| Title | Replies (including bot) | Last reply |
|---|---|---|
| KASAN: null-ptr-deref Write in l2cap_chan_put | 1 (3) | 2021/12/04 09:48 |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [957] ≡ Subsystems 🐞 Fixed [4569] 🐞 Invalid [10546] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| KASAN: null-ptr-deref Write in l2cap_chan_put | 1 (3) | 2021/12/04 09:48 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2021/03/22 09:43 | 10m | ducheng2@gmail.com | patch | upstream | report log |
| 2021/03/22 08:40 | 12m | ducheng2@gmail.com | patch | upstream | report log |
| 2021/03/22 08:05 | 12m | ducheng2@gmail.com | patch | upstream | report log |
| 2021/03/18 05:01 | 10m | ducheng2@gmail.com | patch | upstream | report log |
| 2021/03/18 02:34 | 12m | ducheng2@gmail.com | patch | upstream | report log |
| 2021/03/15 08:12 | 10m | ducheng2@gmail.com | patch | upstream | report log |
| 2021/03/15 04:53 | 9m | ducheng2@gmail.com | upstream | report log | |
| 2020/09/06 08:00 | 10m | anant.thazhemadam@gmail.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master | report log |
| 2020/09/02 05:15 | 10m | anant.thazhemadam@gmail.com | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master | report log |
================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:71 [inline] BUG: KASAN: null-ptr-deref in atomic_fetch_sub_release include/asm-generic/atomic-instrumented.h:220 [inline] BUG: KASAN: null-ptr-deref in refcount_sub_and_test include/linux/refcount.h:266 [inline] BUG: KASAN: null-ptr-deref in refcount_dec_and_test include/linux/refcount.h:294 [inline] BUG: KASAN: null-ptr-deref in kref_put include/linux/kref.h:64 [inline] BUG: KASAN: null-ptr-deref in l2cap_chan_put+0x28/0x230 net/bluetooth/l2cap_core.c:502 Write of size 4 at addr 0000000000000018 by task kworker/0:2/7081 CPU: 0 PID: 7081 Comm: kworker/0:2 Not tainted 5.9.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events l2cap_chan_timeout Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 __kasan_report mm/kasan/report.c:517 [inline] kasan_report.cold+0x5/0x37 mm/kasan/report.c:530 check_memory_region_inline mm/kasan/generic.c:186 [inline] check_memory_region+0x13d/0x180 mm/kasan/generic.c:192 instrument_atomic_write include/linux/instrumented.h:71 [inline] atomic_fetch_sub_release include/asm-generic/atomic-instrumented.h:220 [inline] refcount_sub_and_test include/linux/refcount.h:266 [inline] refcount_dec_and_test include/linux/refcount.h:294 [inline] kref_put include/linux/kref.h:64 [inline] l2cap_chan_put+0x28/0x230 net/bluetooth/l2cap_core.c:502 l2cap_sock_kill+0xbd/0x180 net/bluetooth/l2cap_sock.c:1217 l2cap_chan_timeout+0x1c1/0x450 net/bluetooth/l2cap_core.c:438 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 7081 Comm: kworker/0:2 Tainted: G B 5.9.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events l2cap_chan_timeout Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 panic+0x347/0x7c0 kernel/panic.c:231 end_report+0x4d/0x53 mm/kasan/report.c:104 __kasan_report mm/kasan/report.c:520 [inline] kasan_report.cold+0xd/0x37 mm/kasan/report.c:530 check_memory_region_inline mm/kasan/generic.c:186 [inline] check_memory_region+0x13d/0x180 mm/kasan/generic.c:192 instrument_atomic_write include/linux/instrumented.h:71 [inline] atomic_fetch_sub_release include/asm-generic/atomic-instrumented.h:220 [inline] refcount_sub_and_test include/linux/refcount.h:266 [inline] refcount_dec_and_test include/linux/refcount.h:294 [inline] kref_put include/linux/kref.h:64 [inline] l2cap_chan_put+0x28/0x230 net/bluetooth/l2cap_core.c:502 l2cap_sock_kill+0xbd/0x180 net/bluetooth/l2cap_sock.c:1217 l2cap_chan_timeout+0x1c1/0x450 net/bluetooth/l2cap_core.c:438 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Kernel Offset: disabled Rebooting in 86400 seconds..
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/09/05 20:38 | upstream | c70672d8d316 | abf9ba4f | .config | console log | report | syz | ci-upstream-kasan-gce-root | ||||
| 2020/08/08 09:27 | upstream | 5631c5e0eb90 | ff51e522 | .config | console log | report | syz | ci-upstream-kasan-gce-selinux-root | ||||
| 2020/08/08 09:20 | upstream | 5631c5e0eb90 | ff51e522 | .config | console log | report | syz | ci-upstream-kasan-gce-smack-root | ||||
| 2020/09/08 14:46 | linux-next | 7a6956579ce6 | abf9ba4f | .config | console log | report | syz | ci-upstream-linux-next-kasan-gce-root | ||||
| 2021/03/20 19:18 | net-next-old | d773b7957e4f | 17810eae | .config | console log | report | info | ci-upstream-net-kasan-gce | KASAN: null-ptr-deref Write in l2cap_chan_put | |||
| 2021/07/27 10:36 | net-next-old | 268ca4129d8d | fd511809 | .config | console log | report | info | ci-upstream-net-kasan-gce | KASAN: wild-memory-access Write in l2cap_chan_put | |||
| 2020/09/26 09:54 | net-next-old | 6fba737a9320 | 4a006f63 | .config | console log | report | info | ci-upstream-net-kasan-gce |