From: Eric Biggers <ebigg...@google.com>
round_pipe_size() calculates the number of pages the requested size
corresponds to, then rounds the page count up to the next power of 2.
However, it also rounds everything < PAGE_SIZE up to PAGE_SIZE.
Therefore, there's no need to actually
From: Eric Biggers <ebigg...@google.com>
A pipe's size is represented as an 'unsigned int'. As expected, writing
a value greater than UINT_MAX to /proc/sys/fs/pipe-max-size fails with
EINVAL. However, the F_SETPIPE_SZ fcntl silently truncates such values
to 32 bits, rather than f
From: Eric Biggers <ebigg...@google.com>
pipe_proc_fn() is no longer needed, as it only calls through to
proc_dopipe_max_size(). Just put proc_dopipe_max_size() in the
ctl_table entry directly, and remove the unneeded EXPORT_SYMBOL() and
the ENOSYS stub for it.
(The reason the ENOSYS stub
From: Eric Biggers <ebigg...@google.com>
The pipe buffer limits are accessed without any locking, and may be
changed at any time by the sysctl handlers. In theory this could cause
problems for expressions like the following:
pipe_user_pages_hard && user_bufs > pip
From: Eric Biggers <ebigg...@google.com>
pipe-user-pages-hard and pipe-user-pages-soft are only supposed to apply
to unprivileged users, as documented in both Documentation/sysctl/fs.txt
and the pipe(7) man page.
However, the capabilities are actually only checked when increasing a
pipe'
treated as N - 1.
- F_SETPIPE_SZ accepted values over UINT_MAX.
- Reading the pipe buffer limits could be racy.
Eric Biggers (7):
pipe, sysctl: drop 'min' parameter from pipe-max-size converter
pipe, sysctl: remove pipe_proc_fn()
pipe: actually allow root to exceed the pipe buffer limits
Hi André,
On Wed, Jan 10, 2018 at 12:44:18PM +, André Draszik wrote:
> diff --git a/Documentation/security/keys/fscrypt.rst
> b/Documentation/security/keys/fscrypt.rst
> new file mode 100644
> index ..e4a29592513e
> --- /dev/null
> +++ b/Documentation/security/keys/fscrypt.rst
>
From: Eric Biggers <ebigg...@google.com>
pipe_proc_fn() is no longer needed, as it only calls through to
proc_dopipe_max_size(). Just put proc_dopipe_max_size() in the
ctl_table entry directly, and remove the unneeded EXPORT_SYMBOL() and
the ENOSYS stub for it.
(The reason the ENOSYS stub
From: Eric Biggers <ebigg...@google.com>
pipe-user-pages-hard and pipe-user-pages-soft are only supposed to apply
to unprivileged users, as documented in both Documentation/sysctl/fs.txt
and the pipe(7) man page.
However, the capabilities are actually only checked when increasing a
pipe'
Fixed commit message for "pipe: simplify round_pipe_size()"
Eric Biggers (7):
pipe, sysctl: drop 'min' parameter from pipe-max-size converter
pipe, sysctl: remove pipe_proc_fn()
pipe: actually allow root to exceed the pipe buffer limits
pipe: fix off-by-one error when checkin
From: Eric Biggers <ebigg...@google.com>
round_pipe_size() calculates the number of pages the requested size
corresponds to, then rounds the page count up to the next power of 2.
However, it also rounds everything < PAGE_SIZE up to PAGE_SIZE.
Therefore, there's no need to actually
From: Eric Biggers <ebigg...@google.com>
Before validating the given value against pipe_min_size,
do_proc_dopipe_max_size_conv() calls round_pipe_size(), which rounds the
value up to pipe_min_size. Therefore, the second check against
pipe_min_size is redundant. Remove it.
Acked-by: Kee
From: Eric Biggers <ebigg...@google.com>
A pipe's size is represented as an 'unsigned int'. As expected, writing
a value greater than UINT_MAX to /proc/sys/fs/pipe-max-size fails with
EINVAL. However, the F_SETPIPE_SZ fcntl silently truncates such values
to 32 bits, rather than f
From: Eric Biggers <ebigg...@google.com>
With pipe-user-pages-hard set to 'N', users were actually only allowed
up to 'N - 1' buffers; and likewise for pipe-user-pages-soft.
Fix this to allow up to 'N' buffers, as would be expected.
Fixes: b0b91d18e2e9 ("pipe: fix lim
From: Eric Biggers <ebigg...@google.com>
The pipe buffer limits are accessed without any locking, and may be
changed at any time by the sysctl handlers. In theory this could cause
problems for expressions like the following:
pipe_user_pages_hard && user_bufs > pip
Hi André,
On Wed, Jan 10, 2018 at 12:44:16PM +, André Draszik wrote:
> This is heavily based on commit 79a73d188726
> ("encrypted-keys: add ecryptfs format support").
>
> The 'encrypted' key type defines its own payload format which contains a
> symmetric key randomly generated that cannot
On Tue, Jan 09, 2018 at 02:20:45PM -0800, Kees Cook wrote:
> On Sun, Jan 7, 2018 at 9:35 PM, Eric Biggers <ebigge...@gmail.com> wrote:
> > From: Eric Biggers <ebigg...@google.com>
> >
> > Before validating the given value against pipe_min_size,
> &g
On Tue, Jan 09, 2018 at 02:23:32PM -0800, Kees Cook wrote:
> On Sun, Jan 7, 2018 at 9:35 PM, Eric Biggers <ebigge...@gmail.com> wrote:
> > From: Eric Biggers <ebigg...@google.com>
> >
> > pipe-user-pages-hard and pipe-user-pages-soft are only supposed t
On Tue, Jan 09, 2018 at 02:27:10PM -0800, Kees Cook wrote:
>
> > @@ -1054,9 +1048,6 @@ static long pipe_set_size(struct pipe_inode_info
> > *pipe, unsigned long arg)
> > return -EINVAL;
> > nr_pages = size >> PAGE_SHIFT;
> >
> > - if (!nr_pages)
> > -
On Sat, Jan 06, 2018 at 07:00:48PM +, Al Viro wrote:
> On Sat, Jan 06, 2018 at 06:46:19PM +, Al Viro wrote:
> > On Sat, Jan 06, 2018 at 09:45:41AM -0800, Eric Biggers wrote:
> > > This series removes some cruft (mainly exported functions) from
> > > fs/eventfd
On Tue, Jan 16, 2018 at 05:34:07PM +0800, Tianyu Lan wrote:
> kvm_valid_sregs() should use X86_CR0_PG and X86_CR4_PAE to check bit
> status rather than X86_CR0_PG_BIT and X86_CR4_PAE_BIT. This patch is
> to fix it.
>
> Fixes: f29810335965a(KVM/x86: Check input paging mode when cs.l is set)
>
+Cc alex.william...@redhat.com
On Fri, Jan 19, 2018 at 05:03:47PM +0800, Wanpeng Li wrote:
> 2018-01-19 17:01 GMT+08:00 Wanpeng Li <kernel...@gmail.com>:
> > 2018-01-19 16:18 GMT+08:00 Eric Biggers <ebigge...@gmail.com>:
> >> From: Eric Biggers <ebigg...@go
From: Eric Biggers <ebigg...@google.com>
nfs_idmap_legacy_upcall() is supposed to be called with 'aux' pointing
to a 'struct idmap', via the call to request_key_with_auxdata() in
nfs_idmap_request_key().
However it can also be reached via the request_key() system call in
which cas
From: Eric Biggers <ebigg...@google.com>
Memslots must not overlap in guest physical memory, since otherwise some
guest physical addresses will not uniquely map to a memslot. Yet, the
overlap check in __kvm_set_memory_region() allows a memslot that
overlaps one of the "private&quo
On Tue, Nov 21, 2017 at 02:00:00AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 5a3517e009e979f21977d362212b7729c5165d92
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 26, 2017 at 08:08:13AM +0100, 'Dmitry Vyukov' via syzkaller-bugs
wrote:
> On Tue, Dec 26, 2017 at 1:55 AM, Wanpeng Li wrote:
> > 2017-12-26 8:22 GMT+08:00 syzbot
> > :
> >> syzkaller has
On Fri, Dec 22, 2017 at 11:33:02PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 11:49:02PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Mon, Nov 27, 2017 at 10:56:46AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 1ea8d039f9edcfefb20d8ddfe136930f6e551529
> git://git.cmpxchg.org/linux-mmots.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C
On Wed, Jan 17, 2018 at 07:39:24AM +0100, Oliver Hartkopp wrote:
>
>
> On 01/16/2018 07:11 PM, Dmitry Vyukov wrote:
> > On Tue, Jan 16, 2018 at 7:07 PM, Marc Kleine-Budde
> > wrote:
> > > On 01/16/2018 06:58 PM, syzbot wrote:
> > > > Hello,
> > > >
> > > > syzkaller hit
On Fri, Dec 22, 2017 at 11:22:38AM -0600, Eric Biggers wrote:
> [+Cc keyri...@vger.kernel.org]
>
> On Fri, Dec 22, 2017 at 07:55:01AM -0800, syzbot wrote:
> > Hello,
> >
> > syzkaller hit the following crash on
> > 9035a8961b504d0997369509ab8c6b1f0a4ee33d
>
On Wed, Jan 17, 2018 at 09:56:29AM +0100, Pavel Machek wrote:
> Hi!
>
> > > Andrea Arcangeli (1):
> > > userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK
> > > fails
> > >
> > > fs/userfaultfd.c | 20 ++--
> > > 1 file changed, 18 insertions(+), 2
Hi André,
On Wed, Jan 17, 2018 at 02:29:29PM +, André Draszik wrote:
> Thanks Eric for the review!
>
> On Wed, 2018-01-10 at 20:00 -0800, Eric Biggers wrote:
> > Hi André,
> >
> > On Wed, Jan 10, 2018 at 12:44:16PM +, André Draszik wrote:
> >
On Wed, Jan 17, 2018 at 05:18:17PM -0800, Joe Perches wrote:
> On Wed, 2018-01-17 at 20:09 -0500, Theodore Ts'o wrote:
> > get_maintainer.pl, which is often not accurate
>
> Examples please.
>
Well, the primary problem is that place the crash occurs is not necessarily
responsible for the bug.
Y. Ts'o" <ty...@mit.edu>
> Cc: Jaegeuk Kim <jaeg...@kernel.org>
> Cc: linux-fscr...@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: Eric Biggers <ebigg...@google.com>
>
> ---
> changes in v2:
> * dropped the previously added 'fscrypt' en
On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote:
> -static int validate_user_key(struct fscrypt_info *crypt_info,
> +static inline struct key *fscrypt_get_encrypted_key(const char *description)
> +{
> + if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS))
> + return
On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote:
> fscrypt uses a master key for each directory policy from
> which all further keys for that policy are derived, and
> at the moment such a master key has to be inserted into
> a kernel keyring as a 'logon' key by user-space.
>
>
On Sun, Dec 17, 2017 at 06:37:02PM +0800, Wanpeng Li wrote:
> 2017-12-17 17:56 GMT+08:00 syzbot
> :
> > Hello,
> >
> > syzkaller hit the following crash on
> > 41d8c16909ebda40f7b4982a7f5e2ad102705ade
> >
On Wed, Nov 29, 2017 at 10:23:00PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 0c86a6bd85ff0629cd2c5141027fc1c8bb6cde9c
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 11:49:02PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Mon, Nov 06, 2017 at 12:51:57PM +0100, David Hildenbrand wrote:
> On 31.10.2017 12:34, syzbot wrote:
> > Hello,
> >
> > syzkaller hit the following crash on
> > 91dfed74eabcdae9378131546c446442c29bf769
> > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> > compiler:
On Sat, Dec 16, 2017 at 04:37:02PM +0800, Lan, Tianyu wrote:
> The root cause is that kvm_irqfd_assign() and kvm_irqfd_deassign() can't
> be run in parallel. Some data structure(e.g, irqfd->consumer) will be
> crashed because irqfd may be freed in deassign path before they are used
> in assign
On Fri, Jan 05, 2018 at 02:58:02AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 30a7acd573899fd8b8ac39236eff6468b195ac7d
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Fri, Jan 05, 2018 at 09:47:01AM -0800, syzbot wrote:
> syzkaller has found reproducer for the following crash on
> e1915c8195b38393005be9b74bfa6a3a367c83b3
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw
On Thu, Nov 02, 2017 at 03:55:00AM -0700, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> fa8785e862ef644f742558f1a8c91eca6f3f0004
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
From: Eric Biggers <ebigg...@google.com>
This reverts commit ba62bafe942b159a6109cbec780d36496e06b6c5.
This commit introduced a double free bug, because 'chan' is already
freed by the line:
kref_put(>kref, relay_destroy_channel);
This bug was found by syzkaller, using the BLKT
On Wed, Nov 08, 2017 at 12:16:00AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 5a3517e009e979f21977d362212b7729c5165d92
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Mon, Dec 11, 2017 at 07:00:03PM +0800, Wanpeng Li wrote:
> 2017-12-09 19:39 GMT+08:00 Tianyu Lan :
> > 2017-12-09 17:15 GMT+08:00 syzbot
> > :
> >> syzkaller has found reproducer for the following
On Thu, Jan 25, 2018 at 04:37:48PM -0800, Eric Biggers wrote:
> On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote:
> > -static int validate_user_key(struct fscrypt_info *crypt_info,
> > +static inline struct key *fscrypt_get_encrypted_key(const char
&
On Fri, Dec 15, 2017 at 11:52:01PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> a638349bf6c29433b938141f99225b160551ff48
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Fri, Dec 01, 2017 at 03:19:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 43f462f1c2e111d2882b48baeeff774ae42e7c56
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Thu, Nov 02, 2017 at 03:53:38AM -0700, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> ce43f4fd6f103681c7485c2b1967179647e73555
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Wed, Jan 03, 2018 at 10:53:02AM -0800, 'Wei Wang' via syzkaller-bugs wrote:
> On Wed, Jan 3, 2018 at 8:16 AM, David Ahern wrote:
> > [ +wei...@google.com ]
> >
> > On 1/2/18 3:58 PM, syzbot wrote:
> >> Hello,
> >>
> >> syzkaller hit the following crash on
> >>
On Fri, Dec 22, 2017 at 01:37:01PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Sun, Jan 14, 2018 at 01:22:13AM +0100, Daniel Borkmann wrote:
> On 01/13/2018 08:29 AM, Dmitry Vyukov wrote:
> > On Fri, Jan 12, 2018 at 11:58 PM, syzbot
> > wrote:
> >> Hello,
> >>
> >> syzkaller hit the following crash on
> >>
On Thu, Jan 11, 2018 at 11:48:28AM +0100, Daniel Borkmann wrote:
> Hi Dmitry,
>
> On 01/11/2018 11:22 AM, Dmitry Vyukov wrote:
> > On Thu, Jan 11, 2018 at 11:17 AM, syzbot
> > wrote:
> >> Hello,
> >>
> >> syzkaller hit the following crash on
On Thu, Dec 21, 2017 at 05:48:01AM -0800, syzbot wrote:
> syzkaller has found reproducer for the following crash on
> 8f36e00065436412a02d1f50ad77375bdb506300
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw
On Wed, Nov 01, 2017 at 10:55:01AM -0700, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 33ad61d0f799656e8987e9c80e6e15151bb857f3
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Thu, Nov 02, 2017 at 08:07:27PM +0800, Xin Long wrote:
> On Thu, Nov 2, 2017 at 1:55 AM, syzbot
>
> wrote:
> > Hello,
> >
> > syzkaller hit the following crash on
> > 25a5d23b47994cdb451dcd2bc8ac310a1492f71b
> >
On Thu, Dec 21, 2017 at 08:44:32AM -0800, Santosh Shilimkar wrote:
> +Avinash
>
> On 12/21/2017 1:10 AM, syzbot wrote:
> > syzkaller has found reproducer for the following crash on
>
> [..]
>
> >
> > audit: type=1400 audit(1513847224.110:7): avc: denied { map } for
> > pid=3157
Hi Goldwyn,
On Tue, Jan 30, 2018 at 09:52:02PM -0600, Goldwyn Rodrigues wrote:
>
>
> On 01/30/2018 04:13 PM, Eric Biggers wrote:
> > On Tue, Dec 19, 2017 at 12:39:01AM -0800, syzbot wrote:
> >> Hello,
> >>
> >> syzkaller hit the following crash on
>
On Thu, Jan 04, 2018 at 08:58:00PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 37759fa6d0fa9e4d6036d19ac12f555bfc0aeafd
> git://git.cmpxchg.org/linux-mmots.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C
On Fri, Jan 19, 2018 at 10:57:16AM -0800, Eric Biggers wrote:
> +Cc alex.william...@redhat.com
>
> On Fri, Jan 19, 2018 at 05:03:47PM +0800, Wanpeng Li wrote:
> > 2018-01-19 17:01 GMT+08:00 Wanpeng Li <kernel...@gmail.com>:
> > > 2018-01-19 16:18 GMT+08:00 Eri
On Sun, Dec 17, 2017 at 07:47:01AM -0800, syzbot wrote:
> syzkaller has found reproducer for the following crash on
> 82bcf1def3b5f1251177ad47c44f7e17af039b4b
> git://git.cmpxchg.org/linux-mmots.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
On Mon, Nov 27, 2017 at 10:30:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> e1d1ea549b57790a3d8cf6300e6ef86118d692a3
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 12, 2017 at 04:05:17PM -0800, Eric Biggers wrote:
> [+Cc binder maintainers and list]
> [-Cc lockdep maintainers, USB maintainers, and other random people]
>
> On Sat, Dec 02, 2017 at 08:08:01AM -0800, syzbot wrote:
> > BUG: KASAN: use-after-free in __lock_acq
On Tue, Dec 19, 2017 at 11:49:03PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 10:41:00AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 04:49:02AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Mon, Dec 18, 2017 at 06:01:30PM +0100, 'Dmitry Vyukov' via syzkaller-bugs
wrote:
> On Mon, Dec 18, 2017 at 5:46 PM, Santosh Shilimkar
> wrote:
> > On 12/18/2017 4:36 AM, syzbot wrote:
> >>
> >> Hello,
> >>
> >> syzkaller hit the following crash on
> >>
On Sun, Nov 05, 2017 at 01:05:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 7f9ad2ace17a3521a80831208d431170ef71591f
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Sat, Dec 23, 2017 at 01:58:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 11:49:02PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Thu, Dec 14, 2017 at 11:37:00PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 50c4c4e268a2d7a3e58ebb698ac74da0de40ae36
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Mon, Nov 27, 2017 at 09:37:07AM -0800, Cong Wang wrote:
> On Mon, Nov 27, 2017 at 3:55 AM, Steffen Klassert
> wrote:
> > On Tue, Nov 21, 2017 at 06:44:04PM -0800, Cong Wang wrote:
> >> User-space uses proto==0 as a wildcard, but xfrm_id_proto_match()
> >> doesn't
On Wed, Dec 13, 2017 at 06:18:05AM +0100, Steffen Klassert wrote:
> On Tue, Dec 12, 2017 at 01:00:31PM -0800, Eric Biggers wrote:
> > Hi Steffen,
> >
> > On Fri, Dec 01, 2017 at 08:27:43AM +0100, Steffen Klassert wrote:
> > > On Wed, Nov 22, 2017 at
On Mon, Dec 18, 2017 at 11:36:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 11:50:01PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 11:48:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 06:42:00AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 12:35:02AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Sun, Dec 17, 2017 at 09:51:01PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 41d8c16909ebda40f7b4982a7f5e2ad102705ade
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Sun, Nov 05, 2017 at 01:35:02AM -0700, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 2a171788ba7bb61995e98e8163204fc7880f63b2
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Fri, Jan 05, 2018 at 10:31:04PM +0100, Luis R. Rodriguez wrote:
> On Fri, Dec 22, 2017 at 11:33:02PM -0800, syzbot wrote:
> > Hello,
> >
> > syzkaller hit the following crash on
> > 6084b576dca2e898f5c101baef151f7bfdbb606d
> >
On Fri, Jan 19, 2018 at 06:58:01AM -0800, syzbot wrote:
> Hello,
>
> syzbot hit the following crash on linux-next commit
> b625c1ff82272e26c76570d3c7123419ec345b20
>
> So far this crash happened 5 times on linux-next, mmots.
> C reproducer is attached.
> syzkaller reproducer is attached.
> Raw
On Tue, Dec 19, 2017 at 08:38:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 05:43:00AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Mon, Dec 18, 2017 at 12:22:51PM -0500, Sowmini Varadhan wrote:
> > From: Santosh Shilimkar
> > Date: Mon, 18 Dec 2017 08:28:05 -0800
> :
> > > Looks like another one tripping on empty transport. Mostly below
> > > should
> > > address it but we will test it if
On Wed, Dec 20, 2017 at 12:52:00PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 01:03:00PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 08:25:00AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Mon, Dec 18, 2017 at 11:54:00PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Sat, Dec 23, 2017 at 03:01:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Wed, Dec 20, 2017 at 09:05:39AM +0100, Dmitry Vyukov wrote:
> On Wed, Dec 20, 2017 at 8:59 AM, Eric Biggers <ebigge...@gmail.com> wrote:
> > On Wed, Dec 20, 2017 at 08:50:40AM +0100, Dmitry Vyukov wrote:
> >> >
> >> > The line number in lib/rbtr
On Tue, Dec 19, 2017 at 12:40:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Tue, Dec 19, 2017 at 12:39:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
On Fri, Dec 22, 2017 at 01:31:26PM +0800, Xin Long wrote:
> On Thu, Dec 21, 2017 at 9:13 PM, Marcelo Ricardo Leitner
> wrote:
> > On Wed, Dec 20, 2017 at 12:51:01PM -0800, syzbot wrote:
> >
> > from the log:
> > [ 89.451366] FAULT_INJECTION: forcing a failure.^M
> > [
On Fri, Dec 01, 2017 at 03:30:01AM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> df8ba95c572a187ed2aa7403e97a7a7f58c01f00
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
From: Eric Biggers <ebigg...@google.com>
If the kzalloc() in binder_get_thread() fails, binder_poll()
dereferences the resulting NULL pointer.
Fix it by returning POLLERR if the memory allocation failed.
This bug was found by syzkaller using fault injection.
Reported-by: syzbot &
On Tue, Dec 19, 2017 at 11:26:01AM -0800, syzbot wrote:
> syzkaller has found reproducer for the following crash on
> 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw
501 - 600 of 2452 matches
Mail list logo