syzbot

 sign-in | mailing list | source | docs
🐞 Open [1413]
Subsystems
🐞 Fixed [5827]
🐞 Invalid [14217]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-use-after-free Read in l2cap_recv_frame

Status: upstream: reported C repro on 2024/04/27 07:44
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+5c915dc5dd417b83b348@syzkaller.appspotmail.com
First crash: 211d, last: 40d
Cause bisection: the cause commit could be any of (bisect log):
  b79e04091010 Bluetooth: btintel: Fix null ptr deref in btintel_read_version
  e7b02296fb40 Bluetooth: Remove BT_HS
   
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly bluetooth report (Oct 2024) 0 (1) 2024/10/15 08:33
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_recv_frame 2 (6) 2024/09/01 12:33
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/09/18 17:09 23m retest repro upstream report log
2024/09/01 11:14 35m hdanton@sina.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e8784b0aef62 OK log
2024/09/01 09:04 53m hdanton@sina.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e8784b0aef62 report log
2024/05/07 15:56 22m retest repro upstream OK log

Sample crash report:
=====================================================
BUG: KMSAN: uninit-value in l2cap_conless_channel net/bluetooth/l2cap_core.c:6757 [inline]
BUG: KMSAN: uninit-value in l2cap_recv_frame+0xc9c5/0x18b10 net/bluetooth/l2cap_core.c:6831
 l2cap_conless_channel net/bluetooth/l2cap_core.c:6757 [inline]
 l2cap_recv_frame+0xc9c5/0x18b10 net/bluetooth/l2cap_core.c:6831
 l2cap_recv_acldata+0xdd9/0x2ac0 net/bluetooth/l2cap_core.c:7514
 hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]
 hci_rx_work+0xb38/0x1130 net/bluetooth/hci_core.c:4028
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xae0/0x1c40 kernel/workqueue.c:3312
 worker_thread+0xea7/0x14d0 kernel/workqueue.c:3389
 kthread+0x3e2/0x540 kernel/kthread.c:389
 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3994 [inline]
 slab_alloc_node mm/slub.c:4037 [inline]
 kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080
 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583
 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1320 [inline]
 bt_skb_alloc include/net/bluetooth/bluetooth.h:493 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:487 [inline]
 vhci_write+0x128/0x910 drivers/bluetooth/hci_vhci.c:607
 new_sync_write fs/read_write.c:497 [inline]
 vfs_write+0xb2f/0x1550 fs/read_write.c:590
 ksys_write+0x20f/0x4c0 fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __x64_sys_write+0x93/0xe0 fs/read_write.c:652
 x64_sys_call+0x306a/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:2
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

CPU: 0 UID: 0 PID: 5180 Comm: kworker/u9:2 Not tainted 6.11.0-rc5-syzkaller-00310-ge8784b0aef62 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: hci0 hci_rx_work
=====================================================

Crashes (130):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/01 07:39 upstream e8784b0aef62 1eda0d14 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/04/23 07:37 upstream 4d2008430ce8 21339d7b .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in l2cap_recv_frame
2024/09/19 20:01 upstream 2a17bb8c204f 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in l2cap_recv_frame
2024/08/23 08:11 upstream aa0743a22936 ce8a9099 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in l2cap_recv_frame
2024/08/15 14:47 upstream 1fb918967b56 e4bacdaf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in l2cap_recv_frame
2024/07/18 21:28 upstream b1bc554e009e 7403ec00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce KASAN: slab-use-after-free Read in l2cap_recv_frame
2024/07/08 04:16 upstream 256abd8e550c bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in l2cap_recv_frame
2024/10/11 12:28 upstream 1d227fcc7222 cd942402 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/09 02:40 upstream 5b7c893ed5ed 402f1df0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/07 08:34 upstream 8cf0b93919e1 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/07 08:34 upstream 8cf0b93919e1 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/05 14:37 upstream 27cc6fdf7201 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/04 08:14 upstream 0c559323bbaa d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/03 21:38 upstream 7ec462100ef9 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/09/26 12:54 upstream aa486552a110 0d19f247 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/09/25 04:42 upstream 97d8894b6f4c 5643e0e9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/09/04 16:51 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/09/04 07:27 upstream 88fac17500f4 9d47f20a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/09/01 05:25 upstream e8784b0aef62 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/09/01 05:24 upstream e8784b0aef62 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/28 05:01 upstream 3ec3f5fc4a91 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/27 16:14 upstream 3e9bff3bbe13 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/26 20:19 upstream 5be63fc19fca 9aee4e0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/26 12:47 upstream 5be63fc19fca d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/26 10:13 upstream 5be63fc19fca d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/20 06:40 upstream b0da640826ba 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/18 22:28 upstream c3f2d783a459 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/17 19:21 upstream e5fa841af679 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/17 00:36 upstream d7a5aa4b3c00 76120936 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/16 22:56 upstream d7a5aa4b3c00 76120936 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/13 01:56 upstream d74da846046a 7b0f4b46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/12 23:36 upstream d74da846046a 7b0f4b46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/12 03:01 upstream 7006fe2f7f78 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/11 18:10 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/11 18:09 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/11 14:56 upstream 5189dafa4cf9 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/08 15:43 upstream 6a0e38264012 de12cf65 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/07 21:13 upstream d4560686726f 7b2f2f35 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/05 22:13 upstream de9c2c66ad8e e35c337f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/02 03:57 upstream c0ecd6388360 1e9c4cf3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/11 18:18 upstream 1d227fcc7222 cd942402 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/09 07:14 upstream 5b7c893ed5ed 402f1df0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/07 20:54 upstream 8cf0b93919e1 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/04 14:08 upstream 3840cbe24cf0 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/10/04 12:52 upstream 3840cbe24cf0 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/09/25 00:08 upstream abf2050f51fd 5643e0e9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/17 05:00 upstream 670c12ce09a8 76120936 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/16 12:25 upstream d7a5aa4b3c00 e4bacdaf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/13 05:56 upstream 7c626ce4bae1 7b0f4b46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/12 07:42 upstream 7006fe2f7f78 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/12 06:29 upstream 7006fe2f7f78 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/06 13:54 upstream b446a2dae984 e1bdb00a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/08/02 09:15 upstream c0ecd6388360 1e9c4cf3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
2024/07/31 10:36 upstream 22f546873149 6fde257d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in l2cap_recv_frame
* Struck through repros no longer work on HEAD.