Re: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
From: Benjamin Herrenschmidt
Date: Thu Apr 11 2019 - 17:50:48 EST
On Thu, 2019-04-11 at 05:14 -0700, syzbot wrote:
> syzbot has bisected this bug to:
>
> commit 726e41097920a73e4c7c33385dcc0debb1281e18
> Author: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
> Date: Tue Jul 10 00:29:10 2018 +0000
>
> drivers: core: Remove glue dirs from sysfs earlier
Greg, any idea what this is ? The log isn't terribly readable. The
above patch fixes a real bug that causes use after free and memory
corruption under some circumstances. I wonder if the BT stack is itself
manipulating stale objects ?
Ben.
> bisection log:
> https://syzkaller.appspot.com/x/bisect.txt?x=15f69eaf200000
> start commit: 771acc7e Bluetooth: btusb: request wake pin with
> NOAUTOEN
> git tree: upstream
> final crash:
> https://syzkaller.appspot.com/x/report.txt?x=17f69eaf200000
> console output:
> https://syzkaller.appspot.com/x/log.txt?x=13f69eaf200000
> kernel config:
> https://syzkaller.appspot.com/x/.config?x=4fb64439e07a1ec0
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=91fd909b6e62ebe06131
> syz repro:
> https://syzkaller.appspot.com/x/repro.syz?x=11770a8f200000
> C reproducer:
> https://syzkaller.appspot.com/x/repro.c?x=128c945b200000
>
> Reported-by: syzbot+91fd909b6e62ebe06131@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: 726e41097920 ("drivers: core: Remove glue dirs from sysfs
> earlier")
>
> For information about bisection process see:
> https://goo.gl/tpsmEJ#bisection