syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [985] ≡ Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] ⬇ Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| Reminder: 29 open syzbot bugs in bluetooth subsystem | 1 (1) | 2019/07/24 01:41 |
| Reminder: 29 open syzbot bugs in bluetooth subsystem | 1 (1) | 2019/07/09 19:07 |
| Reminder: 27 open syzbot bugs in bluetooth subsystem | 1 (1) | 2019/06/24 05:14 |
| KASAN: use-after-free Read in rfcomm_dlc_exists | 0 (1) | 2018/07/24 07:27 |
================================================================== BUG: KASAN: use-after-free in rfcomm_dlc_get net/bluetooth/rfcomm/core.c:360 [inline] BUG: KASAN: use-after-free in rfcomm_dlc_exists+0x16f/0x190 net/bluetooth/rfcomm/core.c:550 Read of size 1 at addr ffff8880a2549144 by task syz-executor.1/1469 CPU: 0 PID: 1469 Comm: syz-executor.1 Not tainted 5.6.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd3/0x315 mm/kasan/report.c:374 __kasan_report.cold+0x1a/0x32 mm/kasan/report.c:506 kasan_report+0xe/0x20 mm/kasan/common.c:641 rfcomm_dlc_get net/bluetooth/rfcomm/core.c:360 [inline] rfcomm_dlc_exists+0x16f/0x190 net/bluetooth/rfcomm/core.c:550 __rfcomm_create_dev net/bluetooth/rfcomm/tty.c:413 [inline] rfcomm_create_dev net/bluetooth/rfcomm/tty.c:486 [inline] rfcomm_dev_ioctl+0x9ea/0x1d70 net/bluetooth/rfcomm/tty.c:588 rfcomm_sock_ioctl+0x86/0xb0 net/bluetooth/rfcomm/sock.c:902 sock_do_ioctl+0xd8/0x2f0 net/socket.c:1053 sock_ioctl+0x3ed/0x790 net/socket.c:1204 vfs_ioctl fs/ioctl.c:47 [inline] ksys_ioctl+0x11a/0x180 fs/ioctl.c:763 __do_sys_ioctl fs/ioctl.c:772 [inline] __se_sys_ioctl fs/ioctl.c:770 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:770 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c849 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f54e62cfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f54e62d06d4 RCX: 000000000045c849 RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004 RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000316 R14: 00000000004c57dd R15: 000000000076bfac Allocated by task 18007: save_stack+0x1b/0x80 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] __kasan_kmalloc mm/kasan/common.c:515 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:488 kmem_cache_alloc_trace+0x153/0x7d0 mm/slab.c:3551 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] rfcomm_dlc_alloc+0x7a/0x400 net/bluetooth/rfcomm/core.c:305 rfcomm_sock_alloc.constprop.0+0xad/0x370 net/bluetooth/rfcomm/sock.c:286 rfcomm_sock_create+0xe0/0x2a0 net/bluetooth/rfcomm/sock.c:329 bt_sock_create+0x154/0x2a0 net/bluetooth/af_bluetooth.c:130 __sock_create+0x3cb/0x730 net/socket.c:1433 sock_create net/socket.c:1484 [inline] __sys_socket+0xef/0x200 net/socket.c:1526 __do_sys_socket net/socket.c:1535 [inline] __se_sys_socket net/socket.c:1533 [inline] __x64_sys_socket+0x6f/0xb0 net/socket.c:1533 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 1466: save_stack+0x1b/0x80 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] kasan_set_free_info mm/kasan/common.c:337 [inline] __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:476 __cache_free mm/slab.c:3426 [inline] kfree+0x109/0x2b0 mm/slab.c:3757 rfcomm_dlc_put include/net/bluetooth/rfcomm.h:258 [inline] __rfcomm_create_dev net/bluetooth/rfcomm/tty.c:417 [inline] rfcomm_create_dev net/bluetooth/rfcomm/tty.c:486 [inline] rfcomm_dev_ioctl+0x1a8c/0x1d70 net/bluetooth/rfcomm/tty.c:588 rfcomm_sock_ioctl+0x86/0xb0 net/bluetooth/rfcomm/sock.c:902 sock_do_ioctl+0xd8/0x2f0 net/socket.c:1053 sock_ioctl+0x3ed/0x790 net/socket.c:1204 vfs_ioctl fs/ioctl.c:47 [inline] ksys_ioctl+0x11a/0x180 fs/ioctl.c:763 __do_sys_ioctl fs/ioctl.c:772 [inline] __se_sys_ioctl fs/ioctl.c:770 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:770 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8880a2549000 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 324 bytes inside of 512-byte region [ffff8880a2549000, ffff8880a2549200) The buggy address belongs to the page: page:ffffea0002895240 refcount:1 mapcount:0 mapping:ffff8880aa000a80 index:0x0 flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea0002a10908 ffffea0002502d88 ffff8880aa000a80 raw: 0000000000000000 ffff8880a2549000 0000000100000004 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880a2549000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880a2549080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8880a2549100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880a2549180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880a2549200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/03/29 18:45 | upstream | e595dd94515e | 05736b29 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2020/03/23 01:23 | upstream | 67d584e33e54 | 78267cec | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
| 2020/03/18 12:13 | upstream | ac309e7744be | 97bc55ce | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2020/02/27 13:05 | upstream | f8788d86ab28 | 59b57593 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2020/02/20 09:03 | upstream | ca7e1fd1026c | 81230308 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2020/02/17 04:57 | upstream | 11a48a5a18c6 | 1f448cd6 | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
| 2020/01/18 00:34 | upstream | ab7541c3addd | 3de7aabb | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2020/01/15 09:46 | upstream | 95e20af9fb9c | fa12bd3c | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
| 2020/01/11 05:44 | upstream | e69ec487b2c7 | 4de4e9f0 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2020/01/15 16:09 | upstream | 95e20af9fb9c | 069a5a44 | .config | console log | report | ci-qemu-upstream-386 | |||||
| 2020/02/15 16:25 | net-old | 2019fc96af22 | 5d7b90f1 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/02/13 21:17 | net-old | b9287f2ac321 | c5ed587f | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/02/01 01:37 | net-old | 9f68e3655aae | c30117b2 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/17 02:51 | net-old | 567110f147b3 | 3de7aabb | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/17 02:08 | net-old | 567110f147b3 | 3de7aabb | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/17 00:32 | net-old | 567110f147b3 | 3de7aabb | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/16 12:37 | net-old | 567110f147b3 | 3de7aabb | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/15 18:12 | net-old | 8b792f84c637 | f9b69507 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/15 11:59 | net-old | 8c4df83fbe60 | fa12bd3c | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/15 08:01 | net-old | f8d7408a4d7f | fa12bd3c | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/15 05:22 | net-old | f8d7408a4d7f | fa12bd3c | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/15 03:37 | net-old | f8d7408a4d7f | fa12bd3c | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/15 02:17 | net-old | f8d7408a4d7f | fa12bd3c | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/15 01:03 | net-old | f8d7408a4d7f | fa12bd3c | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/14 23:12 | net-old | f8d7408a4d7f | fa12bd3c | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/14 19:56 | net-old | f8d7408a4d7f | fa12bd3c | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/14 18:39 | net-old | a112adafcb47 | 32881205 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/14 16:06 | net-old | a112adafcb47 | 32881205 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/14 12:33 | net-old | a112adafcb47 | 32881205 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/14 10:28 | net-old | a112adafcb47 | 32881205 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/14 04:06 | net-old | a112adafcb47 | 32881205 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/13 19:14 | net-old | c9f53049d4a8 | 99565c1a | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/13 11:29 | net-old | c9f53049d4a8 | 99565c1a | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/12 23:21 | net-old | c9f53049d4a8 | 53faa9fe | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/12 16:10 | net-old | c9f53049d4a8 | 31290a45 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/12 11:41 | net-old | c9f53049d4a8 | 31290a45 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/12 07:54 | net-old | c9f53049d4a8 | 4c04afaa | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/12 03:17 | net-old | a5c3a7c0ce1a | 4c04afaa | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/11 23:19 | net-old | a5c3a7c0ce1a | 4c04afaa | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/11 21:39 | net-old | a5c3a7c0ce1a | 4c04afaa | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/11 18:26 | net-old | a5c3a7c0ce1a | 4c04afaa | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/11 06:00 | net-old | e267371dd376 | 4de4e9f0 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/01/10 21:01 | net-old | e267371dd376 | 4de4e9f0 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2020/03/14 18:51 | net-next-old | 94229d45239b | 749688d2 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/01/29 19:05 | net-next-old | b3a608222336 | 5ed23f9a | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/01/16 22:00 | net-next-old | 1ccf6c13d9c7 | 3de7aabb | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/01/13 23:53 | net-next-old | e07c5f2e4e91 | 99565c1a | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/01/07 11:12 | net-next-old | 1b935183aeff | 1bcd407e | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/11/21 05:00 | linux-next | 1fef9976397f | 8098ea0f | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2018/07/23 20:30 | linux-next | 89cf55353308 | 912c93d7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root |