* [net-next 2/2] tipc: fix changeover issues due to large packet
From: Tuong Lien @ 2019-07-24 1:56 UTC (permalink / raw)
To: davem, jon.maloy, maloy, ying.xue, netdev; +Cc: tipc-discussion
In-Reply-To: <20190724015612.2518-1-tuong.t.lien@dektech.com.au>
In conjunction with changing the interfaces' MTU (e.g. especially in
the case of a bonding) where the TIPC links are brought up and down
in a short time, a couple of issues were detected with the current link
changeover mechanism:
1) When one link is up but immediately forced down again, the failover
procedure will be carried out in order to failover all the messages in
the link's transmq queue onto the other working link. The link and node
state is also set to FAILINGOVER as part of the process. The message
will be transmited in form of a FAILOVER_MSG, so its size is plus of 40
bytes (= the message header size). There is no problem if the original
message size is not larger than the link's MTU - 40, and indeed this is
the max size of a normal payload messages. However, in the situation
above, because the link has just been up, the messages in the link's
transmq are almost SYNCH_MSGs which had been generated by the link
synching procedure, then their size might reach the max value already!
When the FAILOVER_MSG is built on the top of such a SYNCH_MSG, its size
will exceed the link's MTU. As a result, the messages are dropped
silently and the failover procedure will never end up, the link will
not be able to exit the FAILINGOVER state, so cannot be re-established.
2) The same scenario above can happen more easily in case the MTU of
the links is set differently or when changing. In that case, as long as
a large message in the failure link's transmq queue was built and
fragmented with its link's MTU > the other link's one, the issue will
happen (there is no need of a link synching in advance).
3) The link synching procedure also faces with the same issue but since
the link synching is only started upon receipt of a SYNCH_MSG, dropping
the message will not result in a state deadlock, but it is not expected
as design.
The 1) & 3) issues are resolved by the last commit that only a dummy
SYNCH_MSG (i.e. without data) is generated at the link synching, so the
size of a FAILOVER_MSG if any then will never exceed the link's MTU.
For the 2) issue, the only solution is trying to fragment the messages
in the failure link's transmq queue according to the working link's MTU
so they can be failovered then. A new function is made to accomplish
this, it will still be a TUNNEL PROTOCOL/FAILOVER MSG but if the
original message size is too large, it will be fragmented & reassembled
at the receiving side.
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
---
net/tipc/link.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++---------
net/tipc/msg.c | 59 ++++++++++++++++++++++++++++++++++++
net/tipc/msg.h | 18 ++++++++++-
3 files changed, 155 insertions(+), 15 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index e215b4ba6a4b..2c274777b2dd 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -180,6 +180,7 @@ struct tipc_link {
/* Fragmentation/reassembly */
struct sk_buff *reasm_buf;
+ struct sk_buff *reasm_tnlmsg;
/* Broadcast */
u16 ackers;
@@ -897,8 +898,10 @@ void tipc_link_reset(struct tipc_link *l)
l->backlog[TIPC_CRITICAL_IMPORTANCE].len = 0;
l->backlog[TIPC_SYSTEM_IMPORTANCE].len = 0;
kfree_skb(l->reasm_buf);
+ kfree_skb(l->reasm_tnlmsg);
kfree_skb(l->failover_reasm_skb);
l->reasm_buf = NULL;
+ l->reasm_tnlmsg = NULL;
l->failover_reasm_skb = NULL;
l->rcv_unacked = 0;
l->snd_nxt = 1;
@@ -940,6 +943,9 @@ int tipc_link_xmit(struct tipc_link *l, struct sk_buff_head *list,
int rc = 0;
if (unlikely(msg_size(hdr) > mtu)) {
+ pr_warn("Too large msg, purging xmit list %d %d %d %d %d!\n",
+ skb_queue_len(list), msg_user(hdr),
+ msg_type(hdr), msg_size(hdr), mtu);
skb_queue_purge(list);
return -EMSGSIZE;
}
@@ -1233,6 +1239,7 @@ static int tipc_link_tnl_rcv(struct tipc_link *l, struct sk_buff *skb,
struct sk_buff_head *inputq)
{
struct sk_buff **reasm_skb = &l->failover_reasm_skb;
+ struct sk_buff **reasm_tnlmsg = &l->reasm_tnlmsg;
struct sk_buff_head *fdefq = &l->failover_deferdq;
struct tipc_msg *hdr = buf_msg(skb);
struct sk_buff *iskb;
@@ -1240,40 +1247,56 @@ static int tipc_link_tnl_rcv(struct tipc_link *l, struct sk_buff *skb,
int rc = 0;
u16 seqno;
- /* SYNCH_MSG */
- if (msg_type(hdr) == SYNCH_MSG)
- goto drop;
+ if (msg_type(hdr) == SYNCH_MSG) {
+ kfree_skb(skb);
+ return 0;
+ }
- /* FAILOVER_MSG */
- if (!tipc_msg_extract(skb, &iskb, &ipos)) {
- pr_warn_ratelimited("Cannot extract FAILOVER_MSG, defq: %d\n",
- skb_queue_len(fdefq));
- return rc;
+ /* Not a fragment? */
+ if (likely(!msg_nof_fragms(hdr))) {
+ if (unlikely(!tipc_msg_extract(skb, &iskb, &ipos))) {
+ pr_warn_ratelimited("Unable to extract msg, defq: %d\n",
+ skb_queue_len(fdefq));
+ return 0;
+ }
+ kfree_skb(skb);
+ } else {
+ /* Set fragment type for buf_append */
+ if (msg_fragm_no(hdr) == 1)
+ msg_set_type(hdr, FIRST_FRAGMENT);
+ else if (msg_fragm_no(hdr) < msg_nof_fragms(hdr))
+ msg_set_type(hdr, FRAGMENT);
+ else
+ msg_set_type(hdr, LAST_FRAGMENT);
+
+ if (!tipc_buf_append(reasm_tnlmsg, &skb)) {
+ /* Successful but non-complete reassembly? */
+ if (*reasm_tnlmsg || link_is_bc_rcvlink(l))
+ return 0;
+ pr_warn_ratelimited("Unable to reassemble tunnel msg\n");
+ return tipc_link_fsm_evt(l, LINK_FAILURE_EVT);
+ }
+ iskb = skb;
}
do {
seqno = buf_seqno(iskb);
-
if (unlikely(less(seqno, l->drop_point))) {
kfree_skb(iskb);
continue;
}
-
if (unlikely(seqno != l->drop_point)) {
__tipc_skb_queue_sorted(fdefq, seqno, iskb);
continue;
}
l->drop_point++;
-
if (!tipc_data_input(l, iskb, inputq))
rc |= tipc_link_input(l, iskb, inputq, reasm_skb);
if (unlikely(rc))
break;
} while ((iskb = __tipc_skb_dequeue(fdefq, l->drop_point)));
-drop:
- kfree_skb(skb);
return rc;
}
@@ -1663,15 +1686,18 @@ void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
struct sk_buff *skb, *tnlskb;
struct tipc_msg *hdr, tnlhdr;
struct sk_buff_head *queue = &l->transmq;
- struct sk_buff_head tmpxq, tnlq;
+ struct sk_buff_head tmpxq, tnlq, frags;
u16 pktlen, pktcnt, seqno = l->snd_nxt;
+ bool pktcnt_need_update = false;
u16 syncpt;
+ int rc;
if (!tnl)
return;
skb_queue_head_init(&tnlq);
skb_queue_head_init(&tmpxq);
+ skb_queue_head_init(&frags);
/* At least one packet required for safe algorithm => add dummy */
skb = tipc_msg_create(TIPC_LOW_IMPORTANCE, TIPC_DIRECT_MSG,
@@ -1727,6 +1753,39 @@ void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
if (queue == &l->backlogq)
msg_set_seqno(hdr, seqno++);
pktlen = msg_size(hdr);
+
+ /* Tunnel link MTU is not large enough? This could be
+ * due to:
+ * 1) Link MTU has just changed or set differently;
+ * 2) Or FAILOVER on the top of a SYNCH message
+ *
+ * The 2nd case should not happen if peer supports
+ * TIPC_TUNNEL_ENHANCED
+ */
+ if (pktlen > tnl->mtu - INT_H_SIZE) {
+ if (mtyp == FAILOVER_MSG &&
+ (tnl->peer_caps & TIPC_TUNNEL_ENHANCED)) {
+ rc = tipc_msg_fragment(skb, &tnlhdr, tnl->mtu,
+ &frags);
+ if (rc) {
+ pr_warn("%sunable to frag msg: rc %d\n",
+ link_co_err, rc);
+ return;
+ }
+ pktcnt += skb_queue_len(&frags) - 1;
+ pktcnt_need_update = true;
+ skb_queue_splice_tail_init(&frags, &tnlq);
+ continue;
+ }
+ /* Unluckily, peer doesn't have TIPC_TUNNEL_ENHANCED
+ * => Just warn it and return!
+ */
+ pr_warn_ratelimited("%stoo large msg <%d, %d>: %d!\n",
+ link_co_err, msg_user(hdr),
+ msg_type(hdr), msg_size(hdr));
+ return;
+ }
+
msg_set_size(&tnlhdr, pktlen + INT_H_SIZE);
tnlskb = tipc_buf_acquire(pktlen + INT_H_SIZE, GFP_ATOMIC);
if (!tnlskb) {
@@ -1742,6 +1801,12 @@ void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
goto tnl;
}
+ if (pktcnt_need_update)
+ skb_queue_walk(&tnlq, skb) {
+ hdr = buf_msg(skb);
+ msg_set_msgcnt(hdr, pktcnt);
+ }
+
tipc_link_xmit(tnl, &tnlq, xmitq);
if (mtyp == FAILOVER_MSG) {
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index f48e5857210f..e6d49cdc61b4 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -244,6 +244,65 @@ bool tipc_msg_validate(struct sk_buff **_skb)
}
/**
+ * tipc_msg_fragment - build a fragment skb list for TIPC message
+ *
+ * @skb: TIPC message skb
+ * @hdr: internal msg header to be put on the top of the fragments
+ * @pktmax: max size of a fragment incl. the header
+ * @frags: returned fragment skb list
+ *
+ * Returns 0 if the fragmentation is successful, otherwise: -EINVAL
+ * or -ENOMEM
+ */
+int tipc_msg_fragment(struct sk_buff *skb, const struct tipc_msg *hdr,
+ int pktmax, struct sk_buff_head *frags)
+{
+ int pktno, nof_fragms, dsz, dmax, eat;
+ struct tipc_msg *_hdr;
+ struct sk_buff *_skb;
+ u8 *data;
+
+ /* Non-linear buffer? */
+ if (skb_linearize(skb))
+ return -ENOMEM;
+
+ data = (u8 *)skb->data;
+ dsz = msg_size(buf_msg(skb));
+ dmax = pktmax - INT_H_SIZE;
+ if (dsz <= dmax || !dmax)
+ return -EINVAL;
+
+ nof_fragms = dsz / dmax + 1;
+ for (pktno = 1; pktno <= nof_fragms; pktno++) {
+ if (pktno < nof_fragms)
+ eat = dmax;
+ else
+ eat = dsz % dmax;
+ /* Allocate a new fragment */
+ _skb = tipc_buf_acquire(INT_H_SIZE + eat, GFP_ATOMIC);
+ if (!_skb)
+ goto error;
+ skb_orphan(_skb);
+ __skb_queue_tail(frags, _skb);
+ /* Copy header & data to the fragment */
+ skb_copy_to_linear_data(_skb, hdr, INT_H_SIZE);
+ skb_copy_to_linear_data_offset(_skb, INT_H_SIZE, data, eat);
+ data += eat;
+ /* Update the fragment's header */
+ _hdr = buf_msg(_skb);
+ msg_set_fragm_no(_hdr, pktno);
+ msg_set_nof_fragms(_hdr, nof_fragms);
+ msg_set_size(_hdr, INT_H_SIZE + eat);
+ }
+ return 0;
+
+error:
+ __skb_queue_purge(frags);
+ __skb_queue_head_init(frags);
+ return -ENOMEM;
+}
+
+/**
* tipc_msg_build - create buffer chain containing specified header and data
* @mhdr: Message header, to be prepended to data
* @m: User message
diff --git a/net/tipc/msg.h b/net/tipc/msg.h
index fca042cdff88..1c8c8dd32a4e 100644
--- a/net/tipc/msg.h
+++ b/net/tipc/msg.h
@@ -721,12 +721,26 @@ static inline void msg_set_last_bcast(struct tipc_msg *m, u32 n)
msg_set_bits(m, 4, 16, 0xffff, n);
}
+static inline u32 msg_nof_fragms(struct tipc_msg *m)
+{
+ return msg_bits(m, 4, 0, 0xffff);
+}
+
+static inline void msg_set_nof_fragms(struct tipc_msg *m, u32 n)
+{
+ msg_set_bits(m, 4, 0, 0xffff, n);
+}
+
+static inline u32 msg_fragm_no(struct tipc_msg *m)
+{
+ return msg_bits(m, 4, 16, 0xffff);
+}
+
static inline void msg_set_fragm_no(struct tipc_msg *m, u32 n)
{
msg_set_bits(m, 4, 16, 0xffff, n);
}
-
static inline u16 msg_next_sent(struct tipc_msg *m)
{
return msg_bits(m, 4, 0, 0xffff);
@@ -1045,6 +1059,8 @@ bool tipc_msg_bundle(struct sk_buff *skb, struct tipc_msg *msg, u32 mtu);
bool tipc_msg_make_bundle(struct sk_buff **skb, struct tipc_msg *msg,
u32 mtu, u32 dnode);
bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos);
+int tipc_msg_fragment(struct sk_buff *skb, const struct tipc_msg *hdr,
+ int pktmax, struct sk_buff_head *frags);
int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m,
int offset, int dsz, int mtu, struct sk_buff_head *list);
bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err);
--
2.13.7
^ permalink raw reply related
* [net-next 1/2] tipc: optimize link synching mechanism
From: Tuong Lien @ 2019-07-24 1:56 UTC (permalink / raw)
To: davem, jon.maloy, maloy, ying.xue, netdev; +Cc: tipc-discussion
In-Reply-To: <20190724015612.2518-1-tuong.t.lien@dektech.com.au>
This commit along with the next one are to resolve the issues with the
link changeover mechanism. See that commit for details.
Basically, for the link synching, from now on, we will send only one
single ("dummy") SYNCH message to peer. The SYNCH message does not
contain any data, just a header conveying the synch point to the peer.
A new node capability flag ("TIPC_TUNNEL_ENHANCED") is introduced for
backward compatible!
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Suggested-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
---
net/tipc/link.c | 26 ++++++++++++++++++++++++++
net/tipc/msg.h | 10 ++++++++++
net/tipc/node.c | 6 ++++--
net/tipc/node.h | 6 ++++--
4 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index 66d3a07bc571..e215b4ba6a4b 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1665,6 +1665,7 @@ void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
struct sk_buff_head *queue = &l->transmq;
struct sk_buff_head tmpxq, tnlq;
u16 pktlen, pktcnt, seqno = l->snd_nxt;
+ u16 syncpt;
if (!tnl)
return;
@@ -1684,6 +1685,31 @@ void tipc_link_tnl_prepare(struct tipc_link *l, struct tipc_link *tnl,
tipc_link_xmit(l, &tnlq, &tmpxq);
__skb_queue_purge(&tmpxq);
+ /* Link Synching:
+ * From now on, send only one single ("dummy") SYNCH message
+ * to peer. The SYNCH message does not contain any data, just
+ * a header conveying the synch point to the peer.
+ */
+ if (mtyp == SYNCH_MSG && (tnl->peer_caps & TIPC_TUNNEL_ENHANCED)) {
+ tnlskb = tipc_msg_create(TUNNEL_PROTOCOL, SYNCH_MSG,
+ INT_H_SIZE, 0, l->addr,
+ tipc_own_addr(l->net),
+ 0, 0, 0);
+ if (!tnlskb) {
+ pr_warn("%sunable to create dummy SYNCH_MSG\n",
+ link_co_err);
+ return;
+ }
+
+ hdr = buf_msg(tnlskb);
+ syncpt = l->snd_nxt + skb_queue_len(&l->backlogq) - 1;
+ msg_set_syncpt(hdr, syncpt);
+ msg_set_bearer_id(hdr, l->peer_bearer_id);
+ __skb_queue_tail(&tnlq, tnlskb);
+ tipc_link_xmit(tnl, &tnlq, xmitq);
+ return;
+ }
+
/* Initialize reusable tunnel packet header */
tipc_msg_init(tipc_own_addr(l->net), &tnlhdr, TUNNEL_PROTOCOL,
mtyp, INT_H_SIZE, l->addr);
diff --git a/net/tipc/msg.h b/net/tipc/msg.h
index da509f0eb9ca..fca042cdff88 100644
--- a/net/tipc/msg.h
+++ b/net/tipc/msg.h
@@ -877,6 +877,16 @@ static inline void msg_set_msgcnt(struct tipc_msg *m, u16 n)
msg_set_bits(m, 9, 16, 0xffff, n);
}
+static inline u16 msg_syncpt(struct tipc_msg *m)
+{
+ return msg_bits(m, 9, 16, 0xffff);
+}
+
+static inline void msg_set_syncpt(struct tipc_msg *m, u16 n)
+{
+ msg_set_bits(m, 9, 16, 0xffff, n);
+}
+
static inline u32 msg_conn_ack(struct tipc_msg *m)
{
return msg_bits(m, 9, 16, 0xffff);
diff --git a/net/tipc/node.c b/net/tipc/node.c
index 324a1f91b394..5d8b48051bb9 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -1649,7 +1649,6 @@ static bool tipc_node_check_state(struct tipc_node *n, struct sk_buff *skb,
int usr = msg_user(hdr);
int mtyp = msg_type(hdr);
u16 oseqno = msg_seqno(hdr);
- u16 iseqno = msg_seqno(msg_inner_hdr(hdr));
u16 exp_pkts = msg_msgcnt(hdr);
u16 rcv_nxt, syncpt, dlv_nxt, inputq_len;
int state = n->state;
@@ -1748,7 +1747,10 @@ static bool tipc_node_check_state(struct tipc_node *n, struct sk_buff *skb,
/* Initiate synch mode if applicable */
if ((usr == TUNNEL_PROTOCOL) && (mtyp == SYNCH_MSG) && (oseqno == 1)) {
- syncpt = iseqno + exp_pkts - 1;
+ if (n->capabilities & TIPC_TUNNEL_ENHANCED)
+ syncpt = msg_syncpt(hdr);
+ else
+ syncpt = msg_seqno(msg_inner_hdr(hdr)) + exp_pkts - 1;
if (!tipc_link_is_up(l))
__tipc_node_link_up(n, bearer_id, xmitq);
if (n->state == SELF_UP_PEER_UP) {
diff --git a/net/tipc/node.h b/net/tipc/node.h
index c0bf49ea3de4..291d0ecd4101 100644
--- a/net/tipc/node.h
+++ b/net/tipc/node.h
@@ -53,7 +53,8 @@ enum {
TIPC_NODE_ID128 = (1 << 5),
TIPC_LINK_PROTO_SEQNO = (1 << 6),
TIPC_MCAST_RBCTL = (1 << 7),
- TIPC_GAP_ACK_BLOCK = (1 << 8)
+ TIPC_GAP_ACK_BLOCK = (1 << 8),
+ TIPC_TUNNEL_ENHANCED = (1 << 9)
};
#define TIPC_NODE_CAPABILITIES (TIPC_SYN_BIT | \
@@ -64,7 +65,8 @@ enum {
TIPC_NODE_ID128 | \
TIPC_LINK_PROTO_SEQNO | \
TIPC_MCAST_RBCTL | \
- TIPC_GAP_ACK_BLOCK)
+ TIPC_GAP_ACK_BLOCK | \
+ TIPC_TUNNEL_ENHANCED)
#define INVALID_BEARER_ID -1
void tipc_node_stop(struct net *net);
--
2.13.7
^ permalink raw reply related
* [net-next 0/2] tipc: link changeover issues
From: Tuong Lien @ 2019-07-24 1:56 UTC (permalink / raw)
To: davem, jon.maloy, maloy, ying.xue, netdev; +Cc: tipc-discussion
This patch series is to resolve some issues found with the current link
changeover mechanism, it also includes an optimization for the link
synching.
Tuong Lien (2):
tipc: optimize link synching mechanism
tipc: fix changeover issues due to large packet
net/tipc/link.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++++-------
net/tipc/msg.c | 59 ++++++++++++++++++++++++++++
net/tipc/msg.h | 28 ++++++++++++-
net/tipc/node.c | 6 ++-
net/tipc/node.h | 6 ++-
5 files changed, 199 insertions(+), 19 deletions(-)
--
2.13.7
^ permalink raw reply
* [PATCH] rpcrdma_decode_msg: check xdr_inline_decode result
From: Navid Emamdoost @ 2019-07-24 1:51 UTC (permalink / raw)
Cc: emamd001, kjlu, smccaman, secalert, Navid Emamdoost,
Trond Myklebust, Anna Schumaker, J. Bruce Fields, Chuck Lever,
David S. Miller, linux-nfs, netdev, linux-kernel
xdr_inline_decode may return NULL, so the check is necessary. The base
pointer will be dereferenced later in rpcrdma_inline_fixup.
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
---
net/sunrpc/xprtrdma/rpc_rdma.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c b/net/sunrpc/xprtrdma/rpc_rdma.c
index 4345e6912392..d0479efe0e72 100644
--- a/net/sunrpc/xprtrdma/rpc_rdma.c
+++ b/net/sunrpc/xprtrdma/rpc_rdma.c
@@ -1160,6 +1160,9 @@ rpcrdma_decode_msg(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep,
/* Build the RPC reply's Payload stream in rqst->rq_rcv_buf */
base = (char *)xdr_inline_decode(xdr, 0);
+ if (!base)
+ return -EIO;
+
rpclen = xdr_stream_remaining(xdr);
r_xprt->rx_stats.fixup_copy_count +=
rpcrdma_inline_fixup(rqst, base, rpclen, writelist & 3);
--
2.17.1
^ permalink raw reply related
* [PATCH] carl9170: remove set but not used variable 'udev'
From: YueHaibing @ 2019-07-24 1:54 UTC (permalink / raw)
To: Christian Lamparter, Kalle Valo
Cc: YueHaibing, linux-wireless, netdev, kernel-janitors, linux-kernel,
Hulk Robot
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/net/wireless/ath/carl9170/usb.c: In function 'carl9170_usb_disconnect':
drivers/net/wireless/ath/carl9170/usb.c:1110:21: warning:
variable 'udev' set but not used [-Wunused-but-set-variable]
It is not used, so can be removed.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
---
drivers/net/wireless/ath/carl9170/usb.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/net/wireless/ath/carl9170/usb.c b/drivers/net/wireless/ath/carl9170/usb.c
index 99f1897a775d..486957a04bd1 100644
--- a/drivers/net/wireless/ath/carl9170/usb.c
+++ b/drivers/net/wireless/ath/carl9170/usb.c
@@ -1107,12 +1107,10 @@ static int carl9170_usb_probe(struct usb_interface *intf,
static void carl9170_usb_disconnect(struct usb_interface *intf)
{
struct ar9170 *ar = usb_get_intfdata(intf);
- struct usb_device *udev;
if (WARN_ON(!ar))
return;
- udev = ar->udev;
wait_for_completion(&ar->fw_load_wait);
if (IS_INITIALIZED(ar)) {
^ permalink raw reply related
* Reminder: 11 open syzbot bugs in "net/wireless" subsystem
From: Eric Biggers @ 2019-07-24 1:47 UTC (permalink / raw)
To: linux-wireless, netdev, Johannes Berg, David S. Miller
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 11 of them as possibly being bugs in the "net/wireless" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 11 bugs, 9 were seen in mainline in the last week.
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/wireless" subsystem, please let
me know, and if possible forward the report to the correct people or mailing
list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: general protection fault in ath6kl_usb_alloc_urb_from_pipe
Last occurred: 0 days ago
Reported: 102 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=cd8b9cfe50a0bf36ee19eda2d7e2e06843dfbeaf
Original thread: https://lkml.kernel.org/lkml/0000000000008e825105865615e3@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ead4037ec793e025e66f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008e825105865615e3@google.com
--------------------------------------------------------------------------------
Title: WARNING: ODEBUG bug in rsi_probe
Last occurred: 0 days ago
Reported: 100 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=3b35267abf182bd98ba95c0943bc0f957e021101
Original thread: https://lkml.kernel.org/lkml/00000000000024bbd7058682eda1@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1d1597a5aa3679c65b9f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000024bbd7058682eda1@google.com
--------------------------------------------------------------------------------
Title: INFO: trying to register non-static key in del_timer_sync (2)
Last occurred: 0 days ago
Reported: 102 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=26525f643f454dd7be0078423e3cdb0d57744959
Original thread: https://lkml.kernel.org/lkml/000000000000927a7b0586561537@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 5 replies; the last was 41 days ago.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+dc4127f950da51639216@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000927a7b0586561537@google.com
--------------------------------------------------------------------------------
Title: WARNING in zd_mac_clear
Last occurred: 0 days ago
Reported: 102 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=46e5ae5074764b5f0eed428a8c4989d9efbe9146
Original thread: https://lkml.kernel.org/lkml/00000000000075a7a6058653d977@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+74c65761783d66a9c97c@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000075a7a6058653d977@google.com
--------------------------------------------------------------------------------
Title: KASAN: invalid-free in rsi_91x_deinit
Last occurred: 0 days ago
Reported: 91 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=426fbebc1eac728afa08e52b1bcf8171c9413e29
Original thread: https://lkml.kernel.org/lkml/0000000000005ae4cd058731d407@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+7c72edfb407b2bd866ce@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005ae4cd058731d407@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in rt2500usb_bbp_read
Last occurred: 0 days ago
Reported: 47 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=f35d123de7d393019c1ed4d4e60dc66596ed62cd
Original thread: https://lkml.kernel.org/lkml/000000000000cf6a70058aa48695@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug has received 1 reply, 47 days ago.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+a106a5b084a6890d2607@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000cf6a70058aa48695@google.com
--------------------------------------------------------------------------------
Title: WARNING in submit_rx_urb/usb_submit_urb
Last occurred: 0 days ago
Reported: 55 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=97fff2c33c48264fba4d185f5f0f0961bdcd2ae2
Original thread: https://lkml.kernel.org/lkml/0000000000004da71e058a06318b@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug has received 1 reply, 55 days ago.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+c2a1fa67c02faa0de723@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000004da71e058a06318b@google.com
--------------------------------------------------------------------------------
Title: WARNING in ar5523_submit_rx_cmd/usb_submit_urb
Last occurred: 0 days ago
Reported: 50 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=d4cdc65d1db112b294b568e0cff47bca7cd3edbd
Original thread: https://lkml.kernel.org/lkml/000000000000f4900f058a69d6c5@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug has received 1 reply, 50 days ago.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6101b0c732dea13ea55b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f4900f058a69d6c5@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in p54u_load_firmware_cb
Last occurred: 3 days ago
Reported: 78 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=a7d7aec13ac4d6981c15814acb900348d340dd70
Original thread: https://lkml.kernel.org/lkml/00000000000001de810588363aaf@google.com/T/#u
This bug has a syzkaller reproducer only.
The original thread for this bug has received 4 replies; the last was 29 days
ago.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6d237e74cdc13f036473@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000001de810588363aaf@google.com
--------------------------------------------------------------------------------
Title: WARNING in i2400mu_bus_bm_wait_for_ack/usb_submit_urb
Last occurred: 0 days ago
Reported: 13 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=78aca5360820e5e91ba12dec842dabeb5349b431
Original thread: https://lkml.kernel.org/lkml/0000000000009b6e7f058d51adba@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+7886801de1cc3958a0d1@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009b6e7f058d51adba@google.com
--------------------------------------------------------------------------------
Title: KASAN: global-out-of-bounds Read in load_next_firmware_from_table
Last occurred: 18 days ago
Reported: 14 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=9e4fafb6fbc53782278754488801c0bbe1fd2a85
Original thread: https://lkml.kernel.org/lkml/000000000000df0913058d3ead47@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net/wireless USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+98156c174c5a2cad9f8f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000df0913058d3ead47@google.com
^ permalink raw reply
* Reminder: 13 open syzbot bugs in "net/netrom" subsystem
From: Eric Biggers @ 2019-07-24 1:47 UTC (permalink / raw)
To: linux-hams, netdev, Ralf Baechle, David S. Miller, Cong Wang
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 13 of them as possibly being bugs in the "net/netrom" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 13 bugs, 8 were seen in mainline in the last week.
Of these 13 bugs, 4 were bisected to commits from the following person:
Cong Wang <xiyou.wangcong@gmail.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/netrom" subsystem, please let
me know, and if possible forward the report to the correct people or mailing
list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in nr_insert_socket
Last occurred: 0 days ago
Reported: 5 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=44bc727f1e55f249c97e876dd9163484c889b3ad
Original thread: https://lkml.kernel.org/lkml/00000000000035f65d058df39aed@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit c8c8218ec5af5d2598381883acbefbf604e56b5e
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date: Thu Jun 27 21:30:58 2019 +0000
netrom: fix a memory leak in nr_rx_frame()
The original thread for this bug has received 1 reply, 5 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+9399c158fcc09b21d0d2@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread, which had activity only 5 days ago. For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/00000000000035f65d058df39aed@google.com
--------------------------------------------------------------------------------
Title: WARNING: refcount bug in nr_rx_frame
Last occurred: 0 days ago
Reported: 5 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=4ffee6ac0fb5068b34959147b4d492bad89e98ab
Original thread: https://lkml.kernel.org/lkml/000000000000222512058df13ac9@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit c8c8218ec5af5d2598381883acbefbf604e56b5e
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date: Thu Jun 27 21:30:58 2019 +0000
netrom: fix a memory leak in nr_rx_frame()
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+622bdabb128acc33427d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000222512058df13ac9@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in lock_sock_nested
Last occurred: 3 days ago
Reported: 202 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=6c137905024f86513297b035845acecb55fa9dab
Original thread: https://lkml.kernel.org/lkml/0000000000007a5aad057e7748c9@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+500c69d1e21d970e461b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007a5aad057e7748c9@google.com
--------------------------------------------------------------------------------
Title: memory leak in nr_create
Last occurred: 1 day ago
Reported: 57 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=24be997a573ef9d497d6d7302518779b75d8119a
Original thread: https://lkml.kernel.org/lkml/0000000000009412c60589e804d8@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+10f1194569953b72f1ae@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009412c60589e804d8@google.com
--------------------------------------------------------------------------------
Title: WARNING: held lock freed in nr_release
Last occurred: 0 days ago
Reported: 6 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=5c3fd3a41060d8d775822814f4651f86a68eb0aa
Original thread: https://lkml.kernel.org/lkml/00000000000015d943058ddcb1b3@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit c8c8218ec5af5d2598381883acbefbf604e56b5e
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date: Thu Jun 27 21:30:58 2019 +0000
netrom: fix a memory leak in nr_rx_frame()
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+a34e5f3d0300163f0c87@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000015d943058ddcb1b3@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in nr_release
Last occurred: 1 day ago
Reported: 45 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=5332f4a9ce674d6378f0bd91af752d2be80f3aba
Original thread: https://lkml.kernel.org/lkml/0000000000007e8b70058acbd60f@google.com/T/#u
This bug has a syzkaller reproducer only.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6eaef7158b19e3fec3a0@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007e8b70058acbd60f@google.com
--------------------------------------------------------------------------------
Title: WARNING: refcount bug in nr_insert_socket
Last occurred: 0 days ago
Reported: 14 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=521a764b3fc8145496efa50600dfe2a67e49b90b
Original thread: https://lkml.kernel.org/lkml/0000000000000595ea058d411c35@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ec1fd464d849d91c3665@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000595ea058d411c35@google.com
--------------------------------------------------------------------------------
Title: general protection fault in prepare_to_wait
Last occurred: 18 days ago
Reported: 201 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=c670fb9da2ce08f7b5101baa9426083b39ee9f90
Original thread: https://lkml.kernel.org/lkml/000000000000fa6a2c057e8b7064@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+55f9d3e51d49e20b2ce5@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000fa6a2c057e8b7064@google.com
--------------------------------------------------------------------------------
Title: WARNING: held lock freed! (2)
Last occurred: 18 days ago
Reported: 15 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=e19c72fff579b255a707a12853df187bdfc81ea3
Original thread: https://lkml.kernel.org/lkml/000000000000c3810f058d30910b@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit c8c8218ec5af5d2598381883acbefbf604e56b5e
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date: Thu Jun 27 21:30:58 2019 +0000
netrom: fix a memory leak in nr_rx_frame()
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e54ed2cb16c6da22c549@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000c3810f058d30910b@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Write in nr_insert_socket
Last occurred: 1 day ago
Reported: 0 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=e2f70927690b76d55da8d228e55832274d7c0bd0
Original thread: https://lkml.kernel.org/lkml/0000000000006241fe058e5b9490@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug has received 1 reply, 9 hours ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+5e54e8e637bc970bbd2b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread, which had activity only 9 hours ago. For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/0000000000006241fe058e5b9490@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in nr_rx_frame (2)
Last occurred: 4 days ago
Reported: 0 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=35d6bc3fe6f43d63357b5d70379d196aa420d6b7
Original thread: https://lkml.kernel.org/lkml/000000000000e42667058e554371@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug has received 1 reply, 16 hours ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+701728447042217b67c1@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread, which had activity only 16 hours ago. For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/000000000000e42667058e554371@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in refcount_inc_not_zero_checked (2)
Last occurred: 97 days ago
Reported: 129 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=b0192a79bb2d222d3e723d7db60dfb5e0ec0e570
Original thread: https://lkml.kernel.org/lkml/000000000000eea12405843bc43c@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+eff6b596cc8194e2f029@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000eea12405843bc43c@google.com
--------------------------------------------------------------------------------
Title: memory leak in nr_loopback_queue
Last occurred: 55 days ago
Reported: 55 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=20e5b6ff68ec36b9ba8ac5225e560a3a563f343a
Original thread: https://lkml.kernel.org/lkml/000000000000a7f012058a0c7a65@google.com/T/#u
This bug has a syzkaller reproducer only.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+470d1a4a7b7a7c225881@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000a7f012058a0c7a65@google.com
^ permalink raw reply
* Reminder: 14 open syzbot bugs in "net/tipc" subsystem
From: Eric Biggers @ 2019-07-24 1:46 UTC (permalink / raw)
To: netdev, tipc-discussion, Jon Maloy, Ying Xue, David S. Miller,
Junwei Hu
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 14 of them as possibly being bugs in the "net/tipc" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 14 bugs, 2 were seen in mainline in the last week.
Of these 14 bugs, 8 were bisected to commits from the following people:
Jon Maloy <jon.maloy@ericsson.com>
Junwei Hu <hujunwei4@huawei.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/tipc" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: INFO: task hung in genl_rcv_msg
Last occurred: 2 days ago
Reported: 281 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=c63df3ff405c4b7463fecacfb4157f11efa50c95
Original thread: https://lkml.kernel.org/lkml/0000000000007f82d805783fe8ce@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 928df1880e24bcd47d6359ff86df24db3dfba3c3
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 15 15:48:51 2018 +0000
tipc: obsolete TIPC_ZONE_SCOPE
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+c3b90a95b2d6bd4f29b1@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007f82d805783fe8ce@google.com
--------------------------------------------------------------------------------
Title: INFO: task hung in netdev_run_todo
Last occurred: 0 days ago
Reported: 526 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=2503c576cabb08d41812e732b390141f01a59545
Original thread: https://groups.google.com/d/msgid/syzkaller-bugs/089e0826d4d4bdb7c5056500fb67%40google.com
This bug has a C reproducer.
For some reason the original report email for this bug is missing from the LKML
archive at lore.kernel.org, so my script couldn't check whether anyone has
replied to it or not. The Google Groups link above should still work, though.
Also try searching for the bug title.
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in __tipc_nl_bearer_enable
Last occurred: 2 days ago
Reported: 217 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=bf95da1c68b889380395af19f1953e91b772d3ea
Original thread: https://lkml.kernel.org/lkml/00000000000062b6fd057d4b7dc2@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e820fdc8ce362f2dea51@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000062b6fd057d4b7dc2@google.com
--------------------------------------------------------------------------------
Title: BUG: using smp_processor_id() in preemptible [ADDR] code: syz-executor
Last occurred: 0 days ago
Reported: 24 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=dc6352b92862eb79373fe03fdf9af5928753e057
Original thread: https://lkml.kernel.org/lkml/000000000000a40746058c784ef3@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 52dfae5c85a4c1078e9f1d5e8947d4a25f73dd81
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 22 19:42:52 2018 +0000
tipc: obtain node identity from interface by default
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1a68504d96cd17b33a05@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000a40746058c784ef3@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in __queue_work
Last occurred: 52 days ago
Reported: 223 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=31b84e77557158a1031ca8c9476230bb186fb88c
Original thread: https://lkml.kernel.org/lkml/0000000000000655c0057cd141f1@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 52dfae5c85a4c1078e9f1d5e8947d4a25f73dd81
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 22 19:42:52 2018 +0000
tipc: obtain node identity from interface by default
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6174a6c5eba4b3cdd606@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000655c0057cd141f1@google.com
--------------------------------------------------------------------------------
Title: BUG: unable to handle kernel paging request in free_block (5)
Last occurred: 96 days ago
Reported: 96 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=df52ab115e885a8e9b7b6a1359133890cd206e8b
Original thread: https://lkml.kernel.org/lkml/000000000000c770710586c6fc92@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 52dfae5c85a4c1078e9f1d5e8947d4a25f73dd81
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 22 19:42:52 2018 +0000
tipc: obtain node identity from interface by default
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+438a5abd4f53adb1c073@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000c770710586c6fc92@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in ip_append_data
Last occurred: 76 days ago
Reported: 75 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=9babddf656b2f42a6902e1074f1c7b52934e3996
Original thread: https://lkml.kernel.org/lkml/0000000000004fd863058877c251@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 52dfae5c85a4c1078e9f1d5e8947d4a25f73dd81
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 22 19:42:52 2018 +0000
tipc: obtain node identity from interface by default
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b8031b06e100c1c5292c@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000004fd863058877c251@google.com
--------------------------------------------------------------------------------
Title: INFO: task hung in ctrl_getfamily
Last occurred: 43 days ago
Reported: 224 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=8c04c0b0e814e1a2c5ae60f8b6ece3701bf561da
Original thread: https://lkml.kernel.org/lkml/000000000000eb3fa9057cbc2f06@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 928df1880e24bcd47d6359ff86df24db3dfba3c3
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 15 15:48:51 2018 +0000
tipc: obsolete TIPC_ZONE_SCOPE
The original thread for this bug received 1 reply, 224 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+36edb5cac286af8e3385@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000eb3fa9057cbc2f06@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in rhashtable_walk_enter
Last occurred: 62 days ago
Reported: 66 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=4565b3753fc286b7f5b61f21735bd4690d43288e
Original thread: https://lkml.kernel.org/lkml/000000000000ac9447058924709c@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 7e27e8d6130c5e88fac9ddec4249f7f2337fe7f8
Author: Junwei Hu <hujunwei4@huawei.com>
Date: Thu May 16 02:51:15 2019 +0000
tipc: switch order of device registration to fix a crash
The original thread for this bug has received 1 reply, 62 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6440134c13554d3abfb0@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ac9447058924709c@google.com
--------------------------------------------------------------------------------
Title: inconsistent lock state in icmp_send
Last occurred: 223 days ago
Reported: 223 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=24b68e26f36aefc69e86e97dc731558c6965115a
Original thread: https://lkml.kernel.org/lkml/0000000000000a9cca057cd141bd@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit 52dfae5c85a4c1078e9f1d5e8947d4a25f73dd81
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 22 19:42:52 2018 +0000
tipc: obtain node identity from interface by default
The original thread for this bug received 1 reply, 120 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+251ec6887ada6eac4921@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000a9cca057cd141bd@google.com
--------------------------------------------------------------------------------
Title: general protection fault in __bfs (2)
Last occurred: 133 days ago
Reported: 182 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=b962be759f1c186a76fe71ba99eda6e23708dcd9
Original thread: https://lkml.kernel.org/lkml/00000000000086d87305801011c4@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 2 replies; the last was 117 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+c58fa3b1231d2ea0c4d3@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000086d87305801011c4@google.com
--------------------------------------------------------------------------------
Title: BUG: unable to handle kernel paging request in iptunnel_xmit
Last occurred: 43 days ago
Reported: 214 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=113e10a43ca787acf7e08ba103a2ea66b25e6942
Original thread: https://lkml.kernel.org/lkml/0000000000005afe60057d842aa4@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+61816a2458fec4918227@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005afe60057d842aa4@google.com
--------------------------------------------------------------------------------
Title: general protection fault in rhashtable_walk_enter
Last occurred: 65 days ago
Reported: 65 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=985a51f1f2468ff0c313dd41765f55d6b885b8d7
Original thread: https://lkml.kernel.org/lkml/0000000000000d60e405893a38f0@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+153641db1759e576ec8e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000d60e405893a38f0@google.com
--------------------------------------------------------------------------------
Title: INFO: task hung in tipc_bcast_stop
Last occurred: 167 days ago
Reported: 167 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=1c273aa0d7bf70e88a6db38595bd6e8eef35de69
Original thread: https://lkml.kernel.org/lkml/000000000000c24a5e05813c798b@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+8118fd903ae608d128e1@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000c24a5e05813c798b@google.com
^ permalink raw reply
* Reminder: 26 open syzbot bugs in "net/xfrm" subsystem
From: Eric Biggers @ 2019-07-24 1:42 UTC (permalink / raw)
To: netdev, Steffen Klassert, Herbert Xu, David S. Miller, Su Yanjun
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 26 of them as possibly being bugs in the "net/xfrm" subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 26 bugs, 1 was seen in mainline in the last week.
Of these 26 bugs, 4 were bisected to commits from the following person:
Su Yanjun <suyj.fnst@cn.fujitsu.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the "net/xfrm" subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: WARNING in __vunmap
Last occurred: 2 days ago
Reported: 157 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=8c0c68130548c7ec737d9ccc018a7589a768c0a9
Original thread: https://lkml.kernel.org/lkml/00000000000092839d0581fd74ad@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000092839d0581fd74ad@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in _decode_session4
Last occurred: 480 days ago
Reported: 480 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=341e1a2a55b389e54cc07624ed40eb3ecca577db
Original thread: https://lkml.kernel.org/lkml/001a113fe6d081698f0568a5dcac@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+a7db9083ed4017ba4423@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/001a113fe6d081698f0568a5dcac@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in _decode_session6
Last occurred: 252 days ago
Reported: 320 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=ecf3e152769bdad66c297986d83561adea6ae155
Original thread: https://lkml.kernel.org/lkml/0000000000008d5a360575368e31@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e8c1d30881266e47eb33@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008d5a360575368e31@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Write in xfrm_policy_flush
Last occurred: 26 days ago
Reported: 26 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=9018a3b2d6605dec5a0e145825918d2b5826d227
Original thread: https://lkml.kernel.org/lkml/0000000000007d52ea058c489235@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2daeb7ae5e8245095f65@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007d52ea058c489235@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in xfrm_state_find
Last occurred: 198 days ago
Reported: 403 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=4d9dc4ec10e0d7b004645eadc3e99bbc2af67a74
Original thread: https://lkml.kernel.org/lkml/0000000000001f31eb056ea92fcb@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 1 reply, 403 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+131cd4c6d21724b99a26@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001f31eb056ea92fcb@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in xfrm_sk_policy_lookup (2)
Last occurred: 23 days ago
Reported: 91 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=23b4b8906a588cf0a27f879e53827067bfc5f197
Original thread: https://lkml.kernel.org/lkml/000000000000282a870587350077@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+edb62c973ff9f07e408d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000282a870587350077@google.com
--------------------------------------------------------------------------------
Title: general protection fault in get_work_pool
Last occurred: 104 days ago
Reported: 507 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=849bd5710811bd19cad5b2f32ae863cfd6fe1c58
Original thread: https://lkml.kernel.org/lkml/001a1149c7ba03500d05667a1d4f@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+880087058dbc131a2703@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/001a1149c7ba03500d05667a1d4f@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in _decode_session6
Last occurred: 267 days ago
Reported: 471 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=7202296b7d7edf5d61e8c1f2c113d36ecd493a6a
Original thread: https://lkml.kernel.org/lkml/000000000000311cdd0569510cc7@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2974b85346f85b586f4d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000311cdd0569510cc7@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in _decode_session6 (2)
Last occurred: 245 days ago
Reported: 266 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=afc5098c1a0cb7cda8aa7fdb402153ff24fcf31c
Original thread: https://lkml.kernel.org/lkml/000000000000c4ba820579737025@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 1 reply, 124 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+240f9766d6be3d69431e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000c4ba820579737025@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in _decode_session4
Last occurred: 194 days ago
Reported: 450 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=31621ad0bdf6fd9c055769fb33f56423d7c6545b
Original thread: https://lkml.kernel.org/lkml/000000000000e4758d056aff4604@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e7fec512bc2eb4ae0781@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000e4758d056aff4604@google.com
--------------------------------------------------------------------------------
Title: WARNING in xfrm_policy_insert
Last occurred: 239 days ago
Reported: 524 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=17486feafe3890260729f5fe75a25f8d865bdd5d
Original thread: https://lkml.kernel.org/lkml/001a11405628bb07410565279f4a@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+5cfc132a76d844973259@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/001a11405628bb07410565279f4a@google.com
--------------------------------------------------------------------------------
Title: KASAN: stack-out-of-bounds Read in xfrm_state_find (5)
Last occurred: 175 days ago
Reported: 477 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=44fa54548362cb84e26da7c1bbd356c86c54f36d
Original thread: https://lkml.kernel.org/lkml/000000000000a5390a0568d7508a@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d90468452f685a0b28eb@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000a5390a0568d7508a@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Write in __xfrm_policy_unlink (2)
Last occurred: 22 days ago
Reported: 68 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=ceba0c97b0c5a5803c8fa3a7c100edbca4faa06f
Original thread: https://lkml.kernel.org/lkml/000000000000cd5fdf0588fed11c@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0025447b4cb6f208558f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000cd5fdf0588fed11c@google.com
--------------------------------------------------------------------------------
Title: INFO: rcu detected stall in pppol2tp_sendmsg
Last occurred: 26 days ago
Reported: 315 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=a7452f862c05dd695baf590d4f164bd089e636d8
Original thread: https://lkml.kernel.org/lkml/000000000000b8e87005759244ec@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0925ea3f5745e9005733@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000b8e87005759244ec@google.com
--------------------------------------------------------------------------------
Title: WARNING in xfrm_policy_fini
Last occurred: 81 days ago
Reported: 337 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=c92d61bdd289b3550d8dbd6a970c2f34995a22b4
Original thread: https://lkml.kernel.org/lkml/000000000000c5745b0573d62311@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+9bce6db6c82f06b85d8b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000c5745b0573d62311@google.com
--------------------------------------------------------------------------------
Title: WARNING: suspicious RCU usage in xfrm_get_sadinfo
Last occurred: 125 days ago
Reported: 126 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=106319f5d94ac049166744eee79e455ce4d0435c
Original thread: https://lkml.kernel.org/lkml/0000000000009c1aca058474a076@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit f10e0010fae8174dc20bdc872bcaa85baa925cb7
Author: Su Yanjun <suyj.fnst@cn.fujitsu.com>
Date: Thu Mar 7 01:54:08 2019 +0000
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2792672c6a63f1dc867c@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009c1aca058474a076@google.com
--------------------------------------------------------------------------------
Title: WARNING: suspicious RCU usage in xfrm_get_spdinfo
Last occurred: 124 days ago
Reported: 126 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=4db14afc80049c484903a7cf4d36d9cb1618469f
Original thread: https://lkml.kernel.org/lkml/0000000000008a14a5058474a025@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit f10e0010fae8174dc20bdc872bcaa85baa925cb7
Author: Su Yanjun <suyj.fnst@cn.fujitsu.com>
Date: Thu Mar 7 01:54:08 2019 +0000
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+bfb3cbc2e9467b566c8b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008a14a5058474a025@google.com
--------------------------------------------------------------------------------
Title: INFO: rcu detected stall in igmp_ifc_timer_expire
Last occurred: 59 days ago
Reported: 204 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=330ce4f7626354cc6444c457c9a5e82d8a8c5055
Original thread: https://lkml.kernel.org/lkml/000000000000a26437057e4915ff@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+041483004a7f45f1f20a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000a26437057e4915ff@google.com
--------------------------------------------------------------------------------
Title: WARNING: suspicious RCU usage in xfrm_alloc_userspi
Last occurred: 124 days ago
Reported: 126 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=cf86490d75109a7648fc749a4c9a8d59fabe398d
Original thread: https://lkml.kernel.org/lkml/0000000000007783a2058474a0b9@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit f10e0010fae8174dc20bdc872bcaa85baa925cb7
Author: Su Yanjun <suyj.fnst@cn.fujitsu.com>
Date: Thu Mar 7 01:54:08 2019 +0000
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
The original thread for this bug received 2 replies; the last was 126 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+59752237f7ab21c3f3c3@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007783a2058474a0b9@google.com
--------------------------------------------------------------------------------
Title: WARNING: suspicious RCU usage in xfrm_get_policy
Last occurred: 126 days ago
Reported: 126 days ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=02bde0600a225e8efa31bdce2e7f1b822542fef1
Original thread: https://lkml.kernel.org/lkml/0000000000009ed0ce058474a0c1@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit f10e0010fae8174dc20bdc872bcaa85baa925cb7
Author: Su Yanjun <suyj.fnst@cn.fujitsu.com>
Date: Thu Mar 7 01:54:08 2019 +0000
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+670c11fba80a72c50a6a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009ed0ce058474a0c1@google.com
--------------------------------------------------------------------------------
Title: general protection fault in __vunmap
Last occurred: 158 days ago
Reported: 157 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=7151fc2080bde02d5f074c3e7fde2684cd514d11
Original thread: https://lkml.kernel.org/lkml/0000000000009a0bd40581fd747b@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+39d3a56f2f717d237007@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009a0bd40581fd747b@google.com
--------------------------------------------------------------------------------
Title: general protection fault in xfrm_init_replay
Last occurred: 494 days ago
Reported: 494 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=63c86d9f895ad63bb85474b7d0cb04940da24395
Original thread: https://lkml.kernel.org/lkml/001a113ea6d880f10e05679064d3@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f14c1ee2dbd16782dcc2@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/001a113ea6d880f10e05679064d3@google.com
--------------------------------------------------------------------------------
Title: general protection fault in xfrm_lookup_with_ifid
Last occurred: 100 days ago
Reported: 134 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=c6085af89fc64682ed88b083355c296e2f530a90
Original thread: https://lkml.kernel.org/lkml/000000000000973c550583cb8562@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2a7531cd068ddc9932f9@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000973c550583cb8562@google.com
--------------------------------------------------------------------------------
Title: general protection fault in __xfrm_policy_check
Last occurred: 147 days ago
Reported: 147 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=7ebcd3969f71317db080af582c18c5456c674662
Original thread: https://lkml.kernel.org/lkml/000000000000f41ad40582cc632d@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4ea28a8b817ee28bf324@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f41ad40582cc632d@google.com
--------------------------------------------------------------------------------
Title: general protection fault in xfrmi_rcv_cb
Last occurred: 145 days ago
Reported: 313 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=970bf3d270407aea29acd9fe1676d99371f07e5a
Original thread: https://lkml.kernel.org/lkml/000000000000defd200575c0b7dd@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+af91688fec2b033aa620@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000defd200575c0b7dd@google.com
--------------------------------------------------------------------------------
Title: INFO: rcu detected stall in inet_dgram_connect
Last occurred: 175 days ago
Reported: 204 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=efb40f930f737583bc3d4c047300e52d2dbac017
Original thread: https://lkml.kernel.org/lkml/0000000000009f9349057e4915b4@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+94683b47a87718b5dff7@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009f9349057e4915b4@google.com
^ permalink raw reply
* Reminder: 29 open syzbot bugs in bluetooth subsystem
From: Eric Biggers @ 2019-07-24 1:41 UTC (permalink / raw)
To: linux-bluetooth, netdev, Marcel Holtmann, Johan Hedberg,
David S. Miller, Loic Poulain, Benjamin Herrenschmidt,
Ben Young Tae Kim
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 29 of them as possibly being bugs in the bluetooth subsystem. I've
listed these reports below, sorted by an algorithm that tries to list first the
reports most likely to be still valid, important, and actionable.
Of these 29 bugs, 9 were seen in mainline in the last week.
Of these 29 bugs, 4 were bisected to commits from the following people:
Loic Poulain <loic.poulain@intel.com>
Benjamin Herrenschmidt <benh@kernel.crashing.org>
Ben Young Tae Kim <ytkim@qca.qualcomm.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the bluetooth subsystem, please let me
know, and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: WARNING in tty_set_termios
Last occurred: 0 days ago
Reported: 191 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=2410d22f1d8e5984217329dd0884b01d99e3e48d
Original thread: https://lkml.kernel.org/lkml/000000000000bcd434057f4eb905@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 162f812f23bab583f5d514ca0e4df67797ac9cdf
Author: Loic Poulain <loic.poulain@intel.com>
Date: Mon Sep 19 14:29:27 2016 +0000
Bluetooth: hci_uart: Add Marvell support
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+a950165cbb86bdd023a4@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000bcd434057f4eb905@google.com
--------------------------------------------------------------------------------
Title: WARNING: refcount bug in kobject_get
Last occurred: 2 days ago
Reported: 316 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=06c8522152c9325bf0f1a3dc5b33d1b95a47431f
Original thread: https://lkml.kernel.org/lkml/00000000000037743205757f33ac@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b74b8b6e712f33454561@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000037743205757f33ac@google.com
--------------------------------------------------------------------------------
Title: general protection fault in kernfs_add_one
Last occurred: 4 days ago
Reported: 310 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=c10f2ca5722a78c613e9ccd45af7877f5debf0ad
Original thread: https://lkml.kernel.org/lkml/000000000000bf6bd30575fec528@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+db1637662f412ac0d556@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000bf6bd30575fec528@google.com
--------------------------------------------------------------------------------
Title: WARNING in kernfs_get
Last occurred: 0 days ago
Reported: 316 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=b52dec65c1aaaec9b3893458b13a3304303de321
Original thread: https://lkml.kernel.org/lkml/000000000000f921ae05757f567c@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 1 reply, 265 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3dcb532381f98c86aeb1@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f921ae05757f567c@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in kfree_skb (3)
Last occurred: 1 day ago
Reported: 77 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=db842327c655eab57b1755f661f1ab677d94e0bb
Original thread: https://lkml.kernel.org/lkml/0000000000002f9ef4058848f26d@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+dcb1305dd05699c40640@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000002f9ef4058848f26d@google.com
--------------------------------------------------------------------------------
Title: general protection fault in skb_put
Last occurred: 4 days ago
Reported: 169 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=9abc0fdcdea0effb7b27984dbc1f336155cdad3f
Original thread: https://lkml.kernel.org/lkml/000000000000b9e68e0581142f19@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 4 replies; the last was 133 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+65788f9af9d54844389e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000b9e68e0581142f19@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in hci_event_packet
Last occurred: 3 days ago
Reported: 197 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=d708485af9edc3af35f3b4d554e827c6c8bf6b0f
Original thread: https://lkml.kernel.org/lkml/000000000000696949057ee26e44@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+cec7a50c412a2c03f8f5@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000696949057ee26e44@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in rfcomm_dlc_exists
Last occurred: 0 days ago
Reported: 364 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=93ca265e594ab40b3d0e819cf24ba39e75d71fd6
Original thread: https://lkml.kernel.org/lkml/00000000000026c18a0571b9b0de@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+728bead095cef3335bb6@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000026c18a0571b9b0de@google.com
--------------------------------------------------------------------------------
Title: WARNING: refcount bug in kobject_add_internal
Last occurred: 22 days ago
Reported: 22 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=1d709c7eaa63a2bf50387e15d8c0173acc9c9972
Original thread: https://lkml.kernel.org/lkml/0000000000009b1944058ca3e4a8@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 726e41097920a73e4c7c33385dcc0debb1281e18
Author: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date: Tue Jul 10 00:29:10 2018 +0000
drivers: core: Remove glue dirs from sysfs earlier
The original thread for this bug has received 2 replies; the last was 21 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+32259bb9bc1a487ad206@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009b1944058ca3e4a8@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in h5_rx_3wire_hdr
Last occurred: 0 days ago
Reported: 1 day ago
Branches: linux-next
Dashboard link: https://syzkaller.appspot.com/bug?id=077669d3225a0bb970a70389f672ed48dde649dc
Original thread: https://lkml.kernel.org/lkml/0000000000003fd4ab058e46951f@google.com/T/#u
This bug has a syzkaller reproducer only.
The original thread for this bug has received 1 reply, 18 hours ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0abbda0523882250a97a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread, which had activity only 18 hours ago. For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/0000000000003fd4ab058e46951f@google.com
--------------------------------------------------------------------------------
Title: memory leak in h4_recv_buf
Last occurred: 4 days ago
Reported: 29 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=32811c498b542bcef1950494eed33021cc91fd5f
Original thread: https://lkml.kernel.org/lkml/0000000000006b1779058c0cbdda@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+97388eb9d31b997fe1d0@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000006b1779058c0cbdda@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in hci_cmd_timeout
Last occurred: 20 days ago
Reported: 77 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=cb23ebfc8f304f510fb717cb783fe8b496c7ffb1
Original thread: https://lkml.kernel.org/lkml/00000000000035c756058848954a@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+19a9f729f05272857487@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000035c756058848954a@google.com
--------------------------------------------------------------------------------
Title: memory leak in get_device_parent
Last occurred: 21 days ago
Reported: 57 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=63d2295ec374cc088d03cc83ad9c7a372a3d02e9
Original thread: https://lkml.kernel.org/lkml/0000000000009b950f0589e804b3@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+02e97e2ad931a981e568@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009b950f0589e804b3@google.com
--------------------------------------------------------------------------------
Title: general protection fault in qca_setup
Last occurred: 162 days ago
Reported: 162 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=62aaa13b8b6bba7f5bca8c0defef34b9a1623135
Original thread: https://lkml.kernel.org/lkml/0000000000002996510581a1487e@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 0ff252c1976da5d80db1377eb39b551931e61826
Author: Ben Young Tae Kim <ytkim@qca.qualcomm.com>
Date: Mon Aug 10 21:24:17 2015 +0000
Bluetooth: hciuart: Add support QCA chipset for UART
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+8c0dbf8843bb75efaa05@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000002996510581a1487e@google.com
--------------------------------------------------------------------------------
Title: BUG: unable to handle kernel NULL pointer dereference in hci_uart_set_flow_control
Last occurred: 124 days ago
Reported: 124 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=1b42faa2848963564a5b1b7f8c837ea7b55ffa50
Original thread: https://lkml.kernel.org/lkml/00000000000017690505849d6b3c@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 162f812f23bab583f5d514ca0e4df67797ac9cdf
Author: Loic Poulain <loic.poulain@intel.com>
Date: Mon Sep 19 14:29:27 2016 +0000
Bluetooth: hci_uart: Add Marvell support
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+79337b501d6aa974d0f6@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000017690505849d6b3c@google.com
--------------------------------------------------------------------------------
Title: WARNING in kernfs_create_dir_ns
Last occurred: 23 days ago
Reported: 24 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=5124d1a0fef7e16146c1f5ea164ad3ddbdb3bb10
Original thread: https://lkml.kernel.org/lkml/0000000000003ec128058c7624ec@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug has received 2 replies; the last was 14 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+38f5d5cf7ae88c46b11a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread, which had activity only 14 days ago. For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/0000000000003ec128058c7624ec@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in hci_event_packet
Last occurred: 87 days ago
Reported: 101 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=fac3d7b25f0e5f3899e4b0dcec32bb3177c95718
Original thread: https://lkml.kernel.org/lkml/0000000000005bb0ae05867271c1@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4918ee47ac82d51de00d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005bb0ae05867271c1@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Write in hci_sock_release
Last occurred: 200 days ago
Reported: 273 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=47befb59c610a69f024db20b927dea80c88fc045
Original thread: https://lkml.kernel.org/lkml/0000000000003692760578e651dd@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 3 replies; the last was 120 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b364ed862aa07c74bc62@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003692760578e651dd@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in bacpy
Last occurred: 82 days ago
Reported: 197 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=3acd1155d48a5acc5d76711568b04926945a6885
Original thread: https://lkml.kernel.org/lkml/0000000000008a1bce057ede3d13@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 6 replies; the last was 126 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+660883c56e2fa65d4497@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008a1bce057ede3d13@google.com
--------------------------------------------------------------------------------
Title: WARNING: ODEBUG bug in rfcomm_dlc_free
Last occurred: 75 days ago
Reported: 357 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=97b7072a02091741ffc58f97884ab91565fd97ce
Original thread: https://lkml.kernel.org/lkml/00000000000086f39e057245c3ac@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1f6d4ad860c650c2f215@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000086f39e057245c3ac@google.com
--------------------------------------------------------------------------------
Title: general protection fault in idr_remove
Last occurred: 26 days ago
Reported: 161 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=669469483cd7be33607ad681073484750f6f4c60
Original thread: https://lkml.kernel.org/lkml/00000000000023a7e70581b71894@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3d07f0ffd652af4f49e6@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000023a7e70581b71894@google.com
--------------------------------------------------------------------------------
Title: INFO: trying to register non-static key in hci_uart_send_frame
Last occurred: 96 days ago
Reported: 145 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=8aa05f314c1391e788221378935286690d49f482
Original thread: https://lkml.kernel.org/lkml/0000000000001913600582f91f5b@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+a8587ba69fc78395d947@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001913600582f91f5b@google.com
--------------------------------------------------------------------------------
Title: WARNING in kernfs_activate
Last occurred: 98 days ago
Reported: 77 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=059379fb4ac22ac01d4f2d658aaa6043ff021f42
Original thread: https://lkml.kernel.org/lkml/000000000000fd5e300588491545@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1202f8882e4f4881d814@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000fd5e300588491545@google.com
--------------------------------------------------------------------------------
Title: INFO: trying to register non-static key in hci_uart_flush
Last occurred: 162 days ago
Reported: 162 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=9b359a901fde7f3eacc17249cbd613d35612e9aa
Original thread: https://lkml.kernel.org/lkml/0000000000006941590581a15637@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e8cd9d8b4dfedf394390@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000006941590581a15637@google.com
--------------------------------------------------------------------------------
Title: WARNING: ODEBUG bug in hci_uart_tty_close
Last occurred: 156 days ago
Reported: 155 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=94b6786a5d26079c82301b2ec235ca4717884f4e
Original thread: https://lkml.kernel.org/lkml/0000000000005455bf058225e9c0@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+9fd324c8c2176a6022d3@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005455bf058225e9c0@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in rfcomm_dlc_open (2)
Last occurred: 63 days ago
Reported: 91 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=19321b91aa70d43289d580eb8cbf21e6aecef64f
Original thread: https://lkml.kernel.org/lkml/000000000000876c89058734fc71@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0b0fd24d40f358830891@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000876c89058734fc71@google.com
--------------------------------------------------------------------------------
Title: general protection fault in rfcomm_dlc_exists
Last occurred: 81 days ago
Reported: 77 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=1c4e5c426ab13696077aa6d0c67596e074605ffd
Original thread: https://lkml.kernel.org/lkml/0000000000009c83b005884900cf@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+362be51217ce29d215bc@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009c83b005884900cf@google.com
--------------------------------------------------------------------------------
Title: general protection fault in rfcomm_dlc_open
Last occurred: 82 days ago
Reported: 77 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=05e856115d50ca3d56e1fbea58b612a78877be65
Unfortunately, this bug does not have a reproducer.
For some reason the syzbot dashboard doesn't contain a link to the original
thread for this bug, so my script couldn't provide a link to it in this
reminder. Try searching for the bug title.
--------------------------------------------------------------------------------
Title: WARNING in lockdep_register_key
Last occurred: 128 days ago
Reported: 143 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=5f34c586def64408fb57ee0fd898da67efda36c3
Original thread: https://lkml.kernel.org/lkml/000000000000baab660583172b5c@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+072814ec793ff1946da1@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000baab660583172b5c@google.com
^ permalink raw reply
* Re: [PATCH v2 bpf-next 1/4] bpf: unprivileged BPF access via /dev/bpf
From: Andy Lutomirski @ 2019-07-24 1:40 UTC (permalink / raw)
To: Song Liu
Cc: Andy Lutomirski, Kees Cook, linux-security@vger.kernel.org,
Networking, bpf, Alexei Starovoitov, Daniel Borkmann, Kernel Team,
Lorenz Bauer, Jann Horn, Greg KH, Linux API
In-Reply-To: <514D5453-0AEE-420F-AEB6-3F4F58C62E7E@fb.com>
> On Jul 23, 2019, at 3:56 PM, Song Liu <songliubraving@fb.com> wrote:
>
>
>
>> On Jul 23, 2019, at 8:11 AM, Andy Lutomirski <luto@kernel.org> wrote:
>>
>> On Mon, Jul 22, 2019 at 1:54 PM Song Liu <songliubraving@fb.com> wrote:
>>>
>>> Hi Andy, Lorenz, and all,
>>>
>>>> On Jul 2, 2019, at 2:32 PM, Andy Lutomirski <luto@kernel.org> wrote:
>>>>
>>>> On Tue, Jul 2, 2019 at 2:04 PM Kees Cook <keescook@chromium.org> wrote:
>>>>>
>>>>>> On Mon, Jul 01, 2019 at 06:59:13PM -0700, Andy Lutomirski wrote:
>>>>>> I think I'm understanding your motivation. You're not trying to make
>>>>>> bpf() generically usable without privilege -- you're trying to create
>>>>>> a way to allow certain users to access dangerous bpf functionality
>>>>>> within some limits.
>>>>>>
>>>>>> That's a perfectly fine goal, but I think you're reinventing the
>>>>>> wheel, and the wheel you're reinventing is quite complicated and
>>>>>> already exists. I think you should teach bpftool to be secure when
>>>>>> installed setuid root or with fscaps enabled and put your policy in
>>>>>> bpftool. If you want to harden this a little bit, it would seem
>>>>>> entirely reasonable to add a new CAP_BPF_ADMIN and change some, but
>>>>>> not all, of the capable() checks to check CAP_BPF_ADMIN instead of the
>>>>>> capabilities that they currently check.
>>>>>
>>>>> If finer grained controls are wanted, it does seem like the /dev/bpf
>>>>> path makes the most sense. open, request abilities, use fd. The open can
>>>>> be mediated by DAC and LSM. The request can be mediated by LSM. This
>>>>> provides a way to add policy at the LSM level and at the tool level.
>>>>> (i.e. For tool-level controls: leave LSM wide open, make /dev/bpf owned
>>>>> by "bpfadmin" and bpftool becomes setuid "bpfadmin". For fine-grained
>>>>> controls, leave /dev/bpf wide open and add policy to SELinux, etc.)
>>>>>
>>>>> With only a new CAP, you don't get the fine-grained controls. (The
>>>>> "request abilities" part is the key there.)
>>>>
>>>> Sure you do: the effective set. It has somewhat bizarre defaults, but
>>>> I don't think that's a real problem. Also, this wouldn't be like
>>>> CAP_DAC_READ_SEARCH -- you can't accidentally use your BPF caps.
>>>>
>>>> I think that a /dev capability-like object isn't totally nuts, but I
>>>> think we should do it well, and this patch doesn't really achieve
>>>> that. But I don't think bpf wants fine-grained controls like this at
>>>> all -- as I pointed upthread, a fine-grained solution really wants
>>>> different treatment for the different capable() checks, and a bunch of
>>>> them won't resemble capabilities or /dev/bpf at all.
>>>
>>> With 5.3-rc1 out, I am back on this. :)
>>>
>>> How about we modify the set as:
>>> 1. Introduce sys_bpf_with_cap() that takes fd of /dev/bpf.
>>
>> I'm fine with this in principle, but:
>>
>>> 2. Better handling of capable() calls through bpf code. I guess the
>>> biggest problem here is is_priv in verifier.c:bpf_check().
>>
>> I think it would be good to understand exactly what /dev/bpf will
>> enable one to do. Without some care, it would just become the next
>> CAP_SYS_ADMIN: if you can open it, sure, you're not root, but you can
>> intercept network traffic, modify cgroup behavior, and do plenty of
>> other things, any of which can probably be used to completely take
>> over the system.
>
> Well, yes. sys_bpf() is pretty powerful.
>
> The goal of /dev/bpf is to enable special users to call sys_bpf(). In
> the meanwhile, such users should not take down the whole system easily
> by accident, e.g., with rm -rf /.
That’s easy, though — bpftool could learn to read /etc/bpfusers before allowing ruid != 0.
>
> It is similar to CAP_BPF_ADMIN, without really adding the CAP_.
>
> I think adding new CAP_ requires much more effort.
>
A new CAP_ is straightforward — add the definition and change the max cap.
>>
>> It would also be nice to understand why you can't do what you need to
>> do entirely in user code using setuid or fscaps.
>
> It is not very easy to achieve the same control: only certain users can
> run certain tools (bpftool, etc.).
>
> The closest approach I can find is:
> 1. use libcap (pam_cap) to give CAP_SETUID to certain users;
> 2. add setuid(0) to bpftool.
>
> The difference between this approach and /dev/bpf is that certain users
> would be able to run other tools that call setuid(). Though I am not
> sure how many tools call setuid(), and how risky they are.
I think you’re misunderstanding me. Install bpftool with either the setuid (S_ISUID) mode or with an appropriate fscap bit — see the setcap(8) manpage.
The downside of this approach is that it won’t work well in a container, and containers are cool these days :)
>
>>
>> Finally, at risk of rehashing some old arguments, I'll point out that
>> the bpf() syscall is an unusual design to begin with. As an example,
>> consider bpf_prog_attach(). Outside of bpf(), if I want to change the
>> behavior of a cgroup, I would write to a file in
>> /sys/kernel/cgroup/unified/whatever/, and normal DAC and MAC rules
>> apply. With bpf(), however, I just call bpf() to attach a program to
>> the cgroup. bpf() says "oh, you are capable(CAP_NET_ADMIN) -- go for
>> it!". Unless I missed something major, and I just re-read the code,
>> there is no check that the caller has write or LSM permission to
>> anything at all in cgroupfs, and the existing API would make it very
>> awkward to impose any kind of DAC rules here.
>>
>> So I think it might actually be time to repay some techincal debt and
>> come up with a real fix. As a less intrusive approach, you could see
>> about requiring ownership of the cgroup directory instead of
>> CAP_NET_ADMIN. As a more intrusive but perhaps better approach, you
>> could invert the logic to to make it work like everything outside of
>> cgroup: add pseudo-files like bpf.inet_ingress to the cgroup
>> directories, and require a writable fd to *that* to a new improved
>> attach API. If a user could do:
>>
>> int fd = open("/sys/fs/cgroup/.../bpf.inet_attach", O_RDWR); /* usual
>> DAC and MAC policy applies */
>> int bpf_fd = setup the bpf stuff; /* no privilege required, unless
>> the program is huge or needs is_priv */
>> bpf(BPF_IMPROVED_ATTACH, target = fd, program = bpf_fd);
>>
>> there would be no capabilities or global privilege at all required for
>> this. It would just work with cgroup delegation, containers, etc.
>>
>> I think you could even pull off this type of API change with only
>> libbpf changes. In particular, there's this code:
>>
>> int bpf_prog_attach(int prog_fd, int target_fd, enum bpf_attach_type type,
>> unsigned int flags)
>> {
>> union bpf_attr attr;
>>
>> memset(&attr, 0, sizeof(attr));
>> attr.target_fd = target_fd;
>> attr.attach_bpf_fd = prog_fd;
>> attr.attach_type = type;
>> attr.attach_flags = flags;
>>
>> return sys_bpf(BPF_PROG_ATTACH, &attr, sizeof(attr));
>> }
>>
>> This would instead do something like:
>>
>> int specific_target_fd = openat(target_fd, bpf_type_to_target[type], O_RDWR);
>> attr.target_fd = specific_target_fd;
>> ...
>>
>> return sys_bpf(BPF_PROG_IMPROVED_ATTACH, &attr, sizeof(attr));
>>
>> Would this solve your problem without needing /dev/bpf at all?
>
> This gives fine grain access control. I think it solves the problem.
> But it also requires a lot of rework to sys_bpf(). And it may also
> break backward/forward compatibility?
>
I think the compatibility issue is manageable. The current bpf() interface would be supported for at least several years, and libbpf could detect that the new interface isn’t supported and fall back the old interface
> Personally, I think it is an overkill for the original motivation:
> call sys_bpf() with special user instead of root.
It’s overkill for your specific use case, but I’m trying to encourage you to either solve your problem entirely in userspace or to solve a more general problem in the kernel :)
In furtherance of bpf’s goal of world domination, I think it would be great if it Just Worked in a container. My proposal does this.
^ permalink raw reply
* Re: kernel panic: stack is corrupted in pointer
From: syzbot @ 2019-07-24 1:40 UTC (permalink / raw)
To: airlied, alexander.deucher, amd-gfx, ast, bpf, christian.koenig,
daniel, david1.zhou, dri-devel, dvyukov, john.fastabend, leo.liu,
linux-kernel, netdev, syzkaller-bugs
In-Reply-To: <5d3744ff777cc_436d2adb6bf105c41c@john-XPS-13-9370.notmuch>
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+79f5f028005a77ecb6bb@syzkaller.appspotmail.com
Tested on:
commit: decb705e libbpf: fix using uninitialized ioctl results
git tree: bpf
kernel config: https://syzkaller.appspot.com/x/.config?x=87305c3ca9c25c70
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply
* kernel v5.3.0-rc1
From: Bob Gleitsmann @ 2019-07-24 1:38 UTC (permalink / raw)
To: netdev
Hello,
I had problems with network functionality in kernel v5.3.0-rc1. I was
not able to ping local devices with ip address or internet points by
name. I have been testing git kernels for a while and this is the first
time this has happened, i.e., it didn't happen with v5.2.0. One
interesting thing is that simply rebooting with a good kernel doesn't
fix the problem. The machine has to be powered off and restarted.
It was clear that network names were not being resolved.
I can provide more details and try different things to help track down
the problem. I'm using x86-64 system, gentoo linux, r8169 PHY.
Best Wishes,
Bob Gleitsmann
^ permalink raw reply
* Reminder: 99 open syzbot bugs in net subsystem
From: Eric Biggers @ 2019-07-24 1:38 UTC (permalink / raw)
To: netdev, David S. Miller, Florian Westphal, Ilya Maximets,
Eric Dumazet, David Ahern
Cc: linux-kernel, syzkaller-bugs
[This email was generated by a script. Let me know if you have any suggestions
to make it better, or if you want it re-generated with the latest status.]
Of the currently open syzbot reports against the upstream kernel, I've manually
marked 99 of them as possibly being bugs in the net subsystem. This category
only includes the networking bugs that I couldn't assign to a more specific
component (bpf, xfrm, bluetooth, tls, tipc, sctp, wireless, etc.). I've listed
these reports below, sorted by an algorithm that tries to list first the reports
most likely to be still valid, important, and actionable.
Of these 99 bugs, 17 were seen in mainline in the last week.
Of these 99 bugs, 4 were bisected to commits from the following people:
Florian Westphal <fw@strlen.de>
Ilya Maximets <i.maximets@samsung.com>
Eric Dumazet <edumazet@google.com>
David Ahern <dsahern@gmail.com>
If you believe a bug is no longer valid, please close the syzbot report by
sending a '#syz fix', '#syz dup', or '#syz invalid' command in reply to the
original thread, as explained at https://goo.gl/tpsmEJ#status
If you believe I misattributed a bug to the net subsystem, please let me know,
and if possible forward the report to the correct people or mailing list.
Here are the bugs:
--------------------------------------------------------------------------------
Title: unregister_netdevice: waiting for DEV to become free (2)
Last occurred: 0 days ago
Reported: 342 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=bae9a2236bfede42cf3d219e6bf6740c583568a4
Original thread: https://lkml.kernel.org/lkml/00000000000056268e05737dcb95@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 27 replies; the last was 80 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+30209ea299c09d8785c9@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000056268e05737dcb95@google.com
--------------------------------------------------------------------------------
Title: kernel BUG at net/core/skbuff.c:LINE! (3)
Last occurred: 1 day ago
Reported: 537 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=9c55af67ce995cf6c4f11ab6f5d3ee805d67fc00
Original thread: https://groups.google.com/d/msgid/syzkaller-bugs/001a114372a6074e6505642b7f72%40google.com
This bug has a C reproducer.
For some reason the original report email for this bug is missing from the LKML
archive at lore.kernel.org, so my script couldn't check whether anyone has
replied to it or not. The Google Groups link above should still work, though.
Also try searching for the bug title.
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in __netif_receive_skb_core
Last occurred: 0 days ago
Reported: 467 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=0c8e5c99b3db338c8956fcb7231eb1f7e2d707f9
Original thread: https://lkml.kernel.org/lkml/94eb2c059ce01f643c0569a228ee@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 3 replies; the last was 466 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b202b7208664142954fa@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/94eb2c059ce01f643c0569a228ee@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in ip6_parse_tlv
Last occurred: 0 days ago
Reported: 306 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=a446d3718ee6322911a0c6d34db57909e1838fe7
Original thread: https://lkml.kernel.org/lkml/00000000000030779c057653b9ef@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f08ac29f2ac8aea19826@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000030779c057653b9ef@google.com
--------------------------------------------------------------------------------
Title: WARNING in xt_compat_add_offset
Last occurred: 1 day ago
Reported: 151 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=28b6bf730a5e8d288db5c794d5c6ccc49f746d74
Original thread: https://lkml.kernel.org/lkml/00000000000081994205827ea9a0@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 2035f3ff8eaa29cfb5c8e2160b0f6e85eeb21a95
Author: Florian Westphal <fw@strlen.de>
Date: Mon Jan 21 20:54:36 2019 +0000
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+276ddebab3382bbf72db@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000081994205827ea9a0@google.com
--------------------------------------------------------------------------------
Title: WARNING in rollback_registered_many (2)
Last occurred: 0 days ago
Reported: 258 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=d39aca7a05a76d146ba96cddbb3242075d9171a7
Original thread: https://lkml.kernel.org/lkml/000000000000d9f094057a17b97b@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 1 reply, 102 days ago.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+40918e4d826fb2ff9b96@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000d9f094057a17b97b@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in bcmp
Last occurred: 0 days ago
Reported: 45 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=38933ca8abb1b8f0ee10c430f3a6c1f6a68a2519
Original thread: https://lkml.kernel.org/lkml/0000000000008f00f7058ad13ec8@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d8b02c920ae8f3e0be75@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008f00f7058ad13ec8@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in mii_nway_restart
Last occurred: 0 days ago
Reported: 49 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=835562bfa4dd92c72f323f29ad388c9cb4b0e63f
Original thread: https://lkml.kernel.org/lkml/000000000000f71859058a7cfdc8@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1f53a30781af65d2c955@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f71859058a7cfdc8@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in r871xu_drv_init
Last occurred: 2 days ago
Reported: 47 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
Original thread: https://lkml.kernel.org/lkml/000000000000417702058aa80506@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000417702058aa80506@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in ax88178_bind
Last occurred: 1 day ago
Reported: 46 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=d601416c178e3d67888024bdf7774477a034840b
Original thread: https://lkml.kernel.org/lkml/000000000000cba2b6058ac09eeb@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+abd25d675d47f23f188c@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000cba2b6058ac09eeb@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in rtnl_lock (6)
Last occurred: 4 days ago
Reported: 15 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=5dcc2956e8737c91083930c55796c5b98750f1d2
Original thread: https://lkml.kernel.org/lkml/000000000000ba542e058d309136@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 455302d1c9ae9318660aaeb9748a01ff414c9741
Author: Ilya Maximets <i.maximets@samsung.com>
Date: Fri Jun 28 08:04:07 2019 +0000
xdp: fix hang while unregistering device bound to xdp socket
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+174ce29c2308dec5bc68@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ba542e058d309136@google.com
--------------------------------------------------------------------------------
Title: INFO: task hung in unregister_netdevice_notifier (3)
Last occurred: 2 days ago
Reported: 156 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=1724d278c83ca6e6df100a2e320c10d991cf2bce
Original thread: https://lkml.kernel.org/lkml/0000000000009d787a0582128cbe@google.com/T/#u
This bug has a syzkaller reproducer only.
The original thread for this bug received 2 replies; the last was 8 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0f1827363a305f74996f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread, which had activity only 8 days ago. For the git send-email command to
use, or tips on how to reply if the thread isn't in your mailbox, see the "Reply
instructions" at https://lkml.kernel.org/r/0000000000009d787a0582128cbe@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in gre_parse_header
Last occurred: 0 days ago
Reported: 30 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=af9d9384bbda6732044cf6335966df874a40cff1
Original thread: https://lkml.kernel.org/lkml/000000000000dc4531058bfb4605@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f583ce3d4ddf9836b27a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000dc4531058bfb4605@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in ila_nf_input
Last occurred: 1 day ago
Reported: 189 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=6911f9daa3f3c89b595884f30b212e60e889d384
Original thread: https://lkml.kernel.org/lkml/0000000000003036f4057f81e98e@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+03a25358f4cba0bc4cb6@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003036f4057f81e98e@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in smsc95xx_read_eeprom (2)
Last occurred: 0 days ago
Reported: 13 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=0629febb76ae17ff78874aa68991e542506b1351
Original thread: https://lkml.kernel.org/lkml/000000000000e38991058d54c35f@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0dfe788c0e7be7c95931@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000e38991058d54c35f@google.com
--------------------------------------------------------------------------------
Title: general protection fault in tcf_ife_init
Last occurred: 3 days ago
Reported: 1 day ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=ae313e1903160aebaac974b675db644baa44f581
Original thread: https://lkml.kernel.org/lkml/000000000000772876058e46063f@google.com/T/#u
This bug has a C reproducer.
syzbot has bisected this bug, but I think the bisection result is incorrect.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+fbb5b288c9cb6a2eeac4@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000772876058e46063f@google.com
--------------------------------------------------------------------------------
Title: memory leak in kobject_set_name_vargs (2)
Last occurred: 1 day ago
Reported: 0 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=f5f4af9fb9ffb3112ad6e30f717f769decdccdfc
Original thread: https://lkml.kernel.org/lkml/000000000000edcb3c058e6143d5@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ad8ca40ecd77896d51e2@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000edcb3c058e6143d5@google.com
--------------------------------------------------------------------------------
Title: WARNING in mcba_usb_probe/usb_submit_urb
Last occurred: 1 day ago
Reported: 13 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=6daf4bbae6c9c761ac2863d6d23be4cbdaebde7d
Original thread: https://lkml.kernel.org/lkml/000000000000996786058d52cb39@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3bc1dce0cc0052d60fde@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000996786058d52cb39@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in usb_kill_anchored_urbs
Last occurred: 17 days ago
Reported: 42 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=18b605fd212e6e477e038c699430b44ca5946eac
Original thread: https://lkml.kernel.org/lkml/000000000000e84a3a058b0f9307@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+eb6ab607626fd1dac0f1@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000e84a3a058b0f9307@google.com
--------------------------------------------------------------------------------
Title: memory leak in __nf_hook_entries_try_shrink
Last occurred: 16 days ago
Reported: 40 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=a00ae6ea26b62609c1df4d7f0d21e4a7635d8203
Original thread: https://lkml.kernel.org/lkml/0000000000005718ef058b3a0fcf@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+c51f73e78e7e2ce3a31e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005718ef058b3a0fcf@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in do_ip_vs_set_ctl
Last occurred: 29 days ago
Reported: 312 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2
Original thread: https://lkml.kernel.org/lkml/00000000000015a13b0575d8eae8@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+23b5f9e7caf61d9a3898@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000015a13b0575d8eae8@google.com
--------------------------------------------------------------------------------
Title: kernel panic: stack is corrupted in __lock_acquire (4)
Last occurred: 5 days ago
Reported: 43 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=b75c6f861ac07fc8410957c22e74802b4313ec3d
Original thread: https://lkml.kernel.org/lkml/0000000000009b3b80058af452ae@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000009b3b80058af452ae@google.com
--------------------------------------------------------------------------------
Title: memory leak in fdb_create
Last occurred: 29 days ago
Reported: 29 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=7ca7d71ade3608a7f92ac4b8c9c499cf130e68a9
Original thread: https://lkml.kernel.org/lkml/0000000000005e6124058c0cbdbe@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+88533dc8b582309bf3ee@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005e6124058c0cbdbe@google.com
--------------------------------------------------------------------------------
Title: memory leak in rawv6_sendmsg
Last occurred: 30 days ago
Reported: 47 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=4b6cb10258f6d4c0f37be902f90849a02749a333
Original thread: https://lkml.kernel.org/lkml/000000000000fa6b60058aa0559b@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0210b383c62bb2a35e32@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000fa6b60058aa0559b@google.com
--------------------------------------------------------------------------------
Title: general protection fault in drain_workqueue
Last occurred: 12 days ago
Reported: 71 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=4a4b04b94b33e7d1de6f1213355499ab529a3018
Original thread: https://lkml.kernel.org/lkml/000000000000caab290588c4083e@google.com/T/#u
This bug has a syzkaller reproducer only.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+09139d1a5ed6b898e29d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000caab290588c4083e@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in ip_rcv_core
Last occurred: 36 days ago
Reported: 310 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=abe95dc3e3e9667fc23b8d81f29ecad95c6f106f
Original thread: https://lkml.kernel.org/lkml/0000000000002407700575fb00f4@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2e406a9ac75bb71d4b7a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000002407700575fb00f4@google.com
--------------------------------------------------------------------------------
Title: WARNING in wa_nep_create/usb_submit_urb
Last occurred: 13 days ago
Reported: 13 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=a07f49ea1871dcb4a34ff5aff5a46b0fcd8b3523
Original thread: https://lkml.kernel.org/lkml/000000000000acb38c058d51ad4f@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+5da93055dfbb6bc54963@syzkaller.appspotmail.com
If you send any email or patch for this bug, please reply to the original
thread. For the git send-email command to use, or tips on how to reply if the
thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000acb38c058d51ad4f@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Write in skb_release_data (2)
Last occurred: 117 days ago
Reported: 281 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=8340d4b8c7304ff0b43490a1b69ab3833dd7ad20
Original thread: https://lkml.kernel.org/lkml/0000000000003ba80905783e9189@google.com/T/#u
This bug has a C reproducer.
This bug was bisected to:
commit 472c2e07eef045145bc1493cc94a01c87140780a
Author: Eric Dumazet <edumazet@google.com>
Date: Fri Mar 22 15:56:39 2019 +0000
tcp: add one skb cache for tx
The original thread for this bug received 3 replies; the last was 119 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+580be3953ed99133804f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003ba80905783e9189@google.com
--------------------------------------------------------------------------------
Title: general protection fault in ip6_dst_lookup_tail (2)
Last occurred: 34 days ago
Reported: 85 days ago
Branches: bpf-next, linux-next, net, and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=079bd8408abd95b492f127edf0df44ddc09d9405
Original thread: https://lkml.kernel.org/lkml/0000000000006b30f30587a5b569@google.com/T/#u
This bug has a syzkaller reproducer only.
This bug was bisected to:
commit f40b6ae2b612446dc970d7b51eeec47bd1619f82
Author: David Ahern <dsahern@gmail.com>
Date: Thu May 23 03:27:55 2019 +0000
ipv6: Move pcpu cached routes to fib6_nh
The original thread for this bug has received 1 reply, 85 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+58d8f704b86e4e3fb4d3@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000006b30f30587a5b569@google.com
--------------------------------------------------------------------------------
Title: general protection fault in cdev_del
Last occurred: 47 days ago
Reported: 56 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=dc0ead75c30e6aa27153b6cab86194e55e290a98
Original thread: https://lkml.kernel.org/lkml/000000000000532b860589f0669a@google.com/T/#u
This bug has a C reproducer.
No one has replied to the original thread for this bug yet.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+67b2bd0e34f952d0321e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000532b860589f0669a@google.com
--------------------------------------------------------------------------------
Title: INFO: task hung in addrconf_dad_work
Last occurred: 23 days ago
Reported: 157 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=7293d6f37a448b017658dc1001452ff193cdb566
Original thread: https://lkml.kernel.org/lkml/0000000000001d37cd0582003c53@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f4290c15a8ab6dee87c9@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001d37cd0582003c53@google.com
--------------------------------------------------------------------------------
Title: WARNING: ODEBUG bug in netdev_freemem (2)
Last occurred: 0 days ago
Reported: 29 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=96a64fde216dca408a5c25db4e57838c51e435aa
Original thread: https://lkml.kernel.org/lkml/000000000000d6a8ba058c0df076@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug has received 6 replies; the last was 29 days
ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+c4521ac872a4ccc3afec@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000d6a8ba058c0df076@google.com
--------------------------------------------------------------------------------
Title: memory leak in genl_register_family
Last occurred: 28 days ago
Reported: 28 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=e30aad348314bcaacef4466bbce33be5933e08cf
Original thread: https://lkml.kernel.org/lkml/000000000000f5d536058c23ed60@google.com/T/#u
This bug has a syzkaller reproducer only.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+fc577f12f25f2ac3b211@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f5d536058c23ed60@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in __dev_mc_del
Last occurred: 86 days ago
Reported: 309 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=a84ac404cf07db753e289b918981964b540359bd
Original thread: https://lkml.kernel.org/lkml/00000000000011d524057617eb4a@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0ffee94c5c059dbbc2a9@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000011d524057617eb4a@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in __dev_queue_xmit (2)
Last occurred: 1 day ago
Reported: 117 days ago
Branches: bpf-next and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=f9e1abb5bf1d75834c1906398efab4601265cad5
Original thread: https://lkml.kernel.org/lkml/000000000000ee01ef058529d74c@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f8c40b4da41f3e8049c4@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ee01ef058529d74c@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in udpv6_pre_connect
Last occurred: 2 days ago
Reported: 68 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=360cc28d22ff388dcda1dd642c5c77aa4b8b3e2d
Original thread: https://lkml.kernel.org/lkml/0000000000003028060588fac869@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+65f10c5aadc049eb5ef5@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003028060588fac869@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in do_ipv6_getsockopt
Last occurred: 21 days ago
Reported: 21 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=e97be0bf4d30813e951bcc6249e72c592a790164
Original thread: https://lkml.kernel.org/lkml/000000000000607bf4058cb5135c@google.com/T/#u
This bug has a syzkaller reproducer only.
The original thread for this bug has received 1 reply, 21 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+babfdd7368c72aac3875@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000607bf4058cb5135c@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in IP6_ECN_decapsulate
Last occurred: 401 days ago
Reported: 306 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=ca4ff394c64aec3684d0034896290c72a83b7077
Original thread: https://lkml.kernel.org/lkml/000000000000336563057653b9aa@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+bf7e6250c7ce248f3ec9@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000336563057653b9aa@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in tick_sched_handle (3)
Last occurred: 190 days ago
Reported: 246 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=fce6ae4655ae3133b8b7410c3370bb2167c6324d
Original thread: https://lkml.kernel.org/lkml/0000000000007829c8057b0b58ed@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 2 replies; the last was 245 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+999bca54de2ee169c021@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007829c8057b0b58ed@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in strlcpy (2)
Last occurred: 321 days ago
Reported: 312 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=ab0817a1599dd2fbbda6af5d5645ef92596fcb8e
Original thread: https://lkml.kernel.org/lkml/00000000000012463d0575d8eace@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+c86cf7903306a6c201ba@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000012463d0575d8eace@google.com
--------------------------------------------------------------------------------
Title: INFO: trying to register non-static key in __icmp_send
Last occurred: 42 days ago
Reported: 139 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=8375400c5f4e129bf049227adce14e4698a4bc33
Original thread: https://lkml.kernel.org/lkml/000000000000de803205836436dd@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f09d845ad631ed93737b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000de803205836436dd@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in vhci_hub_control
Last occurred: 278 days ago
Reported: 323 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=00aa2c9aba775f0761d3dabd7fb176964685051a
Original thread: https://lkml.kernel.org/lkml/00000000000075c8d70574f40fbc@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+600b03e0cf1b73bb23c4@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000075c8d70574f40fbc@google.com
--------------------------------------------------------------------------------
Title: WARNING: refcount bug in igmp_start_timer
Last occurred: 100 days ago
Reported: 339 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=667f1bd0ab632a49ca3daaa6967cc023b1c5b0c6
Original thread: https://lkml.kernel.org/lkml/0000000000002b42040573b8495a@google.com/T/#u
This bug has a syzkaller reproducer only.
syzbot has bisected this bug, but I think the bisection result is incorrect.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e28037ac1c96d2a86e89@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000002b42040573b8495a@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in sit_tunnel_xmit
Last occurred: 230 days ago
Reported: 361 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=66bbedf52134d2359166806349088d36a6b6a254
Original thread: https://lkml.kernel.org/lkml/00000000000082e3a90571fadb4c@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+782ee96f9147673d8822@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000082e3a90571fadb4c@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in gre_rcv (2)
Last occurred: 140 days ago
Reported: 300 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=cf4a7c5922ce5ad229f97ed1eac213a12d427d1d
Original thread: https://lkml.kernel.org/lkml/0000000000007ce3ae0576c788e5@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+841c053d026900055032@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007ce3ae0576c788e5@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in lock_sock_nested
Last occurred: 81 days ago
Reported: 100 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=a9f61ee7d10b848190610b0fe298bd9030a8288c
Original thread: https://lkml.kernel.org/lkml/000000000000e8cf3805867bd715@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+605a69fff339d9cc221e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000e8cf3805867bd715@google.com
--------------------------------------------------------------------------------
Title: KMSAN: uninit-value in __dev_mc_add
Last occurred: 104 days ago
Reported: 300 days ago
Branches: Mainline (with KMSAN patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=0766d38c656abeace60621896d705743aeefed51
Original thread: https://lkml.kernel.org/lkml/0000000000005e2e530576c6f9ce@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 3 replies; the last was 299 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+001516d86dbe88862cec@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005e2e530576c6f9ce@google.com
--------------------------------------------------------------------------------
Title: INFO: task hung in do_ip_vs_set_ctl (2)
Last occurred: 457 days ago
Reported: 472 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=26aa22915f5e3b7ca2cfca76a939f12c25d624db
Original thread: https://lkml.kernel.org/lkml/94eb2c059ce0bca273056940d77d@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+7810ed2e0cb359580c17@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/94eb2c059ce0bca273056940d77d@google.com
--------------------------------------------------------------------------------
Title: KASAN: null-ptr-deref Read in ip6_hold_safe
Last occurred: 35 days ago
Reported: 190 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=9b5576748203154c7b7703aac19d0a5adc8f987e
Original thread: https://lkml.kernel.org/lkml/00000000000075c0ef057f657b8d@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug received 1 reply, 190 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+8433ca0841e308ef4cc7@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000075c0ef057f657b8d@google.com
--------------------------------------------------------------------------------
Title: INFO: task hung in rtnetlink_rcv_msg
Last occurred: 156 days ago
Reported: 151 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=788ed2c7e973b69fd551ba6b5e21848dba2c1670
Original thread: https://lkml.kernel.org/lkml/000000000000c07a5805827e85d5@google.com/T/#u
This bug has a C reproducer.
The original thread for this bug received 7 replies; the last was 148 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+8218a8a0ff60c19b8eae@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000c07a5805827e85d5@google.com
--------------------------------------------------------------------------------
Title: general protection fault in dev_get_by_index_rcu
Last occurred: 30 days ago
Reported: 152 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=e9d52597e9cbdd22621b6790702c9fefe071af25
Original thread: https://lkml.kernel.org/lkml/00000000000095c8f005826888fd@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+48127bec5a5cd81411e3@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000095c8f005826888fd@google.com
--------------------------------------------------------------------------------
Title: general protection fault in gro_cells_destroy
Last occurred: 30 days ago
Reported: 194 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=1e493023b2e9f4b6738977af63ed5b521201e74a
Original thread: https://lkml.kernel.org/lkml/00000000000029bf02057f1e1596@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6fe674089f9deb9f7726@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000029bf02057f1e1596@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in device_del
Last occurred: 51 days ago
Reported: 50 days ago
Branches: Mainline (with usb-fuzzer patches)
Dashboard link: https://syzkaller.appspot.com/bug?id=2aa2f730c9d353ad29bb92acf8fd0b426ce1b393
Original thread: https://lkml.kernel.org/lkml/000000000000fa11f3058a69d67b@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug has received 2 replies; the last was 47 days
ago.
This looks like a bug in a net USB driver.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+93f2f45b19519b289613@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000fa11f3058a69d67b@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in tcp_sk_exit
Last occurred: 36 days ago
Reported: 167 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=24c7faa7497a843d2c714efffcc747853c55b669
Original thread: https://lkml.kernel.org/lkml/000000000000ddb37c0581329cc5@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f797267da5e5012d0920@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ddb37c0581329cc5@google.com
--------------------------------------------------------------------------------
Title: WARNING in tcp_enter_loss (2)
Last occurred: 448 days ago
Reported: 498 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=b0bacf5645b1e60bbb14015bc0e23b9019621fc4
Original thread: https://groups.google.com/d/msgid/syzkaller-bugs/001a113f39820d16d50567379661%40google.com
This bug has a C reproducer.
For some reason the original report email for this bug is missing from the LKML
archive at lore.kernel.org, so my script couldn't check whether anyone has
replied to it or not. The Google Groups link above should still work, though.
Also try searching for the bug title.
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in ip6_tnl_parse_tlv_enc_lim
Last occurred: 240 days ago
Reported: 309 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=b321cffb2022132bac9c54cbe0adcab20cfdd911
Original thread: https://lkml.kernel.org/lkml/0000000000005175bf057617c71d@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+68dce7caebd8543121de@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005175bf057617c71d@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in ip_send_unicast_reply
Last occurred: 31 days ago
Reported: 167 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=b2fcf1ea1f7f874f9ae3ede65e0f47e82a02b3a1
Original thread: https://lkml.kernel.org/lkml/0000000000005e6094058132a09a@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f1741fbf71635c029556@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000005e6094058132a09a@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in page_get_anon_vma
Last occurred: 26 days ago
Reported: 77 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=c275ff8b0b025c8a9baf06c3799d5c2efb919b56
Original thread: https://lkml.kernel.org/lkml/0000000000008aa0e4058849190e@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ed3e5c9a6a1e30a1bd2a@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008aa0e4058849190e@google.com
--------------------------------------------------------------------------------
Title: WARNING: ODEBUG bug in del_timer (3)
Last occurred: 64 days ago
Reported: 77 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=d1853700c9f62752d8498e05189f5d0f21a55631
Original thread: https://lkml.kernel.org/lkml/000000000000dace5e0588529558@google.com/T/#u
This bug has a syzkaller reproducer only.
The original thread for this bug has received 1 reply, 77 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+13d91ed9bbcd7dc13230@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000dace5e0588529558@google.com
--------------------------------------------------------------------------------
Title: kernel BUG at net/ipv6/route.c:LINE! (2)
Last occurred: 31 days ago
Reported: 197 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=5789609f5b68813f3bf496c9786b9df683dbaa2f
Original thread: https://lkml.kernel.org/lkml/000000000000114562057edb528d@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+be0943c590bb47aefb9e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000114562057edb528d@google.com
--------------------------------------------------------------------------------
Title: INFO: trying to register non-static key in icmp_send
Last occurred: 154 days ago
Reported: 175 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=ea46a31df5253b18deb1e18c429c1483b111cbce
Original thread: https://lkml.kernel.org/lkml/0000000000007cd20e05809c2f96@google.com/T/#u
This bug has a syzkaller reproducer only.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 1 reply, 121 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+e1628a5e87492e6f1b76@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000007cd20e05809c2f96@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in ip6_hold_safe
Last occurred: 37 days ago
Reported: 152 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=16a5da76273f5052f30015161c9bd05153bc1172
Original thread: https://lkml.kernel.org/lkml/0000000000003209980582688c5b@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ec03ae3a032901d10434@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003209980582688c5b@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in tcp_sk_exit
Last occurred: 53 days ago
Reported: 138 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=3901fe419ff5f17d6a1607b7d6d79c629a571946
Original thread: https://lkml.kernel.org/lkml/000000000000071b3c05838536b8@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+dfc9db054bca3a83f4a0@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000071b3c05838536b8@google.com
--------------------------------------------------------------------------------
Title: KASAN: user-memory-access Write in dst_release
Last occurred: 39 days ago
Reported: 197 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=c6269996e9feee38b279462027a03d4e49df1162
Original thread: https://lkml.kernel.org/lkml/000000000000a06f21057edc53c0@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+29ffc731816e0995ad54@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000a06f21057edc53c0@google.com
--------------------------------------------------------------------------------
Title: WARNING in csum_and_copy_to_iter
Last occurred: 243 days ago
Reported: 241 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=602b1f5d93c8e231d50a1424c2fbc3318bcc6833
Original thread: https://lkml.kernel.org/lkml/0000000000001ecaa1057b6e4489@google.com/T/#u
This bug has a syzkaller reproducer only.
The original thread for this bug received 5 replies; the last was 239 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+ce18da013d76d837144d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001ecaa1057b6e4489@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in sch_direct_xmit
Last occurred: 476 days ago
Reported: 553 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=3b9ee8a71fc404315ece5d56076775a2ed19ce1d
Original thread: https://lkml.kernel.org/lkml/089e0825d4a4d2cb2a0562e878f1@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+29cc278357da941e304e@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/089e0825d4a4d2cb2a0562e878f1@google.com
--------------------------------------------------------------------------------
Title: WARNING: bad unlock balance detected! (3)
Last occurred: 119 days ago
Reported: 149 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=342beb2b368a43cbb6533c00d758759b10fbc8d8
Original thread: https://lkml.kernel.org/lkml/000000000000685dc805829e835c@google.com/T/#u
This bug has a syzkaller reproducer only.
syzbot has bisected this bug, but I think the bisection result is incorrect.
The original thread for this bug received 2 replies; the last was 119 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f3e3434787332dfc1c47@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000685dc805829e835c@google.com
--------------------------------------------------------------------------------
Title: inconsistent lock state in ila_xlat_nl_cmd_del_mapping
Last occurred: 337 days ago
Reported: 343 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=be943a4399dcf3ed43bac2694a3b8957c6980409
Original thread: https://lkml.kernel.org/lkml/000000000000ae453e05735dcdb8@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3db64bd48b29a825d2db@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ae453e05735dcdb8@google.com
--------------------------------------------------------------------------------
Title: kernel BUG at net/ipv4/ip_output.c:LINE!
Last occurred: 184 days ago
Reported: 375 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=d582be84c0efa34f4936e12227905b2c18989a25
Original thread: https://lkml.kernel.org/lkml/000000000000f68d660570dcddd8@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+90d5ec0c05e708f3b66d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000f68d660570dcddd8@google.com
--------------------------------------------------------------------------------
Title: KASAN: null-ptr-deref Write in dst_release
Last occurred: 35 days ago
Reported: 197 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=e25580ce7d7f1e6c3bed77954ec56dfd7ce89805
Original thread: https://lkml.kernel.org/lkml/00000000000012073a057edb3996@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1f4f4025b8564c8da9d4@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000012073a057edb3996@google.com
--------------------------------------------------------------------------------
Title: general protection fault in fib6_nh_init
Last occurred: 34 days ago
Reported: 49 days ago
Branches: bpf-next and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=29b9955ae85cdd2f20baf5d975763a446f2783df
Original thread: https://lkml.kernel.org/lkml/0000000000008ee293058a787e2d@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug has received 1 reply, 48 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+1b2927fda48c5bf2e931@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000008ee293058a787e2d@google.com
--------------------------------------------------------------------------------
Title: general protection fault in tcp_v6_connect
Last occurred: 35 days ago
Reported: 52 days ago
Branches: bpf-next and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=71eb43337087b631994f0811b2d84dfbc4bfcfc4
Original thread: https://lkml.kernel.org/lkml/000000000000aa7a27058a3ce9aa@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+5ee26b4e30c45930bd3c@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000aa7a27058a3ce9aa@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in icmp_sk_exit
Last occurred: 140 days ago
Reported: 153 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=0cbaf5f5094157a8d563c6c1cbe5ee20028a8902
Original thread: https://lkml.kernel.org/lkml/000000000000b436ad058255c528@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3d7fa0f0de0f86d0eb4f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000b436ad058255c528@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in bond_get_stats (2)
Last occurred: 64 days ago
Reported: 232 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=ea28d585e25ade2dde266036c70df752bb3a0fcb
Original thread: https://lkml.kernel.org/lkml/000000000000dd0b51057c263f7f@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+de40a1dd58ea38aa9317@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000dd0b51057c263f7f@google.com
--------------------------------------------------------------------------------
Title: inconsistent lock state in ila_xlat_nl_cmd_add_mapping
Last occurred: 337 days ago
Reported: 343 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=481b4913494f0dcabc2e06e3158a3d042abdf985
Original thread: https://lkml.kernel.org/lkml/000000000000b14d8c05735dcdf8@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+eaaf6c4a6a8cb1869d86@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000b14d8c05735dcdf8@google.com
--------------------------------------------------------------------------------
Title: general protection fault in __queue_work
Last occurred: 139 days ago
Reported: 138 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=1401c87c1eac8167422bcdb28cf81647d894e8d2
Original thread: https://lkml.kernel.org/lkml/000000000000aec29a0583853924@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+b26e643d0aa2822e9c87@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000aec29a0583853924@google.com
--------------------------------------------------------------------------------
Title: WARNING in remove_proc_entry (2)
Last occurred: 90 days ago
Reported: 244 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=fab7eb1ff4259eb5e6cb9067cba63ec7b1568b4d
Original thread: https://lkml.kernel.org/lkml/00000000000061c4cf057b306863@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+46d1fec9e51890edb1a6@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000061c4cf057b306863@google.com
--------------------------------------------------------------------------------
Title: general protection fault in __sock_release (2)
Last occurred: 36 days ago
Reported: 174 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=6997b9812b85ed88863bddecad772e8d3659e358
Original thread: https://lkml.kernel.org/lkml/000000000000559d460580ad5eeb@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+38b29941610a1cc735dc@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000559d460580ad5eeb@google.com
--------------------------------------------------------------------------------
Title: WARNING in __static_key_slow_dec_cpuslocked
Last occurred: 80 days ago
Reported: 77 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=753aa2e459553231bb71e1602b2cd27171a06d32
Original thread: https://lkml.kernel.org/lkml/000000000000759a89058848e747@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+a65e6ce239e4afe6c5e7@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000759a89058848e747@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in sk_diag_fill
Last occurred: 65 days ago
Reported: 444 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=3968882ac771e7458b15f8086477f42d7ca6dec0
Original thread: https://lkml.kernel.org/lkml/000000000000169606056b793179@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug received 6 replies; the last was 434 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+c1872be62e587eae9669@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000169606056b793179@google.com
--------------------------------------------------------------------------------
Title: general protection fault in fib6_purge_rt (2)
Last occurred: 43 days ago
Reported: 91 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=e017f309864dbdc2a6926d235e0ce85b6272dcfd
Original thread: https://lkml.kernel.org/lkml/000000000000caeb1c058734c654@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+d53d5d9b6793dc70eb9d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000caeb1c058734c654@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in icmpv6_xrlim_allow
Last occurred: 38 days ago
Reported: 49 days ago
Branches: bpf-next
Dashboard link: https://syzkaller.appspot.com/bug?id=d22f32efcb9496c8fa450f963bcce4d3e4cdf09d
Original thread: https://lkml.kernel.org/lkml/000000000000ae08b2058a785a4c@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+14536436e78408172703@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ae08b2058a785a4c@google.com
--------------------------------------------------------------------------------
Title: KASAN: user-memory-access Write in fib6_purge_rt (2)
Last occurred: 42 days ago
Reported: 49 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=29ea3db1b7655bdcf69bc0e3d8e5901623444640
Original thread: https://lkml.kernel.org/lkml/0000000000003f73d9058a785eec@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+420d3f70afb5d69d5a96@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003f73d9058a785eec@google.com
--------------------------------------------------------------------------------
Title: BUG: spinlock bad magic in __queue_work
Last occurred: 119 days ago
Reported: 167 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=27ee7c254659d57dd99215715f3db0ed20339941
Original thread: https://lkml.kernel.org/lkml/000000000000e063bb0581329cc0@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+636bcaf4b481f6b7343c@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000e063bb0581329cc0@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in genl_rcv (2)
Last occurred: 133 days ago
Reported: 193 days ago
Branches: Mainline
Dashboard link: https://syzkaller.appspot.com/bug?id=f8a6b7d881874def4c37657fac2453f7551a7664
Original thread: https://lkml.kernel.org/lkml/000000000000827dbb057f2b85bb@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+cf29f8ae16ca7ceb483d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000827dbb057f2b85bb@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in fib6_purge_rt (2)
Last occurred: 50 days ago
Reported: 49 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=4174cd9494cb4571668f34ab96fcb2382554e6fb
Original thread: https://lkml.kernel.org/lkml/000000000000b6a7d2058a78736d@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+f4812f31edd866494c9f@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000b6a7d2058a78736d@google.com
--------------------------------------------------------------------------------
Title: KASAN: slab-out-of-bounds Read in fib6_rule_lookup (2)
Last occurred: 52 days ago
Reported: 116 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=148148cb145574b07580d9e34877b4eef587ed31
Original thread: https://lkml.kernel.org/lkml/00000000000021ef3505853f988e@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+49f38f33f3c5d76cb19b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000021ef3505853f988e@google.com
--------------------------------------------------------------------------------
Title: KASAN: wild-memory-access Write in fib6_purge_rt
Last occurred: 86 days ago
Reported: 165 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=e3ed1520f5d50c003569cc69066d780ef2ee9f18
Original thread: https://lkml.kernel.org/lkml/000000000000ca08dd0581649889@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+3dbea54db3674c0d57d6@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ca08dd0581649889@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in try_to_grab_pending
Last occurred: 161 days ago
Reported: 160 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=86c7f0dd3bfa4cd651bb37a04da2cfcabd860225
Original thread: https://lkml.kernel.org/lkml/0000000000006dc0290581ca413e@google.com/T/#u
This bug has a syzkaller reproducer only.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+2b713236b28823cd4dff@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000006dc0290581ca413e@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in skb_queue_tail
Last occurred: 125 days ago
Reported: 477 days ago
Branches: Mainline and others
Dashboard link: https://syzkaller.appspot.com/bug?id=ab5525a0b79efd6a5dbb4deb3ccd3e93d9c03321
Original thread: https://lkml.kernel.org/lkml/0000000000003584570568da18dd@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug received 5 replies; the last was 475 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6b495100f17ca8554ab9@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000003584570568da18dd@google.com
--------------------------------------------------------------------------------
Title: WARNING: locking bug in icmp6_send (2)
Last occurred: 44 days ago
Reported: 42 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=2ccdf5f785fdb1087d9dc106dd8bc71ea9a1fb58
Original thread: https://lkml.kernel.org/lkml/000000000000e64753058b06f83f@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+0ee50f3d30ce6a28b3cd@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000e64753058b06f83f@google.com
--------------------------------------------------------------------------------
Title: general protection fault in ipv6_rcv
Last occurred: 73 days ago
Reported: 136 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=6a14da2954543d26e61aeaefa0098d445854c5c1
Original thread: https://lkml.kernel.org/lkml/0000000000001b05b40583a46fd7@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6c54e67cc0b0c896aa4b@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000001b05b40583a46fd7@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in neigh_change_state
Last occurred: 211 days ago
Reported: 223 days ago
Branches: bpf-next, linux-next, and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=9a91353fc2af7d4f3085766dadc9105304c7e7c4
Original thread: https://lkml.kernel.org/lkml/000000000000029056057cd141cb@google.com/T/#u
This bug has a C reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+6a3c02010a025ac7b7cf@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000029056057cd141cb@google.com
--------------------------------------------------------------------------------
Title: KASAN: use-after-free Read in ip_tunnel_lookup
Last occurred: 114 days ago
Reported: 190 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=0a2ec3432ccfbd144e44c746f5b7b04f7e12c989
Original thread: https://lkml.kernel.org/lkml/00000000000075901d057f6e5a97@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4a0034797afb7e908ab4@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000075901d057f6e5a97@google.com
--------------------------------------------------------------------------------
Title: general protection fault in ip6_dst_hoplimit
Last occurred: 131 days ago
Reported: 126 days ago
Branches: net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=e310a1a3031be03dae5de35cc6dd9782232fdfea
Original thread: https://lkml.kernel.org/lkml/000000000000df93f705846f0963@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
The original thread for this bug received 1 reply, 85 days ago.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+4c869fc20129562c53fa@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000df93f705846f0963@google.com
--------------------------------------------------------------------------------
Title: INFO: rcu detected stall in gc_worker
Last occurred: 97 days ago
Reported: 182 days ago
Branches: net and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=298ba9ab760957e0ead590f868a922d7d74bf59a
Original thread: https://lkml.kernel.org/lkml/000000000000ada99c058010d943@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+655174276c47216abab5@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000ada99c058010d943@google.com
--------------------------------------------------------------------------------
Title: WARNING in fib6_add (2)
Last occurred: 94 days ago
Reported: 235 days ago
Branches: bpf and net-next
Dashboard link: https://syzkaller.appspot.com/bug?id=757f2e8c1748d9d3b453b0ae3c33b1fbfe222d48
Original thread: https://lkml.kernel.org/lkml/0000000000000874de057be144e8@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+60cc5bc1296c8afcf739@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/0000000000000874de057be144e8@google.com
--------------------------------------------------------------------------------
Title: BUG: corrupted list in proto_register
Last occurred: 66 days ago
Reported: 66 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=a56a4bec03bf7561b1ec51fe929cba4018081b92
Original thread: https://lkml.kernel.org/lkml/000000000000e76a90058923eff3@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one has replied to the original thread for this bug yet.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+7bc2817ec0ed18de9079@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/000000000000e76a90058923eff3@google.com
--------------------------------------------------------------------------------
Title: possible deadlock in dev_uc_sync_multiple
Last occurred: 130 days ago
Reported: 130 days ago
Branches: net
Dashboard link: https://syzkaller.appspot.com/bug?id=43071175d7c477c40dd1044a2ce30779a40ca4c0
Original thread: https://lkml.kernel.org/lkml/00000000000019ca8105842a9660@google.com/T/#u
Unfortunately, this bug does not have a reproducer.
No one replied to the original thread for this bug.
If you fix this bug, please add the following tag to the commit:
Reported-by: syzbot+829513abde137358d25d@syzkaller.appspotmail.com
If you send any email or patch for this bug, please consider replying to the
original thread. For the git send-email command to use, or tips on how to reply
if the thread isn't in your mailbox, see the "Reply instructions" at
https://lkml.kernel.org/r/00000000000019ca8105842a9660@google.com
^ permalink raw reply
* Re: [PATCH v2 1/3] mm/gup: add make_dirty arg to put_user_pages_dirty_lock()
From: John Hubbard @ 2019-07-24 1:31 UTC (permalink / raw)
To: john.hubbard, Andrew Morton
Cc: Alexander Viro, Björn Töpel, Boaz Harrosh,
Christoph Hellwig, Daniel Vetter, Dan Williams, Dave Chinner,
David Airlie, David S . Miller, Ilya Dryomov, Jan Kara,
Jason Gunthorpe, Jens Axboe, Jérôme Glisse,
Johannes Thumshirn, Magnus Karlsson, Matthew Wilcox,
Miklos Szeredi, Ming Lei, Sage Weil, Santosh Shilimkar, Yan Zheng,
netdev, dri-devel, linux-mm, linux-rdma, bpf, LKML, Ira Weiny
In-Reply-To: <20190724012606.25844-2-jhubbard@nvidia.com>
On 7/23/19 6:26 PM, john.hubbard@gmail.com wrote:
> From: John Hubbard <jhubbard@nvidia.com>
...
> + * 2) This code sees the page as clean, so it calls
> + * set_page_dirty(). The page stays dirty, despite being
> + * written back, so it gets written back again in the
> + * next writeback cycle. This is harmless.
> + */
> + if (!PageDirty(page))
> + set_page_dirty_lock(page);
> + break;
ahem, the above "break" should not be there, it's an artifact, sorry about
that. Will correct on the next iteration.
thanks,
--
John Hubbard
NVIDIA
> + put_user_page(page);
> + }
> }
> EXPORT_SYMBOL(put_user_pages_dirty_lock);
>
>
^ permalink raw reply
* Re: [PATCH v3 6/7] net: Rename skb_frag_t size to bv_len
From: Matthew Wilcox @ 2019-07-24 1:30 UTC (permalink / raw)
To: Saeed Mahameed; +Cc: davem@davemloft.net, hch@lst.de, netdev@vger.kernel.org
In-Reply-To: <267e43638c85447a5251ce9ca33356da4a8aa3f3.camel@mellanox.com>
On Tue, Jul 23, 2019 at 10:33:59PM +0000, Saeed Mahameed wrote:
> > struct skb_frag_struct {
> > struct page *bv_page;
> > - __u32 size;
> > + unsigned int bv_len;
> > __u32 page_offset;
>
> Why do you keep page_offset name and type as is ? it will make the last
> patch much cleaner if you change it to "unsigned int bv_offset".
We don't have an accessor for page_offset, so there are about 280
occurrences of '>page_offset' in drivers/net/
Feel free to be the hero who does that cleanup.
^ permalink raw reply
* Re: [PATCH v3 4/7] net: Reorder the contents of skb_frag_t
From: Matthew Wilcox @ 2019-07-24 1:28 UTC (permalink / raw)
To: Saeed Mahameed; +Cc: davem@davemloft.net, hch@lst.de, netdev@vger.kernel.org
In-Reply-To: <2b45504e005f88a033405225b04fba0b5dcf2e92.camel@mellanox.com>
On Tue, Jul 23, 2019 at 10:29:06PM +0000, Saeed Mahameed wrote:
> On Fri, 2019-07-12 at 06:43 -0700, Matthew Wilcox wrote:
> > From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
> >
> > Match the layout of bio_vec.
> >
> > Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
> > ---
> > include/linux/skbuff.h | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> > index 7910935410e6..b9dc8b4f24b1 100644
> > --- a/include/linux/skbuff.h
> > +++ b/include/linux/skbuff.h
> > @@ -314,8 +314,8 @@ struct skb_frag_struct {
> > struct {
> > struct page *p;
> > } page;
> > - __u32 page_offset;
> > __u32 size;
> > + __u32 page_offset;
> > };
> >
>
> Why do you need this patch? this struct is going to be removed
> downstream eventually ..
If there's a performance regression, this is the perfect patch to include
as part of the bisection. You'd think that this change could have no
effect, but I've seen weirder things.
^ permalink raw reply
* [PATCH v2 3/3] net/xdp: convert put_page() to put_user_page*()
From: john.hubbard @ 2019-07-24 1:26 UTC (permalink / raw)
To: Andrew Morton
Cc: Alexander Viro, Björn Töpel, Boaz Harrosh,
Christoph Hellwig, Daniel Vetter, Dan Williams, Dave Chinner,
David Airlie, David S . Miller, Ilya Dryomov, Jan Kara,
Jason Gunthorpe, Jens Axboe, Jérôme Glisse,
Johannes Thumshirn, Magnus Karlsson, Matthew Wilcox,
Miklos Szeredi, Ming Lei, Sage Weil, Santosh Shilimkar, Yan Zheng,
netdev, dri-devel, linux-mm, linux-rdma, bpf, LKML, John Hubbard
In-Reply-To: <20190724012606.25844-1-jhubbard@nvidia.com>
From: John Hubbard <jhubbard@nvidia.com>
For pages that were retained via get_user_pages*(), release those pages
via the new put_user_page*() routines, instead of via put_page() or
release_pages().
This is part a tree-wide conversion, as described in commit fc1d8e7cca2d
("mm: introduce put_user_page*(), placeholder versions").
Cc: Björn Töpel <bjorn.topel@intel.com>
Cc: Magnus Karlsson <magnus.karlsson@intel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: John Hubbard <jhubbard@nvidia.com>
---
net/xdp/xdp_umem.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/net/xdp/xdp_umem.c b/net/xdp/xdp_umem.c
index 83de74ca729a..17c4b3d3dc34 100644
--- a/net/xdp/xdp_umem.c
+++ b/net/xdp/xdp_umem.c
@@ -166,14 +166,7 @@ void xdp_umem_clear_dev(struct xdp_umem *umem)
static void xdp_umem_unpin_pages(struct xdp_umem *umem)
{
- unsigned int i;
-
- for (i = 0; i < umem->npgs; i++) {
- struct page *page = umem->pgs[i];
-
- set_page_dirty_lock(page);
- put_page(page);
- }
+ put_user_pages_dirty_lock(umem->pgs, umem->npgs, true);
kfree(umem->pgs);
umem->pgs = NULL;
--
2.22.0
^ permalink raw reply related
* [PATCH v2 2/3] drivers/gpu/drm/via: convert put_page() to put_user_page*()
From: john.hubbard @ 2019-07-24 1:26 UTC (permalink / raw)
To: Andrew Morton
Cc: Alexander Viro, Björn Töpel, Boaz Harrosh,
Christoph Hellwig, Daniel Vetter, Dan Williams, Dave Chinner,
David Airlie, David S . Miller, Ilya Dryomov, Jan Kara,
Jason Gunthorpe, Jens Axboe, Jérôme Glisse,
Johannes Thumshirn, Magnus Karlsson, Matthew Wilcox,
Miklos Szeredi, Ming Lei, Sage Weil, Santosh Shilimkar, Yan Zheng,
netdev, dri-devel, linux-mm, linux-rdma, bpf, LKML, John Hubbard
In-Reply-To: <20190724012606.25844-1-jhubbard@nvidia.com>
From: John Hubbard <jhubbard@nvidia.com>
For pages that were retained via get_user_pages*(), release those pages
via the new put_user_page*() routines, instead of via put_page() or
release_pages().
This is part a tree-wide conversion, as described in commit fc1d8e7cca2d
("mm: introduce put_user_page*(), placeholder versions").
Also reverse the order of a comparison, in order to placate
checkpatch.pl.
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel@lists.freedesktop.org
Signed-off-by: John Hubbard <jhubbard@nvidia.com>
---
drivers/gpu/drm/via/via_dmablit.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/via/via_dmablit.c b/drivers/gpu/drm/via/via_dmablit.c
index 062067438f1d..b5b5bf0ba65e 100644
--- a/drivers/gpu/drm/via/via_dmablit.c
+++ b/drivers/gpu/drm/via/via_dmablit.c
@@ -171,7 +171,6 @@ via_map_blit_for_device(struct pci_dev *pdev,
static void
via_free_sg_info(struct pci_dev *pdev, drm_via_sg_info_t *vsg)
{
- struct page *page;
int i;
switch (vsg->state) {
@@ -186,13 +185,8 @@ via_free_sg_info(struct pci_dev *pdev, drm_via_sg_info_t *vsg)
kfree(vsg->desc_pages);
/* fall through */
case dr_via_pages_locked:
- for (i = 0; i < vsg->num_pages; ++i) {
- if (NULL != (page = vsg->pages[i])) {
- if (!PageReserved(page) && (DMA_FROM_DEVICE == vsg->direction))
- SetPageDirty(page);
- put_page(page);
- }
- }
+ put_user_pages_dirty_lock(vsg->pages, vsg->num_pages,
+ (vsg->direction == DMA_FROM_DEVICE));
/* fall through */
case dr_via_pages_alloc:
vfree(vsg->pages);
--
2.22.0
^ permalink raw reply related
* [PATCH v2 1/3] mm/gup: add make_dirty arg to put_user_pages_dirty_lock()
From: john.hubbard @ 2019-07-24 1:26 UTC (permalink / raw)
To: Andrew Morton
Cc: Alexander Viro, Björn Töpel, Boaz Harrosh,
Christoph Hellwig, Daniel Vetter, Dan Williams, Dave Chinner,
David Airlie, David S . Miller, Ilya Dryomov, Jan Kara,
Jason Gunthorpe, Jens Axboe, Jérôme Glisse,
Johannes Thumshirn, Magnus Karlsson, Matthew Wilcox,
Miklos Szeredi, Ming Lei, Sage Weil, Santosh Shilimkar, Yan Zheng,
netdev, dri-devel, linux-mm, linux-rdma, bpf, LKML, John Hubbard,
Ira Weiny
In-Reply-To: <20190724012606.25844-1-jhubbard@nvidia.com>
From: John Hubbard <jhubbard@nvidia.com>
Provide more capable variation of put_user_pages_dirty_lock(),
and delete put_user_pages_dirty(). This is based on the
following:
1. Lots of call sites become simpler if a bool is passed
into put_user_page*(), instead of making the call site
choose which put_user_page*() variant to call.
2. Christoph Hellwig's observation that set_page_dirty_lock()
is usually correct, and set_page_dirty() is usually a
bug, or at least questionable, within a put_user_page*()
calling chain.
This leads to the following API choices:
* put_user_pages_dirty_lock(page, npages, make_dirty)
* There is no put_user_pages_dirty(). You have to
hand code that, in the rare case that it's
required.
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Signed-off-by: John Hubbard <jhubbard@nvidia.com>
---
drivers/infiniband/core/umem.c | 5 +-
drivers/infiniband/hw/hfi1/user_pages.c | 5 +-
drivers/infiniband/hw/qib/qib_user_pages.c | 5 +-
drivers/infiniband/hw/usnic/usnic_uiom.c | 5 +-
drivers/infiniband/sw/siw/siw_mem.c | 8 +-
include/linux/mm.h | 5 +-
mm/gup.c | 116 +++++++++------------
7 files changed, 59 insertions(+), 90 deletions(-)
diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
index 08da840ed7ee..965cf9dea71a 100644
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -54,10 +54,7 @@ static void __ib_umem_release(struct ib_device *dev, struct ib_umem *umem, int d
for_each_sg_page(umem->sg_head.sgl, &sg_iter, umem->sg_nents, 0) {
page = sg_page_iter_page(&sg_iter);
- if (umem->writable && dirty)
- put_user_pages_dirty_lock(&page, 1);
- else
- put_user_page(page);
+ put_user_pages_dirty_lock(&page, 1, umem->writable && dirty);
}
sg_free_table(&umem->sg_head);
diff --git a/drivers/infiniband/hw/hfi1/user_pages.c b/drivers/infiniband/hw/hfi1/user_pages.c
index b89a9b9aef7a..469acb961fbd 100644
--- a/drivers/infiniband/hw/hfi1/user_pages.c
+++ b/drivers/infiniband/hw/hfi1/user_pages.c
@@ -118,10 +118,7 @@ int hfi1_acquire_user_pages(struct mm_struct *mm, unsigned long vaddr, size_t np
void hfi1_release_user_pages(struct mm_struct *mm, struct page **p,
size_t npages, bool dirty)
{
- if (dirty)
- put_user_pages_dirty_lock(p, npages);
- else
- put_user_pages(p, npages);
+ put_user_pages_dirty_lock(p, npages, dirty);
if (mm) { /* during close after signal, mm can be NULL */
atomic64_sub(npages, &mm->pinned_vm);
diff --git a/drivers/infiniband/hw/qib/qib_user_pages.c b/drivers/infiniband/hw/qib/qib_user_pages.c
index bfbfbb7e0ff4..6bf764e41891 100644
--- a/drivers/infiniband/hw/qib/qib_user_pages.c
+++ b/drivers/infiniband/hw/qib/qib_user_pages.c
@@ -40,10 +40,7 @@
static void __qib_release_user_pages(struct page **p, size_t num_pages,
int dirty)
{
- if (dirty)
- put_user_pages_dirty_lock(p, num_pages);
- else
- put_user_pages(p, num_pages);
+ put_user_pages_dirty_lock(p, num_pages, dirty);
}
/**
diff --git a/drivers/infiniband/hw/usnic/usnic_uiom.c b/drivers/infiniband/hw/usnic/usnic_uiom.c
index 0b0237d41613..62e6ffa9ad78 100644
--- a/drivers/infiniband/hw/usnic/usnic_uiom.c
+++ b/drivers/infiniband/hw/usnic/usnic_uiom.c
@@ -75,10 +75,7 @@ static void usnic_uiom_put_pages(struct list_head *chunk_list, int dirty)
for_each_sg(chunk->page_list, sg, chunk->nents, i) {
page = sg_page(sg);
pa = sg_phys(sg);
- if (dirty)
- put_user_pages_dirty_lock(&page, 1);
- else
- put_user_page(page);
+ put_user_pages_dirty_lock(&page, 1, dirty);
usnic_dbg("pa: %pa\n", &pa);
}
kfree(chunk);
diff --git a/drivers/infiniband/sw/siw/siw_mem.c b/drivers/infiniband/sw/siw/siw_mem.c
index 67171c82b0c4..358d440efa11 100644
--- a/drivers/infiniband/sw/siw/siw_mem.c
+++ b/drivers/infiniband/sw/siw/siw_mem.c
@@ -65,13 +65,7 @@ static void siw_free_plist(struct siw_page_chunk *chunk, int num_pages,
{
struct page **p = chunk->plist;
- while (num_pages--) {
- if (!PageDirty(*p) && dirty)
- put_user_pages_dirty_lock(p, 1);
- else
- put_user_page(*p);
- p++;
- }
+ put_user_pages_dirty_lock(chunk->plist, num_pages, dirty);
}
void siw_umem_release(struct siw_umem *umem, bool dirty)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 0334ca97c584..9759b6a24420 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1057,8 +1057,9 @@ static inline void put_user_page(struct page *page)
put_page(page);
}
-void put_user_pages_dirty(struct page **pages, unsigned long npages);
-void put_user_pages_dirty_lock(struct page **pages, unsigned long npages);
+void put_user_pages_dirty_lock(struct page **pages, unsigned long npages,
+ bool make_dirty);
+
void put_user_pages(struct page **pages, unsigned long npages);
#if defined(CONFIG_SPARSEMEM) && !defined(CONFIG_SPARSEMEM_VMEMMAP)
diff --git a/mm/gup.c b/mm/gup.c
index 98f13ab37bac..d14bd362ec28 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -29,85 +29,71 @@ struct follow_page_context {
unsigned int page_mask;
};
-typedef int (*set_dirty_func_t)(struct page *page);
-
-static void __put_user_pages_dirty(struct page **pages,
- unsigned long npages,
- set_dirty_func_t sdf)
-{
- unsigned long index;
-
- for (index = 0; index < npages; index++) {
- struct page *page = compound_head(pages[index]);
-
- /*
- * Checking PageDirty at this point may race with
- * clear_page_dirty_for_io(), but that's OK. Two key cases:
- *
- * 1) This code sees the page as already dirty, so it skips
- * the call to sdf(). That could happen because
- * clear_page_dirty_for_io() called page_mkclean(),
- * followed by set_page_dirty(). However, now the page is
- * going to get written back, which meets the original
- * intention of setting it dirty, so all is well:
- * clear_page_dirty_for_io() goes on to call
- * TestClearPageDirty(), and write the page back.
- *
- * 2) This code sees the page as clean, so it calls sdf().
- * The page stays dirty, despite being written back, so it
- * gets written back again in the next writeback cycle.
- * This is harmless.
- */
- if (!PageDirty(page))
- sdf(page);
-
- put_user_page(page);
- }
-}
-
/**
- * put_user_pages_dirty() - release and dirty an array of gup-pinned pages
- * @pages: array of pages to be marked dirty and released.
+ * put_user_pages_dirty_lock() - release and optionally dirty gup-pinned pages
+ * @pages: array of pages to be maybe marked dirty, and definitely released.
* @npages: number of pages in the @pages array.
+ * @make_dirty: whether to mark the pages dirty
*
* "gup-pinned page" refers to a page that has had one of the get_user_pages()
* variants called on that page.
*
* For each page in the @pages array, make that page (or its head page, if a
- * compound page) dirty, if it was previously listed as clean. Then, release
- * the page using put_user_page().
+ * compound page) dirty, if @make_dirty is true, and if the page was previously
+ * listed as clean. In any case, releases all pages using put_user_page(),
+ * possibly via put_user_pages(), for the non-dirty case.
*
* Please see the put_user_page() documentation for details.
*
- * set_page_dirty(), which does not lock the page, is used here.
- * Therefore, it is the caller's responsibility to ensure that this is
- * safe. If not, then put_user_pages_dirty_lock() should be called instead.
+ * set_page_dirty_lock() is used internally. If instead, set_page_dirty() is
+ * required, then the caller should a) verify that this is really correct,
+ * because _lock() is usually required, and b) hand code it:
+ * set_page_dirty_lock(), put_user_page().
*
*/
-void put_user_pages_dirty(struct page **pages, unsigned long npages)
+void put_user_pages_dirty_lock(struct page **pages, unsigned long npages,
+ bool make_dirty)
{
- __put_user_pages_dirty(pages, npages, set_page_dirty);
-}
-EXPORT_SYMBOL(put_user_pages_dirty);
+ unsigned long index;
-/**
- * put_user_pages_dirty_lock() - release and dirty an array of gup-pinned pages
- * @pages: array of pages to be marked dirty and released.
- * @npages: number of pages in the @pages array.
- *
- * For each page in the @pages array, make that page (or its head page, if a
- * compound page) dirty, if it was previously listed as clean. Then, release
- * the page using put_user_page().
- *
- * Please see the put_user_page() documentation for details.
- *
- * This is just like put_user_pages_dirty(), except that it invokes
- * set_page_dirty_lock(), instead of set_page_dirty().
- *
- */
-void put_user_pages_dirty_lock(struct page **pages, unsigned long npages)
-{
- __put_user_pages_dirty(pages, npages, set_page_dirty_lock);
+ /*
+ * TODO: this can be optimized for huge pages: if a series of pages is
+ * physically contiguous and part of the same compound page, then a
+ * single operation to the head page should suffice.
+ */
+
+ if (!make_dirty) {
+ put_user_pages(pages, npages);
+ return;
+ }
+
+ for (index = 0; index < npages; index++) {
+ struct page *page = compound_head(pages[index]);
+ /*
+ * Checking PageDirty at this point may race with
+ * clear_page_dirty_for_io(), but that's OK. Two key
+ * cases:
+ *
+ * 1) This code sees the page as already dirty, so it
+ * skips the call to set_page_dirty(). That could happen
+ * because clear_page_dirty_for_io() called
+ * page_mkclean(), followed by set_page_dirty().
+ * However, now the page is going to get written back,
+ * which meets the original intention of setting it
+ * dirty, so all is well: clear_page_dirty_for_io() goes
+ * on to call TestClearPageDirty(), and write the page
+ * back.
+ *
+ * 2) This code sees the page as clean, so it calls
+ * set_page_dirty(). The page stays dirty, despite being
+ * written back, so it gets written back again in the
+ * next writeback cycle. This is harmless.
+ */
+ if (!PageDirty(page))
+ set_page_dirty_lock(page);
+ break;
+ put_user_page(page);
+ }
}
EXPORT_SYMBOL(put_user_pages_dirty_lock);
--
2.22.0
^ permalink raw reply related
* [PATCH v2 0/3] mm/gup: add make_dirty arg to put_user_pages_dirty_lock()
From: john.hubbard @ 2019-07-24 1:26 UTC (permalink / raw)
To: Andrew Morton
Cc: Alexander Viro, Björn Töpel, Boaz Harrosh,
Christoph Hellwig, Daniel Vetter, Dan Williams, Dave Chinner,
David Airlie, David S . Miller, Ilya Dryomov, Jan Kara,
Jason Gunthorpe, Jens Axboe, Jérôme Glisse,
Johannes Thumshirn, Magnus Karlsson, Matthew Wilcox,
Miklos Szeredi, Ming Lei, Sage Weil, Santosh Shilimkar, Yan Zheng,
netdev, dri-devel, linux-mm, linux-rdma, bpf, LKML, John Hubbard
From: John Hubbard <jhubbard@nvidia.com>
Changes since v1:
* Instead of providing __put_user_pages(), add an argument to
put_user_pages_dirty_lock(), and delete put_user_pages_dirty().
This is based on the following points:
1. Lots of call sites become simpler if a bool is passed
into put_user_page*(), instead of making the call site
choose which put_user_page*() variant to call.
2. Christoph Hellwig's observation that set_page_dirty_lock()
is usually correct, and set_page_dirty() is usually a
bug, or at least questionable, within a put_user_page*()
calling chain.
* Added the Infiniband driver back to the patch series, because it is
a caller of put_user_pages_dirty_lock().
Unchanged parts from the v1 cover letter (except for the diffstat):
Notes about the remaining patches to come:
There are about 50+ patches in my tree [2], and I'll be sending out the
remaining ones in a few more groups:
* The block/bio related changes (Jerome mostly wrote those, but I've
had to move stuff around extensively, and add a little code)
* mm/ changes
* other subsystem patches
* an RFC that shows the current state of the tracking patch set. That
can only be applied after all call sites are converted, but it's
good to get an early look at it.
This is part a tree-wide conversion, as described in commit fc1d8e7cca2d
("mm: introduce put_user_page*(), placeholder versions").
John Hubbard (3):
mm/gup: add make_dirty arg to put_user_pages_dirty_lock()
drivers/gpu/drm/via: convert put_page() to put_user_page*()
net/xdp: convert put_page() to put_user_page*()
drivers/gpu/drm/via/via_dmablit.c | 10 +-
drivers/infiniband/core/umem.c | 5 +-
drivers/infiniband/hw/hfi1/user_pages.c | 5 +-
drivers/infiniband/hw/qib/qib_user_pages.c | 5 +-
drivers/infiniband/hw/usnic/usnic_uiom.c | 5 +-
drivers/infiniband/sw/siw/siw_mem.c | 8 +-
include/linux/mm.h | 5 +-
mm/gup.c | 116 +++++++++------------
net/xdp/xdp_umem.c | 9 +-
9 files changed, 62 insertions(+), 106 deletions(-)
--
2.22.0
^ permalink raw reply
* Re: [PATCH v4 net-next 02/19] ionic: Add hardware init and device commands
From: Shannon Nelson @ 2019-07-24 0:25 UTC (permalink / raw)
To: Saeed Mahameed, netdev@vger.kernel.org, davem@davemloft.net
In-Reply-To: <a402ea5d2badda79cf205e790d3eb967f2cb7084.camel@mellanox.com>
On 7/23/19 4:47 PM, Saeed Mahameed wrote:
> On Mon, 2019-07-22 at 14:40 -0700, Shannon Nelson wrote:
>> The ionic device has a small set of PCI registers, including a
>> device control and data space, and a large set of message
>> commands.
>>
>> Signed-off-by: Shannon Nelson <snelson@pensando.io>
>> ---
>> drivers/net/ethernet/pensando/ionic/Makefile | 2 +-
>> drivers/net/ethernet/pensando/ionic/ionic.h | 20 +
>> .../net/ethernet/pensando/ionic/ionic_bus.h | 1 +
>> .../ethernet/pensando/ionic/ionic_bus_pci.c | 140 +-
>> .../ethernet/pensando/ionic/ionic_debugfs.c | 67 +
>> .../ethernet/pensando/ionic/ionic_debugfs.h | 28 +
>> .../net/ethernet/pensando/ionic/ionic_dev.c | 132 +
>> .../net/ethernet/pensando/ionic/ionic_dev.h | 144 +
>> .../net/ethernet/pensando/ionic/ionic_if.h | 2552
>> +++++++++++++++++
>> .../net/ethernet/pensando/ionic/ionic_main.c | 296 ++
>> .../net/ethernet/pensando/ionic/ionic_regs.h | 133 +
>> 11 files changed, 3512 insertions(+), 3 deletions(-)
>> create mode 100644
>> drivers/net/ethernet/pensando/ionic/ionic_debugfs.c
>> create mode 100644
>> drivers/net/ethernet/pensando/ionic/ionic_debugfs.h
>> create mode 100644 drivers/net/ethernet/pensando/ionic/ionic_dev.c
>> create mode 100644 drivers/net/ethernet/pensando/ionic/ionic_dev.h
>> create mode 100644 drivers/net/ethernet/pensando/ionic/ionic_if.h
>> create mode 100644 drivers/net/ethernet/pensando/ionic/ionic_regs.h
>>
> [...]
>
>> static void ionic_remove(struct pci_dev *pdev)
>> {
>> struct ionic *ionic = pci_get_drvdata(pdev);
>>
>> - devm_kfree(&pdev->dev, ionic);
>> + if (ionic) {
> nit, in case you are doing another re-spin maybe early return here:
> if (!ionic)
> return;
> //do stuff
Sure
>
>> + ionic_reset(ionic);
>> + ionic_dev_teardown(ionic);
>> + ionic_unmap_bars(ionic);
>> + pci_release_regions(pdev);
>> + pci_clear_master(pdev);
>> + pci_disable_sriov(pdev);
>> + pci_disable_device(pdev);
>> + ionic_debugfs_del_dev(ionic);
>> + mutex_destroy(&ionic->dev_cmd_lock);
>> +
>> + devm_kfree(&pdev->dev, ionic);
>> + }
>> }
>>
> [...]
>
>>
>> +
>> +/* Devcmd Interface */
>> +u8 ionic_dev_cmd_status(struct ionic_dev *idev)
>> +{
>> + return ioread8(&idev->dev_cmd_regs->comp.comp.status);
>> +}
>> +
>> +bool ionic_dev_cmd_done(struct ionic_dev *idev)
>> +{
>> + return ioread32(&idev->dev_cmd_regs->done) & DEV_CMD_DONE;
>> +}
>> +
>> +void ionic_dev_cmd_comp(struct ionic_dev *idev, union dev_cmd_comp
>> *comp)
>> +{
>> + memcpy_fromio(comp, &idev->dev_cmd_regs->comp, sizeof(*comp));
>> +}
>> +
>> +void ionic_dev_cmd_go(struct ionic_dev *idev, union dev_cmd *cmd)
>> +{
>> + memcpy_toio(&idev->dev_cmd_regs->cmd, cmd, sizeof(*cmd));
>> + iowrite32(0, &idev->dev_cmd_regs->done);
>> + iowrite32(1, &idev->dev_cmd_regs->doorbell);
>> +}
>> +
>> +/* Device commands */
>> +void ionic_dev_cmd_identify(struct ionic_dev *idev, u8 ver)
>> +{
>> + union dev_cmd cmd = {
>> + .identify.opcode = CMD_OPCODE_IDENTIFY,
>> + .identify.ver = ver,
>> + };
>> +
>> + ionic_dev_cmd_go(idev, &cmd);
>> +}
>> +
>> +void ionic_dev_cmd_init(struct ionic_dev *idev)
>> +{
>> + union dev_cmd cmd = {
>> + .init.opcode = CMD_OPCODE_INIT,
>> + .init.type = 0,
>> + };
>> +
>> + ionic_dev_cmd_go(idev, &cmd);
>> +}
>> +
>> +void ionic_dev_cmd_reset(struct ionic_dev *idev)
>> +{
>> + union dev_cmd cmd = {
>> + .reset.opcode = CMD_OPCODE_RESET,
>> + };
>> +
>> + ionic_dev_cmd_go(idev, &cmd);
>> +}
> [...]
>
>> +int ionic_dev_cmd_wait(struct ionic *ionic, unsigned long
>> max_seconds)
>> +{
>> + struct ionic_dev *idev = &ionic->idev;
>> + unsigned long max_wait, start_time, duration;
>> + int opcode;
>> + int done;
>> + int err;
>> +
>> + WARN_ON(in_interrupt());
>> +
>> + /* Wait for dev cmd to complete, retrying if we get EAGAIN,
>> + * but don't wait any longer than max_seconds.
>> + */
>> + max_wait = jiffies + (max_seconds * HZ);
>> +try_again:
>> + start_time = jiffies;
>> + do {
>> + done = ionic_dev_cmd_done(idev);
> READ_ONCE required here ? to read from coherent memory modified
> by the device and read by the driver ?
Good idea, I'll add that in.
>
>> + if (done)
>> + break;
>> + msleep(20);
>> + } while (!done && time_before(jiffies, max_wait));
> so your command interface is busy polling based, i am relating here to
> Dave's comment regarding async command completion, is it possible to
> have interrupt (MSIX?) based command completion in this hw ?
As I wrote elsewhere, this is only the low-level dev_cmd that does
polling; the adminq does a wait that is completed by an MSI-x handler.
sln
^ permalink raw reply
* Re: [PATCH v4 net-next 11/19] ionic: Add Rx filter and rx_mode ndo support
From: Shannon Nelson @ 2019-07-24 0:19 UTC (permalink / raw)
To: David Miller; +Cc: netdev
In-Reply-To: <20190723.160628.20093803405793483.davem@davemloft.net>
On 7/23/19 4:06 PM, David Miller wrote:
> From: Shannon Nelson <snelson@pensando.io>
> Date: Tue, 23 Jul 2019 15:50:43 -0700
>
>> On 7/23/19 2:33 PM, David Miller wrote:
>>> Generally interface address changes are expected to be synchronous.
>> Yeah, this bothers me a bit as well, but the address change calls come
>> in under spin_lock_bh(), and I'm reluctant to make an AdminQ call
>> under the _bh that could block for a few seconds.
> So it's not about memory allocation but rather the fact that the device
> might take a while to complete?
Memory allocation may or may not be involved, but yes, mainly we're
doing another spin_lock on a firmware command that waits for an ACK or
ERROR answer, and in extreme cases could possibly timeout on a dead
firmware. I know that i40e and ice do much the same thing, and I
believe mlx5 as well, for the same reasons. I suspect others do as well.
> Can you start the operation synchronously yet complete it async?
This could be possible, but would likely require a bunch more messy
logic to track async AdminQ requests, that otherwise is unnecessary.
sln
^ permalink raw reply
* Re: [PATCH v4 net-next 11/19] ionic: Add Rx filter and rx_mode ndo support
From: Shannon Nelson @ 2019-07-24 0:19 UTC (permalink / raw)
To: Saeed Mahameed, davem@davemloft.net; +Cc: netdev@vger.kernel.org
In-Reply-To: <ba8349adaea24d955be3e98abf9ade59b0a9f580.camel@mellanox.com>
On 7/23/19 4:54 PM, Saeed Mahameed wrote:
> On Tue, 2019-07-23 at 16:06 -0700, David Miller wrote:
>> From: Shannon Nelson <snelson@pensando.io>
>> Date: Tue, 23 Jul 2019 15:50:43 -0700
>>
>>> On 7/23/19 2:33 PM, David Miller wrote:
>>>> Generally interface address changes are expected to be
>>>> synchronous.
>>> Yeah, this bothers me a bit as well, but the address change calls
>>> come
>>> in under spin_lock_bh(), and I'm reluctant to make an AdminQ call
>>> under the _bh that could block for a few seconds.
>> So it's not about memory allocation but rather the fact that the
>> device
>> might take a while to complete?
>>
>> Can you start the operation synchronously yet complete it async?
> The driver is doing busy polling on command completion, doing only busy
> polling on completion status in the deferred work will not be much
> different than what they have now..
>
> async completion will only make since if the hardware supports
> interrupt based (MSI-x) command completion.
Actually, there are two different command paths - one for basic
low-level setup, and one for more advanced work:
- dev_cmd does indeed do polling on PCI register space, and we try to
keep this to a minimum
- adminq does a wait_for_completion_timeout() which gets completed in an
MSI-x handler
The rx_mode related work goes through adminq.
Yes, it could be made async, but would the extra logic needed buy us
that much? We already know this model works in other drivers. We
wouldn't get the address into the hardware any quicker, and we still
wouldn't get any errors from the request back to the original call.
sln
^ permalink raw reply
* Re: [bpf-next 3/6] bpf: add bpf_tcp_gen_syncookie helper
From: Petar Penkov @ 2019-07-24 0:15 UTC (permalink / raw)
To: Toke Høiland-Jørgensen
Cc: Petar Penkov, Networking, bpf, David S . Miller,
Alexei Starovoitov, Daniel Borkmann, Eric Dumazet, lmb,
Stanislav Fomichev
In-Reply-To: <8736ix3p8h.fsf@toke.dk>
On Tue, Jul 23, 2019 at 5:33 AM Toke Høiland-Jørgensen <toke@redhat.com> wrote:
>
> Petar Penkov <ppenkov.kernel@gmail.com> writes:
>
> > From: Petar Penkov <ppenkov@google.com>
> >
> > This helper function allows BPF programs to try to generate SYN
> > cookies, given a reference to a listener socket. The function works
> > from XDP and with an skb context since bpf_skc_lookup_tcp can lookup a
> > socket in both cases.
> >
> > Signed-off-by: Petar Penkov <ppenkov@google.com>
> > Suggested-by: Eric Dumazet <edumazet@google.com>
> > ---
> > include/uapi/linux/bpf.h | 30 ++++++++++++++++-
> > net/core/filter.c | 73 ++++++++++++++++++++++++++++++++++++++++
> > 2 files changed, 102 insertions(+), 1 deletion(-)
> >
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index 6f68438aa4ed..20baee7b2219 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -2713,6 +2713,33 @@ union bpf_attr {
> > * **-EPERM** if no permission to send the *sig*.
> > *
> > * **-EAGAIN** if bpf program can try again.
> > + *
> > + * s64 bpf_tcp_gen_syncookie(struct bpf_sock *sk, void *iph, u32 iph_len, struct tcphdr *th, u32 th_len)
> > + * Description
> > + * Try to issue a SYN cookie for the packet with corresponding
> > + * IP/TCP headers, *iph* and *th*, on the listening socket in *sk*.
> > + *
> > + * *iph* points to the start of the IPv4 or IPv6 header, while
> > + * *iph_len* contains **sizeof**\ (**struct iphdr**) or
> > + * **sizeof**\ (**struct ip6hdr**).
> > + *
> > + * *th* points to the start of the TCP header, while *th_len*
> > + * contains the length of the TCP header.
> > + *
> > + * Return
> > + * On success, lower 32 bits hold the generated SYN cookie in
> > + * followed by 16 bits which hold the MSS value for that cookie,
> > + * and the top 16 bits are unused.
> > + *
> > + * On failure, the returned value is one of the following:
> > + *
> > + * **-EINVAL** SYN cookie cannot be issued due to error
> > + *
> > + * **-ENOENT** SYN cookie should not be issued (no SYN flood)
> > + *
> > + * **-ENOTSUPP** kernel configuration does not enable SYN
> > cookies
>
> nit: This should be EOPNOTSUPP - the other one is for NFS...
Will correct this in a v2, thanks for catching that!
>
> > + *
> > + * **-EPROTONOSUPPORT** IP packet version is not 4 or 6
> > */
> > #define __BPF_FUNC_MAPPER(FN) \
> > FN(unspec), \
> > @@ -2824,7 +2851,8 @@ union bpf_attr {
> > FN(strtoul), \
> > FN(sk_storage_get), \
> > FN(sk_storage_delete), \
> > - FN(send_signal),
> > + FN(send_signal), \
> > + FN(tcp_gen_syncookie),
> >
> > /* integer value in 'imm' field of BPF_CALL instruction selects which helper
> > * function eBPF program intends to call
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 47f6386fb17a..92114271eff6 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -5850,6 +5850,75 @@ static const struct bpf_func_proto bpf_tcp_check_syncookie_proto = {
> > .arg5_type = ARG_CONST_SIZE,
> > };
> >
> > +BPF_CALL_5(bpf_tcp_gen_syncookie, struct sock *, sk, void *, iph, u32, iph_len,
> > + struct tcphdr *, th, u32, th_len)
> > +{
> > +#ifdef CONFIG_SYN_COOKIES
> > + u32 cookie;
> > + u16 mss;
> > +
> > + if (unlikely(th_len < sizeof(*th) || th_len != th->doff * 4))
> > + return -EINVAL;
> > +
> > + if (sk->sk_protocol != IPPROTO_TCP || sk->sk_state != TCP_LISTEN)
> > + return -EINVAL;
> > +
> > + if (!sock_net(sk)->ipv4.sysctl_tcp_syncookies)
> > + return -ENOENT;
> > +
> > + if (!th->syn || th->ack || th->fin || th->rst)
> > + return -EINVAL;
> > +
> > + if (unlikely(iph_len < sizeof(struct iphdr)))
> > + return -EINVAL;
> > +
> > + /* Both struct iphdr and struct ipv6hdr have the version field at the
> > + * same offset so we can cast to the shorter header (struct iphdr).
> > + */
> > + switch (((struct iphdr *)iph)->version) {
> > + case 4:
> > + if (sk->sk_family == AF_INET6 && sk->sk_ipv6only)
> > + return -EINVAL;
> > +
> > + mss = tcp_v4_get_syncookie(sk, iph, th, &cookie);
> > + break;
> > +
> > +#if IS_BUILTIN(CONFIG_IPV6)
> > + case 6:
> > + if (unlikely(iph_len < sizeof(struct ipv6hdr)))
> > + return -EINVAL;
> > +
> > + if (sk->sk_family != AF_INET6)
> > + return -EINVAL;
> > +
> > + mss = tcp_v6_get_syncookie(sk, iph, th, &cookie);
> > + break;
> > +#endif /* CONFIG_IPV6 */
> > +
> > + default:
> > + return -EPROTONOSUPPORT;
> > + }
> > + if (mss <= 0)
> > + return -ENOENT;
> > +
> > + return cookie | ((u64)mss << 32);
> > +#else
> > + return -ENOTSUPP;
>
> See above
>
> > +#endif /* CONFIG_SYN_COOKIES */
> > +}
> > +
> > +static const struct bpf_func_proto bpf_tcp_gen_syncookie_proto = {
> > + .func = bpf_tcp_gen_syncookie,
> > + .gpl_only = true, /* __cookie_v*_init_sequence() is GPL */
> > + .pkt_access = true,
> > + .ret_type = RET_INTEGER,
> > + .arg1_type = ARG_PTR_TO_SOCK_COMMON,
> > + .arg2_type = ARG_PTR_TO_MEM,
> > + .arg3_type = ARG_CONST_SIZE,
> > + .arg4_type = ARG_PTR_TO_MEM,
> > + .arg5_type = ARG_CONST_SIZE,
> > +};
> > +
> > #endif /* CONFIG_INET */
> >
> > bool bpf_helper_changes_pkt_data(void *func)
> > @@ -6135,6 +6204,8 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> > return &bpf_tcp_check_syncookie_proto;
> > case BPF_FUNC_skb_ecn_set_ce:
> > return &bpf_skb_ecn_set_ce_proto;
> > + case BPF_FUNC_tcp_gen_syncookie:
> > + return &bpf_tcp_gen_syncookie_proto;
> > #endif
> > default:
> > return bpf_base_func_proto(func_id);
> > @@ -6174,6 +6245,8 @@ xdp_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> > return &bpf_xdp_skc_lookup_tcp_proto;
> > case BPF_FUNC_tcp_check_syncookie:
> > return &bpf_tcp_check_syncookie_proto;
> > + case BPF_FUNC_tcp_gen_syncookie:
> > + return &bpf_tcp_gen_syncookie_proto;
> > #endif
> > default:
> > return bpf_base_func_proto(func_id);
> > --
> > 2.22.0.657.g960e92d24f-goog
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox