lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 10 Jul 2021 20:36:29 -0400
From:   Alan Stern <stern@...land.harvard.edu>
To:     syzbot <syzbot+72af3105289dcb4c055b@...kaller.appspotmail.com>
Cc:     gregkh@...uxfoundation.org, johan@...nel.org,
        linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
        mathias.nyman@...ux.intel.com, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] WARNING in do_proc_control/usb_submit_urb

On Sat, Jul 10, 2021 at 03:58:10PM -0700, syzbot wrote:
> Hello,
> 
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> BUG: sleeping function called from invalid context in lock_sock_nested

This is clearly a different bug, so it looks like the patch does fix 
the original bug.  I'll submit it after the end of the merge window.

Alan Stern

> BUG: sleeping function called from invalid context at net/core/sock.c:3159
> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8829, name: syz-executor.5
> 1 lock held by syz-executor.5/8829:
>  #0: ffffffff8d2ecee0 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x3db/0x660 net/bluetooth/hci_sock.c:763
> Preemption disabled at:
> [<0000000000000000>] 0x0
> CPU: 1 PID: 8829 Comm: syz-executor.5 Not tainted 5.13.0-next-20210707-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
>  ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9171
>  lock_sock_nested+0x25/0x120 net/core/sock.c:3159
>  lock_sock include/net/sock.h:1613 [inline]
>  hci_sock_dev_event+0x465/0x660 net/bluetooth/hci_sock.c:765
>  hci_unregister_dev+0x2fd/0x1130 net/bluetooth/hci_core.c:4033
>  vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:340
>  __fput+0x288/0x920 fs/file_table.c:280
>  task_work_run+0xdd/0x1a0 kernel/task_work.c:164
>  exit_task_work include/linux/task_work.h:32 [inline]
>  do_exit+0xbd4/0x2a60 kernel/exit.c:825
>  do_group_exit+0x125/0x310 kernel/exit.c:922
>  __do_sys_exit_group kernel/exit.c:933 [inline]
>  __se_sys_exit_group kernel/exit.c:931 [inline]
>  __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931
>  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>  do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
>  entry_SYSCALL_64_after_hwframe+0x44/0xae
> RIP: 0033:0x4665d9
> Code: Unable to access opcode bytes at RIP 0x4665af.
> RSP: 002b:00007ffd31aadb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
> RAX: ffffffffffffffda RBX: 00007ffd31aae2c8 RCX: 00000000004665d9
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
> RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffd31aae2c8
> R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef54
> R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000400538
> 
> ======================================================
> 
> 
> Tested on:
> 
> commit:         ee268dee Add linux-next specific files for 20210707
> git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> console output: https://syzkaller.appspot.com/x/log.txt?x=159cf1e2300000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=59e1e3bbc3afca75
> dashboard link: https://syzkaller.appspot.com/bug?extid=72af3105289dcb4c055b
> compiler:       
> patch:          https://syzkaller.appspot.com/x/patch.diff?x=163fd772300000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ