lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <b4e5ae73-8a2c-4069-89a4-5176ad3e4bfb@mev.co.uk>
Date: Thu, 4 Dec 2025 16:39:18 +0000
From: Ian Abbott <abbotti@....co.uk>
To: 李天宇 <2200013188@....pku.edu.cn>,
 linux-kernel <linux-kernel@...r.kernel.org>
Cc: gregkh <gregkh@...uxfoundation.org>, rafael <rafael@...nel.org>,
 dakr <dakr@...nel.org>, hsweeten <hsweeten@...ionengravers.com>,
 xujiakai2025 <xujiakai2025@...as.ac.cn>,
 "zhaoruilin22@...ls.ucas.ac.cn" <zhaoruilin22@...ls.ucas.ac.cn>
Subject: Re: [BUG] WARN "Unexpected driver unregister!" when configuring
 c6xdigio via COMEDI_DEVCONFIG

On 04/12/2025 15:00, 李天宇 wrote:
> Hello maintainers,
> 
> I encountered a WARN in driver_unregister (drivers/base/driver.c:273) when configuring the c6xdigio COMEDI driver via ioctl(COMEDI_DEVCONFIG). This issue is first found on Linux 6.18-rc6 via a fuzzing framework and later confirmed reproducible on Linux v6.18.
> 
> Based on the call trace and source review, the path appears to be:
> 
>      - drivers/comedi/drivers.c:207: dev-&gt;driver-&gt;detach(dev) (detach is set as c6xdigio_detach in c6xdigio.c:290)
>      - drivers/comedi/drivers/c6xdigio.c:283: pnp_unregister_driver()
>      - drivers/pnp/driver.c:286: driver_unregister()
>      - drivers/base/driver.c:273: WARN triggered
> 
> The WARN occurs because driver_unregister() finds drv-&gt;p == NULL and prints:
>      WARN(1, "Unexpected driver unregister!\n");
> 
> It seems the attach process fails early (e.g. due to a request-region conflict), but the detach path still calls pnp_unregister_driver() unconditionally. If pnp_register_driver() was never successful, calling unregister on an unregistered driver results in driver_unregister() being invoked with drv-&gt;p == NULL, which leads to the warning.
> 
> Related information is listed below:
> 
>      Kernel source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.18.tar.xz
>      Kernel configuration: https://github.com/j1akai/KConfigFuzz_bug/raw/refs/heads/main/x86/mainline-config
>      Kernel log: https://github.com/Wxm-233/KConfigFuzz_crashes/raw/refs/heads/main/b42a57a980ac99dba76418f8daaa80e2a90831a1/report0
>      Reproduction C code: https://github.com/Wxm-233/KConfigFuzz_crashes/raw/refs/heads/main/b42a57a980ac99dba76418f8daaa80e2a90831a1/repro.cprog
>      Syscall sequence for reproduction (more precise): https://github.com/Wxm-233/KConfigFuzz_crashes/raw/refs/heads/main/b42a57a980ac99dba76418f8daaa80e2a90831a1/repro.prog
>      GCC info: https://github.com/Wxm-233/KConfigFuzz_crashes/raw/refs/heads/main/b42a57a980ac99dba76418f8daaa80e2a90831a1/gccinfo
> 
> I hope this report helps in identifying and resolving the issue. Thanks for your time and attention.
> 
> Best regards.
> 

Thanks for the report, but I think that one is already fixed in 
"linux-next":

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/drivers/comedi/drivers/c6xdigio.c?id=72262330f7b3ad2130e800cecf02adcce3c32c77

-- 
-=( Ian Abbott <abbotti@....co.uk> || MEV Ltd. is a company  )=-
-=( registered in England & Wales.  Regd. number: 02862268.  )=-
-=( Regd. addr.: S11 & 12 Building 67, Europa Business Park, )=-
-=( Bird Hall Lane, STOCKPORT, SK3 0XA, UK. || www.mev.co.uk )=-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ