
md_set_readonly or do_md_stop")
Reported-by: syzbot+1e46a0864c1a6e9bd...@syzkaller.appspotmail.com
Signe
On Thu, Jul 26, 2018 at 02:50:25PM +0200, Takashi Iwai wrote:
> On Thu, 26 Jul 2018 07:53:26 +0200,
> Dae R. Jeong wrote:
> >
> > Reporting the crash: BUG: soft lockup in snd_virmidi_output_trigger
> >
> > This crash has been found in v4.18-rc3 using Race
regards,
Dae R. Jeong
> On Fri, 27 Jul 2018 06:13:22 +0200,
> Dae R. Jeong wrote:
> >
> > I tested it and it worked.
> > Thanks a lot!
>
> Good to hear. Below is the final patch with a proper comment (and
> with syzbot reported-by, too) I'm going to queue
Reporting the crash: KASAN: null-ptr-deref Write in binder_update_page_range
This crash has been found in v4.18-rc3 using RaceFuzzer (a modified
version of Syzkaller), which we describe more at the end of this
report.
Our analysis shows that the race occurs when invoking two syscalls
> Could you test this patch? I found that bug a month ago but didn't submit
> yet.
I don't have a reproducer now. I manually analzed a root cause of the
crash using a fuzzer's log. The log reported a race on 'alloc->vma'.
Because I don't have a reproducer, I can't test the patch. I'm sorry.
Reporting the crash: WARNING in port_delete
This crash has been found in v4.18-rc3 using RaceFuzzer (a modified
version of Syzkaller), which we descrbie more at the end of this
report. Our analysis shows that the race occurs when invoking two close
syscalls concurrently.
The executed program is
Reporting the crash: KASAN: use-after-free Read in link_path_walk
This crash has been found in v4.17-rc1 using RaceFuzzer (a modified
version of Syzkaller), which we describe more at the end of this
report. Our analysis shows that the race occurs when invoking two
syscalls concurrently, open()
Reporting the crash: BUG: soft lockup in snd_virmidi_output_trigger
This crash has been found in v4.18-rc3 using RaceFuzzer (a modified
version of Syzkaller), which we describe more at the end of this
report.
Note that this bug is previously reported by Syzkaller a few month ago.
rrect, this warning is introduced
in the commit 065e519e("md: MD_CLOSING needs to be cleared after called
md_set_readonly or do_md_stop").
Could you please take a look into this?
Best regards,
Dae R. Jeong
d
WARN_ON_ONCE()). As I am not familiar with this code, I do not see any
other problem.
Best regards,
Dae R. Jeong
18 matches
Mail list logo