lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <APEAtwCVJmT2dVCe9a0nWKoX.1.1764860451110.Hmail.2200013188@stu.pku.edu.cn>
Date: Thu, 4 Dec 2025 23:00:51 +0800 (GMT+08:00)
From: 李天宇 <2200013188@....pku.edu.cn>
To: linux-kernel <linux-kernel@...r.kernel.org>
Cc: gregkh <gregkh@...uxfoundation.org>, rafael <rafael@...nel.org>, 
	dakr <dakr@...nel.org>, abbotti <abbotti@....co.uk>, 
	hsweeten <hsweeten@...ionengravers.com>, 
	xujiakai2025 <xujiakai2025@...as.ac.cn>, 
	"zhaoruilin22@...ls.ucas.ac.cn" <zhaoruilin22@...ls.ucas.ac.cn>
Subject: [BUG] WARN "Unexpected driver unregister!" when configuring c6xdigio via COMEDI_DEVCONFIG

Hello maintainers,

I encountered a WARN in driver_unregister (drivers/base/driver.c:273) when configuring the c6xdigio COMEDI driver via ioctl(COMEDI_DEVCONFIG). This issue is first found on Linux 6.18-rc6 via a fuzzing framework and later confirmed reproducible on Linux v6.18.

Based on the call trace and source review, the path appears to be:

    - drivers/comedi/drivers.c:207: dev-&gt;driver-&gt;detach(dev) (detach is set as c6xdigio_detach in c6xdigio.c:290)
    - drivers/comedi/drivers/c6xdigio.c:283: pnp_unregister_driver()
    - drivers/pnp/driver.c:286: driver_unregister()
    - drivers/base/driver.c:273: WARN triggered

The WARN occurs because driver_unregister() finds drv-&gt;p == NULL and prints:
    WARN(1, "Unexpected driver unregister!\n");

It seems the attach process fails early (e.g. due to a request-region conflict), but the detach path still calls pnp_unregister_driver() unconditionally. If pnp_register_driver() was never successful, calling unregister on an unregistered driver results in driver_unregister() being invoked with drv-&gt;p == NULL, which leads to the warning.

Related information is listed below:

    Kernel source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.18.tar.xz
    Kernel configuration: https://github.com/j1akai/KConfigFuzz_bug/raw/refs/heads/main/x86/mainline-config
    Kernel log: https://github.com/Wxm-233/KConfigFuzz_crashes/raw/refs/heads/main/b42a57a980ac99dba76418f8daaa80e2a90831a1/report0
    Reproduction C code: https://github.com/Wxm-233/KConfigFuzz_crashes/raw/refs/heads/main/b42a57a980ac99dba76418f8daaa80e2a90831a1/repro.cprog
    Syscall sequence for reproduction (more precise): https://github.com/Wxm-233/KConfigFuzz_crashes/raw/refs/heads/main/b42a57a980ac99dba76418f8daaa80e2a90831a1/repro.prog
    GCC info: https://github.com/Wxm-233/KConfigFuzz_crashes/raw/refs/heads/main/b42a57a980ac99dba76418f8daaa80e2a90831a1/gccinfo

I hope this report helps in identifying and resolving the issue. Thanks for your time and attention.

Best regards.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ