syzbot

 sign-in | mailing list | source | docs
🐞 Open [1118] 🐞 Fixed [4192] 🐞 Invalid [9322] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

WARNING: ODEBUG bug in put_device

Status: upstream: reported syz repro on 2020/08/07 07:16
Reported-by: syzbot+a9290936c6e87b3dc3c2@syzkaller.appspotmail.com
First crash: 845d, last: 33d

Cause bisection: introduced by (bisect log) :
commit 6f8c8f3c31015808100ee54fc471ff5dffdf1734
Author: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Date: Thu Aug 8 08:01:44 2019 +0000

  hwmon: pmbus: ucd9000: remove unneeded include

Crash: KASAN: use-after-free Read in sco_chan_del (log)
Repro: syz .config

Fix bisection: failed (bisect log)
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING: ODEBUG bug in put_device C 695 5d04h 877d 0/1 upstream: reported C repro on 2020/07/06 01:29
linux-4.14 WARNING: ODEBUG bug in put_device C error 4 92d 341d 0/1 upstream: reported C repro on 2021/12/24 10:28

Sample crash report:
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: work_struct hint: hci_conn_timeout+0x0/0x2a0 net/bluetooth/hci_conn.c:1499
WARNING: CPU: 1 PID: 8156 at lib/debugobjects.c:485 debug_print_object+0x160/0x250 lib/debugobjects.c:485
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 8156 Comm: kworker/u5:3 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci5 hci_rx_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:231
 __warn.cold+0x20/0x45 kernel/panic.c:600
 report_bug+0x1bd/0x210 lib/bug.c:198
 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:235
 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:255
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:debug_print_object+0x160/0x250 lib/debugobjects.c:485
Code: dd e0 cf 93 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd e0 cf 93 88 48 c7 c7 40 c5 93 88 e8 42 e4 a8 fd <0f> 0b 83 05 23 3c 15 07 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89
RSP: 0018:ffffc9000a26f858 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff88809eac6380 RSI: ffffffff815d8eb7 RDI: fffff5200144defd
RBP: 0000000000000001 R08: 0000000000000001 R09: ffff8880ae720fcb
R10: 0000000000000000 R11: 0000000035313854 R12: ffffffff89ba3300
R13: ffffffff814b53c0 R14: dead000000000100 R15: dffffc0000000000
 __debug_check_no_obj_freed lib/debugobjects.c:967 [inline]
 debug_check_no_obj_freed+0x301/0x41c lib/debugobjects.c:998
 kfree+0xf0/0x2c0 mm/slab.c:3756
 device_release+0x71/0x200 drivers/base/core.c:1800
 kobject_cleanup lib/kobject.c:704 [inline]
 kobject_release lib/kobject.c:735 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x171/0x270 lib/kobject.c:752
 put_device+0x1b/0x30 drivers/base/core.c:3029
 hci_conn_del+0x27e/0x6a0 net/bluetooth/hci_conn.c:645
 hci_sco_setup+0x3a1/0x440 net/bluetooth/hci_conn.c:400
 hci_conn_complete_evt net/bluetooth/hci_event.c:2657 [inline]
 hci_event_packet+0x5e0b/0x87a8 net/bluetooth/hci_event.c:6058
 hci_rx_work+0x22e/0xb50 net/bluetooth/hci_core.c:4889
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (13):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2020/08/07 02:32 upstream 47ec5303d73e 1f122f88 .config log report syz
ci-upstream-kasan-gce 2022/09/21 21:55 upstream 06f7db949993 380f82fb .config log report info WARNING: ODEBUG bug in put_device
ci-qemu-upstream 2022/02/15 22:19 upstream 705d84a366cf 8b9ca619 .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/10/28 07:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a6afa4199d3d 5c716ff6 .config log report info WARNING: ODEBUG bug in put_device
ci-upstream-linux-next-kasan-gce-root 2022/10/26 00:39 linux-next 4d48f589d294 1984aebd .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/10/19 17:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a6afa4199d3d b31320fc .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/10/19 05:42 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a6afa4199d3d b31320fc .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/10/19 02:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a6afa4199d3d b31320fc .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/09/29 14:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing bce2b0539933 45fd7169 .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/09/22 22:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing b294c2bf4cfd 0042f2b4 .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/09/19 23:22 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7eb2bf871454 dd9a85ff .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/09/14 10:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 7eb2bf871454 b884348d .config log report info WARNING: ODEBUG bug in put_device
ci2-upstream-usb 2022/08/05 17:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing b2a88c212e65 a65a7ce9 .config log report info WARNING: ODEBUG bug in put_device
* Struck through repros no longer work on HEAD.