Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp710776ybt; Fri, 19 Jun 2020 11:41:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvhZE+0DU+rYTiLuruC4sfJUbV5w/pHplgYFmXctK7cPE80X4H7V2sWoVh7Jiw+YcWLpDl X-Received: by 2002:a50:c359:: with SMTP id q25mr4847733edb.123.1592592099544; Fri, 19 Jun 2020 11:41:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592592099; cv=none; d=google.com; s=arc-20160816; b=IjEslTt2wMtZQdyrku+eDsIi8owrATzhoOXjkjLOqnZ3yjlgaXBtB3ILrlQWctrxuv RfIFb5WEOiMAYdiUskGLSiLZFS8KOwkUjaQDkGHffmpeL/340okXbtkT7cO+spHBbeFa HNaPNQ9jZ7PZ+nmDP+ABOs4VbEVoERK6ceyFOArDmsa5Ty+8AC2PRHIGQIQ9uKGc2Gbc 3a5TsRUyzvsBMNXUXljF33rVw3/n3R5FvsdV/+aFem7LahWaVOxMiI9O80jjdEmmI98F 8N8kZ7f0jfJvtQtS9PjpimTM8HA4cYLsQeMVEsiHgW90ePobkPlTV/hPy/Hc6W2XPi7S 80Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=wbJI152qssqOWtziPtdEdXiSpTr2vnRGCFIl512KL2Q=; b=dC6KsFESrtjrrXNFL+XO/xypWr4xRZPbjbl3aRb5BughodlaYEMwo5Qy9T5PUtkIsS cdE66h20i5bfqMzeufYX6MtISbTYIdm9Ze8A4XRH/xwMdZs+uhKWsC0WG8JrQgGc+c9I ZEvQhGC4T6XMIdUc0AKq0ufkkI6wE2pldyyjPyzKICxYNiLJwvdKA5NPQYP1H4Yzpxj8 /CrzoIJQnjoXgs1yc1TzCpfDPtO8BR9uFCG2tzQJxGUKTV8Dx3DcD6/ymPUB8hQQYGQC 7JZA9LKrhuXCpmg1cuWKKMyoM6dBiyskjVtYO9wEnYU4hMMmcinKDXdNAJgCkzBxedwn asxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dc20si4152166edb.75.2020.06.19.11.41.17; Fri, 19 Jun 2020 11:41:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733046AbgFSOOe (ORCPT + 99 others); Fri, 19 Jun 2020 10:14:34 -0400 Received: from bhuna.collabora.co.uk ([46.235.227.227]:59482 "EHLO bhuna.collabora.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725974AbgFSOOd (ORCPT ); Fri, 19 Jun 2020 10:14:33 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: rcn) with ESMTPSA id 5A77D2A3738 Date: Fri, 19 Jun 2020 16:14:28 +0200 From: Ricardo =?utf-8?Q?Ca=C3=B1uelo?= To: Ezequiel Garcia Cc: syzbot , Laurent Pinchart , Linux Kernel Mailing List , linux-media , Mauro Carvalho Chehab , Sakari Ailus , syzkaller-bugs@googlegroups.com Subject: Re: KASAN: null-ptr-deref Write in media_request_close Message-ID: <20200619141428.6j2xcfsxleyvi7af@rcn-XPS-13-9360> References: <000000000000aa674005a845bbc5@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171215 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On jue 18-06-2020 15:38:16, Ezequiel Garcia wrote: > Adding Ricardo. > > Are we seeing this due to the recent syzkaller media controller additions? > > Thanks, > Ezequiel It seems like it, yes. The MEDIA_IOC_REQUEST_ALLOC ioctl was defined in https://github.com/google/syzkaller/commit/c5e085d96d1cdc855365b7fd9c1825b886f266f6 It's impressive how quickly it started yielding some results, especially considering that the description was very basic and that there's no other specific info about this api guiding the fuzzer. Thanks for letting me know! Cheers, Ricardo