kaller.appspot.com/bug?id=9d2a7ca8c7f2e4b682c97578dfa3f236258300b3
Signed-off-by: Anmol Karn
---
Changes in v5:
- Free `dev` in rose_rx_call_request() and add NULL check for `dev`
before freeing it.
(Suggested-by: Jakub Kicinski )
Changes in v4:
- Free `dev`(on dev_hold()), when neigh-&g
On Sat, Nov 14, 2020 at 11:18:38AM -0800, Jakub Kicinski wrote:
> On Wed, 11 Nov 2020 22:29:54 +0530 Anmol Karn wrote:
> > rose_send_frame() dereferences `neigh->dev` when called from
> > rose_transmit_clear_request(), and the first occurrence of the
> > `neigh` is in
78dfa3f236258300b3
Signed-off-by: Anmol Karn
---
Changes in v4:
- Free `dev`(on dev_hold()), when neigh->dev is NULL. (Suggested-by:
Jakub Kicinski )
Changes in v3:
- Corrected checkpatch warnings and errors (Suggested-by: Saeed
Mahameed )
- Added "Fixes:&q
Hello Sir,
On Tue, Nov 10, 2020 at 09:58:15AM -0800, Jakub Kicinski wrote:
> On Sun, 8 Nov 2020 00:48:35 +0530 Anmol Karn wrote:
> > + dev = rose_dev_get(dest);
>
> this calls dev_hold internally, you never release that reference in
> case ..
78dfa3f236258300b3
Signed-off-by: Anmol Karn
---
Changes in v3:
- Corrected checkpatch warnings and errors (Suggested-by: Saeed
Mahameed )
- Added "Fixes:" tag (Suggested-by: Saeed Mahameed )
Changes in v2:
- Added NULL check in rose_loopback_timer() (
Hello,
Sorry for this wrong subject(It should be v3 instead of v2),
please ignore this patch.
I will send a new one with the corrected subject.
Thanks,
Anmol
On Sun, Nov 8, 2020 at 12:27 AM Anmol Karn wrote:
>
> rose_send_frame() dereferences `neigh->dev` when ca
78dfa3f236258300b3
Signed-off-by: Anmol Karn
---
Changes in v3:
- Corrected checkpatch warnings and errors (Suggested-by: Saeed
Mahameed )
- Added "Fixes:" tag (Suggested-by: Saeed Mahameed )
Changes in v2:
- Added NULL check in rose_loopback_timer() (
Hello Sir,
On Fri, Nov 06, 2020 at 01:04:27PM -0800, Saeed Mahameed wrote:
> On Thu, 2020-11-05 at 21:26 +0530, Anmol Karn wrote:
> > rose_send_frame() dereferences `neigh->dev` when called from
> > rose_transmit_clear_request(), and the first occurance of the
checking for `rose_loopback_neigh->dev` in
rose_loopback_timer().
Reported-and-tested-by: syzbot+a1c743815982d9496...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=9d2a7ca8c7f2e4b682c97578dfa3f236258300b3
Signed-off-by: Anmol Karn
---
net/rose/rose_loopback.c | 2 +-
1 file chang
On Sun, Nov 01, 2020 at 12:02:58PM +0100, Greg KH wrote:
> On Fri, Oct 30, 2020 at 04:24:13PM +0530, Anmol Karn wrote:
> > On Thu, Oct 15, 2020 at 05:50:51PM +0200, Greg KH wrote:
> > > On Thu, Oct 15, 2020 at 07:40:12PM +0530, Anmol Karn wrote:
> > > > On Thu, Oc
On Thu, Oct 15, 2020 at 05:50:51PM +0200, Greg KH wrote:
> On Thu, Oct 15, 2020 at 07:40:12PM +0530, Anmol Karn wrote:
> > On Thu, Oct 15, 2020 at 07:12:25AM +0200, Greg KH wrote:
> > > On Thu, Oct 15, 2020 at 05:47:12AM +0530, Anmol Karn wrote:
> > > > In rose_send_
On Thu, Oct 15, 2020 at 05:50:51PM +0200, Greg KH wrote:
> On Thu, Oct 15, 2020 at 07:40:12PM +0530, Anmol Karn wrote:
> > On Thu, Oct 15, 2020 at 07:12:25AM +0200, Greg KH wrote:
> > > On Thu, Oct 15, 2020 at 05:47:12AM +0530, Anmol Karn wrote:
> > > > In rose_send_
On Thu, Oct 15, 2020 at 07:12:25AM +0200, Greg KH wrote:
> On Thu, Oct 15, 2020 at 05:47:12AM +0530, Anmol Karn wrote:
> > In rose_send_frame(), when comparing two ax.25 addresses, it assigns
> > rose_call to
> > either global ROSE callsign or default port, but
ported-by: syzbot+a1c743815982d9496...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=9d2a7ca8c7f2e4b682c97578dfa3f236258300b3
Signed-off-by: Anmol Karn
---
I am bit sceptical about the error return code, please suggest if anything else
is
appropriate in place of '-ENODEV'.
ne
Hello sir,
On Sun, Oct 11, 2020 at 10:24 PM Jakub Kicinski wrote:
>
> On Sun, 11 Oct 2020 02:39:29 +0530 Anmol Karn wrote:
> > Flag ``ETHTOOL_A_STRSET_COUNTS_ONLY`` tells the kernel to only return the
> > string
> > counts of the sets, but, when req_info->counts_on
0
Signed-off-by: Anmol Karn
---
When I tried to reduce the index of tb[] by 1, the crash reproducer was not
working anymore,
hence it's probably reading from tb[ETHTOOL_A_STRSET_STRINGSETS], but this
won't give the
strset 'count' and hence is not a plausible fix. B
before checking the
> > ev-status.
> >
> > Fixes: d5e911928bd8 ("Bluetooth: AMP: Process Physical Link Complete evt")
> > Reported-and-tested-by:
> > syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
> > Link: https://syzkaller.appspot.com/bug?extid=
spotmail.com
Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f
Signed-off-by: Anmol Karn
---
Change in v3:
- changed return o; to return; (Reported-by: kernel test robot
)
net/bluetooth/hci_event.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/
spotmail.com
Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f
Signed-off-by: Anmol Karn
---
Cahnge in v2:
- Replaced IS_ERR_OR_NULL check with NULL check only (Suggested by: Dan
Carpenter )
- Added "Fixes:" tag (Suggested by: Dan Carpenter )
net/bluetooth/hci_e
Hello sir,
> > I hope the patch will get merged soon.
>
> No need to "hope"; you could split up Matthew's patch yourself, and test and
> send the resulting patches. From the above thread, it looks like the
> networking
> developers want one patch to fix the improper use of GFP_ATOMIC (which is
On Mon, Sep 14, 2020 at 08:26:55PM +0100, Matthew Wilcox wrote:
> On Tue, Sep 15, 2020 at 12:17:55AM +0530, Anmol Karn wrote:
> > On Mon, Sep 14, 2020 at 12:08:03PM +0100, Matthew Wilcox wrote:
> > > On Mon, Sep 14, 2020 at 12:47:24PM +0530, Anmol Karn wrote:
> >
Hello Sir,
> > I have looked into the Bisected logs and the problem occurs from this
> > commit:
> >
> > 941992d29447 ("ethernet: amd: use IS_ENABLED() instead of checking for
> > built-in or module")
> >
>
> That's just the patch which made the code testable by syzbot. It didn't
> introduc
On Thu, Sep 10, 2020 at 01:49:18PM +0300, Dan Carpenter wrote:
> On Thu, Sep 10, 2020 at 10:04:24AM +0530, Anmol Karn wrote:
> > Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
> > as NULL. Fix it by adding pointer check for it.
> >
>
On Thu, Sep 10, 2020 at 01:49:18PM +0300, Dan Carpenter wrote:
> On Thu, Sep 10, 2020 at 10:04:24AM +0530, Anmol Karn wrote:
> > Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
> > as NULL. Fix it by adding pointer check for it.
> >
>
On Wed, Sep 09, 2020 at 10:06:59PM -0700, Eric Biggers wrote:
> On Thu, Sep 10, 2020 at 10:04:24AM +0530, Anmol Karn wrote:
> > Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
> > as NULL. Fix it by adding pointer check for it.
> >
>
Prevent hci_phy_link_complete_evt() from dereferencing 'hcon->amp_mgr'
as NULL. Fix it by adding pointer check for it.
Reported-and-tested-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f
Signed-off-b
On Sun, Aug 30, 2020 at 07:30:10PM +0200, Greg KH wrote:
> On Sun, Aug 30, 2020 at 05:56:23PM +0530, Anmol Karn wrote:
> > On Sun, Aug 30, 2020 at 11:19:17AM +0200, Greg KH wrote:
> > > On Sat, Aug 29, 2020 at 10:27:12PM +0530, Anmol Karn wrote:
> > >
On Sun, Aug 30, 2020 at 11:19:17AM +0200, Greg KH wrote:
> On Sat, Aug 29, 2020 at 10:27:12PM +0530, Anmol Karn wrote:
> > Fix null pointer deref in hci_phy_link_complete_evt, there was no
> > checking there for the hcon->amp_mgr->l2cap_conn->hconn, and also
>
This patch corrected some mistakes from previous patch.
Reported-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=0d93140da5a82305a66a136af99b088b75177b99
Signed-off-by: Anmol Karn
---
net/bluetooth/hci_core.c | 5 -
net/bluetooth/hci_event.c
Reported-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=0d93140da5a82305a66a136af99b088b75177b99
Signed-off-by: Anmol Karn
---
net/bluetooth/hci_core.c | 4
net/bluetooth/hci_event.c | 4
2 files changed, 8 insertions(+)
diff --git a/n
30 matches
Mail list logo
