syzbot

 sign-in | mailing list | source | docs
🐞 Open [1515]
Subsystems
🐞 Fixed [6483]
🐞 Invalid [16464]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump

Status: upstream: reported C repro on 2025/03/31 14:28
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+ac3c79181f6aecc5120c@syzkaller.appspotmail.com
Fix commit: 7af4d7b53502 Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-gce-arm64 ci-upstream-kasan-gce-smack-root ci2-upstream-usb]
First crash: 130d, last: 4d23h
Discussions (6)
Title Replies (including bot) Last reply
[PATCH] Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv 3 (3) 2025/07/18 07:41
[PATCH v2] Bluetooth: coredump: Use tmp buffer with dev_coredumpv 6 (6) 2025/07/17 05:06
[syzbot] [bluetooth?] KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump 4 (12) 2025/07/17 04:56
[PATCH] HCI: coredump: Use tmp buffer with dev_coredumpv 1 (1) 2025/06/14 04:19
[syzbot] Monthly bluetooth report (May 2025) 0 (1) 2025/05/22 12:58
[syzbot] Monthly bluetooth report (Apr 2025) 0 (1) 2025/04/22 10:11
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/07/17 04:33 22m ipravdin.official@gmail.com patch upstream OK log
2025/06/11 02:42 24m ipravdin.official@gmail.com patch upstream OK log
2025/06/08 22:26 15m ipravdin.official@gmail.com patch upstream error
2025/06/08 19:21 53m ipravdin.official@gmail.com patch upstream report log
2025/06/08 18:54 16m ipravdin.official@gmail.com patch upstream report log
2025/04/23 11:20 17m contact@arnaud-lcm.com patch upstream report log

Sample crash report:
Bluetooth: hci0: command tx timeout
Bluetooth: hci0: command tx timeout
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2753 [inline]
BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
Read of size 140 at addr ffffc90004959000 by task kworker/u9:1/5166

CPU: 1 UID: 0 PID: 5166 Comm: kworker/u9:1 Not tainted 6.16.0-rc6-syzkaller-00281-gf4a40a4282f4 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: hci0 hci_devcd_timeout
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xcd/0x610 mm/kasan/report.c:480
 kasan_report+0xe0/0x110 mm/kasan/report.c:593
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189
 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105
 skb_put_data include/linux/skbuff.h:2753 [inline]
 hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address ffffc90004959000 belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc90004958f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90004958f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc90004959000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90004959080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90004959100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (1512):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/20 15:58 upstream f4a40a4282f4 7117feec .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/05 19:30 upstream a79a588fc176 4f67c4ae .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/06/25 16:13 upstream 7595b66ae9de 26d77996 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/06/25 09:33 upstream 7595b66ae9de 26d77996 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/06/20 20:43 upstream 41687a5c6f8b 804b3919 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/06/19 15:21 upstream fb4d33ab452e ed3e87f7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/06/19 09:32 upstream fb4d33ab452e ed3e87f7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/06/10 03:09 upstream 19272b37aa4f 4826c28e .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/06/01 18:05 upstream 7d4e49a77d99 3d2f584d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/05/18 05:09 upstream 5723cc3450bc f41472b0 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/05/14 16:27 upstream 9f35e33144ae a4fa04ef .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/05/10 07:54 upstream 0e1329d4045c 77908e5f .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/05/09 20:35 upstream 9c69f8884904 43803998 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/05/07 06:23 upstream 0d8d44db295c 350f4ffc .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/05/04 10:45 upstream 2a239ffbebb5 b0714e37 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/05/02 12:19 upstream ebd297a2affa d7f099d1 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/04/27 19:01 upstream 5bc1018675ec c6b4fb39 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/04/26 20:07 upstream f1a3944c860b c6b4fb39 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/04/23 06:06 upstream bc3372351d0c 53a8b9bd .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/04/21 11:57 upstream 9d7a0577c9db 2a20f901 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/04/14 00:47 upstream 5aaaedb0cb54 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/04/12 06:33 upstream e618ee89561b 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/04/08 00:12 upstream 0af2f6be1b42 a2ada0e7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/04/03 10:29 upstream a1b5bd45d4ee 996a9618 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/30 16:10 upstream 4b290aae788e f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/30 09:28 upstream 4b290aae788e f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/30 04:55 upstream ced1b9e0392d f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/30 03:18 upstream ced1b9e0392d f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/29 19:43 upstream ced1b9e0392d ba28e0a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/29 18:42 upstream ced1b9e0392d ba28e0a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/29 18:14 upstream ced1b9e0392d ba28e0a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/29 17:49 upstream ced1b9e0392d ba28e0a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/29 17:44 upstream ced1b9e0392d ba28e0a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/29 15:48 upstream ced1b9e0392d ba28e0a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/29 08:54 upstream ced1b9e0392d c4a95487 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/29 04:24 upstream ced1b9e0392d c4a95487 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/28 20:23 upstream 038d61fd6422 032c6886 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/28 13:22 upstream 038d61fd6422 032c6886 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/28 11:03 upstream 038d61fd6422 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/28 09:52 upstream b711733e89a3 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/28 06:41 upstream b711733e89a3 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/27 10:40 upstream ec2df4364666 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/27 08:19 upstream ec2df4364666 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/27 05:06 upstream 302f88ff3584 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/27 04:43 upstream 302f88ff3584 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/26 18:59 upstream 302f88ff3584 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/26 16:51 upstream 5f33ebd2018c fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/26 15:43 upstream 5f33ebd2018c fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/26 11:44 upstream 5f33ebd2018c fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/26 05:27 upstream 5f33ebd2018c fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/26 01:50 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/26 01:43 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/25 23:15 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/25 22:07 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/25 21:28 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/25 20:59 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/25 20:49 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/25 19:17 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/25 10:44 upstream 94ce1ac2c9b4 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/25 10:41 upstream 94ce1ac2c9b4 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/24 21:09 upstream 25fae0b93d1d 65d60d73 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/24 20:03 upstream 25fae0b93d1d 65d60d73 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/24 12:23 upstream f9af7b5d9349 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/24 01:23 upstream f9af7b5d9349 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/24 00:15 upstream 01a412d06bc5 e0b9ac93 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/23 23:32 upstream 01a412d06bc5 e0b9ac93 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/07/23 12:43 upstream 89be9a83ccf1 e0b9ac93 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/03/31 11:51 upstream 4e82c87058f4 d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
2025/03/27 14:22 upstream 1a9239bb4253 928390c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
* Struck through repros no longer work on HEAD.