syzbot

 sign-in | mailing list | source | docs
🐞 Open [1269] Subsystems 🐞 Fixed [5427] 🐞 Invalid [12860] Missing Backports [106] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 📈 Coverage 💬 Send us feedback

KFENCE: invalid free in __hci_req_sync

Status: upstream: reported on 2024/05/04 01:00
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+27f0d8597a213f37c0b6@syzkaller.appspotmail.com
First crash: 62d, last: 1d00h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bluetooth?] KFENCE: invalid free in __hci_req_sync 0 (1) 2024/05/04 01:00
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 KFENCE: invalid free in __hci_req_sync 1 43d 43d 0/3 upstream: reported on 2024/05/13 08:05

Sample crash report:
==================================================================
BUG: KFENCE: invalid free in kfree_skb include/linux/skbuff.h:1257 [inline]
BUG: KFENCE: invalid free in __hci_req_sync+0x62f/0x950 net/bluetooth/hci_request.c:184

Invalid free of 0xffff88823bdc2000 (in kfence-#224):
 kfree_skb include/linux/skbuff.h:1257 [inline]
 __hci_req_sync+0x62f/0x950 net/bluetooth/hci_request.c:184
 hci_req_sync+0xa9/0xd0 net/bluetooth/hci_request.c:206
 hci_dev_cmd+0x4c5/0xa50 net/bluetooth/hci_core.c:787
 compat_sock_ioctl+0x18b/0xf20 net/socket.c:3522
 __do_compat_sys_ioctl fs/ioctl.c:1007 [inline]
 __se_compat_sys_ioctl+0x51c/0xca0 fs/ioctl.c:950
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xb4/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e

kfence-#224: 0xffff88823bdc2000-0xffff88823bdc20ef, size=240, cache=skbuff_head_cache

allocated by task 53 on cpu 1 at 73.697392s:
 skb_clone+0x20c/0x390 net/core/skbuff.c:2052
 hci_send_cmd_sync net/bluetooth/hci_core.c:4123 [inline]
 hci_cmd_work+0x29e/0x670 net/bluetooth/hci_core.c:4143
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

freed by task 5124 on cpu 0 at 73.697880s:
 kfree_skb include/linux/skbuff.h:1257 [inline]
 hci_req_sync_complete+0xe7/0x290 net/bluetooth/hci_request.c:109
 hci_event_packet+0xc71/0x1540 net/bluetooth/hci_event.c:7479
 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4074
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

CPU: 1 PID: 5110 Comm: syz-executor.4 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================

Crashes (26):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/18 23:57 upstream 2ccbdf43d5e7 639d6cdf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 KFENCE: invalid free in __hci_req_sync
2024/06/13 13:54 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KFENCE: invalid free in __hci_req_sync
2024/06/08 06:24 upstream 96e09b8f8166 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KFENCE: invalid free in __hci_req_sync
2024/04/24 03:06 upstream 9d1ddab261f3 21339d7b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KFENCE: invalid free in __hci_req_sync
2024/04/27 09:57 upstream e6ebf0117218 07b455f9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KFENCE: invalid free in __hci_req_sync
2024/06/14 13:36 net be27b8965297 a9616ff5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KFENCE: invalid free in __hci_req_sync
2024/05/16 20:43 net 621cde16e49b ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KFENCE: invalid free in __hci_req_sync
2024/06/25 01:53 net-next bf2468f9afba 215eef4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/06/24 10:17 net-next 84562f9953ec edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/06/13 13:21 net-next d2675fe95fc7 2aa5052f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/06/12 14:02 net-next 91579c93a9b2 f815599d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/06/08 20:21 net-next a99997323654 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/06/08 06:58 net-next a99997323654 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/06/05 16:46 net-next 54751f4d5406 5aa1a7c9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/06/03 19:04 net-next 93e30878f7ec 0aba2352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/06/02 02:20 net-next d1f9e6513e4e 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/27 14:34 net-next 66ad4829ddd0 761766e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/26 03:29 net-next 66ad4829ddd0 a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/23 03:46 net-next 4b377b4868ef 4d098039 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/21 03:29 net-next 4b377b4868ef c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/17 01:00 net-next 1b294a1f3561 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/11 07:12 net-next cddd2dc6390b f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/06 19:53 net-next b1de3c0df7ab d884b519 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/04 01:00 net-next f3ad4914332f 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
2024/05/01 11:54 bpf-next 9a1a2cb5a0e3 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce KFENCE: invalid free in __hci_req_sync
2024/05/01 01:30 net-next b45176703647 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce KFENCE: invalid free in __hci_req_sync
* Struck through repros no longer work on HEAD.