syzbot


KASAN: slab-use-after-free Read in hci_conn_hash_flush

Status: fixed on 2023/07/01 16:05
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+8bb72f86fc823817bc5d@syzkaller.appspotmail.com
Fix commit: a2ac591cb4d8 Bluetooth: Fix UAF in hci_conn_hash_flush again ca1fd42e7dbf Bluetooth: Fix potential double free caused by hci_conn_unlink
First crash: 417d, last: 320d
Cause bisection: failed (error log, bisect log)
  
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hci_conn_hash_flush 0 (2) 2023/05/01 13:59
[syzbot] Monthly bluetooth report (Apr 2023) 0 (1) 2023/04/30 08:00
[syzbot] Monthly bluetooth report 0 (1) 2023/03/29 10:03

Sample crash report:
==================================================================
BUG: KASAN: slab-use-after-free in hci_conn_hash_flush+0x89/0x220
Read of size 8 at addr ffff8880733dc000 by task syz-executor386/5007

CPU: 1 PID: 5007 Comm: syz-executor386 Not tainted 6.3.0-syzkaller-12049-g58390c8ce1bd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:351 [inline]
 print_report+0x163/0x540 mm/kasan/report.c:462
 kasan_report+0x176/0x1b0 mm/kasan/report.c:572
 hci_conn_hash_flush+0x89/0x220
 hci_dev_close_sync+0xa35/0x1020 net/bluetooth/hci_sync.c:4941
 hci_dev_do_close net/bluetooth/hci_core.c:554 [inline]
 hci_unregister_dev+0x1ca/0x480 net/bluetooth/hci_core.c:2703
 vhci_release+0x83/0xd0 drivers/bluetooth/hci_vhci.c:669
 __fput+0x3b7/0x890 fs/file_table.c:321
 task_work_run+0x24a/0x300 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x68f/0x2290 kernel/exit.c:871
 do_group_exit+0x206/0x2c0 kernel/exit.c:1021
 __do_sys_exit_group kernel/exit.c:1032 [inline]
 __se_sys_exit_group kernel/exit.c:1030 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1030
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f905be26519
Code: Unable to access opcode bytes at 0x7f905be264ef.
RSP: 002b:00007ffd7fa2a1d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f905beaf150 RCX: 00007f905be26519
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000007
RBP: 0000000000000007 R08: ffffffffffffffb8 R09: 001d00000000000c
R10: 00007ffd7fa2a260 R11: 0000000000000246 R12: 00007f905beaf150
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
 </TASK>

Allocated by task 5027:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4f/0x70 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:383
 kmalloc include/linux/slab.h:559 [inline]
 kzalloc include/linux/slab.h:680 [inline]
 hci_conn_add+0xc3/0x13a0 net/bluetooth/hci_conn.c:986
 hci_connect_sco+0x8e/0x2b0 net/bluetooth/hci_conn.c:1663
 sco_connect net/bluetooth/sco.c:264 [inline]
 sco_sock_connect+0x2b9/0x990 net/bluetooth/sco.c:610
 __sys_connect_file net/socket.c:2003 [inline]
 __sys_connect+0x2cd/0x300 net/socket.c:2020
 __do_sys_connect net/socket.c:2030 [inline]
 __se_sys_connect net/socket.c:2027 [inline]
 __x64_sys_connect+0x7a/0x90 net/socket.c:2027
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Freed by task 5007:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4f/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:521
 ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:162 [inline]
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook mm/slub.c:1807 [inline]
 slab_free mm/slub.c:3786 [inline]
 __kmem_cache_free+0x264/0x3c0 mm/slub.c:3799
 device_release+0x95/0x1c0
 kobject_cleanup lib/kobject.c:683 [inline]
 kobject_release lib/kobject.c:714 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x228/0x470 lib/kobject.c:731
 hci_conn_del+0x321/0x5a0 net/bluetooth/hci_conn.c:1162
 hci_conn_unlink+0x1e1/0x320 net/bluetooth/hci_conn.c:1087
 hci_conn_hash_flush+0x198/0x220 net/bluetooth/hci_conn.c:2479
 hci_dev_close_sync+0xa35/0x1020 net/bluetooth/hci_sync.c:4941
 hci_dev_do_close net/bluetooth/hci_core.c:554 [inline]
 hci_unregister_dev+0x1ca/0x480 net/bluetooth/hci_core.c:2703
 vhci_release+0x83/0xd0 drivers/bluetooth/hci_vhci.c:669
 __fput+0x3b7/0x890 fs/file_table.c:321
 task_work_run+0x24a/0x300 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x68f/0x2290 kernel/exit.c:871
 do_group_exit+0x206/0x2c0 kernel/exit.c:1021
 __do_sys_exit_group kernel/exit.c:1032 [inline]
 __se_sys_exit_group kernel/exit.c:1030 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1030
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

The buggy address belongs to the object at ffff8880733dc000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 0 bytes inside of
 freed 4096-byte region [ffff8880733dc000, ffff8880733dd000)

The buggy address belongs to the physical page:
page:ffffea0001ccf600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x733d8
head:ffffea0001ccf600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000010200 ffff888012442140 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5027, tgid 5027 (syz-executor386), ts 60010982894, free_ts 12760290779
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1e6/0x210 mm/page_alloc.c:1722
 prep_new_page mm/page_alloc.c:1729 [inline]
 get_page_from_freelist+0x321c/0x33a0 mm/page_alloc.c:3493
 __alloc_pages+0x255/0x670 mm/page_alloc.c:4759
 alloc_slab_page+0x6a/0x160 mm/slub.c:1851
 allocate_slab mm/slub.c:1998 [inline]
 new_slab+0x84/0x2f0 mm/slub.c:2051
 ___slab_alloc+0xa85/0x10a0 mm/slub.c:3192
 __slab_alloc mm/slub.c:3291 [inline]
 __slab_alloc_node mm/slub.c:3344 [inline]
 slab_alloc_node mm/slub.c:3441 [inline]
 __kmem_cache_alloc_node+0x1b8/0x290 mm/slub.c:3490
 __do_kmalloc_node mm/slab_common.c:965 [inline]
 __kmalloc+0xa8/0x230 mm/slab_common.c:979
 kmalloc include/linux/slab.h:563 [inline]
 tomoyo_realpath_from_path+0xcf/0x5e0 security/tomoyo/realpath.c:251
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_check_open_permission+0x254/0x4e0 security/tomoyo/file.c:771
 security_file_open+0x63/0xa0 security/security.c:2797
 do_dentry_open+0x308/0x10f0 fs/open.c:907
 do_open fs/namei.c:3636 [inline]
 path_openat+0x27b3/0x3170 fs/namei.c:3791
 do_filp_open+0x234/0x490 fs/namei.c:3818
 do_sys_openat2+0x13f/0x500 fs/open.c:1356
 do_sys_open fs/open.c:1372 [inline]
 __do_sys_openat fs/open.c:1388 [inline]
 __se_sys_openat fs/open.c:1383 [inline]
 __x64_sys_openat+0x247/0x290 fs/open.c:1383
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1302 [inline]
 free_unref_page_prepare+0x903/0xa30 mm/page_alloc.c:2555
 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2650
 free_contig_range+0x9e/0x150 mm/page_alloc.c:6985
 destroy_args+0x102/0x9a0 mm/debug_vm_pgtable.c:1023
 debug_vm_pgtable+0x405/0x490 mm/debug_vm_pgtable.c:1403
 do_one_initcall+0x23d/0x7d0 init/main.c:1246
 do_initcall_level+0x157/0x210 init/main.c:1319
 do_initcalls+0x3f/0x80 init/main.c:1335
 kernel_init_freeable+0x43b/0x5d0 init/main.c:1571
 kernel_init+0x1d/0x2a0 init/main.c:1462
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

Memory state around the buggy address:
 ffff8880733dbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8880733dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880733dc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff8880733dc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880733dc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

Crashes (3511):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/01 18:57 upstream 58390c8ce1bd 62df2017 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/01 13:59 upstream 58390c8ce1bd 62df2017 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/09 17:02 net 162bd18eb55a 30aa2a7e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/08 04:43 net 27c1eaa07283 90c93c40 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/01 19:34 net 281900a923d4 62df2017 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/01 14:37 net 281900a923d4 62df2017 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/09 09:49 net-next ed23734c23d2 f4168103 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/08 07:52 net-next ed23734c23d2 90c93c40 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/01 19:25 net-next 042334a8d424 62df2017 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 08:16 upstream eb03e3181354 b40ef614 .config console log report info ci-qemu-upstream KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/25 22:52 upstream eb03e3181354 0513b3e6 .config console log report info ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/25 15:53 upstream 933174ae28ba 0513b3e6 .config console log report info ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/25 13:09 upstream 933174ae28ba 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/25 23:55 upstream eb03e3181354 b40ef614 .config console log report info ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/19 23:02 net 9025944fddfe 96689200 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 11:50 net-next 657d42cf5df6 b40ef614 .config console log report info ci-upstream-net-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 04:47 net-next 657d42cf5df6 b40ef614 .config console log report info ci-upstream-net-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 01:43 net-next 657d42cf5df6 0513b3e6 .config console log report info ci-upstream-net-kasan-gce KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/03 20:06 linux-next 92e815cf07ed b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/03/04 05:09 linux-next 1acf39ef8f14 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/02/28 06:22 linux-next 058f4df42121 95aee97a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/05 22:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/05 20:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/05 14:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/04 23:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/04 08:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/04 04:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/03 19:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/03 07:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/03 02:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/03 01:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/02 19:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/01 18:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/01 15:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/01 12:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 babc4389 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/06/01 05:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 babc4389 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/31 19:57 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 e2a77acd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/31 17:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 e2a77acd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/31 15:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 e2a77acd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/31 05:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/31 02:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/30 12:34 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 8d5c7541 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/30 08:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 8d5c7541 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/30 05:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/30 00:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/29 17:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/29 14:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/29 02:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/28 20:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/28 08:30 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/27 11:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/27 10:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/27 04:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/27 00:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 20:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 17:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 14:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 10:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 06:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 06:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/05/26 03:30 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in hci_conn_hash_flush
2023/04/18 20:03 net e50b9b9e8610 d931e9f0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce KASAN: slab-use-after-free Write in hci_conn_hash_flush
2023/05/09 13:48 net-next 94e86ef1b801 30aa2a7e .config console log report info ci-upstream-net-kasan-gce KFENCE: use-after-free in hci_conn_hash_flush
* Struck through repros no longer work on HEAD.