lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1df5a745-902a-4a57-8abd-6b48cf54fc87@kzalloc.com>
Date: Sun, 31 Aug 2025 21:56:26 +0900
From: Yunseong Kim <ysk@...lloc.com>
To: Hillf Danton <hdanton@...a.com>,
 syzbot <syzbot+535bbe83dfc3ae8d4be3@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
 Krzysztof Kozlowski <krzk@...nel.org>, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] [nfc?] WARNING in nfc_rfkill_set_block

Oh, thank you Hillf, for your help!

On 8/31/25 6:59 PM, Hillf Danton wrote:
>> Date: Sun, 31 Aug 2025 00:02:33 -0700
>> syzbot has found a reproducer for the following issue on:
>>
>> HEAD commit:    c8bc81a52d5a Merge tag 'arm64-fixes' of git://git.kernel.o..
>> git tree:       upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1508ce34580000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=bd9738e00c1bbfb4
>> dashboard link: https://syzkaller.appspot.com/bug?extid=535bbe83dfc3ae8d4be3
>> compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11019a62580000
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1308ce34580000
> 
> Test Kim's patch.
> 
> #syz test
> 
> --- a/net/nfc/core.c
> +++ b/net/nfc/core.c
> @@ -1154,6 +1154,7 @@ EXPORT_SYMBOL(nfc_register_device);
>  void nfc_unregister_device(struct nfc_dev *dev)
>  {
>  	int rc;
> +	struct rfkill *rfk = NULL;
>  
>  	pr_debug("dev_name=%s\n", dev_name(&dev->dev));
>  
> @@ -1163,14 +1164,18 @@ void nfc_unregister_device(struct nfc_dev *dev)
>  			 "was removed\n", dev_name(&dev->dev));
>  
>  	device_lock(&dev->dev);
> +	dev->shutting_down = true;
>  	if (dev->rfkill) {
> -		rfkill_unregister(dev->rfkill);
> -		rfkill_destroy(dev->rfkill);
> +		rfk = dev->rfkill;
>  		dev->rfkill = NULL;
>  	}
> -	dev->shutting_down = true;
>  	device_unlock(&dev->dev);
>  
> +	if (rfk) {
> +		rfkill_unregister(rfk);
> +		rfkill_destroy(rfk);
> +	}
> +
>  	if (dev->ops->check_presence) {
>  		timer_delete_sync(&dev->check_pres_timer);
>  		cancel_work_sync(&dev->check_pres_work);
> --- x/net/bluetooth/hci_core.c
> +++ y/net/bluetooth/hci_core.c
> @@ -1476,8 +1476,14 @@ static void hci_cmd_timeout(struct work_
>  	if (hdev->reset)
>  		hdev->reset(hdev);
>  
> +	rcu_read_lock();
> +	if (hci_dev_test_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE)) {
> +		rcu_read_unlock();
> +		return;
> +	}
>  	atomic_set(&hdev->cmd_cnt, 1);
>  	queue_work(hdev->workqueue, &hdev->cmd_work);
> +	rcu_read_unlock();
>  }
>  
>  /* HCI ncmd timer function */
> --

Last time, as Krzysztof guided, I wanted to try fixing the bugs reported
by syzbot, but since it was my first time following this process, I needed
to look up the steps. Including the bug I’m seeing now, is there anything
else I should do to address these issues?

My plan was to look up the procedure and then revise the patch description
before submitting a v2 patch.

Thank you!

Best regards,
Yunseong Kim (金潤成)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ