Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp469544pxj; Fri, 14 May 2021 07:53:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxmTmzBqp2G6S5s6l6DDbU7rBf1MOq51/8SM4JKBdhcvwcieF6NBz/ewoPbhE/gr+LC3J6m X-Received: by 2002:a05:6638:3010:: with SMTP id r16mr44565626jak.126.1621004000894; Fri, 14 May 2021 07:53:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621004000; cv=none; d=google.com; s=arc-20160816; b=BoTB0d2DiDVoY6CGeq81uzipDM0oqGtJdagBWKUEghig6xAQv+p1YxixucodGYB6jh 4uSDRTuNernaoCf3LxfY2R34Ues9c46DBeDxlZRlIXrVysQI40V4BgdvRn0n/v294Zp3 Rx5WYfT1JkBukEhUvBVWJ28oXCOil3Ie24r3wwL7PH4DoFFAmzfb5XrSgFpqN3bu4Lat aYh7ZKeq2T/Pup8VGifjLSgtyVJ1ZOUhkXXgNiWtqykVClmkMdjzGGzmLD8kmu901k3D 8hXfWpDQQcV4vqTog149k6/fmDzMuBwK15ZhndCeonczoYwdYzlvJ7gIQ+aqsrC28tXI 0DtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=kOfBJat+mqyQtxfMSdBFqXn3AB6r0NiX2/D+7z9FVyo=; b=FuKd+4awlbS5vdB4hs0x+F6xGbZVOykvwTAPZyfP0HHg8UQ+9P1tQsLmPsuav+J3uq SMDsm/ITM8JIKFwhugDdvz0/XMq6ImeRUja8MQ+ceiyUOVHLAvj113LEOsfPlIYEZHkI l9NC+CdhrnqLIlspnuSyqq6RKsr1YcgzO3IPvG+sATP4wiOzyxPUNHWTs7WS4/kAftHN UcxSEzLSNKF85pdoEryU1fX+JcP1WahuCdeEgDbUplqAqvz1ZN35IUnWS0c0HgVx23Wg 4+kNPmeRmN30MBjcDa8hsQW1HbaLUNjeotuBZEuHVdjlWXVmULMgbHR2rUuCyyeZnWoB hCng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=oBvVTruI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n12si8159117jat.1.2021.05.14.07.53.06; Fri, 14 May 2021 07:53:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=oBvVTruI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233284AbhENHwE (ORCPT + 99 others); Fri, 14 May 2021 03:52:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47300 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233265AbhENHwC (ORCPT ); Fri, 14 May 2021 03:52:02 -0400 Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA039C061756 for ; Fri, 14 May 2021 00:50:51 -0700 (PDT) Received: by mail-qt1-x829.google.com with SMTP id t7so21702599qtn.3 for ; Fri, 14 May 2021 00:50:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kOfBJat+mqyQtxfMSdBFqXn3AB6r0NiX2/D+7z9FVyo=; b=oBvVTruIns4DBa2mnrwIcWIU4SJx73VtUiBhpiZiiQ4AgdcUXLULLIJjdLp156rle+ hbbOl8MNj27y0QoSF1Sxomo69kVzLSL/Sn8XQDn9ubtKa/5+AML8FGLfW/8V90tU7YZh HmvAJ+pCRWihBeTP8mSMCXhjLvgR/v/c9nMjDfspMVYG6TkRoM8EBz0hFJ14/zsHyqRv Huyyff6Uq5YpEHTn+MOVWTugf14j65wzj96QL+NMlGTb3vufHVjTADePtQW55oPqg7H8 /YaTx+TDc++XoUxZOxnXzxjw2VNHP5VV0DZnLKPXpsQHPPdEsbTWrO8Fe9dl71d8KmL/ yOxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kOfBJat+mqyQtxfMSdBFqXn3AB6r0NiX2/D+7z9FVyo=; b=sj9B8StSlByUsbS+fuTnF491ZyknNmAIyUYk04JvdNSUDeunk0RbYMu/prWOiZLJOw yI0dtLUJxsDU2qss6w0YMdhjDvr+IKHX7+OzTd72Zh4vvD/X62oRFH8pabLtVxFJbF2x a4aTTn5qpC2+JQEYs119rnF85sthoc35LVAAFXpQFrRhlNq/BOpWbQsUwDfBuOmT85B3 S4lT3A39AbSmkMsr5zWO8qOiC1AEbEGkn1Rw2Vfz2vl9MdD7H25lJNRRTVLY1xOQ24Rc 5qsRZFc0xic2EFIJt5QAHIDEG4D239qFrOW2E5MOLxpPXXcJsaNqa3kqvi4VZRIQLSrw Q7GQ== X-Gm-Message-State: AOAM531K2uQMMUytzcILVAl5b1sCnJDV8eJjG5/74PjMIoksXYl2fz+A 2OKXG78wIUurVDzNtJ8lNgjG7dDaODgXEUIe8+F7aA== X-Received: by 2002:ac8:7c8a:: with SMTP id y10mr3974414qtv.337.1620978650818; Fri, 14 May 2021 00:50:50 -0700 (PDT) MIME-Version: 1.0 References: <000000000000aaa4a905ac646223@google.com> <000000000000fd05a005c2389844@google.com> In-Reply-To: <000000000000fd05a005c2389844@google.com> From: Dmitry Vyukov Date: Fri, 14 May 2021 09:50:39 +0200 Message-ID: Subject: Re: [syzbot] KASAN: use-after-free Read in __queue_work (3) To: syzbot Cc: Markus Elfring , Anant Thazhemadam , David Miller , Greg Kroah-Hartman , Hillf Danton , Johan Hedberg , Jakub Kicinski , linma@zju.edu.cn, linux-bluetooth , LKML , luiz.dentz@gmail.com, Marcel Holtmann , netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 13, 2021 at 6:27 PM syzbot wrote: > > syzbot suspects this issue was fixed by commit: > > commit e2cb6b891ad2b8caa9131e3be70f45243df82a80 > Author: Lin Ma > Date: Mon Apr 12 11:17:57 2021 +0000 > > bluetooth: eliminate the potential race condition when removing the HCI controller > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127b3593d00000 > start commit: c0842fbc random32: move the pseudo-random 32-bit definitio.. > git tree: upstream > kernel config: https://syzkaller.appspot.com/x/.config?x=cf567e8c7428377e > dashboard link: https://syzkaller.appspot.com/bug?extid=77e5e02c6c81136cdaff > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=140e36a4900000 > > If the result looks correct, please mark the issue as fixed by replying with: > > #syz fix: bluetooth: eliminate the potential race condition when removing the HCI controller > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection Looks reasonable based on the commit and bisection log. Unfortunately I cannot easily send this as my email client will wrap the commit title line (longer than 80 chars)...