syzbot

 sign-in | mailing list | source | docs
🐞 Open [1050] 🐞 Fixed [2593] 🐞 Invalid [4008]

KASAN: use-after-free Read in hci_send_acl
Status: upstream: reported C repro on 2020/08/02 20:46
Reported-by: syzbot+98228e7407314d2d4ba2@syzkaller.appspotmail.com
First crash: 57d, last: 26d

Cause bisection: introduced by (bisect log):

commit 4ffcd582301bd020b1f9d00c55473af305ec19b5
Author: Michael Chan <michael.chan@broadcom.com>
Date: Mon Sep 19 07:58:07 2016 +0000

  bnxt_en: Pad TX packets below 52 bytes.

Crash: KASAN: use-after-free Read in batadv_iv_ogm_queue_add (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Bisected Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Read in hci_send_acl C 3 25d 57d 0/1 upstream: reported C repro on 2020/08/02 21:29
linux-4.14 KASAN: use-after-free Read in hci_send_acl C 3 22d 57d 0/1 upstream: reported C repro on 2020/08/02 14:47

Sample crash report:

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info
ci-upstream-kasan-gce-selinux-root 2020/09/02 16:04 upstream 9c7d619b 63a73341 .config log report syz C
Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Maintainers
ci-upstream-kasan-gce-selinux-root 2020/08/02 19:29 upstream ac3a0c84 63a73341 .config log report syz C davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org
ci-upstream-kasan-gce-smack-root 2020/08/02 13:37 upstream ac3a0c84 63a73341 .config log report syz C davem@davemloft.net, johan.hedberg@gmail.com, kuba@kernel.org, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org, netdev@vger.kernel.org