[Linux-kernel-mentees] [SYZBOT REPORT] - WARNING: refcount bug in kobject_get
c0d1n61at3 at gmail.com
Wed Jun 26 04:01:12 UTC 2019
On Tue, Jun 25, 2019 at 12:48:02PM -0500, Jiunn Chang wrote:
> On Mon, Jun 24, 2019 at 04:44:21PM +0800, Greg KH wrote:
> > On Mon, Jun 24, 2019 at 03:15:33AM -0500, Jiunn Chang wrote:
> > > At this point, I need more help to attempt a fix. If you have any suggestions please
> > > let me know.
> > Sorry, I'm traveling all this week and have not had the chance to look
> > at this yet.
> > The driver core is "tricky" as you have found out. I'll dig into this
> > when I get the chance, but it might be a few days.
> > Note, this call should not be the one that creates the "virtual" kobject
> > parent, as that is almost always created before this (I would think.)
> > Are you testing this on a laptop or in a virtual machine? Before you
> > run the test script, is /sys/devices/virtual/ present on your system or
> > not?
> Hello Greg,
> Happy travels! Thanks for all the help. I am testing on a laptop and not a vm.
> I do have /sys/devices/virtual--I thought about that too.
> I will take a closer look at where virtual device is/should being created.
I need to clarify my testing setup. I misunderstood you when I read "laptop".
I am testing on a laptop, but I am running the syz program on a QEMU Debian
instance. The QEMU Debian instance does have /sys/devices/virtual.
I took a look, as you suggested, at where the virtual device parent is being
created. My intuition tells me that the parent should get initialized right
after device_initialize() is called in hci_init_sysfs(). I do not think the
driver core should be altered since this will impact other subsystems. I
noticed that virtual_device_parent() is not globally defined as device_initialize()
seems to be. Not sure if this is the right solution or not.
One strange thing I did notice is the way virtual_device_parent() is defined. It
is being passed a device pointer but it does not appear to do anything with
it. It just creates a virtual_dir with a call to kobject_create_and_add().
Let me know what you think when you have time.
> > thanks,
> > greg k-h
More information about the Linux-kernel-mentees