On Thu, 2019-04-11 at 05:14 -0700, syzbot wrote: > syzbot has bisected this bug to: > > commit 726e41097920a73e4c7c33385dcc0debb1281e18 > Author: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx> > Date: Tue Jul 10 00:29:10 2018 +0000 > > drivers: core: Remove glue dirs from sysfs earlier Greg, any idea what this is ? The log isn't terribly readable. The above patch fixes a real bug that causes use after free and memory corruption under some circumstances. I wonder if the BT stack is itself manipulating stale objects ? Ben. > bisection log: > https://syzkaller.appspot.com/x/bisect.txt?x=15f69eaf200000 > start commit: 771acc7e Bluetooth: btusb: request wake pin with > NOAUTOEN > git tree: upstream > final crash: > https://syzkaller.appspot.com/x/report.txt?x=17f69eaf200000 > console output: > https://syzkaller.appspot.com/x/log.txt?x=13f69eaf200000 > kernel config: > https://syzkaller.appspot.com/x/.config?x=4fb64439e07a1ec0 > dashboard link: > https://syzkaller.appspot.com/bug?extid=91fd909b6e62ebe06131 > syz repro: > https://syzkaller.appspot.com/x/repro.syz?x=11770a8f200000 > C reproducer: > https://syzkaller.appspot.com/x/repro.c?x=128c945b200000 > > Reported-by: syzbot+91fd909b6e62ebe06131@xxxxxxxxxxxxxxxxxxxxxxxxx > Fixes: 726e41097920 ("drivers: core: Remove glue dirs from sysfs > earlier") > > For information about bisection process see: > https://goo.gl/tpsmEJ#bisection
