syzbot |
sign-in | mailing list | source | docs |
Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
linux-4.14 | KASAN: use-after-free Read in l2cap_chan_close | C | inconclusive | 10 | 1527d | 1709d | 0/1 | upstream: reported C repro on 2020/02/08 02:54 | |
linux-4.19 | KASAN: use-after-free Read in l2cap_chan_close | C | done | 8 | 1528d | 1711d | 1/1 | fixed on 2020/09/09 05:22 |
================================================================== BUG: KASAN: use-after-free in l2cap_chan_close+0x564/0xb10 net/bluetooth/l2cap_core.c:794 Read of size 1 at addr ffff88809d984020 by task kworker/1:1/23 CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events do_enable_set Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xae/0x436 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 l2cap_chan_close+0x564/0xb10 net/bluetooth/l2cap_core.c:794 do_enable_set+0x4ed/0x980 net/bluetooth/6lowpan.c:1082 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Allocated by task 23: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:494 kmem_cache_alloc_trace+0x14f/0x2d0 mm/slab.c:3551 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] l2cap_chan_create+0x40/0x3a0 net/bluetooth/l2cap_core.c:450 chan_create net/bluetooth/6lowpan.c:648 [inline] bt_6lowpan_listen net/bluetooth/6lowpan.c:967 [inline] do_enable_set+0x52f/0x980 net/bluetooth/6lowpan.c:1086 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Freed by task 2578: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0xf5/0x140 mm/kasan/common.c:455 __cache_free mm/slab.c:3426 [inline] kfree+0x103/0x2c0 mm/slab.c:3757 l2cap_chan_destroy net/bluetooth/l2cap_core.c:488 [inline] kref_put include/linux/kref.h:65 [inline] l2cap_chan_put+0x1b2/0x230 net/bluetooth/l2cap_core.c:502 do_enable_set+0x4f9/0x980 net/bluetooth/6lowpan.c:1083 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 The buggy address belongs to the object at ffff88809d984000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 32 bytes inside of 2048-byte region [ffff88809d984000, ffff88809d984800) The buggy address belongs to the page: page:ffffea0002766100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea000276f6c8 ffffea0002a20f88 ffff8880aa000e00 raw: 0000000000000000 ffff88809d984000 0000000100000001 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88809d983f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88809d983f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88809d984000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88809d984080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88809d984100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2020/08/06 05:05 | upstream | fffe3ae0ee84 | 0487ea6f | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | |||
2020/08/05 17:49 | upstream | 442489c21923 | b7129355 | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
2020/08/05 04:26 | upstream | c0842fbc1b18 | 80a06902 | .config | console log | report | syz | C | ci-upstream-kasan-gce-selinux-root | |||
2020/08/04 20:05 | upstream | c0842fbc1b18 | 80a06902 | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
2020/08/04 18:44 | upstream | c0842fbc1b18 | 80a06902 | .config | console log | report | syz | C | ci-upstream-kasan-gce-selinux-root | |||
2020/08/04 12:09 | upstream | 3208167a865e | 196277c4 | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | |||
2020/05/23 23:52 | upstream | 423b8baf18a8 | 9682898d | .config | console log | report | syz | C | ci-upstream-kasan-gce-selinux-root | |||
2020/05/22 12:29 | upstream | d2f8825ab78e | 5afa2ddd | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | |||
2020/05/18 03:08 | upstream | b9bbe6ed63b2 | 37bccd4e | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
2020/05/14 12:51 | upstream | 24085f70a6e1 | 2d572622 | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
2020/05/04 16:30 | upstream | 0e698dfa2822 | 58ae5e18 | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | |||
2020/04/14 04:51 | upstream | 8f3d9f354286 | 7c54686a | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
2020/03/03 11:03 | upstream | 63623fd44972 | c88c7b75 | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | |||
2020/02/29 10:52 | upstream | f8788d86ab28 | 59b57593 | .config | console log | report | syz | C | ci-upstream-kasan-gce | |||
2020/02/29 08:26 | upstream | f8788d86ab28 | 59b57593 | .config | console log | report | syz | C | ci-upstream-kasan-gce | |||
2020/02/08 23:02 | upstream | f757165705e9 | 06150bf1 | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | |||
2020/02/08 05:17 | upstream | 41dcd67e8868 | 06150bf1 | .config | console log | report | syz | C | ci-upstream-kasan-gce | |||
2020/02/07 12:55 | upstream | 90568ecf5615 | 06150bf1 | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
2020/05/18 04:36 | upstream | b9bbe6ed63b2 | 37bccd4e | .config | console log | report | syz | C | ci-upstream-kasan-gce-386 | |||
2020/02/28 06:54 | upstream | f8788d86ab28 | 59b57593 | .config | console log | report | syz | C | ci-upstream-kasan-gce-386 | |||
2020/05/20 15:49 | linux-next | ac935d227366 | 1255f02a | .config | console log | report | syz | C | ci-upstream-linux-next-kasan-gce-root | |||
2020/05/05 16:39 | linux-next | ac935d227366 | 4b76dd25 | .config | console log | report | syz | C | ci-upstream-linux-next-kasan-gce-root | |||
2020/05/18 03:48 | upstream | 9b1f2cbdb6d3 | 37bccd4e | .config | console log | report | syz | ci-upstream-kasan-gce | ||||
2020/07/13 11:41 | upstream | 11ba468877bb | f90ec899 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2020/06/30 18:37 | upstream | 9ebcfadb0610 | a2cdad9d | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/06/30 01:24 | upstream | 4e99b32169e8 | a2cdad9d | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2020/06/28 05:38 | upstream | 1590a2e1c681 | ffec44b5 | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/06/27 04:06 | upstream | 1590a2e1c681 | ffec44b5 | .config | console log | report | ci-upstream-kasan-gce | |||||
2020/06/15 10:36 | upstream | 7ae77150d94d | 8e3ab941 | .config | console log | report | ci-upstream-kasan-gce | |||||
2020/05/30 04:30 | upstream | 86852175b016 | 954bd312 | .config | console log | report | ci-upstream-kasan-gce | |||||
2020/04/26 03:00 | upstream | b2768df24ec4 | 99b258dd | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2020/04/26 00:05 | upstream | b2768df24ec4 | b8bb8e5f | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2020/04/14 14:20 | upstream | 8f3d9f354286 | 3f3c5574 | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/04/09 19:28 | upstream | 5d30bcacd91a | a8c6a3f8 | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/03/24 17:44 | upstream | 76ccd234269b | 68660b21 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2020/06/27 13:21 | upstream | 1590a2e1c681 | ffec44b5 | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
2020/05/15 09:30 | upstream | 1ae7efb38854 | 2d572622 | .config | console log | report | ci-qemu-upstream-386 |