syzbot

 sign-in | mailing list | source | docs
🐞 Open [1299]
Subsystems
🐞 Fixed [5495]
🐞 Invalid [13053]
Missing Backports [116]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING in hci_conn_del

Status: upstream: reported C repro on 2024/02/28 04:53
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+b2545b087a01a7319474@syzkaller.appspotmail.com
Fix commit: 015d79c96d62 Bluetooth: Ignore too large handle values in BIG 1cc18c2ab2e8 bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-net-next-test-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64]
First crash: 154d, last: 18d
Cause bisection: introduced by (bisect log) :
commit 181a42edddf51d5d9697ecdf365d72ebeab5afb0
Author: Ziyang Xuan <william.xuanziyang@huawei.com>
Date: Wed Oct 11 09:57:31 2023 +0000

  Bluetooth: Make handle of hci_conn be unique

Crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del (log)
Repro: C syz .config
  
Discussions (8)
Title Replies (including bot) Last reply
[PATCH] bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX 2 (2) 2024/06/26 20:00
[PATCH] Bluetooth: handle value is too large should not be used in BIG 4 (4) 2024/06/17 14:10
[PATCH] bluetooth: handle value within the ida range should not be handled in BIG 3 (3) 2024/06/16 13:18
[syzbot] [bluetooth?] WARNING in hci_conn_del 1 (4) 2024/06/16 10:33
Re: [syzbot] [bluetooth?] WARNING in hci_conn_del 2 (4) 2024/06/16 03:52
[syzbot] Monthly bluetooth report (Jun 2024) 0 (1) 2024/06/10 11:56
[syzbot] Monthly bluetooth report (May 2024) 0 (1) 2024/05/10 08:47
[syzbot] Monthly bluetooth report (Apr 2024) 0 (1) 2024/04/08 12:51
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/06/16 10:15 14m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 603c04e27c3e report log
2024/06/15 21:37 2h24m paskripkin@gmail.com patch upstream report log
2024/06/14 08:42 11h54m paskripkin@gmail.com patch upstream report log
2024/06/13 21:15 16m paskripkin@gmail.com patch upstream report log

Sample crash report:
------------[ cut here ]------------
ida_free called for id=29811 which is not allocated.
WARNING: CPU: 1 PID: 5090 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525
Modules linked in:
CPU: 1 PID: 5090 Comm: syz-executor167 Not tainted 6.9.0-syzkaller-01768-ga5131c3fdf26 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525
Code: 10 42 80 3c 28 00 74 05 e8 bd 23 87 f6 48 8b 7c 24 40 4c 89 fe e8 70 ab 17 00 90 48 c7 c7 a0 3a e8 8c 89 de e8 61 ba e4 f5 90 <0f> 0b 90 90 eb 3d e8 15 64 22 f6 49 bd 00 00 00 00 00 fc ff df 4d
RSP: 0018:ffffc9000230f940 EFLAGS: 00010246
RAX: 51ad6ccd1ec4fe00 RBX: 0000000000007473 RCX: ffff88802a808000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000230fa30 R08: ffffffff81589ca2 R09: 1ffff110172a519a
R10: dffffc0000000000 R11: ffffed10172a519b R12: ffffc9000230f980
R13: dffffc0000000000 R14: ffff88807a3040a0 R15: 0000000000000246
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000045ddf0 CR3: 000000000e134000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hci_conn_cleanup net/bluetooth/hci_conn.c:156 [inline]
 hci_conn_del+0x790/0xc80 net/bluetooth/hci_conn.c:1126
 hci_conn_hash_flush+0x18e/0x240 net/bluetooth/hci_conn.c:2569
 hci_dev_close_sync+0x9ab/0x1050 net/bluetooth/hci_sync.c:5159
 hci_dev_do_close net/bluetooth/hci_core.c:554 [inline]
 hci_unregister_dev+0x1db/0x4e0 net/bluetooth/hci_core.c:2771
 vhci_release+0x83/0xd0 drivers/bluetooth/hci_vhci.c:674
 __fput+0x429/0x8a0 fs/file_table.c:422
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa1b/0x27e0 kernel/exit.c:878
 do_group_exit+0x207/0x2c0 kernel/exit.c:1027
 __do_sys_exit_group kernel/exit.c:1038 [inline]
 __se_sys_exit_group kernel/exit.c:1036 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f13ac1f2449
Code: Unable to access opcode bytes at 0x7f13ac1f241f.
RSP: 002b:00007fffb505c418 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f13ac1f2449
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007f13ac27e2b0 R08: ffffffffffffffb0 R09: 000000ff00ff3650
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f13ac27e2b0
R13: 0000000000000000 R14: 00007f13ac27ed00 R15: 00007f13ac1c04e0
 </TASK>

Crashes (10497):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/14 13:23 upstream a5131c3fdf26 fdb4c10c .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/04/07 11:53 upstream fe46a7dd189e ca620dd8 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root WARNING in hci_conn_del
2024/02/24 04:44 upstream 603c04e27c3e 8d446f15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/05/19 19:29 linux-next c75962170e49 c0f1611a .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root WARNING in hci_conn_del
2024/04/18 23:41 linux-next 7b4f2bc91c15 af24b050 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root WARNING in hci_conn_del
2024/04/21 02:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6a71d2909427 af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/02/27 10:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9abbc24128bc 05e69c83 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/05 03:07 upstream 795c58e4c7fc dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/05 02:00 upstream 795c58e4c7fc dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/05 00:41 upstream 795c58e4c7fc dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in hci_conn_del
2024/07/04 23:02 upstream 795c58e4c7fc dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in hci_conn_del
2024/07/04 19:17 upstream 795c58e4c7fc dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/04 15:43 upstream 795c58e4c7fc dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in hci_conn_del
2024/07/04 14:24 upstream 795c58e4c7fc dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root WARNING in hci_conn_del
2024/07/04 12:30 upstream 795c58e4c7fc 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/04 10:16 upstream 795c58e4c7fc 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/04 09:12 upstream 795c58e4c7fc 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/04 08:42 upstream 795c58e4c7fc 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in hci_conn_del
2024/07/04 07:42 upstream 8a9c6c40432e 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/04 05:28 upstream 8a9c6c40432e 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/04 04:22 upstream 8a9c6c40432e 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/04 01:47 upstream 8a9c6c40432e 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/04 00:10 upstream 8a9c6c40432e 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/03 22:33 upstream 8a9c6c40432e 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root WARNING in hci_conn_del
2024/07/03 19:53 upstream e9d22f7a6655 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/03 13:36 upstream e9d22f7a6655 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in hci_conn_del
2024/07/03 13:34 upstream e9d22f7a6655 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in hci_conn_del
2024/07/03 12:11 upstream e9d22f7a6655 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/03 10:16 upstream e9d22f7a6655 1ecfa2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/03 09:16 upstream e9d22f7a6655 1ecfa2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/03 03:58 upstream e9d22f7a6655 1ecfa2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/03 03:01 upstream e9d22f7a6655 1ecfa2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in hci_conn_del
2024/07/03 01:55 upstream e9d22f7a6655 1ecfa2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in hci_conn_del
2024/07/03 01:54 upstream e9d22f7a6655 1ecfa2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in hci_conn_del
2024/07/02 22:53 upstream 1dfe225e9af5 8373af66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/02 21:46 upstream 1dfe225e9af5 8373af66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce WARNING in hci_conn_del
2024/07/02 21:22 upstream 1dfe225e9af5 8373af66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in hci_conn_del
2024/07/03 16:38 upstream e9d22f7a6655 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 WARNING in hci_conn_del
2024/07/03 04:58 upstream e9d22f7a6655 1ecfa2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 WARNING in hci_conn_del
2024/07/04 17:41 upstream 795c58e4c7fc dc6bbff0 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in hci_conn_del
2024/07/03 21:58 upstream 8a9c6c40432e 3f2748a3 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in hci_conn_del
2024/07/03 06:02 upstream 734610514cb0 1ecfa2d8 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in hci_conn_del
2024/06/30 21:01 upstream 8282d5af7be8 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 WARNING in hci_conn_del
2024/06/16 23:44 linux-next a957267fa7e9 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in hci_conn_del
2024/07/08 15:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc cde64f7d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/08 14:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc cde64f7d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/08 09:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/08 05:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/08 00:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/07 21:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/07 19:57 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/07 17:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/07 07:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/07 02:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/06 16:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/06 08:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc bc4ebbb5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/06 06:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc 2a40360c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/06 05:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc 2a40360c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/06 00:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8a03d70c27fc 2a40360c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/05 11:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8e2f4becf4fa 2a40360c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/05 11:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8e2f4becf4fa 2a40360c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/05 07:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8e2f4becf4fa dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/05 06:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8e2f4becf4fa dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/04 20:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8e2f4becf4fa dc6bbff0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/04 13:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fdd6064ff31c 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/04 06:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fdd6064ff31c 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
2024/07/03 15:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fdd6064ff31c 409d975c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in hci_conn_del
* Struck through repros no longer work on HEAD.