KFENCE: invalid free in __hci_req

Title	Replies (including bot)	Last reply
[syzbot] [bluetooth?] KFENCE: invalid free in __hci_req_sync	0 (1)	2024/05/04 01:00

================================================================== BUG: KFENCE: invalid free in kfree_skbmem+0x10e/0x200 net/core/skbuff.c:1159 Invalid free of 0xffff88816db60f00 (in kfence-#175): kfree_skbmem+0x10e/0x200 net/core/skbuff.c:1159 __kfree_skb net/core/skbuff.c:1217 [inline] kfree_skb_reason+0x13a/0x210 net/core/skbuff.c:1252 kfree_skb include/linux/skbuff.h:1262 [inline] __hci_req_sync+0x61d/0x980 net/bluetooth/hci_request.c:184 hci_req_sync+0x97/0xd0 net/bluetooth/hci_request.c:206 hci_dev_cmd+0x653/0x9c0 net/bluetooth/hci_core.c:790 hci_sock_ioctl+0x4f3/0x8e0 net/bluetooth/hci_sock.c:1153 sock_do_ioctl+0x116/0x280 net/socket.c:1222 sock_ioctl+0x22e/0x6c0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl fs/ioctl.c:890 [inline] __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f kfence-#175: 0xffff88816db60f00-0xffff88816db60fef, size=240, cache=skbuff_head_cache allocated by task 64 on cpu 2 at 217.660109s: skb_clone+0x190/0x3f0 net/core/skbuff.c:2063 hci_send_cmd_sync net/bluetooth/hci_core.c:4220 [inline] hci_cmd_work+0x66a/0x710 net/bluetooth/hci_core.c:4240 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 freed by task 64 on cpu 2 at 217.660313s: kfree_skbmem+0x10e/0x200 net/core/skbuff.c:1159 __kfree_skb net/core/skbuff.c:1217 [inline] kfree_skb_reason+0x13a/0x210 net/core/skbuff.c:1252 kfree_skb include/linux/skbuff.h:1262 [inline] hci_req_sync_complete+0x16c/0x270 net/bluetooth/hci_request.c:109 hci_event_packet+0x963/0x1170 net/bluetooth/hci_event.c:7604 hci_rx_work+0x2c4/0x1610 net/bluetooth/hci_core.c:4171 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 CPU: 1 PID: 11620 Comm: syz-executor.2 Not tainted 6.9.0-rc5-syzkaller-00036-g9d1ddab261f3 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 ==================================================================

Crashes (5):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2024/04/24 03:06	upstream	9d1ddab261f3	21339d7b	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	KFENCE: invalid free in __hci_req_sync
2024/04/27 09:57	upstream	e6ebf0117218	07b455f9	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	KFENCE: invalid free in __hci_req_sync
2024/05/04 01:00	net-next	f3ad4914332f	610f2a54	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-net-next-test-gce	KFENCE: invalid free in __hci_req_sync
2024/05/01 11:54	bpf-next	9a1a2cb5a0e3	3ba885bc	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-bpf-next-kasan-gce	KFENCE: invalid free in __hci_req_sync
2024/05/01 01:30	net-next	b45176703647	3ba885bc	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-net-next-test-gce	KFENCE: invalid free in __hci_req_sync

Crashes (5):

Assets (help?)