kaller.appspot.com/bug?id=9d2a7ca8c7f2e4b682c97578dfa3f236258300b3
Signed-off-by: Anmol Karn
---
Changes in v5:
- Free `dev` in rose_rx_call_request() and add NULL check for `dev`
before freeing it.
(Suggested-by: Jakub Kicinski )
Changes in v4:
- Free `dev`(on dev_hold()), when neigh
On Sat, Nov 14, 2020 at 11:18:38AM -0800, Jakub Kicinski wrote:
> On Wed, 11 Nov 2020 22:29:54 +0530 Anmol Karn wrote:
> > rose_send_frame() dereferences `neigh->dev` when called from
> > rose_transmit_clear_request(), and the first occurrence of the
> > `neigh` i
78dfa3f236258300b3
Signed-off-by: Anmol Karn
---
Changes in v4:
- Free `dev`(on dev_hold()), when neigh->dev is NULL. (Suggested-by:
Jakub Kicinski )
Changes in v3:
- Corrected checkpatch warnings and errors (Suggested-by: Saeed
Mahameed )
- Added "Fixes:&q
Hello Sir,
On Tue, Nov 10, 2020 at 09:58:15AM -0800, Jakub Kicinski wrote:
> On Sun, 8 Nov 2020 00:48:35 +0530 Anmol Karn wrote:
> > + dev = rose_dev_get(dest);
>
> this calls dev_hold internally, you never release that reference in
> case ..
78dfa3f236258300b3
Signed-off-by: Anmol Karn
---
Changes in v3:
- Corrected checkpatch warnings and errors (Suggested-by: Saeed
Mahameed )
- Added "Fixes:" tag (Suggested-by: Saeed Mahameed )
Changes in v2:
- Added NULL check in rose_loopback_timer() (
Hello,
Sorry for this wrong subject(It should be v3 instead of v2),
please ignore this patch.
I will send a new one with the corrected subject.
Thanks,
Anmol
On Sun, Nov 8, 2020 at 12:27 AM Anmol Karn wrote:
>
> rose_send_frame() dereferences `neigh->dev` when ca
78dfa3f236258300b3
Signed-off-by: Anmol Karn
---
Changes in v3:
- Corrected checkpatch warnings and errors (Suggested-by: Saeed
Mahameed )
- Added "Fixes:" tag (Suggested-by: Saeed Mahameed )
Changes in v2:
- Added NULL check in rose_loopback_timer() (
Hello Sir,
On Fri, Nov 06, 2020 at 01:04:27PM -0800, Saeed Mahameed wrote:
> On Thu, 2020-11-05 at 21:26 +0530, Anmol Karn wrote:
> > rose_send_frame() dereferences `neigh->dev` when called from
> > rose_transmit_clear_request(), and the first occur
ULL checking for `rose_loopback_neigh->dev` in
rose_loopback_timer().
Reported-and-tested-by: syzbot+a1c743815982d9496...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=9d2a7ca8c7f2e4b682c97578dfa3f236258300b3
Signed-off-by: Anmol Karn
---
net/rose/rose_loopback.c | 2 +-
1 file chang
On Sun, Nov 01, 2020 at 12:02:58PM +0100, Greg KH wrote:
> On Fri, Oct 30, 2020 at 04:24:13PM +0530, Anmol Karn wrote:
> > On Thu, Oct 15, 2020 at 05:50:51PM +0200, Greg KH wrote:
> > > On Thu, Oct 15, 2020 at 07:40:12PM +0530, Anmol Karn wrote:
> > > > On Thu, Oc
On Thu, Oct 15, 2020 at 05:50:51PM +0200, Greg KH wrote:
> On Thu, Oct 15, 2020 at 07:40:12PM +0530, Anmol Karn wrote:
> > On Thu, Oct 15, 2020 at 07:12:25AM +0200, Greg KH wrote:
> > > On Thu, Oct 15, 2020 at 05:47:12AM +0530, Anmol Karn wrote:
> > > > In rose_send_
On Thu, Oct 15, 2020 at 05:50:51PM +0200, Greg KH wrote:
> On Thu, Oct 15, 2020 at 07:40:12PM +0530, Anmol Karn wrote:
> > On Thu, Oct 15, 2020 at 07:12:25AM +0200, Greg KH wrote:
> > > On Thu, Oct 15, 2020 at 05:47:12AM +0530, Anmol Karn wrote:
> > > > In rose_send_
On Thu, Oct 15, 2020 at 07:12:25AM +0200, Greg KH wrote:
> On Thu, Oct 15, 2020 at 05:47:12AM +0530, Anmol Karn wrote:
> > In rose_send_frame(), when comparing two ax.25 addresses, it assigns
> > rose_call to
> > either global ROSE callsign or default port, but
c743815982d9496...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=9d2a7ca8c7f2e4b682c97578dfa3f236258300b3
Signed-off-by: Anmol Karn
---
I am bit sceptical about the error return code, please suggest if anything else
is
appropriate in place of '-ENODEV'.
net/rose/rose_link.c | 3 +++
1
Hello sir,
On Sun, Oct 11, 2020 at 10:24 PM Jakub Kicinski wrote:
>
> On Sun, 11 Oct 2020 02:39:29 +0530 Anmol Karn wrote:
> > Flag ``ETHTOOL_A_STRSET_COUNTS_ONLY`` tells the kernel to only return the
> > string
> > counts of the sets, but, when req_info->counts_on
0
Signed-off-by: Anmol Karn
---
When I tried to reduce the index of tb[] by 1, the crash reproducer was not
working anymore,
hence it's probably reading from tb[ETHTOOL_A_STRSET_STRINGSETS], but this
won't give the
strset 'count' and hence is not a plausible fix. But checking for the
ported-and-tested-by: syzbot+9765367bb86a19d38...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=9765367bb86a19d38732
Signed-off-by: Anmol Karn
---
fs/jffs2/super.c | 4
1 file changed, 4 insertions(+)
diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c
index 05d7878dfad1..
On Thu, Oct 1, 2020 at 2:58 PM Jan Kara wrote:
>
> On Thu 01-10-20 14:35:47, Anmol Karn wrote:
> > d_really_is_negative() checks for the dentry->d_inode whether it's NULL
> > or not, but in open_xa_root(), when it checks 'privroot->d_inode', it
> > doesn't
https://syzkaller.appspot.com/bug?extid=9b33c9b118d77ff59b6f
Signed-off-by: Anmol Karn
---
fs/reiserfs/xattr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
index 28b241cd6987..a75480d0ee7e 100644
--- a/fs/reiserfs/xattr.c
+++ b/fs/re
before checking the
> > ev-status.
> >
> > Fixes: d5e911928bd8 ("Bluetooth: AMP: Process Physical Link Complete evt")
> > Reported-and-tested-by:
> > syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
> > Link: https://syzkaller.appspot.com/bug?ext
spotmail.com
Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f
Signed-off-by: Anmol Karn
---
Change in v3:
- changed return o; to return; (Reported-by: kernel test robot
)
net/bluetooth/hci_event.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/
spotmail.com
Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f
Signed-off-by: Anmol Karn
---
Cahnge in v2:
- Replaced IS_ERR_OR_NULL check with NULL check only (Suggested by: Dan
Carpenter )
- Added "Fixes:" tag (Suggested by: Dan Carpenter )
net/bluetooth/hci_e
Hello sir,
> > I hope the patch will get merged soon.
>
> No need to "hope"; you could split up Matthew's patch yourself, and test and
> send the resulting patches. From the above thread, it looks like the
> networking
> developers want one patch to fix the improper use of GFP_ATOMIC (which is
On Mon, Sep 14, 2020 at 08:26:55PM +0100, Matthew Wilcox wrote:
> On Tue, Sep 15, 2020 at 12:17:55AM +0530, Anmol Karn wrote:
> > On Mon, Sep 14, 2020 at 12:08:03PM +0100, Matthew Wilcox wrote:
> > > On Mon, Sep 14, 2020 at 12:47:24PM +0530, Anmol Karn wrote:
> >
On Mon, Sep 14, 2020 at 12:08:03PM +0100, Matthew Wilcox wrote:
> On Mon, Sep 14, 2020 at 12:47:24PM +0530, Anmol Karn wrote:
> > idr_get_next() gives WARN_ON_ONCE() when it gets (id > INT_MAX) true
> > and this happens when syzbot does fuzzing, and that warning is
> > ex
Hello Sir,
> > I have looked into the Bisected logs and the problem occurs from this
> > commit:
> >
> > 941992d29447 ("ethernet: amd: use IS_ENABLED() instead of checking for
> > built-in or module")
> >
>
> That's just the patch which made the code testable by syzbot. It didn't
>
lldir[64]: remove WARN_ON_ONCE() for bad
directory entries")
Reported-and-tested-by: syzbot+f7204dcf3df4bb4ce...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=f7204dcf3df4bb4ce42c
Signed-off-by: Anmol Karn
---
lib/idr.c | 2 +-
1 file changed, 1 insertion(+), 1 dele
On Thu, Sep 10, 2020 at 01:49:18PM +0300, Dan Carpenter wrote:
> On Thu, Sep 10, 2020 at 10:04:24AM +0530, Anmol Karn wrote:
> > Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
> > as NULL. Fix it by adding pointer check for it.
> >
> > Repor
On Thu, Sep 10, 2020 at 01:49:18PM +0300, Dan Carpenter wrote:
> On Thu, Sep 10, 2020 at 10:04:24AM +0530, Anmol Karn wrote:
> > Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
> > as NULL. Fix it by adding pointer check for it.
> >
> > Repor
On Wed, Sep 09, 2020 at 10:06:59PM -0700, Eric Biggers wrote:
> On Thu, Sep 10, 2020 at 10:04:24AM +0530, Anmol Karn wrote:
> > Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
> > as NULL. Fix it by adding pointer check for it.
> >
> > Repor
Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
as NULL. Fix it by adding pointer check for it.
Reported-and-tested-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f
Signed-off-by: Anmol K
On Sun, Aug 30, 2020 at 07:30:10PM +0200, Greg KH wrote:
> On Sun, Aug 30, 2020 at 05:56:23PM +0530, Anmol Karn wrote:
> > On Sun, Aug 30, 2020 at 11:19:17AM +0200, Greg KH wrote:
> > > On Sat, Aug 29, 2020 at 10:27:12PM +0530, Anmol Karn wrote:
> > &g
On Sun, Aug 30, 2020 at 11:19:17AM +0200, Greg KH wrote:
> On Sat, Aug 29, 2020 at 10:27:12PM +0530, Anmol Karn wrote:
> > Fix null pointer deref in hci_phy_link_complete_evt, there was no
> > checking there for the hcon->amp_mgr->l2cap_conn->hconn, and also
>
This patch corrected some mistakes from previous patch.
Reported-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=0d93140da5a82305a66a136af99b088b75177b99
Signed-off-by: Anmol Karn
---
net/bluetooth/hci_core.c | 5 -
net/bluetooth/hci_event.c
7]
Reported-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=0d93140da5a82305a66a136af99b088b75177b99
Signed-off-by: Anmol Karn
---
net/bluetooth/hci_core.c | 4
net/bluetooth/hci_event.c | 4
2 files changed, 8 insertions(+)
diff --git a/n
35 matches
Mail list logo
