syzbot


KASAN: slab-use-after-free Read in full_proxy_write

Status: upstream: reported C repro on 2024/12/29 04:30
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+422b07c3add2219bc947@syzkaller.appspotmail.com
First crash: 51d, last: 2d03h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in full_proxy_write 0 (2) 2025/02/01 20:07

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in full_proxy_write+0x101/0x3f0 fs/debugfs/file.c:394
 full_proxy_write+0x101/0x3f0 fs/debugfs/file.c:394
 vfs_write+0x48a/0x1540 fs/read_write.c:677
 ksys_write+0x240/0x4b0 fs/read_write.c:731
 __do_sys_write fs/read_write.c:742 [inline]
 __se_sys_write fs/read_write.c:739 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:739
 x64_sys_call+0x3161/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 __debugfs_file_get+0xe59/0xef0 fs/debugfs/file.c:120
 full_proxy_open_regular+0x67/0xa00 fs/debugfs/file.c:447
 do_dentry_open+0x1bdd/0x26b0 fs/open.c:955
 vfs_open+0x53/0x5b0 fs/open.c:1085
 do_open fs/namei.c:3830 [inline]
 path_openat+0x56a1/0x6250 fs/namei.c:3989
 do_filp_open+0x268/0x600 fs/namei.c:4016
 do_sys_openat2+0x1bf/0x2f0 fs/open.c:1427
 do_sys_open fs/open.c:1442 [inline]
 __do_sys_openat fs/open.c:1458 [inline]
 __se_sys_openat fs/open.c:1453 [inline]
 __x64_sys_openat+0x2a1/0x310 fs/open.c:1453
 x64_sys_call+0x36f5/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 __debugfs_file_get+0xdff/0xef0 fs/debugfs/file.c:118
 full_proxy_open_regular+0x67/0xa00 fs/debugfs/file.c:447
 do_dentry_open+0x1bdd/0x26b0 fs/open.c:955
 vfs_open+0x53/0x5b0 fs/open.c:1085
 do_open fs/namei.c:3830 [inline]
 path_openat+0x56a1/0x6250 fs/namei.c:3989
 do_filp_open+0x268/0x600 fs/namei.c:4016
 do_sys_openat2+0x1bf/0x2f0 fs/open.c:1427
 do_sys_open fs/open.c:1442 [inline]
 __do_sys_openat fs/open.c:1458 [inline]
 __se_sys_openat fs/open.c:1453 [inline]
 __x64_sys_openat+0x2a1/0x310 fs/open.c:1453
 x64_sys_call+0x36f5/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:4121 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 __kmalloc_cache_noprof+0x8e3/0xdf0 mm/slub.c:4320
 kmalloc_noprof include/linux/slab.h:901 [inline]
 __debugfs_file_get+0x31d/0xef0 fs/debugfs/file.c:101
 full_proxy_open_regular+0x67/0xa00 fs/debugfs/file.c:447
 do_dentry_open+0x1bdd/0x26b0 fs/open.c:955
 vfs_open+0x53/0x5b0 fs/open.c:1085
 do_open fs/namei.c:3830 [inline]
 path_openat+0x56a1/0x6250 fs/namei.c:3989
 do_filp_open+0x268/0x600 fs/namei.c:4016
 do_sys_openat2+0x1bf/0x2f0 fs/open.c:1427
 do_sys_open fs/open.c:1442 [inline]
 __do_sys_openat fs/open.c:1458 [inline]
 __se_sys_openat fs/open.c:1453 [inline]
 __x64_sys_openat+0x2a1/0x310 fs/open.c:1453
 x64_sys_call+0x36f5/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:258
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 1 UID: 0 PID: 5782 Comm: syz-executor269 Not tainted 6.13.0-syzkaller-09950-g60c828cf80c0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
=====================================================

Crashes (31):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/01 20:07 upstream 60c828cf80c0 0dff8567 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in full_proxy_write
2025/02/11 20:02 upstream febbc555cf0f f2baddf5 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/08 17:42 upstream 8f6629c004b1 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/07 08:03 upstream bb066fe812d6 53657d1b .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/06 04:48 upstream 92514ef226f5 577d049b .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/06 02:06 upstream 92514ef226f5 577d049b .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/06 00:52 upstream 92514ef226f5 577d049b .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/04 14:57 upstream 0de63bb7d919 8f267cef .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/02 19:16 upstream 69e858e0b8b2 568559e4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/02 14:07 upstream 69e858e0b8b2 568559e4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/02 10:35 upstream 69e858e0b8b2 568559e4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/01 06:57 upstream 69e858e0b8b2 aa47157c .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/01/31 08:34 upstream 2a9f04bde07a 4c6ac32f .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/01/29 19:01 upstream 805ba04cb7cc 08fa8553 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/01/27 06:16 upstream c2da8b3f914f 9fbd772e .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/01/26 06:38 upstream 0f8e26b38d7a 9fbd772e .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/01/09 04:43 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/01/06 04:48 upstream ab75170520d4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/01/05 16:15 upstream ab75170520d4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2024/12/30 15:36 upstream fc033cf25e61 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2024/12/29 04:29 upstream 059dd502b263 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2024/12/28 19:15 upstream fd0584d220fe d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2024/12/28 13:54 upstream fd0584d220fe d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2024/12/24 15:16 upstream f07044dd0df0 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2024/12/24 11:45 upstream f07044dd0df0 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: slab-use-after-free Read in full_proxy_write
2025/02/01 21:38 upstream 60c828cf80c0 0dff8567 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in full_proxy_write
2025/02/01 21:37 upstream 60c828cf80c0 0dff8567 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in full_proxy_write
2025/02/01 17:36 upstream 60c828cf80c0 0dff8567 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in full_proxy_write
2025/02/01 17:36 upstream 60c828cf80c0 0dff8567 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in full_proxy_write
2025/02/02 00:38 upstream 60c828cf80c0 0dff8567 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in full_proxy_write
2025/02/02 00:37 upstream 60c828cf80c0 0dff8567 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in full_proxy_write
* Struck through repros no longer work on HEAD.