| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| linux-4.19 | BUG: corrupted list in l2cap_chan_put | C | error | 6 | 1189d | 1599d | 0/1 | upstream: reported C repro on 2020/08/05 14:55 |
syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| linux-4.19 | BUG: corrupted list in l2cap_chan_put | C | error | 6 | 1189d | 1599d | 0/1 | upstream: reported C repro on 2020/08/05 14:55 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2023/03/01 10:10 | 56m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2023/01/28 00:06 | 41m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/11/19 09:19 | 27m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/10/20 08:48 | 30m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/09/15 17:46 | 28m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/08/16 17:00 | 26m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/07/17 16:09 | 32m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/06/17 15:35 | 34m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/05/18 15:00 | 34m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/04/18 14:28 | 32m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/03/19 13:36 | 38m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/02/17 00:52 | 29m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2022/01/17 20:48 | 30m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/12/18 20:18 | 29m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/11/18 19:50 | 28m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/10/19 19:21 | 28m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/09/19 18:48 | 33m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/08/20 18:13 | 34m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/07/21 17:40 | 33m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/06/21 17:10 | 29m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/05/22 00:22 | 34m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/04/21 23:46 | 35m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/03/22 22:44 | 34m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/02/20 22:09 | 34m | bisect fix | linux-4.14.y | OK (0) job log log | |
| 2021/02/18 00:22 | 19m | bisect fix | linux-4.14.y | error job log |
audit: type=1400 audit(1596869424.502:8): avc: denied { execmem } for pid=6356 comm="syz-executor774" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
IPVS: ftp: loaded support on port[0] = 21
list_del corruption, ffff88809b5268a8->next is LIST_POISON1 (dead000000000100)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:45!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 6384 Comm: kworker/u5:2 Not tainted 4.14.193-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci0 hci_rx_work
task: ffff88809ebf0580 task.stack: ffff888097ba0000
RIP: 0010:__list_del_entry_valid.cold+0x23/0x55 lib/list_debug.c:45
RSP: 0018:ffff888097ba79b8 EFLAGS: 00010282
RAX: 000000000000004e RBX: ffff8880870600c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff86ac0dc0 RDI: ffffed1012f74f2d
RBP: ffff88809b5268a8 R08: 000000000000004e R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dead000000000200
R13: dead000000000100 R14: ffff88809b526440 R15: ffff88808cce8c40
FS: 0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561ddc1090ba CR3: 0000000099c68000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__list_del_entry include/linux/list.h:117 [inline]
list_del include/linux/list.h:125 [inline]
l2cap_chan_destroy net/bluetooth/l2cap_core.c:476 [inline]
kref_put include/linux/kref.h:70 [inline]
l2cap_chan_put+0x50/0x1b0 net/bluetooth/l2cap_core.c:493
l2cap_conless_channel net/bluetooth/l2cap_core.c:6976 [inline]
l2cap_recv_frame+0xb9a/0x95c0 net/bluetooth/l2cap_core.c:7023
l2cap_recv_acldata+0x7a6/0x8b0 net/bluetooth/l2cap_core.c:7588
hci_acldata_packet net/bluetooth/hci_core.c:4066 [inline]
hci_rx_work+0x3d1/0x970 net/bluetooth/hci_core.c:4249
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: e6 e8 a8 ae 44 fe 0f 0b 48 89 ee 48 c7 c7 60 5e e4 86 e8 97 ae 44 fe 0f 0b 4c 89 ea 48 89 ee 48 c7 c7 a0 5d e4 86 e8 83 ae 44 fe <0f> 0b 4c 89 e2 48 89 ee 48 c7 c7 00 5e e4 86 e8 6f ae 44 fe 0f
RIP: __list_del_entry_valid.cold+0x23/0x55 lib/list_debug.c:45 RSP: ffff888097ba79b8
---[ end trace 080e6e2953b0c5f9 ]---
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/08/08 06:52 | linux-4.14.y | 14b58326976d | ff51e522 | .config | console log | report | syz | C | ci2-linux-4-14 | |||
| 2020/08/07 03:44 | linux-4.14.y | ca4f2c56d416 | cb436c69 | .config | console log | report | syz | C | ci2-linux-4-14 | |||
| 2020/08/07 03:14 | linux-4.14.y | ca4f2c56d416 | cb436c69 | .config | console log | report | syz | C | ci2-linux-4-14 | |||
| 2020/08/07 02:43 | linux-4.14.y | ca4f2c56d416 | cb436c69 | .config | console log | report | syz | C | ci2-linux-4-14 | |||
| 2020/08/07 02:08 | linux-4.14.y | ca4f2c56d416 | cb436c69 | .config | console log | report | syz | C | ci2-linux-4-14 | |||
| 2020/08/06 18:58 | linux-4.14.y | ca4f2c56d416 | 4ca1c0ea | .config | console log | report | syz | C | ci2-linux-4-14 |