syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2021/01/05 23:15 | 3h18m | bisect fix | linux-4.14.y | job log (1) | |
| 2020/12/06 21:45 | 25m | bisect fix | linux-4.14.y | job log (0) log | |
| 2020/11/06 19:56 | 23m | bisect fix | linux-4.14.y | job log (0) log | |
| 2020/10/07 19:20 | 26m | bisect fix | linux-4.14.y | job log (0) log | |
| 2020/09/07 18:22 | 29m | bisect fix | linux-4.14.y | job log (0) log |
Bluetooth: hci5 command 0x0409 tx timeout Bluetooth: hci0 command 0x041b tx timeout Bluetooth: hci1 command 0x041b tx timeout Bluetooth: hci2 command 0x041b tx timeout ================================================================== BUG: KASAN: use-after-free in hci_conn_drop include/net/bluetooth/hci_core.h:963 [inline] BUG: KASAN: use-after-free in sco_chan_del+0x3b2/0x3d0 net/bluetooth/sco.c:148 Read of size 1 at addr ffff88808d1bccb5 by task syz-executor950/7706 CPU: 1 PID: 7706 Comm: syz-executor950 Not tainted 4.14.193-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 print_address_description.cold+0x54/0x1d3 mm/kasan/report.c:252 kasan_report_error.cold+0x8a/0x194 mm/kasan/report.c:351 kasan_report mm/kasan/report.c:409 [inline] __asan_report_load1_noabort+0x68/0x70 mm/kasan/report.c:427 hci_conn_drop include/net/bluetooth/hci_core.h:963 [inline] sco_chan_del+0x3b2/0x3d0 net/bluetooth/sco.c:148 __sco_sock_close+0xb0/0x670 net/bluetooth/sco.c:433 sco_sock_close net/bluetooth/sco.c:447 [inline] sco_sock_release+0x6a/0x370 net/bluetooth/sco.c:1009 __sock_release+0xcd/0x2b0 net/socket.c:602 sock_close+0x15/0x20 net/socket.c:1139 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xa08/0x27f0 kernel/exit.c:865 do_group_exit+0x100/0x2e0 kernel/exit.c:962 get_signal+0x38d/0x1ca0 kernel/signal.c:2423 do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x44a589 RSP: 002b:00007ffc8f56c528 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 000000000044a589 RDX: 0000000000000008 RSI: 00000000200000c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000000000000002 R09: 0000000000000003 R10: 0000000000000004 R11: 0000000000000246 R12: 00000000006dfdc8 ODEBUG: assert_init not available (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:3144 R13: 00000000006e0440 R14: 0000000000000000 R15: 0000000000000000 ------------[ cut here ]------------ Allocated by task 7706: WARNING: CPU: 0 PID: 7728 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551