lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Sep 2021 22:19:08 +0300
From:   Pavel Skripkin <paskripkin@...il.com>
To:     syzbot <syzbot+7d41312fe3f123a6f605@...kaller.appspotmail.com>,
        gregkh@...uxfoundation.org, len.brown@...el.com,
        linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org,
        pavel@....cz, rjw@...ysocki.net, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] KASAN: null-ptr-deref Write in __pm_runtime_resume

On 9/2/21 01:57, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    835d31d319d9 Merge tag 'media/v5.15-1' of git://git.kernel..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1374b85d300000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=9c32e23fada3a0e4
> dashboard link: https://syzkaller.appspot.com/bug?extid=7d41312fe3f123a6f605
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16fde215300000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11aa9149300000
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+7d41312fe3f123a6f605@...kaller.appspotmail.com
> 
> Bluetooth: : Invalid header checksum
> Bluetooth: : Invalid header checksum
> ==================================================================
> BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
> BUG: KASAN: null-ptr-deref in atomic_inc include/linux/atomic/atomic-instrumented.h:181 [inline]
> BUG: KASAN: null-ptr-deref in __pm_runtime_resume+0x154/0x180 drivers/base/power/runtime.c:1105
> Write of size 4 at addr 0000000000000388 by task kworker/u4:4/244
> 


Looks like missing if (hu->serdev)

#syz test
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master


With regards,
Pavel Skripkin
View attachment "0001-Bluetooth-hci-fix-GPF-in-h5_recv.patch" of type "text/x-patch" (976 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ